DirectorySecurity AdvisoriesPricing
Sign in
Directory
garage logoHELM

garage

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:
1
# Default values for garage.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
# -- Additional labels to add to all resources created by this chart
6
commonLabels: {}
7
# app.kubernetes.io/part-of: storage
8
# team: platform
9
10
# Garage configuration. These values go to garage.toml
11
garage:
12
# -- Can be changed for better performance on certain systems
13
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#db_engine
14
dbEngine: "lmdb"
15
# -- Defaults is 1MB
16
# An increase can result in better performance in certain scenarios
17
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#block_size
18
blockSize: "1048576"
19
# -- Default to 3 replicas, see the replication_factor section at
20
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#replication_factor
21
replicationFactor: "3"
22
# -- By default, enable read-after-write consistency guarantees, see the consistency_mode section at
23
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#consistency_mode
24
consistencyMode: "consistent"
25
# -- zstd compression level of stored blocks
26
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#compression_level
27
compressionLevel: "1"
28
# -- If this value is set, Garage will automatically take a snapshot of the metadata DB file at a regular interval and save it in the metadata directory.
29
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#metadata_auto_snapshot_interval
30
metadataAutoSnapshotInterval: ""
31
rpcBindAddr: "[::]:3901"
32
# -- If not given, a random secret will be generated and stored in a Secret object
33
rpcSecret: ""
34
# -- If you want to provide an rpcSecret within an existing k8s secret,
35
# specify the secret name here, and store the value under the secret key `rpcSecret`
36
# the default secret will not be created
37
existingRpcSecret: ""
38
# -- This is not required if you use the integrated kubernetes discovery
39
bootstrapPeers: []
40
# -- Set to true if you want to use k8s discovery but install the CRDs manually outside
41
# of the helm chart, for example if you operate at namespace level without cluster ressources
42
kubernetesSkipCrd: false
43
s3:
44
api:
45
region: "garage"
46
rootDomain: ".s3.garage.tld"
47
web:
48
rootDomain: ".web.garage.tld"
49
index: "index.html"
50
# -- Additional configuration to append to garage.toml. Use a multi-line string for custom config.
51
# Example:
52
# additionalTopLevelConfig: |-
53
# data_fsync = true
54
additionalTopLevelConfig: ""
55
# -- if not empty string, allow using an existing ConfigMap for the garage.toml,
56
# if set, ignores garage.toml
57
existingConfigMap: ""
58
# -- String Template for the garage configuration
59
# if set, ignores above values.
60
# Values can be templated,
61
# see https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
62
garageTomlString: ""
63
# Data persistence
64
persistence:
65
enabled: true
66
meta:
67
# storageClass: "fast-storage-class"
68
size: 100Mi
69
# used only for daemon sets
70
hostPath: /var/lib/garage/meta
71
data:
72
# storageClass: "slow-storage-class"
73
size: 100Mi
74
# used only for daemon sets
75
hostPath: /var/lib/garage/data
76
# Deployment configuration
77
deployment:
78
# -- Switchable to DaemonSet
79
kind: StatefulSet
80
# -- Number of StatefulSet replicas/garage nodes to start
81
replicaCount: 3
82
# -- If using statefulset, allow Parallel or OrderedReady (default)
83
podManagementPolicy: OrderedReady
84
image:
85
# -- default to amd64 docker image
86
repository: cgr.dev/chainguard-private/garage
87
# -- set the image tag, please prefer using the chart version and not this
88
# to avoid compatibility issues
89
tag: latest@sha256:2498a9d8aff5cf70e5699449da50880d60bd6c92c8d227f6cdb6c85a044a2ebf
90
pullPolicy: IfNotPresent
91
initImage:
92
repository: cgr.dev/chainguard-private/busybox
93
tag: latest@sha256:a4df82542624593a943071c90310653381295bb95494ff58a4650101aefeafaf
94
pullPolicy: IfNotPresent
95
# -- set if you need credentials to pull your custom image
96
imagePullSecrets: []
97
nameOverride: ""
98
fullnameOverride: ""
99
serviceAccount:
100
# -- Specifies whether a service account should be created
101
create: true
102
# -- Annotations to add to the service account
103
annotations: {}
104
# -- The name of the service account to use.
105
# If not set and create is true, a name is generated using the fullname template
106
name: ""
107
# -- additonal pod annotations
108
podAnnotations: {}
109
podSecurityContext:
110
runAsUser: 1000
111
runAsGroup: 1000
112
fsGroup: 1000
113
fsGroupChangePolicy: "OnRootMismatch"
114
runAsNonRoot: true
115
securityContext:
116
# -- The default security context is heavily restricted,
117
# feel free to tune it to your requirements
118
capabilities:
119
drop:
120
- ALL
121
readOnlyRootFilesystem: true
122
service:
123
# -- You can rely on any service to expose your cluster
124
# - ClusterIP (+ Ingress)
125
# - NodePort (+ Ingress)
126
# - LoadBalancer
127
type: ClusterIP
128
# -- Annotations to add to the service
129
annotations: {}
130
s3:
131
api:
132
port: 3900
133
web:
134
port: 3902
135
# NOTE: the admin API is excluded for now as it is not consistent across nodes
136
ingress:
137
s3:
138
api:
139
enabled: false
140
# -- Rely _either_ on the className or the annotation below but not both!
141
# If you want to use the className, set
142
# className: "nginx"
143
# and replace "nginx" by an Ingress controller name,
144
# examples [here](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers).
145
annotations: {}
146
# kubernetes.io/ingress.class: "nginx"
147
# kubernetes.io/tls-acme: "true"
148
labels: {}
149
hosts:
150
# -- garage S3 API endpoint, to be used with awscli for example
151
- host: "s3.garage.tld"
152
paths:
153
- path: /
154
pathType: Prefix
155
# -- garage S3 API endpoint, DNS style bucket access
156
- host: "*.s3.garage.tld"
157
paths:
158
- path: /
159
pathType: Prefix
160
tls: []
161
# - secretName: my-garage-cluster-tls
162
# hosts:
163
# - kubernetes.docker.internal
164
web:
165
enabled: false
166
# -- Rely _either_ on the className or the annotation below but not both!
167
# If you want to use the className, set
168
# className: "nginx"
169
# and replace "nginx" by an Ingress controller name,
170
# examples [here](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers).
171
annotations: {}
172
# kubernetes.io/ingress.class: nginx
173
# kubernetes.io/tls-acme: "true"
174
labels: {}
175
hosts:
176
# -- wildcard website access with bucket name prefix
177
- host: "*.web.garage.tld"
178
paths:
179
- path: /
180
pathType: Prefix
181
# -- specific bucket access with FQDN bucket
182
- host: "mywebpage.example.com"
183
paths:
184
- path: /
185
pathType: Prefix
186
tls: []
187
# - secretName: my-garage-cluster-tls
188
# hosts:
189
# - kubernetes.docker.internal
190
resources: {}
191
# The following are indicative for a small-size deployement, for anything serious double them.
192
# limits:
193
# cpu: 100m
194
# memory: 1024Mi
195
# requests:
196
# cpu: 100m
197
# memory: 512Mi
198
199
# -- Specifies a livenessProbe
200
livenessProbe: {}
201
#httpGet:
202
# path: /health
203
# port: 3903
204
#initialDelaySeconds: 5
205
#periodSeconds: 30
206
# -- Specifies a readinessProbe
207
readinessProbe: {}
208
#httpGet:
209
# path: /health
210
# port: 3903
211
#initialDelaySeconds: 5
212
#periodSeconds: 30
213
214
nodeSelector: {}
215
tolerations: []
216
affinity: {}
217
environment: {}
218
extraVolumes: {}
219
extraVolumeMounts: {}
220
monitoring:
221
metrics:
222
# -- If true, a service for monitoring is created with a prometheus.io/scrape annotation
223
enabled: false
224
serviceMonitor:
225
# -- If true, a ServiceMonitor CRD is created for a prometheus operator
226
# https://github.com/coreos/prometheus-operator
227
enabled: false
228
path: /metrics
229
# namespace: monitoring (defaults to use the namespace this chart is deployed to)
230
labels: {}
231
interval: 15s
232
scheme: http
233
tlsConfig: {}
234
scrapeTimeout: 10s
235
relabelings: []
236
tracing:
237
# -- specify a sink endpoint for OpenTelemetry Traces, eg. `http://localhost:4317`
238
sink: ""
239

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0SOC 2Golden ImagesCVE RemediationPublic SectorStartups

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogOpen Source LeadershipPartnersNewsroomCareersLegal
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.