> ## Documentation Index > Fetch the complete documentation index at: https://docs.open-metadata.org/llms.txt > Use this file to discover all available pages before exploring further. # Kubernetes Helm Values | Official Documentation > Customize your Helm values for Kubernetes deployments to control services, authentication, storage, and resource tuning. # Kubernetes Helm Values This page list all the supported helm values for OpenMetadata Helm Charts. ## Openmetadata Config Chart Values | Key | Type | Default | Environment Variable from openmetadata.yaml | | ------------------------------------------------------------------------------------------------------------------------------- | ------ | --------------------------------------------------------------------- | -------------------------------------------------- | | openmetadata.config.authentication.enabled | bool | `true` | | | openmetadata.config.authentication.clientType | string | `public` | AUTHENTICATION\_CLIENT\_TYPE | | openmetadata.config.authentication.provider | string | `basic` | AUTHENTICATION\_PROVIDER | | openmetadata.config.authentication.publicKeys | list | `[http://openmetadata:8585/api/v1/system/config/jwks]` | AUTHENTICATION\_PUBLIC\_KEYS | | openmetadata.config.authentication.authority | string | `https://accounts.google.com` | AUTHENTICATION\_AUTHORITY | | openmetadata.config.authentication.clientId | string | `Empty String` | AUTHENTICATION\_CLIENT\_ID | | openmetadata.config.authentication.callbackUrl | string | `Empty String` | AUTHENTICATION\_CALLBACK\_URL | | openmetadata.config.authentication.enableSelfSignup | bool | `true` | AUTHENTICATION\_ENABLE\_SELF\_SIGNUP | | openmetadata.config.authentication.jwtPrincipalClaims | list | `[email,preferred_username,sub]` | AUTHENTICATION\_JWT\_PRINCIPAL\_CLAIMS | | openmetadata.config.authentication.ldapConfiguration.host | string | `localhost` | AUTHENTICATION\_LDAP\_HOST | | openmetadata.config.authentication.ldapConfiguration.port | int | 10636 | AUTHENTICATION\_LDAP\_PORT | | openmetadata.config.authentication.ldapConfiguration.dnAdminPrincipal | string | `cn=admin,dc=example,dc=com` | AUTHENTICATION\_LOOKUP\_ADMIN\_DN | | openmetadata.config.authentication.ldapConfiguration.dnAdminPassword.secretRef | string | `ldap-secret` | AUTHENTICATION\_LOOKUP\_ADMIN\_PWD | | openmetadata.config.authentication.ldapConfiguration.dnAdminPassword.secretKey | string | `openmetadata-ldap-secret` | AUTHENTICATION\_LOOKUP\_ADMIN\_PWD | | openmetadata.config.authentication.ldapConfiguration.userBaseDN | string | `ou=people,dc=example,dc=com` | AUTHENTICATION\_USER\_LOOKUP\_BASEDN | | openmetadata.config.authentication.ldapConfiguration.groupBaseDN | string | `Empty String` | AUTHENTICATION\_GROUP\_LOOKUP\_BASEDN | | openmetadata.config.authentication.ldapConfiguration.roleAdminName | string | `Empty String` | AUTHENTICATION\_USER\_ROLE\_ADMIN\_NAME | | openmetadata.config.authentication.ldapConfiguration.allAttributeName | string | `Empty String` | AUTHENTICATION\_USER\_ALL\_ATTR | | openmetadata.config.authentication.ldapConfiguration.usernameAttributeName | string | `Empty String` | AUTHENTICATION\_USER\_NAME\_ATTR | | openmetadata.config.authentication.ldapConfiguration.groupAttributeName | string | `Empty String` | AUTHENTICATION\_USER\_GROUP\_ATTR | | openmetadata.config.authentication.ldapConfiguration.groupAttributeValue | string | `Empty String` | AUTHENTICATION\_USER\_GROUP\_ATTR\_VALUE | | openmetadata.config.authentication.ldapConfiguration.groupMemberAttributeName | string | `Empty String` | AUTHENTICATION\_USER\_GROUP\_MEMBER\_ATTR | | openmetadata.config.authentication.ldapConfiguration.authRolesMapping | string | `Empty String` | AUTH\_ROLES\_MAPPING | | openmetadata.config.authentication.ldapConfiguration.authReassignRoles | string | `Empty String` | AUTH\_REASSIGN\_ROLES | | openmetadata.config.authentication.ldapConfiguration.mailAttributeName | string | `email` | AUTHENTICATION\_USER\_MAIL\_ATTR | | openmetadata.config.authentication.ldapConfiguration.maxPoolSize | int | 3 | AUTHENTICATION\_LDAP\_POOL\_SIZE | | openmetadata.config.authentication.ldapConfiguration.sslEnabled | bool | `true` | AUTHENTICATION\_LDAP\_SSL\_ENABLED | | openmetadata.config.authentication.ldapConfiguration.truststoreConfigType | string | `TrustAll` | AUTHENTICATION\_LDAP\_TRUSTSTORE\_TYPE | | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.customTrustManagerConfig.trustStoreFilePath | string | `Empty String` | AUTHENTICATION\_LDAP\_TRUSTSTORE\_PATH | | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.customTrustManagerConfig.trustStoreFilePassword.secretRef | string | `Empty String` | AUTHENTICATION\_LDAP\_KEYSTORE\_PASSWORD | | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.customTrustManagerConfig.trustStoreFilePassword.secretKey | string | `Empty String` | AUTHENTICATION\_LDAP\_KEYSTORE\_PASSWORD | | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.customTrustManagerConfig.trustStoreFileFormat | string | `Empty String` | AUTHENTICATION\_LDAP\_SSL\_KEY\_FORMAT | | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.customTrustManagerConfig.verifyHostname | string | `Empty String` | AUTHENTICATION\_LDAP\_SSL\_VERIFY\_CERT\_HOST | | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.customTrustManagerConfig.examineValidityDate | bool | `true` | AUTHENTICATION\_LDAP\_EXAMINE\_VALIDITY\_DATES | | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.hostNameConfig.allowWildCards | bool | `false` | AUTHENTICATION\_LDAP\_ALLOW\_WILDCARDS | | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.hostNameConfig.acceptableHostNames | string | `[Empty String]` | AUTHENTICATION\_LDAP\_ALLOWED\_HOSTNAMES | | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.jvmDefaultConfig.verifyHostname | string | `Empty String` | AUTHENTICATION\_LDAP\_SSL\_VERIFY\_CERT\_HOST | | openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.trustAllConfig.examineValidityDates | bool | `true` | AUTHENTICATION\_LDAP\_EXAMINE\_VALIDITY\_DATES | | openmetadata.config.authentication.oidcConfiguration.callbackUrl | string | `http://openmetadata:8585/callback` | OIDC\_CALLBACK | | openmetadata.config.authentication.oidcConfiguration.clientAuthenticationMethod | string | `client_secret_post` | OIDC\_CLIENT\_AUTH\_METHOD | | openmetadata.config.authentication.oidcConfiguration.clientId.secretKey | string | `openmetadata-oidc-client-id` | OIDC\_CLIENT\_ID | | openmetadata.config.authentication.oidcConfiguration.clientId.secretRef | string | `oidc-secrets` | OIDC\_CLIENT\_ID | | openmetadata.config.authentication.oidcConfiguration.clientSecret.secretKey | string | `openmetadata-oidc-client-secret` | OIDC\_CLIENT\_SECRET | | openmetadata.config.authentication.oidcConfiguration.clientSecret.secretRef | string | `oidc-secrets` | OIDC\_CLIENT\_SECRET | | openmetadata.config.authentication.oidcConfiguration.customParams | string | `Empty` | OIDC\_CUSTOM\_PARAMS | | openmetadata.config.authentication.oidcConfiguration.disablePkce | bool | true | OIDC\_DISABLE\_PKCE | | openmetadata.config.authentication.oidcConfiguration.discoveryUri | string | `Empty` | OIDC\_DISCOVERY\_URI | | openmetadata.config.authentication.oidcConfiguration.enabled | bool | false | | | openmetadata.config.authentication.oidcConfiguration.maxClockSkew | string | `Empty` | OIDC\_MAX\_CLOCK\_SKEW | | openmetadata.config.authentication.oidcConfiguration.oidcType | string | `Empty` | OIDC\_TYPE | | openmetadata.config.authentication.oidcConfiguration.preferredJwsAlgorithm | string | `RS256` | OIDC\_PREFERRED\_JWS | | openmetadata.config.authentication.oidcConfiguration.responseType | string | `code` | OIDC\_RESPONSE\_TYPE | | openmetadata.config.authentication.oidcConfiguration.scope | string | `openid email profile` | OIDC\_SCOPE | | openmetadata.config.authentication.oidcConfiguration.serverUrl | string | `http://openmetadata:8585` | OIDC\_SERVER\_URL | | openmetadata.config.authentication.oidcConfiguration.tenant | string | `Empty` | OIDC\_TENANT | | openmetadata.config.authentication.oidcConfiguration.useNonce | bool | `true` | OIDC\_USE\_NONCE | | openmetadata.config.authentication.saml.debugMode | bool | false | SAML\_DEBUG\_MODE | | openmetadata.config.authentication.saml.idp.entityId | string | `Empty` | SAML\_IDP\_ENTITY\_ID | | openmetadata.config.authentication.saml.idp.ssoLoginUrl | string | `Empty` | SAML\_IDP\_SSO\_LOGIN\_URL | | openmetadata.config.authentication.saml.idp.idpX509Certificate.secretRef | string | `Empty` | SAML\_IDP\_CERTIFICATE | | openmetadata.config.authentication.saml.idp.idpX509Certificate.secretKey | string | `Empty` | SAML\_IDP\_CERTIFICATE | | openmetadata.config.authentication.saml.idp.authorityUrl | string | `http://openmetadata:8585/api/v1/saml/login` | SAML\_AUTHORITY\_URL | | openmetadata.config.authentication.saml.idp.nameId | string | `urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress` | SAML\_IDP\_NAME\_ID | | openmetadata.config.authentication.saml.sp.entityId | string | `http://openmetadata:8585/api/v1/saml/acs` | SAML\_SP\_ENTITY\_ID | | openmetadata.config.authentication.saml.sp.acs | string | `http://openmetadata:8585/api/v1/saml/acs` | SAML\_SP\_ACS | | openmetadata.config.authentication.saml.sp.spX509Certificate.secretRef | string | `Empty` | SAML\_SP\_CERTIFICATE | | openmetadata.config.authentication.saml.sp.spX509Certificate.secretKey | string | `Empty` | SAML\_SP\_CERTIFICATE | | openmetadata.config.authentication.saml.sp.callback | string | `http://openmetadata:8585/saml/callback` | SAML\_SP\_CALLBACK | | openmetadata.config.authentication.saml.security.strictMode | bool | false | SAML\_STRICT\_MODE | | openmetadata.config.authentication.saml.security.tokenValidity | int | 3600 | SAML\_SP\_TOKEN\_VALIDITY | | openmetadata.config.authentication.saml.security.sendEncryptedNameId | bool | false | SAML\_SEND\_ENCRYPTED\_NAME\_ID | | openmetadata.config.authentication.saml.security.sendSignedAuthRequest | bool | false | SAML\_SEND\_SIGNED\_AUTH\_REQUEST | | openmetadata.config.authentication.saml.security.signSpMetadata | bool | false | SAML\_SIGNED\_SP\_METADATA | | openmetadata.config.authentication.saml.security.wantMessagesSigned | bool | false | SAML\_WANT\_MESSAGE\_SIGNED | | openmetadata.config.authentication.saml.security.wantAssertionsSigned | bool | false | SAML\_WANT\_ASSERTION\_SIGNED | | openmetadata.config.authentication.saml.security.wantAssertionEncrypted | bool | false | SAML\_WANT\_ASSERTION\_ENCRYPTED | | openmetadata.config.authentication.saml.security.wantNameIdEncrypted | bool | false | SAML\_WANT\_NAME\_ID\_ENCRYPTED | | openmetadata.config.authentication.saml.security.keyStoreFilePath | string | `Empty` | SAML\_KEYSTORE\_FILE\_PATH | | openmetadata.config.authentication.saml.security.keyStoreAlias.secretRef | string | `Empty` | SAML\_KEYSTORE\_ALIAS | | openmetadata.config.authentication.saml.security.keyStoreAlias.secretKey | string | `Empty` | SAML\_KEYSTORE\_ALIAS | | openmetadata.config.authentication.saml.security.keyStorePassword.secretRef | string | `Empty` | SAML\_KEYSTORE\_PASSWORD | | openmetadata.config.authentication.saml.security.keyStorePassword.secretKey | string | `Empty` | SAML\_KEYSTORE\_PASSWORD | | openmetadata.config.authorizer.enabled | bool | `true` | | | openmetadata.config.authorizer.allowedEmailRegistrationDomains | list | `[all]` | AUTHORIZER\_ALLOWED\_REGISTRATION\_DOMAIN | | openmetadata.config.authorizer.className | string | `org.openmetadata.service.security.DefaultAuthorizer` | AUTHORIZER\_CLASS\_NAME | | openmetadata.config.authorizer.containerRequestFilter | string | `org.openmetadata.service.security.JwtFilter` | AUTHORIZER\_REQUEST\_FILTER | | openmetadata.config.authorizer.enforcePrincipalDomain | bool | `false` | AUTHORIZER\_ENFORCE\_PRINCIPAL\_DOMAIN | | openmetadata.config.authorizer.enableSecureSocketConnection | bool | `false` | AUTHORIZER\_ENABLE\_SECURE\_SOCKET | | openmetadata.config.authorizer.initialAdmins | list | `[admin]` | AUTHORIZER\_ADMIN\_PRINCIPALS | | openmetadata.config.authorizer.principalDomain | string | `open-metadata.org` | AUTHORIZER\_PRINCIPAL\_DOMAIN | | openmetadata.config.airflow\.auth.password.secretRef | string | `airflow-secrets` | AIRFLOW\_PASSWORD | | openmetadata.config.airflow\.auth.password.secretKey | string | `openmetadata-airflow-password` | AIRFLOW\_PASSWORD | | openmetadata.config.airflow\.auth.username | string | `admin` | AIRFLOW\_USERNAME | | openmetadata.config.airflow\.enabled | bool | `true` | | | openmetadata.config.airflow\.host | string | `http://openmetadata-dependencies-web:8080` | PIPELINE\_SERVICE\_CLIENT\_ENDPOINT | | openmetadata.config.airflow\.openmetadata.serverHostApiUrl | string | `http://openmetadata:8585/api` | SERVER\_HOST\_API\_URL | | openmetadata.config.airflow\.sslCertificatePath | string | `/no/path` | PIPELINE\_SERVICE\_CLIENT\_SSL\_CERT\_PATH | | openmetadata.config.airflow\.verifySsl | string | `no-ssl` | PIPELINE\_SERVICE\_CLIENT\_VERIFY\_SSL | | openmetadata.config.clusterName | string | `openmetadata` | OPENMETADATA\_CLUSTER\_NAME | | openmetadata.config.database.enabled | bool | `true` | | | openmetadata.config.database.auth.password.secretRef | string | `mysql-secrets` | DB\_USER\_PASSWORD | | openmetadata.config.database.auth.password.secretKey | string | `openmetadata-mysql-password` | DB\_USER\_PASSWORD | | openmetadata.config.database.auth.username | string | `openmetadata_user` | DB\_USER | | openmetadata.config.database.databaseName | string | `openmetadata_db` | OM\_DATABASE | | openmetadata.config.database.dbParams | string | `allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC` | DB\_PARAMS | | openmetadata.config.database.dbScheme | string | `mysql` | DB\_SCHEME | | openmetadata.config.database.driverClass | string | `com.mysql.cj.jdbc.Driver` | DB\_DRIVER\_CLASS | | openmetadata.config.database.host | string | `mysql` | DB\_HOST | | openmetadata.config.database.port | int | 3306 | DB\_PORT | | openmetadata.config.elasticsearch.enabled | bool | `true` | | | openmetadata.config.elasticsearch.auth.enabled | bool | `false` | | | openmetadata.config.elasticsearch.auth.username | string | `elasticsearch` | ELASTICSEARCH\_USER | | openmetadata.config.elasticsearch.auth.password.secretRef | string | `elasticsearch-secrets` | ELASTICSEARCH\_PASSWORD | | openmetadata.config.elasticsearch.auth.password.secretKey | string | `openmetadata-elasticsearch-password` | ELASTICSEARCH\_PASSWORD | | openmetadata.config.elasticsearch.host | string | `opensearch` | ELASTICSEARCH\_HOST | | openmetadata.config.elasticsearch.keepAliveTimeoutSecs | int | `600` | ELASTICSEARCH\_KEEP\_ALIVE\_TIMEOUT\_SECS | | openmetadata.config.elasticsearch.port | int | 9200 | ELASTICSEARCH\_PORT | | openmetadata.config.elasticsearch.searchType | string | `opensearch` | SEARCH\_TYPE | | openmetadata.config.elasticsearch.scheme | string | `http` | ELASTICSEARCH\_SCHEME | | openmetadata.config.elasticsearch.clusterAlias | string | `Empty String` | ELASTICSEARCH\_CLUSTER\_ALIAS | | openmetadata.config.elasticsearch.searchIndexMappingLanguage | string | `EN` | ELASTICSEARCH\_INDEX\_MAPPING\_LANG | | openmetadata.config.elasticsearch.trustStore.enabled | bool | `false` | | | openmetadata.config.elasticsearch.trustStore.path | string | `Empty String` | ELASTICSEARCH\_TRUST\_STORE\_PATH | | openmetadata.config.elasticsearch.trustStore.password.secretRef | string | `elasticsearch-truststore-secrets` | ELASTICSEARCH\_TRUST\_STORE\_PASSWORD | | openmetadata.config.elasticsearch.trustStore.password.secretKey | string | `openmetadata-elasticsearch-truststore-password` | ELASTICSEARCH\_TRUST\_STORE\_PASSWORD | | openmetadata.config.eventMonitor.enabled | bool | `true` | | | openmetadata.config.eventMonitor.type | string | `prometheus` | EVENT\_MONITOR | | openmetadata.config.eventMonitor.batchSize | int | `10` | EVENT\_MONITOR\_BATCH\_SIZE | | openmetadata.config.eventMonitor.pathPattern | list | `[/api/v1/tables/*,/api/v1/health-check]` | EVENT\_MONITOR\_PATH\_PATTERN | | openmetadata.config.eventMonitor.latency | list | `[]` | EVENT\_MONITOR\_LATENCY | | openmetadata.config.fernetkey.value | string | `jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=` | FERNET\_KEY | | openmetadata.config.fernetkey.secretRef | string | \`\` | FERNET\_KEY | | openmetadata.config.fernetkey.secretKef | string | \`\` | FERNET\_KEY | | openmetadata.config.jwtTokenConfiguration.enabled | bool | `true` | | | openmetadata.config.jwtTokenConfiguration.rsapublicKeyFilePath | string | `./conf/public_key.der` | RSA\_PUBLIC\_KEY\_FILE\_PATH | | openmetadata.config.jwtTokenConfiguration.rsaprivateKeyFilePath | string | `./conf/private_key.der` | RSA\_PRIVATE\_KEY\_FILE\_PATH | | openmetadata.config.jwtTokenConfiguration.jwtissuer | string | `open-metadata.org` | JWT\_ISSUER | | openmetadata.config.jwtTokenConfiguration.keyId | string | `Gb389a-9f76-gdjs-a92j-0242bk94356` | JWT\_KEY\_ID | | openmetadata.config.logLevel | string | `INFO` | LOG\_LEVEL | | openmetadata.config.openmetadata.adminPort | int | 8586 | SERVER\_ADMIN\_PORT | | openmetadata.config.openmetadata.host | string | `openmetadata` | OPENMETADATA\_SERVER\_URL | | openmetadata.config.openmetadata.port | int | 8585 | SERVER\_PORT | | openmetadata.config.pipelineServiceClientConfig.auth.password.secretRef | string | `airflow-secrets` | AIRFLOW\_PASSWORD | | openmetadata.config.pipelineServiceClientConfig.auth.password.secretKey | string | `openmetadata-airflow-password` | AIRFLOW\_PASSWORD | | openmetadata.config.pipelineServiceClientConfig.auth.username | string | `admin` | AIRFLOW\_USERNAME | | openmetadata.config.pipelineServiceClientConfig.auth.trustStorePath | string | \`\` | AIRFLOW\_TRUST\_STORE\_PATH | | openmetadata.config.pipelineServiceClientConfig.auth.trustStorePassword.secretRef | string | \`\` | AIRFLOW\_TRUST\_STORE\_PASSWORD | | openmetadata.config.pipelineServiceClientConfig.auth.trustStorePassword.secretKey | string | \`\` | AIRFLOW\_TRUST\_STORE\_PASSWORD | | openmetadata.config.pipelineServiceClientConfig.apiEndpoint | string | `http://openmetadata-dependencies-web:8080` | PIPELINE\_SERVICE\_CLIENT\_ENDPOINT | | openmetadata.config.pipelineServiceClientConfig.className | string | `org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient` | PIPELINE\_SERVICE\_CLIENT\_CLASS\_NAME | | openmetadata.config.pipelineServiceClientConfig.enabled | bool | `true` | PIPELINE\_SERVICE\_CLIENT\_ENABLED | | openmetadata.config.pipelineServiceClientConfig.healthCheckInterval | int | `300` | PIPELINE\_SERVICE\_CLIENT\_HEALTH\_CHECK\_INTERVAL | | openmetadata.config.pipelineServiceClientConfig.ingestionIpInfoEnabled | bool | `false` | PIPELINE\_SERVICE\_IP\_INFO\_ENABLED | | openmetadata.config.pipelineServiceClientConfig.metadataApiEndpoint | string | `http://openmetadata:8585/api` | SERVER\_HOST\_API\_URL | | openmetadata.config.pipelineServiceClientConfig.sslCertificatePath | string | `/no/path` | PIPELINE\_SERVICE\_CLIENT\_SSL\_CERT\_PATH | | openmetadata.config.pipelineServiceClientConfig.verifySsl | string | `no-ssl` | PIPELINE\_SERVICE\_CLIENT\_VERIFY\_SSL | | openmetadata.config.pipelineServiceClientConfig.hostIp | string | `Empty` | PIPELINE\_SERVICE\_CLIENT\_HOST\_IP | | openmetadata.config.pipelineServiceClientConfig.type | string | `airflow` | Orchestrator type: `airflow` or `k8s` | ### Kubernetes Native Orchestrator Values The following values are used when `pipelineServiceClientConfig.type` is set to `k8s`. See the [Kubernetes Orchestrator](/v1.12.x/deployment/ingestion/kubernetes) guide for full documentation. | Key | Type | Default | Description | | -------------------------------------------------------------------------------- | ------ | ----------------------------------------------------------------- | ------------------------------------------- | | openmetadata.config.pipelineServiceClientConfig.k8s.className | string | `org.openmetadata.service.clients.pipeline.k8s.K8sPipelineClient` | K8s client class | | openmetadata.config.pipelineServiceClientConfig.k8s.ingestionImage | string | `docker.getcollate.io/openmetadata/ingestion-base:latest` | Ingestion container image | | openmetadata.config.pipelineServiceClientConfig.k8s.imagePullPolicy | string | `IfNotPresent` | Image pull policy | | openmetadata.config.pipelineServiceClientConfig.k8s.imagePullSecrets | string | \`\` | Comma-separated image pull secrets | | openmetadata.config.pipelineServiceClientConfig.k8s.serviceAccountName | string | `openmetadata-ingestion` | Service account for ingestion jobs | | openmetadata.config.pipelineServiceClientConfig.k8s.ttlSecondsAfterFinished | int | `86400` | Time to keep completed jobs (seconds) | | openmetadata.config.pipelineServiceClientConfig.k8s.activeDeadlineSeconds | int | `7200` | Maximum job runtime (seconds) | | openmetadata.config.pipelineServiceClientConfig.k8s.backoffLimit | int | `3` | Maximum retry attempts | | openmetadata.config.pipelineServiceClientConfig.k8s.successfulJobsHistoryLimit | int | `3` | Successful jobs to retain | | openmetadata.config.pipelineServiceClientConfig.k8s.failedJobsHistoryLimit | int | `3` | Failed jobs to retain | | openmetadata.config.pipelineServiceClientConfig.k8s.nodeSelector | string | \`\` | Node selector (comma-separated key=value) | | openmetadata.config.pipelineServiceClientConfig.k8s.securityContext.runAsUser | int | `1000` | Run as user ID | | openmetadata.config.pipelineServiceClientConfig.k8s.securityContext.runAsGroup | int | `1000` | Run as group ID | | openmetadata.config.pipelineServiceClientConfig.k8s.securityContext.fsGroup | int | `1000` | Filesystem group ID | | openmetadata.config.pipelineServiceClientConfig.k8s.securityContext.runAsNonRoot | bool | `true` | Require non-root | | openmetadata.config.pipelineServiceClientConfig.k8s.resources.limits.cpu | string | `2` | CPU limit | | openmetadata.config.pipelineServiceClientConfig.k8s.resources.limits.memory | string | `4Gi` | Memory limit | | openmetadata.config.pipelineServiceClientConfig.k8s.resources.requests.cpu | string | `500m` | CPU request | | openmetadata.config.pipelineServiceClientConfig.k8s.resources.requests.memory | string | `1Gi` | Memory request | | openmetadata.config.pipelineServiceClientConfig.k8s.podAnnotations | string | \`\` | Pod annotations (comma-separated key=value) | | openmetadata.config.pipelineServiceClientConfig.k8s.extraEnvVars | list | `[]` | Extra environment variables | | openmetadata.config.pipelineServiceClientConfig.k8s.enableFailureDiagnostics | bool | `true` | Enable failure diagnostics | | openmetadata.config.pipelineServiceClientConfig.k8s.useOMJobOperator | bool | `false` | Use OMJob operator for exit handlers | | openmetadata.config.pipelineServiceClientConfig.k8s.rbac.enabled | bool | `true` | Create RBAC resources | ### OMJob Operator Values The OMJob Operator provides guaranteed exit handler execution. Required when `k8s.useOMJobOperator: true`. | Key | Type | Default | Description | | ---------------------------------------- | ------ | -------------------------------------------------- | ----------------------------------------------- | | omjobOperator.enabled | bool | `false` | Install OMJob CRD and operator | | omjobOperator.image.repository | string | `docker.getcollate.io/openmetadata/omjob-operator` | Operator image | | omjobOperator.image.tag | string | `1.12.0-SNAPSHOT` | Operator image tag | | omjobOperator.image.pullPolicy | string | `IfNotPresent` | Image pull policy | | omjobOperator.resources.requests.cpu | string | `100m` | CPU request | | omjobOperator.resources.requests.memory | string | `128Mi` | Memory request | | omjobOperator.resources.limits.cpu | string | `500m` | CPU limit | | omjobOperator.resources.limits.memory | string | `256Mi` | Memory limit | | omjobOperator.env.logLevel | string | `INFO` | Log level | | omjobOperator.env.reconciliationThreads | string | `5` | Reconciliation threads | | omjobOperator.env.healthCheckPort | string | `8080` | Health check port | | omjobOperator.env.metricsPort | string | `8081` | Metrics port | | omjobOperator.env.pollingIntervalSeconds | string | `10` | Pod status polling interval | | omjobOperator.env.requeueDelaySeconds | string | `30` | Requeue delay after errors | | omjobOperator.env.watchNamespaces | string | \`\` | Namespaces to watch (comma-separated, or "ALL") | \| openmetadata.config.secretsManager.enabled | bool | `true` | | \| openmetadata.config.secretsManager.provider | string | `Empty String` | SECRET\_MANAGER | \| openmetadata.config.secretsManager.prefix | string | `Empty String` | SECRET\_MANAGER\_PREFIX | \| openmetadata.config.secretsManager.tags | list | `[]` | SECRET\_MANAGER\_TAGS | \| openmetadata.config.secretsManager.additionalParameters.enabled | bool | `false` | | \| openmetadata.config.secretsManager.additionalParameters.accessKeyId.secretRef | string | `aws-access-key-secret` | OM\_SM\_ACCESS\_KEY\_ID | \| openmetadata.config.secretsManager.additionalParameters.accessKeyId.secretKey | string | `aws-key-secret` | OM\_SM\_ACCESS\_KEY\_ID | \| openmetadata.config.secretsManager.additionalParameters.clientId.secretRef | string | `azure-client-id-secret` | OM\_SM\_CLIENT\_ID | \| openmetadata.config.secretsManager.additionalParameters.clientId.secretKey | string | `azure-key-secret` | OM\_SM\_CLIENT\_ID | \| openmetadata.config.secretsManager.additionalParameters.clientSecret.secretRef | string | `azure-client-secret` | OM\_SM\_CLIENT\_SECRET | \| openmetadata.config.secretsManager.additionalParameters.clientSecret.secretKey | string | `azure-key-secret` | OM\_SM\_CLIENT\_SECRET | \| openmetadata.config.secretsManager.additionalParameters.tenantId.secretRef | string | `azure-tenant-id-secret` | OM\_SM\_TENANT\_ID | \| openmetadata.config.secretsManager.additionalParameters.tenantId.secretKey | string | `azure-key-secret` | OM\_SM\_TENANT\_ID | \| openmetadata.config.secretsManager.additionalParameters.vaultName.secretRef | string | `azure-vault-name-secret` | OM\_SM\_VAULT\_NAME | \| openmetadata.config.secretsManager.additionalParameters.vaultName.secretKey | string | `azure-key-secret` | OM\_SM\_VAULT\_NAME | \| openmetadata.config.secretsManager.additionalParameters.region | string | `Empty String` | OM\_SM\_REGION | \| openmetadata.config.secretsManager.additionalParameters.secretAccessKey.secretRef | string | `aws-secret-access-key-secret` | OM\_SM\_ACCESS\_KEY | \| openmetadata.config.secretsManager.additionalParameters.secretAccessKey.secretKey | string | `aws-key-secret` | OM\_SM\_ACCESS\_KEY | \| openmetadata.config.smtpConfig.enableSmtpServer | bool | `false` | AUTHORIZER\_ENABLE\_SMTP | \| openmetadata.config.smtpConfig.emailingEntity | string | `OpenMetadata` | OM\_EMAIL\_ENTITY | \| openmetadata.config.smtpConfig.openMetadataUrl | string | `Empty String` | OPENMETADATA\_SERVER\_URL | \| openmetadata.config.smtpConfig.password.secretKey | string | `Empty String` | SMTP\_SERVER\_PWD | \| openmetadata.config.smtpConfig.password.secretRef | string | `Empty String` | SMTP\_SERVER\_PWD | \| openmetadata.config.smtpConfig.serverEndpoint | string | `Empty String` | SMTP\_SERVER\_ENDPOINT | \| openmetadata.config.smtpConfig.serverPort | string | `Empty String` | SMTP\_SERVER\_PORT | \| openmetadata.config.smtpConfig.supportUrl | string | `https://slack.open-metadata.org` | OM\_SUPPORT\_URL | \| openmetadata.config.smtpConfig.transportationStrategy | string | `SMTP_TLS` | SMTP\_SERVER\_STRATEGY | \| openmetadata.config.smtpConfig.username | string | `Empty String` | SMTP\_SERVER\_USERNAME | \| openmetadata.config.upgradeMigrationConfigs.debug | bool | `false` | | \| openmetadata.config.upgradeMigrationConfigs.additionalArgs | string | `Empty String` | | \| openmetadata.config.web.enabled | bool | `true` | | \| openmetadata.config.web.contentTypeOptions.enabled | bool | `false` | WEB\_CONF\_CONTENT\_TYPE\_OPTIONS\_ENABLED | \| openmetadata.config.web.csp.enabled | bool | `false` | WEB\_CONF\_XSS\_CSP\_ENABLED | \| openmetadata.config.web.csp.policy | string | `default-src 'self` | WEB\_CONF\_XSS\_CSP\_POLICY | \| openmetadata.config.web.csp.reportOnlyPolicy | string | `Empty String` | WEB\_CONF\_XSS\_CSP\_REPORT\_ONLY\_POLICY | \| openmetadata.config.web.frameOptions.enabled | bool | `false` | WEB\_CONF\_FRAME\_OPTION\_ENABLED | \| openmetadata.config.web.frameOptions.option | string | `SAMEORIGIN` | WEB\_CONF\_FRAME\_OPTION | \| openmetadata.config.web.frameOptions.origin | string | `Empty String` | WEB\_CONF\_FRAME\_ORIGIN | \| openmetadata.config.web.hsts.enabled | bool | `false` | WEB\_CONF\_HSTS\_ENABLED | \| openmetadata.config.web.hsts.includeSubDomains | bool | `true` | WEB\_CONF\_HSTS\_INCLUDE\_SUBDOMAINS | \| openmetadata.config.web.hsts.maxAge | string | `365 days` | WEB\_CONF\_HSTS\_MAX\_AGE | \| openmetadata.config.web.hsts.preload | bool | `true` | WEB\_CONF\_HSTS\_PRELOAD | \| openmetadata.config.web.uriPath | string | `/api` | WEB\_CONF\_URI\_PATH | \| openmetadata.config.web.xssProtection.block | bool | `true` | WEB\_CONF\_XSS\_PROTECTION\_BLOCK | \| openmetadata.config.web.xssProtection.enabled | bool | `false` | WEB\_CONF\_XSS\_PROTECTION\_ENABLED | \| openmetadata.config.web.xssProtection.onXss | bool | `true` | WEB\_CONF\_XSS\_PROTECTION\_ON | \| openmetadata.config.web.referrer-policy.enabled | bool | `false` | WEB\_CONF\_REFERRER\_POLICY\_ENABLED | \| openmetadata.config.web.referrer-policy.option | string | `SAME_ORIGIN'` | WEB\_CONF\_REFERRER\_POLICY\_OPTION | \| openmetadata.config.web.permission-policy.enabled | bool | `false` | WEB\_CONF\_PERMISSION\_POLICY\_ENABLED | \| openmetadata.config.web.permission-policy.option | string | `Empty String` | WEB\_CONF\_PERMISSION\_POLICY\_OPTION | ## Chart Values | Key | Type | Default | | ----------------------------------------- | --------------------------------------------------------------------------------------------------- | ------------------------------------------------ | | affinity | object | `{}` | | commonLabels | object | `{}` | | extraEnvs | Extra \[environment variables]\[] which will be appended to the `env:` definition for the container | `[]` | | extraInitContainers | Templatable string of additional `initContainers` to be passed to `tpl` function | `[]` | | extraVolumes | Templatable string of additional `volumes` to be passed to the `tpl` function | `[]` | | extraVolumeMounts | Templatable string of additional `volumeMounts` to be passed to the `tpl` function | `[]` | | fullnameOverride | string | `"openmetadata"` | | image.pullPolicy | string | `"Always"` | | image.repository | string | `"docker.open-metadata.org/openmetadata/server"` | | image.tag | string | `1.3.4` | | imagePullSecrets | list | `[]` | | ingress.annotations | object | `{}` | | ingress.className | string | `""` | | ingress.enabled | bool | `false` | | ingress.hosts\[0].host | string | `"open-metadata.local"` | | ingress.hosts\[0].paths\[0].path | string | `"/"` | | ingress.hosts\[0].paths\[0].pathType | string | `"ImplementationSpecific"` | | ingress.tls | list | `[]` | | livenessProbe.initialDelaySeconds | int | `60` | | livenessProbe.periodSeconds | int | `30` | | livenessProbe.failureThreshold | int | `5` | | livenessProbe.httpGet.path | string | `/healthcheck` | | livenessProbe.httpGet.port | string | `http-admin` | | nameOverride | string | `""` | | nodeSelector | object | `{}` | | podAnnotations | object | `{}` | | podSecurityContext | object | `{}` | | readinessProbe.initialDelaySeconds | int | `60` | | readinessProbe.periodSeconds | int | `30` | | readinessProbe.failureThreshold | int | `5` | | readinessProbe.httpGet.path | string | `/` | | readinessProbe.httpGet.port | string | `http` | | replicaCount | int | `1` | | resources | object | `{}` | | securityContext | object | `{}` | | service.adminPort | string | `8586` | | service.annotations | object | `{}` | | service.port | int | `8585` | | service.type | string | `"ClusterIP"` | | serviceAccount.annotations | object | `{}` | | serviceAccount.create | bool | `true` | | serviceAccount.name | string | `nil` | | automountServiceAccountToken | bool | `true` | | serviceMonitor.annotations | object | `{}` | | serviceMonitor.enabled | bool | `false` | | serviceMonitor.interval | string | `30s` | | serviceMonitor.labels | object | `{}` | | sidecars | list | `[]` | | startupProbe.periodSeconds | int | `60` | | startupProbe.failureThreshold | int | `5` | | startupProbe.httpGet.path | string | `/healthcheck` | | startupProbe.httpGet.port | string | `http-admin` | | startupProbe.successThreshold | int | `1` | | tolerations | list | `[]` | | networkPolicy.enabled | bool | `false` | | podDisruptionBudget.enabled | bool | `false` | | podDisruptionBudget.config.maxUnavailable | String | `1` | | podDisruptionBudget.config.minAvailable | String | `1` |