sigstore-rekor
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
namespace:
2
create: false
3
name: rekor-system
4
imagePullSecrets: []
5
initContainerImage:
6
curl:
7
registry: cgr.dev
8
repository: chainguard-private/curl
9
# -- 8.17.0
10
version: sha256:52258a3c473e3b8a87f9aeafbc6fc9beaa1e261f84cb969da93897b723bd9615
11
imagePullPolicy: IfNotPresent
12
initContainerResources: {}
13
redis:
14
enabled: true
15
replicaCount: 1
16
hostname: ""
17
port: 6379
18
args:
19
- --bind
20
- 0.0.0.0
21
- --appendonly
22
- "yes"
23
name: redis
24
image:
25
registry: cgr.dev
26
repository: chainguard-private/redis
27
pullPolicy: IfNotPresent
28
# -- 6.2.17-alpine3.21
29
version: sha256:53bdf2a7851551f00a77ff71c4c84d2268dd191032403050a992741315f59e32
30
resources: {}
31
persistence:
32
enabled: false
33
annotations: {}
34
existingClaim: ""
35
storageClass: ""
36
accessModes:
37
- ReadWriteOnce
38
size: 5Gi
39
readinessProbe:
40
initialDelaySeconds: 5
41
periodSeconds: 10
42
timeoutSeconds: 1
43
failureThreshold: 3
44
successThreshold: 1
45
exec:
46
command:
47
- /bin/sh
48
- -i
49
- -c
50
- test "$(redis-cli -h 127.0.0.1 ping)" = "PONG"
51
livenessProbe:
52
initialDelaySeconds: 5
53
periodSeconds: 10
54
timeoutSeconds: 1
55
failureThreshold: 3
56
successThreshold: 1
57
exec:
58
command:
59
- /bin/sh
60
- -i
61
- -c
62
- test "$(redis-cli -h 127.0.0.1 ping)" = "PONG"
63
service:
64
type: ClusterIP
65
ports:
66
- name: 6379-tcp
67
port: 6379
68
protocol: TCP
69
targetPort: 6379
70
serviceAccount:
71
create: true
72
name: ""
73
annotations: {}
74
tolerations: []
75
nodeSelector: {}
76
affinity: {}
77
mysql:
78
gcp:
79
enabled: false
80
instance: ""
81
cloudsql:
82
registry: cgr.dev
83
repository: chainguard-private/cloud-sql-proxy
84
# -- crane digest gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.19.0-alpine
85
version: sha256:f6124edc42338fef1b4b64c9745abf1708d2c6e208db1f70bf2876ed07d9329f
86
resources:
87
requests:
88
memory: "2Gi"
89
cpu: "1"
90
securityContext:
91
allowPrivilegeEscalation: false
92
readOnlyRootFilesystem: true
93
runAsNonRoot: true
94
capabilities:
95
drop:
96
- ALL
97
unixDomainSocket:
98
enabled: false
99
path: /cloudsql
100
enabled: false
101
replicaCount: 1
102
name: mysql
103
hostname: ""
104
port: 3306
105
strategy:
106
type: Recreate
107
image:
108
registry: cgr.dev
109
repository: chainguard-private/mariadb
110
pullPolicy: IfNotPresent
111
version: sha256:00b6d2520f78bd20e592abf51a83f3dbb864fad2db8fae2d987720209bbad6a2
112
server:
113
enabled: true
114
replicaCount: 1
115
name: server
116
port: 3000
117
image:
118
registry: cgr.dev
119
repository: chainguard-private/rekor-server
120
pullPolicy: IfNotPresent
121
# crane digest ghcr.io/sigstore/rekor/rekor-server:v1.5.2
122
version: latest@sha256:537dea8c0109a2f6d47e8be4d373fb3af6f0fd4c728cac60b4a43e326ac8d501
123
# -- KMS type for signing key (possible values: "" / "none", "aws")
124
kmsType: none
125
# -- AWS region if using AWS KMS for signing key
126
awsKmsRegion: us-east-1
127
# -- kubernetes secret name containing IAM credentials for use with AWS KMS
128
awsKmsCredentialsSecretName: aws-kms-credentials
129
logging:
130
production: false
131
ingress:
132
enabled: true
133
className: "nginx"
134
hosts:
135
- path: /
136
host: root
137
annotations: {}
138
tls: []
139
ingresses:
140
- enabled: false
141
name: "gce-ingress"
142
className: "gce"
143
hosts:
144
- path: /
145
host: root
146
annotations: {}
147
tls: []
148
staticGlobalIP: lb-ext-ip
149
frontendConfigSpec: # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
150
sslPolicy: rekor-ssl-policy
151
redirectToHttps:
152
enabled: true
153
backendConfigSpec: # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters
154
securityPolicy:
155
name: rekor-security-policy
156
logging:
157
enable: true
158
service:
159
type: ClusterIP
160
ports:
161
- name: 3000-tcp
162
port: 80
163
protocol: TCP
164
targetPort: 3000
165
- name: 2112-tcp
166
port: 2112
167
protocol: TCP
168
targetPort: 2112
169
signer: memory
170
readinessProbe:
171
initialDelaySeconds: 10
172
periodSeconds: 10
173
timeoutSeconds: 1
174
failureThreshold: 3
175
successThreshold: 1
176
httpGet:
177
port: 3000
178
path: /ping
179
sharding:
180
mountPath: /sharding
181
filename: sharding-config.yaml
182
contents: ""
183
livenessProbe:
184
initialDelaySeconds: 30
185
periodSeconds: 10
186
timeoutSeconds: 1
187
failureThreshold: 3
188
successThreshold: 1
189
httpGet:
190
port: 3000
191
path: /ping
192
securityContext:
193
runAsNonRoot: true
194
runAsUser: 65533
195
config:
196
key: treeID
197
treeID: ""
198
retrieve_api:
199
enabled: true
200
attestation_storage:
201
enabled: true
202
bucket: file:///var/run/attestations
203
persistence:
204
enabled: true
205
annotations: {}
206
storageClass: ""
207
size: 5Gi
208
mountPath: /var/lib/mysql
209
subPath: ""
210
existingClaim: ""
211
accessModes:
212
- ReadWriteOnce
213
podAnnotations:
214
prometheus.io/scrape: "true"
215
prometheus.io/path: /metrics
216
prometheus.io/port: "2112"
217
resources: {}
218
extraArgs: []
219
gomemlimit: ""
220
serviceAccount:
221
create: true
222
name: ""
223
annotations: {}
224
searchIndex:
225
storageProvider: ""
226
mysql: {}
227
tolerations: []
228
nodeSelector: {}
229
affinity: {}
230
createtree:
231
name: createtree
232
force: false
233
image:
234
registry: cgr.dev
235
repository: chainguard-private/sigstore-scaffolding-trillian-createtree
236
pullPolicy: IfNotPresent
237
# v0.7.31
238
version: sha256:c61a3dce0d542a231253a0a4e0bf879343dc86fe270d543bd96b1e98939212a7
239
ttlSecondsAfterFinished: 3600
240
serviceAccount:
241
create: true
242
name: ""
243
annotations: {}
244
securityContext:
245
runAsNonRoot: true
246
runAsUser: 65533
247
resources: {}
248
annotations: {}
249
podAnnotations: {}
250
podLabels: {}
251
tolerations: []
252
nodeSelector: {}
253
affinity: {}
254
# Configure backfillredis to repair indices that were not inserted into Redis.
255
backfillredis:
256
name: backfillredis
257
enabled: false
258
image:
259
registry: cgr.dev
260
repository: chainguard-private/rekor-backfill-index
261
pullPolicy: IfNotPresent
262
# v1.3.6
263
version: sha256:d001b048d90cb522040687514b67ab7c06c7d9fb59f05bad167d7de39f9ef42b
264
ttlSecondsAfterFinished: 3600
265
securityContext:
266
runAsNonRoot: true
267
runAsUser: 65533
268
rekorAddress: rekor.rekor-system.svc
269
startIndex: -1
270
endIndex: -1
271
resources: {}
272
annotations: {}
273
podAnnotations: {}
274
podLabels: {}
275
tolerations: []
276
nodeSelector: {}
277
affinity: {}
278
# Configure Trillian dependency
279
trillian:
280
enabled: true
281
namespace:
282
name: trillian-system
283
create: true
284
forceNamespace: trillian-system
285
fullnameOverride: trillian
286
adminServer: ""
287
logServer:
288
name: trillian-logserver
289
fullnameOverride: trillian-logserver
290
portHTTP: 8090
291
portRPC: 8091
292
logSigner:
293
name: trillian-logsigner
294
fullnameOverride: trillian-logsigner
295
mysql:
296
fullnameOverride: trillian-mysql
297
# Force namespace of namespaced resources
298
forceNamespace: ""
299
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.