sigstore-rekor
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
namespace:
2
create: false
3
name: rekor-system
4
imagePullSecrets: []
5
initContainerImage:
6
curl:
7
registry: cgr.dev
8
repository: chainguard-private/curl
9
# -- 8.17.0
10
version: sha256:9fb568bca5d58751ce699f9de03a05438300cf535cd24a32eddc0b096594dc78
11
imagePullPolicy: IfNotPresent
12
initContainerResources: {}
13
redis:
14
enabled: true
15
replicaCount: 1
16
hostname: ""
17
port: 6379
18
args:
19
- --bind
20
- 0.0.0.0
21
- --appendonly
22
- "yes"
23
name: redis
24
image:
25
registry: cgr.dev
26
repository: chainguard-private/redis
27
pullPolicy: IfNotPresent
28
# -- 6.2.17-alpine3.21
29
version: sha256:c6fb723af085e69566315713f04e40f97c9d5f13b8b9ce03e07e39f1dabe6df2
30
resources: {}
31
readinessProbe:
32
initialDelaySeconds: 5
33
periodSeconds: 10
34
timeoutSeconds: 1
35
failureThreshold: 3
36
successThreshold: 1
37
exec:
38
command:
39
- /bin/sh
40
- -i
41
- -c
42
- test "$(redis-cli -h 127.0.0.1 ping)" = "PONG"
43
livenessProbe:
44
initialDelaySeconds: 5
45
periodSeconds: 10
46
timeoutSeconds: 1
47
failureThreshold: 3
48
successThreshold: 1
49
exec:
50
command:
51
- /bin/sh
52
- -i
53
- -c
54
- test "$(redis-cli -h 127.0.0.1 ping)" = "PONG"
55
service:
56
type: ClusterIP
57
ports:
58
- name: 6379-tcp
59
port: 6379
60
protocol: TCP
61
targetPort: 6379
62
serviceAccount:
63
create: true
64
name: ""
65
annotations: {}
66
tolerations: []
67
nodeSelector: {}
68
affinity: {}
69
mysql:
70
gcp:
71
enabled: false
72
instance: ""
73
cloudsql:
74
registry: cgr.dev
75
repository: chainguard-private/cloud-sql-proxy
76
# -- crane digest gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.19.0-alpine
77
version: sha256:7401911ad8f29ffcc4f9f0fe5ada7313b62a3bf4c8421adac39250bb75c6816a
78
resources:
79
requests:
80
memory: "2Gi"
81
cpu: "1"
82
securityContext:
83
allowPrivilegeEscalation: false
84
readOnlyRootFilesystem: true
85
runAsNonRoot: true
86
capabilities:
87
drop:
88
- ALL
89
unixDomainSocket:
90
enabled: false
91
path: /cloudsql
92
enabled: false
93
replicaCount: 1
94
name: mysql
95
hostname: ""
96
port: 3306
97
strategy:
98
type: Recreate
99
image:
100
registry: cgr.dev
101
repository: chainguard-private/mariadb
102
pullPolicy: IfNotPresent
103
version: sha256:ff7ed43ff46cc0a67ec7d9b5a91afd8feef73120475930f8e1e24efa1704f437
104
server:
105
enabled: true
106
replicaCount: 1
107
name: server
108
port: 3000
109
image:
110
registry: cgr.dev
111
repository: chainguard-private/rekor-server
112
pullPolicy: IfNotPresent
113
# crane digest ghcr.io/sigstore/rekor/rekor-server:v1.5.2
114
version: latest@sha256:e8a9e0d3184bcf04fb14ee0631a4de194712c890a65ebd367de546cfd5046ce9
115
# -- KMS type for signing key (possible values: "" / "none", "aws")
116
kmsType: none
117
# -- AWS region if using AWS KMS for signing key
118
awsKmsRegion: us-east-1
119
# -- kubernetes secret name containing IAM credentials for use with AWS KMS
120
awsKmsCredentialsSecretName: aws-kms-credentials
121
logging:
122
production: false
123
ingress:
124
enabled: true
125
className: "nginx"
126
hosts:
127
- path: /
128
host: root
129
annotations: {}
130
tls: []
131
ingresses:
132
- enabled: false
133
name: "gce-ingress"
134
className: "gce"
135
hosts:
136
- path: /
137
host: root
138
annotations: {}
139
tls: []
140
staticGlobalIP: lb-ext-ip
141
frontendConfigSpec: # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
142
sslPolicy: rekor-ssl-policy
143
redirectToHttps:
144
enabled: true
145
backendConfigSpec: # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters
146
securityPolicy:
147
name: rekor-security-policy
148
logging:
149
enable: true
150
service:
151
type: ClusterIP
152
ports:
153
- name: 3000-tcp
154
port: 80
155
protocol: TCP
156
targetPort: 3000
157
- name: 2112-tcp
158
port: 2112
159
protocol: TCP
160
targetPort: 2112
161
signer: memory
162
readinessProbe:
163
initialDelaySeconds: 10
164
periodSeconds: 10
165
timeoutSeconds: 1
166
failureThreshold: 3
167
successThreshold: 1
168
httpGet:
169
port: 3000
170
path: /ping
171
sharding:
172
mountPath: /sharding
173
filename: sharding-config.yaml
174
contents: ""
175
livenessProbe:
176
initialDelaySeconds: 30
177
periodSeconds: 10
178
timeoutSeconds: 1
179
failureThreshold: 3
180
successThreshold: 1
181
httpGet:
182
port: 3000
183
path: /ping
184
securityContext:
185
runAsNonRoot: true
186
runAsUser: 65533
187
config:
188
key: treeID
189
treeID: ""
190
retrieve_api:
191
enabled: true
192
attestation_storage:
193
enabled: true
194
bucket: file:///var/run/attestations
195
persistence:
196
enabled: true
197
annotations: {}
198
storageClass: ""
199
size: 5Gi
200
mountPath: /var/lib/mysql
201
subPath: ""
202
existingClaim: ""
203
accessModes:
204
- ReadWriteOnce
205
podAnnotations:
206
prometheus.io/scrape: "true"
207
prometheus.io/path: /metrics
208
prometheus.io/port: "2112"
209
resources: {}
210
extraArgs: []
211
gomemlimit: ""
212
serviceAccount:
213
create: true
214
name: ""
215
annotations: {}
216
searchIndex:
217
storageProvider: ""
218
mysql: {}
219
tolerations: []
220
nodeSelector: {}
221
affinity: {}
222
createtree:
223
name: createtree
224
force: false
225
image:
226
registry: cgr.dev
227
repository: chainguard-private/sigstore-scaffolding-trillian-createtree
228
pullPolicy: IfNotPresent
229
# v0.7.31
230
version: sha256:85302058cd410368140afbd72671d86fbcd086a083f3fad5a802849d7b4fe303
231
ttlSecondsAfterFinished: 3600
232
serviceAccount:
233
create: true
234
name: ""
235
annotations: {}
236
securityContext:
237
runAsNonRoot: true
238
runAsUser: 65533
239
resources: {}
240
annotations: {}
241
tolerations: []
242
nodeSelector: {}
243
affinity: {}
244
# Configure backfillredis to repair indices that were not inserted into Redis.
245
backfillredis:
246
name: backfillredis
247
enabled: false
248
image:
249
registry: cgr.dev
250
repository: chainguard-private/rekor-backfill-index
251
pullPolicy: IfNotPresent
252
# v1.3.6
253
version: sha256:0a779fdc23c76dc758cd7600f86a13e624a2da15ec250b1bcf234d1192a6bfbb
254
ttlSecondsAfterFinished: 3600
255
securityContext:
256
runAsNonRoot: true
257
runAsUser: 65533
258
rekorAddress: rekor.rekor-system.svc
259
startIndex: -1
260
endIndex: -1
261
resources: {}
262
tolerations: []
263
nodeSelector: {}
264
affinity: {}
265
# Configure Trillian dependency
266
trillian:
267
enabled: true
268
namespace:
269
name: trillian-system
270
create: true
271
forceNamespace: trillian-system
272
fullnameOverride: trillian
273
adminServer: ""
274
logServer:
275
name: trillian-logserver
276
fullnameOverride: trillian-logserver
277
portHTTP: 8090
278
portRPC: 8091
279
logSigner:
280
name: trillian-logsigner
281
fullnameOverride: trillian-logsigner
282
mysql:
283
fullnameOverride: trillian-mysql
284
# Force namespace of namespaced resources
285
forceNamespace: ""
286
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.