Astronomer Helm chart configuration reference
Astronomer Software uses a Helm chart to define the behavior and functionality of your specific installation in a values.yaml file. You can customize the behavior of your Software implementation by applying a platform configuration change for the different system components.
This document contains all the different possible configuration settings, grouped by the component they apply to.
Astronomer Astro UI resources
| Parameter | Type | Description | Default | 
|---|---|---|---|
| astronomer.astroUI.podAnnotations | string | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| astronomer.astroUI.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| astronomer.astroUI.resources.limits.cpu | string | Specifies the maximum amount of CPU resources that the Astro UI component can consume. | "500m" | 
| astronomer.astroUI.resources.limits.memory | string | Defines the maximum amount of memory that the Astro UI component is allowed to use. | "1024Mi" | 
| astronomer.astroUI.resources.requests.cpu | string | Indicates the minimum amount of CPU resources guaranteed for the Astro UI component. | "100m" | 
| astronomer.astroUI.resources.requests.memory | string | Sets the minimum amount of memory guaranteed for the Astro UI component. | "256Mi" | 
| astronomer.astroUI.serviceAccounts.create | bool | Specifies whether a service account should be created. Set to falseto bring your own service accounts. | true | 
| astronomer.astroUI.serviceAccounts.name | string | A name for the service account. If serviceAccounts.createis set tofalse, thenameis auto-generated from the service account template used. | " "  | 
Astronomer Commander resources
| Parameter | Type | Description | Default | 
|---|---|---|---|
| astronomer.commander.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| astronomer.commander.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| astronomer.commander.resources.limits.cpu | string | Specifies the maximum amount of CPU resources that the Commander component can consume. | "500m" | 
| astronomer.commander.resources.limits.memory | string | Defines the maximum amount of memory that the Commander component is allowed to use. | "2Gi" | 
| astronomer.commander.resources.requests.cpu | string | Indicates the minimum amount of CPU resources guaranteed for the Commander component. | "250m" | 
| astronomer.commander.resources.requests.memory | string | Sets the minimum amount of memory guaranteed for the Commander component. | "1Gi" | 
Extra objects
| Parameter | Type | Description | Default | 
|---|---|---|---|
| astronomer.extraObjects | list | Specifies additional Kubernetes objects to deploy alongside Astronomer components. For example, ConfigMapsorsecrets. | [] | 
Houston
| Parameter | Type | Description | Default | 
|---|---|---|---|
| astronomer.houston.bootstrapper.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| astronomer.houston.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| astronomer.houston.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| astronomer.houston.resources.limits.cpu | string | Maximum CPU resources allocated to the Houston API service. | "1000m" | 
| astronomer.houston.resources.limits.memory | string | Maximum memory allocated to the Houston API service. | "2048Mi" | 
| astronomer.houston.resources.requests.cpu | string | Minimum guaranteed CPU resources for the Houston API service. | "500m" | 
| astronomer.houston.resources.requests.memory | string | Minimum guaranteed memory for the Houston API service. | "1024Mi" | 
| astronomer.houston.waitForDB.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| astronomer.houston.worker.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
Install
| Parameter | Type | Description | Default | 
|---|---|---|---|
| astronomer.install.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| astronomer.install.resources.limits.cpu | string | Maximum CPU resources for the Astronomer installation service. | "500m" | 
| astronomer.install.resources.limits.memory | string | Maximum memory for the Astronomer installation service. | "1024Mi" | 
| astronomer.install.resources.requests.cpu | string | Minimum guaranteed CPU resources for the Astronomer installation service. | "100m" | 
| astronomer.install.resources.requests.memory | string | Minimum guaranteed memory for the Astronomer installation service. | "256Mi" | 
Registry
| Parameter | Type | Description | Default | 
|---|---|---|---|
| astronomer.registry.persistence.enabled | bool | Enables or disables persistent storage for the Astronomer registry. | true | 
| astronomer.registry.persistence.size | string | Defines the size of the persistent storage for the Astronomer registry. | "100Gi" | 
| astronomer.registry.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| astronomer.registry.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| astronomer.registry.resources.limits.cpu | string | Maximum CPU resources allocated to the Astronomer registry service. | "500m" | 
| astronomer.registry.resources.limits.memory | string | Maximum memory allocated to the Astronomer registry service. | "1024Mi" | 
| astronomer.registry.resources.requests.cpu | string | Minimum guaranteed CPU resources for the Astronomer registry service. | "250m" | 
| astronomer.registry.resources.requests.memory | string | Minimum guaranteed memory for the Astronomer registry service. | "512Mi" | 
Elasticsearch
| Parameter | Type | Description | Default | 
|---|---|---|---|
| elasticsearch.client.heapMemory | string | Heap memory size allocated for Elasticsearch client nodes. | "2g" | 
| elasticsearch.client.initResources.limits.cpu | string | Maximum CPU resources for client node initialization. | "120m" | 
| elasticsearch.client.initResources.limits.memory | string | Maximum memory for Elasticsearch client node initialization. | "100Mi" | 
| elasticsearch.client.initResources.requests.cpu | string | Minimum guaranteed CPU resources for Elasticsearch client node initialization. | "100m" | 
| elasticsearch.client.initResources.requests.memory | string | Minimum guaranteed memory for Elasticsearch client node initialization. | "80Mi" | 
| elasticsearch.client.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| elasticsearch.client.resources.limits.cpu | string | Maximum CPU resources allocated to the client nodes. | "2" | 
| elasticsearch.client.resources.limits.memory | string | Maximum memory allocated to the client nodes. | "4Gi" | 
| elasticsearch.client.resources.requests.cpu | string | Minimum guaranteed CPU resources for the client nodes. | "1" | 
| elasticsearch.client.resources.requests.memory | string | Minimum guaranteed memory for the client nodes. | "2Gi" | 
| elasticsearch.common.persistence.enabled | boolean | Enables or disables persistent storage for Elasticsearch nodes. | true | 
| elasticsearch.common.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| elasticsearch.curator.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| elasticsearch.curator.SecurityContext | string | Specifies container-level security contexts. | {} | 
| elasticsearch.data.heapMemory | string | Heap memory size allocated for Elasticsearch data nodes. | "2g" | 
| elasticsearch.data.initResources.limits.cpu | string | Maximum CPU resources for data node initialization. | "120m" | 
| elasticsearch.data.initResources.limits.memory | string | Maximum memory for data node initialization. | "100Mi" | 
| elasticsearch.data.initResources.requests.cpu | string | Minimum guaranteed CPU resources for data node initialization. | "100m" | 
| elasticsearch.data.initResources.requests.memory | string | Minimum guaranteed memory for data node initialization. | "80Mi" | 
| elasticsearch.data.persistence.size | string | Size of persistent storage for Elasticsearch data nodes. | "100Gi" | 
| elasticsearch.data.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| elasticsearch.data.resources.limits.cpu | string | Maximum CPU resources allocated to the data nodes. | "2" | 
| elasticsearch.data.resources.limits.memory | string | Maximum memory allocated to the data nodes. | "4Gi" | 
| elasticsearch.data.resources.requests.cpu | string | Minimum guaranteed CPU resources for the data nodes. | "1" | 
| elasticsearch.data.resources.requests.memory | string | Minimum guaranteed memory for the data nodes. | "2Gi" | 
| elasticsearch.exporter.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| elasticsearch.exporter.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| elasticsearch.exporter.resources.limits.cpu | string | Maximum CPU resources allocated to the Elasticsearch exporter. | "200m" | 
| elasticsearch.exporter.resources.limits.memory | string | Maximum memory allocated to the Elasticsearch exporter. | "128Mi" | 
| elasticsearch.exporter.resources.requests.cpu | string | Minimum guaranteed CPU resources for the Elasticsearch exporter. | "100m" | 
| elasticsearch.exporter.resources.requests.memory | string | Minimum guaranteed memory for the Elasticsearch exporter. | "100Mi" | 
| elasticsearch.master.heapMemory | string | Heap memory size allocated for Elasticsearch master nodes. | "2g" | 
| elasticsearch.master.initResources.limits.cpu | string | Maximum CPU resources for master node initialization. | "120m" | 
| elasticsearch.master.initResources.limits.memory | string | Maximum memory for master node initialization. | "100Mi" | 
| elasticsearch.master.initResources.requests.cpu | string | Minimum guaranteed CPU resources for master node initialization. | "100m" | 
| elasticsearch.master.initResources.requests.memory | string | Minimum guaranteed memory for master node initialization. | "80Mi" | 
| elasticsearch.master.persistence.size | string | Size of persistent storage for Elasticsearch master nodes. | "20Gi" | 
| elasticsearch.master.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| elasticsearch.master.resources.limits.cpu | string | Maximum CPU resources allocated to the master nodes. | "2" | 
| elasticsearch.master.resources.limits.memory | string | Maximum memory allocated to the master nodes. | "4Gi" | 
| elasticsearch.master.resources.requests.cpu | string | Minimum guaranteed CPU resources for the master nodes. | "1" | 
| elasticsearch.master.resources.requests.memory | string | Minimum guaranteed memory for the master nodes. | "2Gi" | 
| elasticsearch.nginx.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| elasticsearch.nginx.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| elasticsearch.nginx.resources.limits.cpu | string | Maximum CPU resources allocated to the Elasticsearch NGINX service. | "100m" | 
| elasticsearch.nginx.resources.limits.memory | string | Maximum memory allocated to the Elasticsearch NGINX service. | "256Mi" | 
| elasticsearch.nginx.resources.requests.cpu | string | Minimum guaranteed CPU resources for the Elasticsearch NGINX service. | "80m" | 
| elasticsearch.nginx.resources.requests.memory | string | Minimum guaranteed memory for the Elasticsearch NGINX service. | "128Mi" | 
| elasticsearch.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
Fluentd
| Parameter | Type | Description | Default | 
|---|---|---|---|
| fluentd.pod.SecurityContext | string | Specifies Pod-level security contexts. | {} | 
| fluentd.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| fluentd.resources.limits.cpu | string | Maximum CPU resources allocated to the Fluentd service. | "1000m" | 
| fluentd.resources.limits.memory | string | Maximum memory allocated to the Fluentd service. | "1024Mi" | 
| fluentd.resources.requests.cpu | string | Minimum guaranteed CPU resources for the Fluentd service. | "250m" | 
| fluentd.resources.requests.memory | string | Minimum guaranteed memory for the Fluentd service. | "512Mi" | 
Global
| Parameter | Type | Description | Default | 
|---|---|---|---|
| global.acme | bool | Configuration for the ACME protocol to manage SSL/TLS certificates. | false | 
| global.authSidecar.default_nginx_settings | string | Default settings for the NGINX configuration in the auth sidecar. | "internal;\nproxy_pass_request_body     off;\nproxy_set_header            Content-Length          \"\";\nproxy_set_header            X-Forwarded-Proto       \"\";\nproxy_set_header            X-Original-URL          https://$http_host$request_uri;\nproxy_set_header            X-Original-Method       $request_method;\nproxy_set_header            X-Real-IP               $remote_addr;\nproxy_set_header            X-Forwarded-For         $remote_addr;\nproxy_set_header            X-Auth-Request-Redirect $request_uri;\nproxy_buffering             off;\nproxy_buffer_size           4k;\nproxy_buffers               4 4k;\nproxy_request_buffering     on;\nproxy_http_version          1.1;\nproxy_ssl_server_name       on;\nproxy_pass_request_headers  on;\nclient_max_body_size        1024m;\n" | 
| global.authSidecar.default_nginx_settings_location | string | Default location for the NGINX configuration in the auth sidecar. | "auth_request     /auth;\nauth_request_set $auth_status $upstream_status;\nauth_request_set $auth_cookie $upstream_http_set_cookie;\nadd_header       Set-Cookie $auth_cookie;\nauth_request_set $authHeader0 $upstream_http_authorization;\nproxy_set_header 'authorization' $authHeader0;\nauth_request_set $authHeader1 $upstream_http_username;\nproxy_set_header 'username' $authHeader1;\nauth_request_set $authHeader2 $upstream_http_email;\nproxy_set_header 'email' $authHeader2;\nerror_page 401 = @401_auth_error;\nproxy_set_header Upgrade $http_upgrade;\nproxy_set_header Connection 'connection_upgrade';\nproxy_set_header X-Real-IP              $remote_addr;\nproxy_set_header X-Forwarded-For        $remote_addr;\nproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\nproxy_cache_bypass $http_upgrade;\nproxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;\nproxy_connect_timeout                   15s;\nproxy_send_timeout                      600s;\nproxy_read_timeout                      600s;\nproxy_buffering                         off;\nproxy_buffer_size                       4k;\nproxy_buffers                           4 4k;\nproxy_max_temp_file_size                1024m;\nproxy_request_buffering                 on;\nproxy_http_version                      1.1;\nproxy_cookie_domain                     off;\nproxy_cookie_path                       off;\nproxy_redirect                          off;\n" | 
| global.authSidecar.enabled | bool | Enables or disables the auth sidecar component. | false | 
| global.authSidecar.port | int | Port used by the auth sidecar. | 8084 | 
| global.authSidecar.pullPolicy | string | Image pull policy for the auth sidecar container. | "IfNotPresent" | 
| global.authSidecar.repository | string | Container image repository for the auth sidecar. | "quay.io/astronomer/ap-auth-sidecar" | 
| global.authSidecar.resources.limits.cpu | string | Maximum CPU resources for the auth sidecar. | "1000m" | 
| global.authSidecar.resources.limits.memory | string | Maximum memory for the auth sidecar. | "1024Mi" | 
| global.authSidecar.resources.requests.cpu | string | Minimum guaranteed CPU resources for the auth sidecar. | "500m" | 
| global.authSidecar.resources.requests.memory | string | Minimum guaranteed memory for the auth sidecar. | "512Mi" | 
| global.authSidecar.securityContext | object | Security context settings for the auth sidecar. | {} | 
| global.authSidecar.tag | string | Version tag for the auth sidecar container image. | "1.27.2" | 
| global.azure.enabled | bool | Enables or disables Azure-specific configurations. | false | 
| global.baseDomain | string | Specifies the base domain for the platform. | nil | 
| global.clusterRoles | bool | Configures cluster-wide roles. | true | 
| global.customLogging.enabled | bool | Enables or disables custom logging configurations. | false | 
| global.customLogging.extraEnv | list | Additional environment variables for custom logging. | [] | 
| global.customLogging.host | string | Host address for the custom logging service. | "" | 
| global.customLogging.port | string | Port for the custom logging service. | "" | 
| global.customLogging.scheme | string | Connection scheme (e.g., HTTP/HTTPS) for the custom logging service. | "https" | 
| global.customLogging.secret | string | Secret used for authenticating the custom logging service. | "" | 
| global.dagOnlyDeployment.enabled | bool | Enables or disables deployment of DAGs only. | false | 
| global.dagOnlyDeployment.persistence | object | Persistence configuration for the DAG-only deployment. | {} | 
| global.dagOnlyDeployment.repository | string | Repository used for the DAG-only deployment. | "quay.io/astronomer/ap-dag-deploy" | 
| global.dagOnlyDeployment.resources | object | Resource allocation settings for the DAG-only deployment. | {} | 
| global.dagOnlyDeployment.securityContexts.pod.fsGroup | int | Filesystem group ID for the DAG-only deployment pods. | 50000 | 
| global.dagOnlyDeployment.serviceAccount.create | bool | Enable or disable creation of service account and rolebindings for the dag-deployserver. Default set totrue, so that a service account and rolebinding is created for the Pod that handles dag-only deploys. | true | 
| global.dagOnlyDeployment.tag | string | Version tag for the DAG-only deployment container image. | "0.6.3" | 
| global.defaultDenyNetworkPolicy | bool | Enables or disables the default deny-all network policy. | true | 
| global.deployRollbackEnabled | bool | Enables or disables rollback during deployment failures. | false | 
| global.disableManageClusterScopedResources | bool | Disables management of cluster-scoped resources by the platform. | false | 
| global.enableArgoCDAnnotation | bool | Enables ArgoCD annotations for platform components. | false | 
| global.enableHoustonInternalAuthorization | bool | Enables internal authorization for Houston API. | false | 
| global.enablePerHostIngress | bool | Enables per-host ingress rules. | false | 
| global.extraAnnotations | object | Additional Kubernetes annotations for resources. | {} | 
| global.features.namespacePools.createRbac | bool | Creates RBAC for namespace pools. | true | 
| global.features.namespacePools.enabled | bool | Enables or disables namespace pooling. | false | 
| global.features.namespacePools.namespaces.create | bool | Automatically creates namespaces for the namespace pool. | false | 
| global.features.namespacePools.namespaces.names | list | Names of the namespaces to include in the namespace pool. | [] | 
| global.helmRepo | string | Helm chart repository for the platform. | "https://helm.astronomer.io" | 
| global.istio.enabled | bool | Enables or disables Istio integration. | false | 
| global.istio.rootNamespace | string | Root namespace for Istio resources. | "istio-config" | 
| global.logging.indexNamePrefix | string | Prefix for logging index names. | nil | 
| global.loggingSidecar.customConfig | bool | Custom configuration for the logging sidecar. | false | 
| global.loggingSidecar.enabled | bool | Enables or disables the logging sidecar. | false | 
| global.loggingSidecar.extraEnv | list | Additional environment variables for the logging sidecar. | [] | 
| global.loggingSidecar.indexPattern | string | Index pattern for logs collected by the logging sidecar. | nil | 
| global.loggingSidecar.name | string | Name of the logging sidecar container. | "sidecar-log-consumer" | 
| global.loggingSidecar.repository | string | Repository for the logging sidecar container image. | "quay.io/astronomer/ap-vector" | 
| global.loggingSidecar.resources | object | Resource allocation settings for the logging sidecar. | {} | 
| global.loggingSidecar.securityContext | object | Security context settings for the logging sidecar. | {} | 
| global.loggingSidecar.tag | string | Version tag for the logging sidecar container image. | "0.42.0" | 
| global.manualNamespaceNamesEnabled | bool | Allows manual naming of namespaces instead of auto-generated names. | false | 
| global.namespaceFreeFormEntry | bool | Enables freeform entry of namespace names. | false | 
| global.nats.enabled | bool | Enables or disables the NATS messaging system. | true | 
| global.nats.jetStream.enabled | bool | Enables JetStream functionality for NATS. | false | 
| global.nats.jetStream.tls | bool | Configures TLS for JetStream connections. | false | 
| global.nats.replicas | int | Specifies the number of replicas for NATS. | 3 | 
| global.networkNSLabels | bool | Custom labels for network namespace resources. | false | 
| global.networkPolicy.enabled | bool | Enables or disables network policies for the platform. | true | 
| global.nodeExporterSccEnabled | bool | Enables the SCC (Security Context Constraints) for the node exporter in OpenShift. | false | 
| global.openshiftEnabled | bool | Enables compatibility with OpenShift environments. | false | 
| global.pgbouncer.enabled | bool | Enables or disables the PgBouncer connection pooling service. | false | 
| global.pgbouncer.extraEnv | list | Additional environment variables for PgBouncer. | [] | 
| global.pgbouncer.extraLabels | list | Extra labels for PgBouncer resources. | [] | 
| global.pgbouncer.gssSupport | bool | Enables GSS (Generic Security Services) support in PgBouncer. | true | 
| global.pgbouncer.krb5ConfSecretName | string | Specifies the secret name for the Kerberos configuration file for PgBouncer. | "krb5.conf" | 
| global.pgbouncer.password | string | Configures the password for connecting to PgBouncer. | "postgres" | 
| global.pgbouncer.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| global.pgbouncer.servicePort | string | Specifies the service port for PgBouncer. | "5432" | 
| global.pgbouncer.username | string | Configures the username for connecting to PgBouncer. | "postgres" | 
| global.platformNodePool.affinity | object | Affinity rules for scheduling platform node pool resources. | {} | 
| global.platformNodePool.nodeSelector | object | Node selector for assigning platform node pool resources. | {} | 
| global.platformNodePool.tolerations | list | Tolerations for scheduling platform node pool resources on tainted nodes. | [] | 
| global.podAnnotations | object | Additional annotations for all platform pods. | {} | 
| global.podLabels | key-value pair | Define a label as a key-value pair for all Pods created by the Astronomer Helm chart, including Pods created by CronJobs, Helm hooks, and elastic utilities. Recommended label to use is security.level: "high". | N/A | 
| global.podDisruptionBudgetsEnabled | bool | Enables Pod Disruption Budgets to manage voluntary disruptions to platform pods. | true | 
| global.postgresqlEnabled | bool | Enables or disables the integrated PostgreSQL database. | false | 
| global.privateCaCerts | list | Configures private CA (Certificate Authority) certificates for the platform. | [] | 
| global.privateCaCertsAddToHost.addToContainerd | bool | Adds private CA certificates to containerd. | false | 
| global.privateCaCertsAddToHost.addToDockerd | bool | Adds private CA certificates to Docker daemon. | true | 
| global.privateCaCertsAddToHost.certCopier.pullPolicy | string | Image pull policy for the cert copier container used for private CA certificates. | "IfNotPresent" | 
| global.privateCaCertsAddToHost.certCopier.repository | string | Repository URL for the cert copier container used for private CA certificates. | "quay.io/astronomer/ap-base" | 
| global.privateCaCertsAddToHost.certCopier.tag | string | Tag for the cert copier container image. | "3.18.9" | 
| global.privateCaCertsAddToHost.containerdCertConfigPath | string | Configuration path for containerd private CA certificates. | "/etc/containerd/certs.d" | 
| global.privateCaCertsAddToHost.containerdConfigToml | string | TOML configuration file for containerd CA setup. | nil | 
| global.privateCaCertsAddToHost.containerdHostPath | string | Host path for the containerd configuration files. | "/etc/containerd" | 
| global.privateCaCertsAddToHost.containerdTolerations | list | Tolerations for the cert copier container in containerd environments. | [] | 
| global.privateCaCertsAddToHost.containerdnodeAffinitys | list | Node affinity rules for containerd cert copier. | [] | 
| global.privateCaCertsAddToHost.enabled | bool | Enables the setup of private CA certificates for the host. | false | 
| global.privateCaCertsAddToHost.hostDirectory | string | Directory on the host to store private CA certificates. | "/etc/docker/certs.d" | 
| global.privateCaCertsAddToHost.priorityClassName | string | Priority class name for the cert copier container. | nil | 
| global.privateRegistry.enabled | bool | Enables or disables the use of a private Docker registry. | false | 
| global.privateRegistry.repository | string | Specifies the repository URL for the private Docker registry. | nil | 
| global.privateRegistry.secretName | string | Kubernetes secret name for accessing the private registry. | nil | 
| global.prometheusPostgresExporterEnabled | bool | Enables or disables the Prometheus Postgres Exporter. | false | 
| global.rbacEnabled | bool | Enables Role-Based Access Control (RBAC) for the platform. | true | 
| global.sccEnabled | bool | Enables Security Context Constraints (SCC) for OpenShift environments. | false | 
| global.singleNamespace | bool | Configures the platform to operate within a single namespace. | false | 
| global.ssl.enabled | bool | Enables SSL for platform communication. | false | 
| global.ssl.grafana.sslmode | string | SSL mode configuration for Grafana. | "require" | 
| global.ssl.mode | string | Global SSL mode configuration for the platform. | "prefer" | 
| global.stan.enabled | bool | Enables or disables the STAN (NATS Streaming) service. | true | 
| global.stan.replicas | int | Number of replicas for the STAN service. | 3 | 
| global.taskUsageMetricsEnabled | bool | Enables task usage metrics collection for the platform. | false | 
| global.tlsSecret | string | Specifies the Kubernetes secret for TLS certificates. | "astronomer-tls" | 
| global.veleroEnabled | bool | Enables or disables Velero for backups and restores. | false | 
Grafana
| Parameter | Type | Description | Default | 
|---|---|---|---|
| grafana.bootstrapper.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| grafana.dashboards | object | Preconfigured dashboards for Grafana. | {} | 
| grafana.extraEnvVars | list | Extra environment variables for Grafana. | [] | 
| grafana.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| grafana.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| grafana.resources.limits.cpu | string | CPU resource limit for Grafana. | "500m" | 
| grafana.resources.limits.memory | string | Memory resource limit for Grafana. | "1024Mi" | 
| grafana.resources.requests.cpu | string | CPU resource request for Grafana. | "250m" | 
| grafana.resources.requests.memory | string | Memory resource request for Grafana. | "512Mi" | 
| grafana.waitForDB.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
Kibana
| Parameter | Type | Description | Default | 
|---|---|---|---|
| kibana.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| kibana.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| kibana.resources.limits.cpu | string | CPU resource limit for Kibana. | "500m" | 
| kibana.resources.limits.memory | string | Memory resource limit for Kibana. | "1024Mi" | 
| kibana.resources.requests.cpu | string | CPU resource request for Kibana. | "250m" | 
| kibana.resources.requests.memory | string | Memory resource request for Kibana. | "512Mi" | 
| kibana.serviceAccounts.create | bool | Specifies whether a service account should be created. Set to falseto bring your own service accounts. | true | 
| kibana.serviceAccounts.name | string | A name for the service account. If serviceAccounts.createis set tofalse, thenameis auto-generated from the service account template used. | " "  | 
Kube-state
| Parameter | Type | Description | Default | 
|---|---|---|---|
| kube-state.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| kube-state.resources.limits.cpu | string | CPU resource limit for Kube State Metrics. | "500m" | 
| kube-state.resources.limits.memory | string | Memory resource limit for Kube State Metrics. | "1024Mi" | 
| kube-state.resources.requests.cpu | string | CPU resource request for Kube State Metrics. | "250m" | 
| kube-state.resources.requests.memory | string | Memory resource request for Kube State Metrics. | "512Mi" | 
NATS
| Parameter | Type | Description | Default | 
|---|---|---|---|
| nats.affinity.<< | object | Affinity rules for scheduling NATS pods on specific nodes. | {} | 
| nats.exporter.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| nats.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| nats.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| nats.reloader.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| nats.nats.resources.limits.cpu | string | CPU resource limit for the NATS service. | "250m" | 
| nats.nats.resources.limits.memory | string | Memory resource limit for the NATS service. | "100Mi" | 
| nats.nats.resources.requests.cpu | string | CPU resource request for the NATS service. | "75m" | 
| nats.nats.resources.requests.memory | string | Memory resource request for the NATS service. | "30Mi" | 
| nats.nodeSelector.<< | object | Node selector for scheduling NATS pods. | {} | 
| nats.tolerations | list | Tolerations for scheduling NATS pods on tainted nodes. | [] | 
nginx
| Parameter | Type | Description | Default | 
|---|---|---|---|
| nginx.defaultBackend.enabled | bool | Allows you to choose whether or not to use the NGINX default backend. | true | 
| nginx.defaultBackend.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| nginx.defaultBackend.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| nginx.defaultBackend.resources.limits.cpu | string | CPU resource limit for the NGINX default backend. | "120m" | 
| nginx.defaultBackend.resources.limits.memory | string | Memory resource limit for the NGINX default backend. | "100Mi" | 
| nginx.defaultBackend.resources.requests.cpu | string | CPU resource request for the NGINX default backend. | "100m" | 
| nginx.defaultBackend.resources.requests.memory | string | Memory resource request for the NGINX default backend. | "50Mi" | 
| nginx.ingressAnnotations | object | Custom annotations to apply to NGINX ingress resources. | {} | 
| nginx.loadBalancerIP | string | Specifies a static IP for the NGINX load balancer. | nil | 
| nginx.loadBalancerSourceRanges | list | Restricts access to the NGINX load balancer to specific IP ranges. | [] | 
| nginx.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| nginx.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| nginx.resources.limits.cpu | string | CPU resource limit for the NGINX controller. | "1" | 
| nginx.resources.limits.memory | string | Memory resource limit for the NGINX controller. | "2048Mi" | 
| nginx.resources.requests.cpu | string | CPU resource request for the NGINX controller. | "500m" | 
| nginx.resources.requests.memory | string | Memory resource request for the NGINX controller. | "1024Mi" | 
Prometheus
| Parameter | Type | Description | Default | 
|---|---|---|---|
| prometheus-blackbox-exporter.astroServices.commander.enabled | bool | Enables monitoring for the Commander service using Prometheus Blackbox Exporter. | true | 
| prometheus-blackbox-exporter.astroServices.elasticsearch.enabled | bool | Enables monitoring for the Elasticsearch service using Prometheus Blackbox Exporter. | true | 
| prometheus-blackbox-exporter.astroServices.grafana.enabled | bool | Enables monitoring for the Grafana service using Prometheus Blackbox Exporter. | true | 
| prometheus-blackbox-exporter.astroServices.houston.enabled | bool | Enables monitoring for the Houston service using Prometheus Blackbox Exporter. | true | 
| prometheus-blackbox-exporter.astroServices.kibana.enabled | bool | Enables monitoring for the Kibana service using Prometheus Blackbox Exporter. | true | 
| prometheus-blackbox-exporter.astroServices.registry.enabled | bool | Enables monitoring for the Registry service using Prometheus Blackbox Exporter. | true | 
| prometheus-blackbox-exporter.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| prometheus-blackbox-exporter.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| prometheus-blackbox-exporter.resources.limits.cpu | string | CPU resource limit for Prometheus Blackbox Exporter. | "100m" | 
| prometheus-blackbox-exporter.resources.limits.memory | string | Memory resource limit for Prometheus Blackbox Exporter. | "200Mi" | 
| prometheus-blackbox-exporter.resources.requests.cpu | string | CPU resource request for Prometheus Blackbox Exporter. | "50m" | 
| prometheus-blackbox-exporter.resources.requests.memory | string | Memory resource request for Prometheus Blackbox Exporter. | "70Mi" | 
| prometheus.configMapReloader.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| prometheus.configMapReloader.resources.limits.cpu | string | CPU resource limit for Prometheus ConfigMap Reloader. | "100m" | 
| prometheus.configMapReloader.resources.limits.memory | string | Memory resource limit for Prometheus ConfigMap Reloader. | "25Mi" | 
| prometheus.configMapReloader.resources.requests.cpu | string | CPU resource request for Prometheus ConfigMap Reloader. | "100m" | 
| prometheus.configMapReloader.resources.requests.memory | string | Memory resource request for Prometheus ConfigMap Reloader. | "25Mi" | 
| prometheus.filesdReloader.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| prometheus-node-exporter.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| prometheus-node-exporter.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| prometheus.persistence.enabled | bool | Enables or disables persistence for Prometheus data. | true | 
| prometheus.persistence.size | string | Size of the persistent volume for Prometheus. | "150Gi" | 
| prometheus.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| prometheus.podLabels | object | Custom labels to apply to Prometheus pods. | {} | 
| prometheus.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| prometheus-postgres-exporter.podAnnotations | String | Software component annotation that can be used to override a globally set annotation, or to annotate per-component. | {} | 
| prometheus-postgres-exporter.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| prometheus.resources.limits.cpu | string | CPU resource limit for Prometheus. | "2000m" | 
| prometheus.resources.limits.memory | string | Memory resource limit for Prometheus. | "8Gi" | 
| prometheus.resources.requests.cpu | string | CPU resource request for Prometheus. | "1000m" | 
| prometheus.resources.requests.memory | string | Memory resource request for Prometheus. | "4Gi" | 
| prometheus.retention | string | Data retention period for Prometheus metrics. | "15d" | 
| prometheus.serviceAccounts.create | bool | Specifies whether a service account should be created. Set to falseto bring your own service accounts. | true | 
| prometheus.serviceAccounts.name | string | A name for the service account. If serviceAccounts.createis set tofalse, thenameis auto-generated from the service account template used. | " "  | 
STAN
| Parameter | Type | Description | Default | 
|---|---|---|---|
| stan.affinity.<< | object | Affinity rules for scheduling STAN pods on specific nodes. | {} | 
| stan.exporter.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| stan.init.resources.limits.cpu | string | CPU resource limit for the STAN initialization containers. | "250m" | 
| stan.init.resources.limits.memory | string | Memory resource limit for the STAN initialization containers. | "100Mi" | 
| stan.init.resources.requests.cpu | string | CPU resource request for the STAN initialization containers. | "75m" | 
| stan.init.resources.requests.memory | string | Memory resource request for the STAN initialization containers. | "30Mi" | 
| stan.nodeSelector.<< | object | Node selector for scheduling STAN pods on specific nodes. | {} | 
| stan.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| stan.stan.nats.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
| stan.stan.resources.limits.cpu | string | CPU resource limit for the primary STAN service. | "250m" | 
| stan.stan.resources.limits.memory | string | Memory resource limit for the primary STAN service. | "100Mi" | 
| stan.stan.resources.requests.cpu | string | CPU resource request for the primary STAN service. | "75m" | 
| stan.stan.resources.requests.memory | string | Memory resource request for the primary STAN service. | "30Mi" | 
| stan.tolerations | list | Tolerations for scheduling STAN pods on tainted nodes. | [] | 
| stan.waitforNatsServer.podSecurityContext | string | Specifies Pod-level security contexts. | {} | 
Tags
| Parameter | Type | Description | Default | 
|---|---|---|---|
| tags.logging | bool | Tag used for resources related to logging functionality. | true | 
| tags.monitoring | bool | Tag used for resources related to monitoring functionality. | true | 
| tags.platform | bool | Tag used for resources related to platform-level configuration or infrastructure. | true | 
| tags.stan | bool | Tag used for resources related to the STAN service. | true |