Helm chart values
The jaas Helm chart lives in the
metio/helm-charts
monorepo and is published at oci://ghcr.io/metio/helm-charts/jaas. The tables
below are generated from each chart’s values.yaml, so they track the chart’s
current values rather than a hand-maintained copy.
For how the values map onto the binary’s runtime behaviour, see the
Configuration reference
— every arguments.*
value drives the corresponding --flag.
jaas chart
| Value | Type | Default | Description |
|---|---|---|---|
additionalLibraries | object|null | (empty) | Additional library OCI volumes to mount. The key is the name of the directory and the value is an OCI volume that will be mounted beneath .Values.paths.libraries, e.g., the commented example below would result in all files from 'ghcr.io/metio/something:latest' to be mounted at '/srv/libraries/something/' (using the default configuration) OCI mounts suit large, independently-released library bundles pinned by digest. For shared libraries you want to manage as ordinary manifests — published and updated via kubectl/GitOps without an operator restart — apply a namespaced JsonnetLibrary instead and reference it from a snippet's spec.libraries. |
arguments | object | (empty) | CLI flags for the jaas binary. These arguments map directly to their corresponding CLI flag. |
arguments.evaluationTimeout | string | 5s | Per-request go-jsonnet evaluation timeout. 0 disables. |
arguments.jsonnetEndpointPath | string | jsonnet | URL path segment the jsonnet handler is mounted under (GET /<path>/...). |
arguments.listenAddress | string | :: | Bind address for the jsonnet HTTP and management servers. `::` listens on every IPv6 interface and — because Go opens IPV6_V6ONLY=0 by default on Linux — also accepts IPv4 connections via v4-mapped addresses. Use `0.0.0.0` to constrain to IPv4 on clusters that don't support dual-stack pods. |
arguments.logFormat | string | json | Log output format for the jaas binary (json, text). |
arguments.logLevel | string | info | Log verbosity for the jaas binary (debug, info, warn, error). |
arguments.managementListenAddress | string | :: | Bind address for the management (probes) HTTP server. Same dual-stack semantics as listenAddress. |
arguments.managementReadTimeout | string | 10s | Read timeout on the management (probes) HTTP server. |
arguments.managementWriteTimeout | string | 10s | Write timeout on the management (probes) HTTP server. |
arguments.maxConcurrentEvals | integer | 32 | Maximum in-flight Jsonnet evaluations across both HTTP and operator paths. Excess requests return 503 (HTTP) or RequeueAfter (operator) with EvalUnavailable backpressure events. Sized to bound worst-case goroutine pile-up when a runaway snippet's synchronous eval outlives every caller's ctx — the cap turns "unbounded leak" into a tunable backpressure boundary. 0 disables the gate; the operator default (process-side) is max(GOMAXPROCS*4, 16). |
arguments.maxStack | integer | 500 | go-jsonnet stack-depth ceiling. Guards against unbounded recursion. |
arguments.readTimeout | string | 10s | Read timeout on the jsonnet HTTP server. |
arguments.shutdownDelay | string | 5s | Grace period readiness stays false before in-flight requests are aborted on SIGTERM, so endpoint controllers can drain the pod first. |
arguments.writeTimeout | string | 10s | Write timeout on the jsonnet HTTP server. |
crds | object | (empty) | CRD lifecycle. The chart ships the controller's CRDs under templates/ so a `helm upgrade` applies schema changes automatically. Set create=false to manage them out-of-band — e.g. pre-installed cluster-wide, or in CI where the same chart is installed once per values file and a kept cluster-scoped CRD owned by the first release can't be re-adopted by the next. |
crds.create | boolean | true | |
deployment | object | (empty) | Fine tune the Deployment resource. |
deployment.additionalLabels | object | (empty) | Extra labels merged onto the Deployment metadata. |
deployment.revisionHistoryLimit | integer | 1 | spec.revisionHistoryLimit on the Deployment. |
externalVariables | object|null | (empty) | External variables (std.extVar). They will be added as JAAS_EXT_VAR_your_name and are available as your_name in your Jsonnet snippets. |
externalVariablesFrom | object | (empty) | External variables loaded from ConfigMaps or Secrets. Each array expects the name of either ConfigMaps or Secrets. Only those values in ConfigMaps and Secrets that start with JAAS_EXT_VAR will be available as external variable in your Jsonnet snippets. |
externalVariablesFrom.configMaps | array | (empty) | ConfigMap names to source JAAS_EXT_VAR_* env vars from. |
externalVariablesFrom.secrets | array | (empty) | Secret names to source JAAS_EXT_VAR_* env vars from. |
global | object | (empty) | Global values are values that can be accessed from any chart or subchart by exactly the same name. |
image | object | (empty) | Container image for the jaas workload. Overwrite these in case you want to use an internal registry mirror. |
image.pullPolicy | string | IfNotPresent | Pull policy for the jaas container. IfNotPresent is the default — safe for tagged release images. Switch to Always when running off a mutable tag (latest, edge, dev) so each restart re-checks the registry. Never is useful when the image is preloaded into the node (kind, k3d). |
image.registry | string | ghcr.io | |
image.repository | string | metio/jaas | |
image.tag | string | (empty) | Optional explicit tag override. Defaults to .Chart.AppVersion (the chart's released version). Useful when running a custom build: --set-string image.tag=dev-abc123 |
imagePullSecrets | array | (empty) | Optional pull secrets in case you use a private mirror/image |
libraries | object | (empty) | Well-known jsonnet libraries. All OFF by default — a default install mounts no OCI volumes. Enable per renderer-mode need (the standalone HTTP renderer imports these from pre-baked image bundles). Each enabled library renders a `-library-path` arg, a read-only volumeMount, and an OCI `image:` volume. Static OCI mounts are mutually exclusive with operator.enabled (Flux mode): in Flux mode libraries come from JsonnetLibrary CRs, not these image bundles. |
libraries.docsonnet | object | (empty) | docsonnet library. Mounts a JOI OCI bundle when enabled. |
libraries.docsonnet.enabled | boolean | false | |
libraries.docsonnet.registry | string | ghcr.io | |
libraries.docsonnet.repository | string | metio/joi-jsonnet-libs-docsonnet | |
libraries.docsonnet.version | string | latest | |
libraries.grafonnet | object | (empty) | grafonnet library (Grafana dashboards). Mounts a JOI OCI bundle when enabled. |
libraries.grafonnet.enabled | boolean | false | |
libraries.grafonnet.registry | string | ghcr.io | |
libraries.grafonnet.repository | string | metio/joi-grafana-grafonnet | |
libraries.grafonnet.version | string | latest | The JOI images are calendar-tagged (plus a moving `latest`), not tagged by the upstream grafonnet version — there is no `v11.4.0` tag. Match the other libraries and track `latest`; pin to a dated tag (e.g. 2026.6.14) to freeze. |
libraries.xtd | object | (empty) | xtd library. Mounts a JOI OCI bundle when enabled. |
libraries.xtd.enabled | boolean | false | |
libraries.xtd.registry | string | ghcr.io | |
libraries.xtd.repository | string | metio/joi-jsonnet-libs-xtd | |
libraries.xtd.version | string | latest | |
namespace | object | (empty) | Opt-in install-namespace render with Pod Security Standards labels. Default-off so the chart doesn't claim ownership of a pre-existing namespace operators created via kubectl / Argo. Enable for fresh installs that want the namespace's PSS posture baked into the chart. |
namespace.additionalLabels | object | (empty) | Extra labels on the rendered Namespace. |
namespace.annotations | object | (empty) | Extra annotations on the rendered Namespace. |
namespace.create | boolean | false | Whether the chart renders (and owns) its install Namespace. |
namespace.podSecurity | object | (empty) | Pod Security Standards admission labels stamped on the namespace. |
namespace.podSecurity.audit | string | restricted | PSS audit level. |
namespace.podSecurity.auditVersion | string | latest | |
namespace.podSecurity.enforce | string | restricted | `restricted` is the strictest PSS level. Image volumes (used by the chart for snippet/library mounts) are restricted-compliant from Kubernetes 1.33 onward; clusters on 1.32 or older must drop this to `baseline`. |
namespace.podSecurity.enforceVersion | string | latest | |
namespace.podSecurity.warn | string | restricted | PSS warn level. |
namespace.podSecurity.warnVersion | string | latest | |
networkPolicy | object | (empty) | Opt-in NetworkPolicy for the jaas pod (storage port lockdown + per-port ingress controls). |
networkPolicy.additionalIngress | array | (empty) | Free-form additional ingress rules merged into the policy verbatim. |
networkPolicy.calico | object | (empty) | Calico engine (engine=calico) raw passthrough. Entries are merged verbatim into the projectcalico.org NetworkPolicy's spec.ingress / spec.egress. |
networkPolicy.calico.egress | array | (empty) | Extra spec.egress rules merged verbatim (Calico NetworkPolicy schema). |
networkPolicy.calico.ingress | array | (empty) | Extra spec.ingress rules merged verbatim (Calico NetworkPolicy schema). |
networkPolicy.cilium | object | (empty) | Cilium engine (engine=cilium) raw passthrough. Entries are merged verbatim into the CiliumNetworkPolicy's spec.ingress / spec.egress. This is how you tighten the cilium policy — e.g. add fromEndpoints to the ingress rules, or additional toEndpoints / toFQDNs egress. |
networkPolicy.cilium.egress | array | (empty) | Extra spec.egress rules merged verbatim (CiliumNetworkPolicy schema). |
networkPolicy.cilium.ingress | array | (empty) | Extra spec.ingress rules merged verbatim (CiliumNetworkPolicy schema). |
networkPolicy.clusterNetworkPolicy | object | (empty) | ClusterNetworkPolicy engine (engine=clusterNetworkPolicy) raw passthrough. Entries are merged verbatim into the policy.networking.k8s.io ClusterNetworkPolicy's spec.ingress / spec.egress. |
networkPolicy.clusterNetworkPolicy.egress | array | (empty) | Extra spec.egress rules merged verbatim (ClusterNetworkPolicy schema). |
networkPolicy.clusterNetworkPolicy.ingress | array | (empty) | Extra spec.ingress rules merged verbatim (ClusterNetworkPolicy schema). |
networkPolicy.clusterNetworkPolicy.priority | integer | 1000 | spec.priority on the ClusterNetworkPolicy (lower wins within the tier). |
networkPolicy.defaultDeny | object | (empty) | Render a namespace-wide default-deny so EVERY pod in the namespace is denied by default and the per-workload allowlists are the only exceptions (zero-trust namespace). OFF by default because it also denies co-located workloads — enable only when JaaS has its own namespace. Off keeps a pod-scoped setup: only JaaS's pods are locked down, neighbours untouched. |
networkPolicy.defaultDeny.enabled | boolean | false | |
networkPolicy.defaultDeny.order | integer | 2000 | Calico/ClusterNetworkPolicy sort key for the deny-all. It must rank the deny-all AFTER the per-workload allowlists so the allowlists win: Calico evaluates lower order first (the allowlist policies carry no order = lowest precedence, so this defaults high), and ClusterNetworkPolicy gives lower priority numbers higher precedence (the allowlist priority defaults to networkPolicy.clusterNetworkPolicy.priority, so this defaults higher). The kubernetes and cilium engines have no precedence knob — deny + allow simply combine additively, allow wins. |
networkPolicy.egress | object | (empty) | |
networkPolicy.egress.dns | boolean | true | When egress is enabled, allow DNS (UDP+TCP 53) to the cluster DNS namespace. |
networkPolicy.egress.dnsNamespace | string | kube-system | Namespace of the cluster DNS service (matched by kubernetes.io/metadata.name). |
networkPolicy.egress.enabled | boolean | false | Render egress rules. Adds Egress to policyTypes, so everything not explicitly allowed is denied. Off by default: enable only after allowing everything the pod needs (DNS, the kube-apiserver, source-controller, S3, the OTLP collector) via egress.to — otherwise the operator loses cluster access. |
networkPolicy.egress.to | array | (empty) | Additional egress peers merged verbatim into spec.egress. This is where you allow the kube-apiserver (an ipBlock CIDR), the flux-system namespace (source-controller), and external endpoints (S3, OTLP). NetworkPolicy cannot select the apiserver by label, so it must be an ipBlock here. |
networkPolicy.enabled | boolean | false | Opt-in. When enabled, a NetworkPolicy targets the jaas pod and locks the storage HTTP port down to the configured consumer selector (defaults to any pod in flux-system — kustomize-controller / helm-controller). Other ports stay open so kubelet probes, the jsonnet HTTP path, and the webhook traffic from kube-apiserver continue to work. Leave OFF on initial install if the cluster has no NetworkPolicy controller (Calico/Cilium/etc.) — without one, the policy is silently inert; with one, default-deny semantics apply to everything not listed here. |
networkPolicy.engine | string | kubernetes | Policy engine to render for. kubernetes (default) emits a vanilla networking.k8s.io NetworkPolicy. cilium / calico / clusterNetworkPolicy emit the engine-native equivalent instead (CiliumNetworkPolicy, projectcalico.org NetworkPolicy, or policy.networking.k8s.io ClusterNetworkPolicy). The per-port .from knobs below apply to the kubernetes engine only; alternative engines are pod-scoped allow-all on the required ports and tighten via their native passthrough lists (cilium/calico/clusterNetworkPolicy .ingress / .egress). |
networkPolicy.http | object | (empty) | Restrict sources allowed to hit the jsonnet HTTP endpoint. Empty list allows everything (typical when an Ingress fronts the service). |
networkPolicy.http.from | array | (empty) | |
networkPolicy.management | object | (empty) | Restrict sources allowed to hit the management probes. Empty list allows everything — kubelet probes source from the node IP. |
networkPolicy.management.from | array | (empty) | |
networkPolicy.metrics | object | (empty) | Sources allowed to scrape the operator metrics port. Empty = all (typically your Prometheus). Only rendered in operator mode with metrics enabled. |
networkPolicy.metrics.from | array | (empty) | |
networkPolicy.storage | object | (empty) | Sources allowed to read published ExternalArtifact tarballs from the storage HTTP port. The consumers are the Flux controllers that dereference ExternalArtifact.status.artifact.url — kustomize-controller and helm-controller (both in flux-system) — NOT source-controller, which only produces its own typed artifacts. Defaults to any pod in flux-system so the stock Flux consumers work out of the box. Add an entry per extra consumer namespace (e.g. stageset-controller in stageset-system): - namespaceSelector: matchLabels: kubernetes.io/metadata.name: stageset-system |
networkPolicy.storage.from | array | (empty) | |
networkPolicy.webhook | object | (empty) | Restrict sources allowed to dial the webhook. Empty list allows everything — kube-apiserver cannot be expressed as a podSelector. |
networkPolicy.webhook.from | array | (empty) | |
operator | object | (empty) | Operator mode — opt-in. When enabled, jaas runs alongside its HTTP path as a Kubernetes operator that watches JsonnetSnippet / JsonnetLibrary CRs and publishes evaluated results as Flux ExternalArtifact resources. |
operator.cleanupOnDelete | object | (empty) | On `helm uninstall`, run a pre-delete Job that bulk-deletes every JsonnetSnippet so the operator's finalizer drops the published ExternalArtifact + tarball BEFORE the operator pod itself is removed. Without this, the operator goes away first and downstream Flux consumers are left referencing orphaned ExternalArtifacts. Disable when uninstall is driven by something other than Helm (e.g., ArgoCD with hooks off) — the manual cleanup pattern is: kubectl delete jsonnetsnippet --all -A --wait=true --timeout=2m helm uninstall jaas -n <ns> |
operator.cleanupOnDelete.activeDeadlineSeconds | integer | 600 | Job-level safety net. activeDeadlineSeconds caps the Job's total runtime; if the operator is wedged, Helm won't be blocked forever. |
operator.cleanupOnDelete.backoffLimit | integer | 2 | backoffLimit on the pre-delete Job. |
operator.cleanupOnDelete.enabled | boolean | true | |
operator.cleanupOnDelete.image | object | (empty) | Image for the pre-delete cleanup Job (a kubectl image). |
operator.cleanupOnDelete.image.pullPolicy | string | IfNotPresent | |
operator.cleanupOnDelete.image.registry | string | registry.k8s.io | |
operator.cleanupOnDelete.image.repository | string | kubectl | |
operator.cleanupOnDelete.image.tag | string | v1.34.0 | |
operator.cleanupOnDelete.kubectlTimeout | string | 2m | Maximum wall-clock time the pre-delete Job waits for snippet finalizers to run before it strips them forcibly and proceeds. Bigger when snippets publish to slow S3 endpoints. |
operator.cleanupOnDelete.resources | object | (empty) | Resource requests/limits for the cleanup Job container. |
operator.cleanupOnDelete.resources.cpu | string | 100m | |
operator.cleanupOnDelete.resources.ephemeralStorage | string | 16Mi | Ephemeral-storage requests/limits. The cleanup Job runs a few `kubectl` calls then exits — disk usage is negligible. Sized small to satisfy kube-score's resource-completeness check without crowding cluster ephemeral-storage budgets. |
operator.cleanupOnDelete.resources.memory | string | 64Mi | |
operator.defaultServiceAccount | string | (empty) | The default ServiceAccount the operator impersonates when a snippet does not specify spec.serviceAccountName. Snippets without an effective SA are rejected at reconcile time. |
operator.enabled | boolean | false | |
operator.extVars | object | (empty) | Operator-level external variables. Keys here are non-overridable: a JsonnetSnippet whose spec.externalVariables names any of these keys is rejected at admission (and as a fallback at reconcile time). |
operator.labelSelector | string | (empty) | Optional label selector that narrows which CRs the operator watches. Leave empty to watch every CR in the cluster. |
operator.leaderElection | object | (empty) | Leader election guards against two operator replicas double-reconciling the same JsonnetSnippet. With replicas.max: 1 (the chart default) only one replica ever runs, so the lock is just defensive — but operators who scale the Deployment up (rolling restarts, blue-green) MUST keep this on. Off is supported (single replica only) but unsafe to scale. |
operator.leaderElection.enabled | boolean | true | |
operator.leaderElection.id | string | (empty) | Lease object name. Defaults to "<release name>-operator" so multiple JaaS installs in the same namespace don't fight over a shared lease. |
operator.maxWithdrawWait | string | 1h | Bound the time a deleted JsonnetSnippet's finalizer can hold while Publisher.Withdraw keeps failing. Past this, the operator emits a Warning WithdrawForced event, drops the finalizer, and lets the snippet be garbage-collected — possibly leaving an orphan tarball in storage (`<namespace>/<name>/<rev>.tar.gz`). Required so a permanently-broken backend (S3 perma-down, deleted bucket, revoked RBAC) doesn't block namespace teardown. 1h rides out transient apiserver/S3 incidents while bounding the wait. |
operator.metrics | object | (empty) | Controller-runtime exposes a Prometheus metrics endpoint covering workqueue depth, reconcile latencies, the manager's REST client, and whatever custom collectors the reconciler registers. The chart wires the endpoint to a dedicated Service; ServiceMonitor rendering is opt-in for clusters running the Prometheus Operator. |
operator.metrics.enabled | boolean | true | |
operator.metrics.prometheusRule | object | (empty) | Opt-in PrometheusRule shipping a starter set of alerts on the operator's custom metrics plus a handful of standard controller-runtime signals. Requires the Prometheus Operator's `monitoring.coreos.com/v1` API to be installed in the cluster. Thresholds default to conservative values — page on sustained failure patterns, not single bad reconciles. Tune per cluster. |
operator.metrics.prometheusRule.annotations | object | (empty) | Extra annotations on the PrometheusRule. |
operator.metrics.prometheusRule.enabled | boolean | false | |
operator.metrics.prometheusRule.extraAlertLabels | object | (empty) | Labels merged onto EVERY alert this PrometheusRule renders. Useful for routing all jaas alerts through one Alertmanager receiver (e.g., `team: platform`). |
operator.metrics.prometheusRule.extraRules | array | (empty) | Extra alert rules appended to the rendered PrometheusRule under a separate "jaas-operator-extras" group. Lets operators ship cluster-specific alerts (e.g. custom thresholds on jaas metrics, alerts joined against deployment labels) without forking the chart. The list is rendered verbatim — each entry must be a valid PrometheusRule alert (see Prometheus documentation for the schema). To silence a built-in alert: raise its threshold under the `thresholds` block above to an impossibly high value. There is no per-built-in disable toggle — the threshold pattern is the recommended path because it surfaces "this alert is intentionally inert" in the chart values rather than hiding the configuration behind a flag list. Example: extraRules: - alert: JaaSManySnippetsDown expr: count(jaas_snippet_reconcile_total{status="False"}) > 10 for: 5m labels: { severity: critical, team: platform } annotations: summary: '>10 snippets failing across all namespaces' |
operator.metrics.prometheusRule.interval | string | 30s | Evaluation interval for every group in the rendered rule. |
operator.metrics.prometheusRule.labels | object | (empty) | Extra labels copied onto the PrometheusRule object itself (typically the labels your Prometheus instance selects on). |
operator.metrics.prometheusRule.runbookAnnotationKey | string | runbook_url | Annotation key the runbook URL lands under on every alert. `runbook_url` is the Prometheus-operator convention (kube-prom, Alertmanager templates, most third-party tooling key off it); `runbook` is common in older internal stacks. Anything goes — the value is just a YAML map key. |
operator.metrics.prometheusRule.thresholds | object | (empty) | All-numeric/duration thresholds in one place so operators can adjust the noise floor without copy-pasting the rule body. |
operator.metrics.prometheusRule.thresholds.artifactSizeBytes | integer | 16777216 | JaaSSnippetArtifactGrowing: p99 rendered bytes threshold. Defaults to 16 MiB — well below the 64 MiB MaxArchiveBytes default but enough to catch a runaway snippet early. |
operator.metrics.prometheusRule.thresholds.artifactSizeDuration | string | 30m | |
operator.metrics.prometheusRule.thresholds.crdWatchEngagementFailuresDuration | string | 30m | |
operator.metrics.prometheusRule.thresholds.crdWatchEngagementFailuresPerHour | integer | 1 | JaaSCRDWatchEngagementFailing: hourly increase on the CRD watch engagement failure counter. The retry pipeline will eventually re-engage, but a sustained inability to engage means dependent snippets aren't re-rendering on upstream source events. |
operator.metrics.prometheusRule.thresholds.evalLeakedDuration | string | 5m | |
operator.metrics.prometheusRule.thresholds.evalLeakedFloor | integer | 0 | JaaSEvalLeakedGoroutines: floor on the leak gauge before alerting. The gauge counts eval goroutines whose parent ctx already fired — orphans still consuming CPU until their synchronous go-jsonnet call returns naturally. CLAUDE.md's documented design is "> 0 for 5m" — any sustained leak is textbook runaway-snippet signal. 0 is intentional; the accompanying duration window catches transient spikes without paging. |
operator.metrics.prometheusRule.thresholds.evalRejectedDuration | string | 10m | |
operator.metrics.prometheusRule.thresholds.evalRejectedRate | number | 0.05 | JaaSEvalRejected: per-second rate of evaluations the semaphore turned away. 0.05/s ≈ one rejection every 20s, a rate that indicates sustained overload rather than a transient spike a single retry would clear. |
operator.metrics.prometheusRule.thresholds.evalSaturationDuration | string | 10m | |
operator.metrics.prometheusRule.thresholds.evalSaturationRatio | number | 0.9 | JaaSEvalSaturation: ratio of in-flight evaluations to the configured cap before alerting. 0.9 means "running at 90 %+ of the eval semaphore for evalSaturationDuration" — close enough to the cap that any new burst will start landing rejections. The alert guards on jaas_eval_max_concurrent > 0 so a disabled gate (--max-concurrent-evals=0) never fires. |
operator.metrics.prometheusRule.thresholds.forceDropsDuration | string | 5m | |
operator.metrics.prometheusRule.thresholds.forceDropsPerHour | integer | 0 | JaaSForceDropsAccumulating: hourly increase on the force-drop counter. Even a single force-drop means an orphan tarball was left behind; sustained drops mean a permanently-broken pipeline (revoked RBAC on the EA Delete, deleted S3 bucket, missing CRD). The remediation runbook is storage-recovery.md. |
operator.metrics.prometheusRule.thresholds.podDownDuration | string | 5m | JaaSOperatorPodDown: how long an operator pod can stay NotReady before paging. Below 5m the alert tends to fire during normal pod rolls. |
operator.metrics.prometheusRule.thresholds.reconcileErrorDuration | string | 10m | |
operator.metrics.prometheusRule.thresholds.reconcileErrorRate | number | 0.1 | JaaSSnippetReconcileErrorsHigh: per-snippet Ready=False rate (reconciles per second, 5m window). 0.1/s ≈ one failure every 10s — a clearly stuck snippet, not transient flapping. |
operator.metrics.prometheusRule.thresholds.reconcileLatencyDuration | string | 15m | |
operator.metrics.prometheusRule.thresholds.reconcileLatencySeconds | integer | 30 | JaaSReconcileLatencyHigh: reconcile-time p99 ceiling, in seconds. 30s is generous — long enough for an OCI fetch plus eval of a non-trivial snippet, short enough to catch a genuinely stuck reconciler. |
operator.metrics.prometheusRule.thresholds.sweepFailuresDuration | string | 30m | |
operator.metrics.prometheusRule.thresholds.sweepFailuresPerHour | integer | 3 | JaaSStorageSweepFailures: per-hour count of failing background sweep passes before alerting. Default 3 absorbs the occasional flake without paging while catching a genuinely degraded backend (chronic disk full, revoked permissions). The sweep runs on operator.storage.sweep.interval (default 10m), so 3/hour ≈ half the passes failing. |
operator.metrics.prometheusRule.thresholds.tenantTokenMintFailureDuration | string | 10m | |
operator.metrics.prometheusRule.thresholds.tenantTokenMintFailureRate | number | 0.01 | JaaSTenantTokenMintFailing: per-second mint failure rate across the cluster. Even one mint failure on a (namespace, SA) pair flags revoked `serviceaccounts/token: create` or a deleted SA — actionable immediately. |
operator.metrics.prometheusRule.thresholds.webhookCertRenewalFailuresDuration | string | 30m | |
operator.metrics.prometheusRule.thresholds.webhookCertRenewalFailuresPerHour | integer | 1 | JaaSWebhookCertRenewalFailing: hourly increase on the cert renewal failure counter. The Renewer ticks every Validity/3 (typically every few months), so a single failure shouldn't page; sustained failures across multiple ticks (RBAC drift, CertDir write-perm loss) mean the rotation pipeline is broken and the existing cert's natural expiry is the deadline. |
operator.metrics.prometheusRule.thresholds.workqueueDepth | integer | 50 | JaaSControllerWorkqueueDepthHigh: items the workqueue holds before alerting. Default 50 is high enough to absorb a normal roll-out, low enough that genuine apiserver stalls page. |
operator.metrics.prometheusRule.thresholds.workqueueDuration | string | 15m | |
operator.metrics.serviceMonitor | object | (empty) | Opt-in ServiceMonitor (Prometheus Operator) for the metrics endpoint. |
operator.metrics.serviceMonitor.annotations | object | (empty) | Extra annotations on the ServiceMonitor. |
operator.metrics.serviceMonitor.enabled | boolean | false | |
operator.metrics.serviceMonitor.interval | string | 30s | Scrape interval the Prometheus instance honors. Match this to your shared scrape config. |
operator.metrics.serviceMonitor.labels | object | (empty) | Extra labels the ServiceMonitor carries (typically the labels your Prometheus instance selects on, e.g., release: kube-prom). |
operator.metrics.serviceMonitor.scrapeTimeout | string | 10s | Per-scrape timeout. Must stay strictly less than interval. |
operator.noCrossNamespaceRefs | boolean | true | When true, the operator rejects JsonnetSnippet / library refs that point at a SourceRef in a different namespace. |
operator.rbac | object | (empty) | Opt out of chart-rendered RBAC when external governance owns ClusterRole/RoleBinding shape (ArgoCD app-of-apps, Crossplane, GitOps controller that manages RBAC separately). The operator still expects the named SA to have the verbs documented in README's "Operator Mode" section; with rbac.create=false you're responsible for granting them. |
operator.rbac.create | boolean | true | |
operator.rerenderBurst | integer | 120 | Per-snippet token-bucket depth. |
operator.rerenderRate | string | 60/min | Per-snippet steady-state re-render budget. N/period where period is one of sec, min, hour. Token-bucket combined with rerenderBurst. |
operator.serviceAccount | object | (empty) | ServiceAccount the operator runs as. When create is true the chart provisions one; otherwise the operator binds against the named SA. |
operator.serviceAccount.annotations | object | (empty) | Annotations to attach to the operator ServiceAccount. Common uses: AWS IRSA (eks.amazonaws.com/role-arn), GCP Workload Identity (iam.gke.io/gcp-service-account), Azure Workload Identity (azure.workload.identity/client-id). These bind cloud-IAM identities to the SA so the operator can access cloud resources without static credentials. |
operator.serviceAccount.create | boolean | true | |
operator.serviceAccount.name | string | jaas | |
operator.storage | object | (empty) | Artifact storage for published ExternalArtifact tarballs (operator mode). |
operator.storage.backend | string | local | Artifact backend used to persist ExternalArtifact tarballs. local — emptyDir or PVC mounted into the pod. Simple, single-pod (RWO PVC) unless a ReadWriteMany storage class is configured. s3 — any S3-compatible bucket (AWS S3, MinIO, Ceph RGW, etc.). The chart-default story for multi-replica HA: every replica reads from the same bucket; leader election still gates writes. PVC settings below are ignored when backend=s3. Artifact backend used to persist ExternalArtifact tarballs (local | s3). |
operator.storage.baseURL | string | (empty) | Public URL prefix downstream Flux consumers dereference. Defaults to the in-cluster Service DNS name when empty — operators wiring this up via Ingress should set it explicitly. |
operator.storage.gcGrace | string | 5m | Minimum time a superseded artifact revision stays fetchable after being evicted from the keep-set. Closes the pin→fetch race in which a Flux consumer reads ExternalArtifact.status.artifact a moment before the operator garbage-collects the superseded revision and then 404s on the URL. Supersession time is derived from on-disk storage metadata so the window survives operator restarts. Zero restores eager pruning; the snippet teardown path (finalizer Withdraw) is unaffected. See docs/consumers.md for when to leave the default vs raise spec.history for deliberate rollback retention. |
operator.storage.headless | boolean | false | When true, the storage Service is rendered as headless (clusterIP: None) so DNS resolves each pod IP directly. Useful for external sidecars that want stable per-pod targets, or for traffic that should skip kube-proxy. Default ClusterIP otherwise. |
operator.storage.listenAddress | string | :: | Bind address for the storage HTTP server. Same dual-stack semantics as arguments.listenAddress: `::` accepts both IPv6 and IPv4-mapped traffic on Linux. |
operator.storage.maxArtifactBytes | integer | 0 | Cap the rendered artifact size in bytes. Snippets whose rendered output exceeds this fail with ReasonArtifactTooLarge before any disk/S3 write — stops one runaway snippet from filling a shared storage volume. Zero disables. |
operator.storage.path | string | /var/lib/jaas/artifacts | Directory inside the container the operator writes tarballs to. Only consulted when backend=local. |
operator.storage.persistence | object | (empty) | Persist tarballs across pod restarts via a PVC. With persistence OFF (the default) the chart uses an emptyDir, which is lost on pod restart — downstream Flux consumers then see brief 404s while every snippet re-renders. With persistence ON, the PVC survives restarts and downstream consumers see no gap. PVC access mode is RWO by default, which constrains the chart to a single replica (RWO can only attach to one pod). For multi-replica HA you need an RWX storage class — uncommon in cloud providers. |
operator.storage.persistence.accessModes | array | (empty) | accessModes the PVC declares. ReadWriteOnce is the safe default; ReadWriteMany unlocks multi-replica HA when the StorageClass supports it. |
operator.storage.persistence.annotations | object | (empty) | Extra annotations on the PVC (e.g., CSI volume tags). |
operator.storage.persistence.enabled | boolean | false | |
operator.storage.persistence.labels | object | (empty) | Extra labels on the PVC. |
operator.storage.persistence.selector | object | (empty) | Optional PVC selector for matching pre-provisioned volumes. |
operator.storage.persistence.size | string | 10Gi | Requested volume size. 10 GiB holds many thousand small tarballs. |
operator.storage.persistence.storageClassName | string | (empty) | storageClassName picks the StorageClass. Empty means "cluster default" — usually right. |
operator.storage.readTimeout | string | 30s | Read timeout on the storage HTTP server. |
operator.storage.s3 | object | (empty) | S3 backend configuration. Only consulted when backend=s3. |
operator.storage.s3.anonymous | boolean | false | Skip request signing entirely. Public-bucket test mode only. |
operator.storage.s3.bucket | string | (empty) | Bucket the artifacts live in. Must already exist; jaas does not create it. Required. |
operator.storage.s3.credentialsSecret | object | (empty) | Credentials are supplied one of two ways — never inline. Inline values would land on the Pod's command line (visible in `ps`, in the PodSpec, and in the stored Helm release), so the chart deliberately offers no accessKey/secretKey/sessionToken field: credentialsSecret.name — an existing Secret carrying AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and optionally AWS_SESSION_TOKEN. It is wired into the pod via envFrom.secretRef; minio-go's env chain picks the keys up automatically since no -s3-* credential flag is passed. leave credentialsSecret empty — minio-go's IAM/IRSA discovery chain takes over (AWS_* env vars, EKS web-identity, EC2 metadata). Bind a cloud identity to the operator's ServiceAccount via operator.serviceAccount.annotations. |
operator.storage.s3.credentialsSecret.name | string | (empty) | |
operator.storage.s3.endpoint | string | (empty) | Endpoint host:port (e.g. s3.amazonaws.com, minio.minio.svc:9000). Required. |
operator.storage.s3.prefix | string | (empty) | Optional object-key prefix so jaas can coexist with other tenants in one bucket: <prefix>/<namespace>/<snippet>/<rev>.tar.gz |
operator.storage.s3.region | string | (empty) | Region the bucket lives in. Required for AWS multi-region; ignored by most S3-compatible servers. |
operator.storage.s3.useSSL | boolean | true | Talk HTTPS. Disable only for local MinIO over HTTP. |
operator.storage.sizeLimit | string | 256Mi | emptyDir size limit. Only consulted when persistence.enabled is false. Tarballs typically are well under 1 MiB; the sizing here is generous so transient bursts don't OOM the pod. |
operator.storage.sweep | object | (empty) | Periodic GC: sweep orphaned <rev>.tar.gz.tmp residue left by Puts whose process died mid-rename. Local backend only — the S3 backend's Put is atomic so no .tmp files exist. Set interval to "0s" to disable. |
operator.storage.sweep.interval | string | 10m | |
operator.storage.sweep.maxTmpAge | string | 30m | |
operator.storage.writeTimeout | string | 5m | Write timeout on the storage HTTP server (--storage-write-timeout): how long a single response is allowed to take before the connection is closed. To cap artifact size, use operator.storage.maxArtifactBytes. |
operator.tracing | object | (empty) | OpenTelemetry tracing for the operator. When endpoint is empty (the default), no spans are emitted and the OTel SDK is in no-op mode. Set the endpoint to ship spans to an OTLP gRPC collector: tracing: endpoint: otel-collector.observability.svc:4317 insecure: true |
operator.tracing.endpoint | string | (empty) | |
operator.tracing.insecure | boolean | false | |
operator.tracing.sampleRatio | number | 1 | |
operator.watchNamespaces | array | (empty) | Namespaces this operator instance scopes its cache to. Empty (the default) means cluster-wide. When set, the manager's informer cache only observes CRs in these namespaces, AND the rendered RBAC pivots from a single ClusterRoleBinding to one RoleBinding per namespace — multi-tenant operator-instances pattern. |
operator.webhook | object | (empty) | Validating admission webhook (operator mode). Rejects JsonnetSnippets whose spec.externalVariables collide with the operator's extVars. |
operator.webhook.certDir | string | /tmp/k8s-webhook-server/serving-certs | Directory inside the container where the TLS cert and key land. With certMode=cert-manager this is mounted read-only from the secretName below. With certMode=self-signed it's a writable emptyDir the operator writes into on startup. |
operator.webhook.certManager | object | (empty) | cert-manager-mode knobs. Only consulted when certMode is "cert-manager". When self-signed, this block is ignored and no cert-manager API objects are rendered. |
operator.webhook.certManager.enabled | boolean | true | |
operator.webhook.certManager.issuerRef | object | (empty) | |
operator.webhook.certManager.issuerRef.kind | string | Issuer | Issuer kind: Issuer or ClusterIssuer |
operator.webhook.certManager.issuerRef.name | string | (empty) | Issuer name in the chart's namespace (Issuer) or cluster (ClusterIssuer). Required when certMode=cert-manager. |
operator.webhook.certMode | string | self-signed | How TLS material for the webhook is provisioned: cert-manager — chart renders a cert-manager Certificate; the Secret is mounted into the pod read-only. self-signed — operator generates a CA + serving cert at startup and stamps its own ValidatingWebhookConfiguration caBundle. Requires the operator to have get/update on the named VWC (added automatically). Removes the cert-manager dependency entirely. The default is self-signed because it needs no prerequisites and always works; cert-manager mode only works when cert-manager is installed in the cluster. |
operator.webhook.enabled | boolean | false | |
operator.webhook.failurePolicy | string | Fail | Failure policy for the ValidatingWebhookConfiguration. Fail is the safer default — a webhook outage blocks JsonnetSnippet writes cluster-wide until the operator is back. Switch to Ignore only when you're willing to accept invalid snippets reaching the reconciler. Either way, the reconciler enforces the same ext-var-conflict invariant as a fallback so admission bypass never silently breaks the contract. During an operator restart (rolling update, crash-loop, eviction) the webhook is briefly unreachable and Fail blocks every JsonnetSnippet create/update for that window — typically <5s with `LeaderElectionReleaseOnCancel: true`. If your CI/GitOps tooling can't tolerate that, scope the webhook with objectSelector / namespaceSelector to limit the blast radius, or set failurePolicy: Ignore. |
operator.webhook.matchConditions | array | (empty) | matchConditions are CEL expressions evaluated server-side before the webhook is dialed. Lets operators short-circuit admission checks for specific snippet shapes without a round trip. Requires Kubernetes 1.30+. |
operator.webhook.namespaceSelector | object | (empty) | namespaceSelector restricts the webhook to Namespaces carrying the listed labels. A common pattern: opt-in per namespace via a label so the apiserver doesn't dial the webhook for unrelated namespaces during operator outages. Example: namespaceSelector: matchLabels: jaas.metio.wtf/admission: enforce |
operator.webhook.objectSelector | object | (empty) | objectSelector restricts the webhook to JsonnetSnippets carrying the listed labels. Useful when only some snippets are operator-managed (the rest live in Argo or kustomize). Example: objectSelector: matchLabels: jaas.metio.wtf/managed: "true" |
operator.webhook.secretName | string | jaas-webhook-cert | The Secret the cert lives in. cert-manager writes it; the Deployment mounts it read-only at certDir. |
operator.webhook.selfSignedValidity | string | 8760h | Validity of the self-signed serving cert. Operators that want short-lived rotation should use cert-manager instead — the self-signed mode renews on every pod restart, no in-flight rotation. Only consulted when certMode=self-signed. |
operator.webhook.sideEffects | string | None | Side-effect mode for the ValidatingWebhookConfiguration. |
paths | object | (empty) | Filesystem paths inside the container. Modify the paths used, use this in case you run a custom image. |
paths.libraries | string | /srv/libraries | Directory library OCI volumes mount beneath. |
paths.snippets | string | /srv/snippets | Directory snippet OCI volumes mount beneath. |
pdb | object | (empty) | Fine tune the PodDisruptionBudget. Rendered only when replicas.max > replicas.min. |
pdb.maxUnavailable | integer|string|null | 1 | PDB maxUnavailable. Default 1 caps voluntary disruptions to one pod at a time. Set to null when using minAvailable instead. |
pdb.minAvailable | integer|string|null | null | Disruption budget shape. Exactly one of minAvailable / maxUnavailable is rendered into the PDB spec; setting both is a config error K8s would reject. Default `maxUnavailable: 1` caps voluntary disruptions to one pod at a time regardless of replica count — the right knob for a rolling restart / node drain story. `minAvailable: N` is the alternative when you want "always keep at least N pods up" instead — useful only when the workload's headroom is a fixed floor, not the more common "one out at a time". Override examples: pdb: { maxUnavailable: 2 } # allow draining two nodes in parallel pdb: { minAvailable: 1, maxUnavailable: null } # floor of 1 instead pdb: { minAvailable: "50%", maxUnavailable: null } # percentage form PDB minAvailable. Mutually exclusive with maxUnavailable; null leaves it unset. |
pdb.unhealthyPodEvictionPolicy | string | (empty) | spec.unhealthyPodEvictionPolicy on the PDB. Empty defers to the cluster default. |
pod | object | (empty) | Fine tune the managed Pod resources. |
pod.additionalLabels | object | (empty) | Extra labels merged onto the pod template. |
ports | object | (empty) | Container port assignments for the jaas pod. |
ports.http | integer | 8080 | Used by the /jsonnet endpoint |
ports.management | integer | 8081 | Used by startup, readiness, and liveness probes |
ports.metrics | integer | 8083 | Used by controller-runtime's Prometheus metrics endpoint (operator.enabled only). Defaults to 8083 to avoid the collision with controller-runtime's own :8080 default and the jsonnet HTTP port. Set to 0 in operator.metrics.enabled to disable entirely. |
ports.storage | integer | 8082 | Used by the operator's storage HTTP server (operator.enabled only) |
ports.webhook | integer | 9443 | Used by the validating admission webhook (operator.webhook.enabled only) |
replicas | object | (empty) | Replica bounds for the Deployment. It is safe to increase the number of replicas. |
replicas.max | integer | 1 | |
replicas.min | integer | 1 | |
resources | object | (empty) | Per-container resource requests/limits. Smallest possible values here, increase if you have more resources to spare. |
resources.cpu | string | 32m | |
resources.ephemeralStorage | string | 10Mi | |
resources.memory | string | 64Mi | |
service | object | (empty) | Fine tune the Service resource. |
service.ipFamilies | array | (empty) | Explicit list of IP families for the Service. Empty defers to the cluster's default. Example for explicit IPv4+IPv6: ipFamilies: [IPv4, IPv6] Order matters: the first family becomes the primary ClusterIP. |
service.ipFamilyPolicy | string | (empty) | K8s Service ipFamilyPolicy. Empty leaves the cluster's default (usually SingleStack). Set to PreferDualStack on dual-stack clusters that may still have single-stack nodes, or RequireDualStack to refuse single-stack clusters at admission. |
serviceMesh | object | (empty) | Opt-in service-mesh L7 authorization + mTLS for the jaas pod. Complementary to networkPolicy, NOT a replacement: networkPolicy is L3/L4 (which pods/IPs may open a connection), serviceMesh is L7/identity (which mesh identities may call which port). Both can be enabled at once and stack additively. Authorizes only the mesh-reachable ports — http (jsonnet), storage (artifacts), and metrics (operator). The webhook (kube-apiserver) and management/probe (kubelet) ports are deliberately left out: those callers speak plain TLS / no mesh identity, and locking them to mesh principals would break admission and health probing. |
serviceMesh.defaultDeny | object | (empty) | Render a namespace-wide default-deny so every pod in the install namespace rejects unauthorized mesh traffic and the per-workload allows above are the only exceptions (zero-trust namespace). Istio renders an empty-spec AuthorizationPolicy (deny-all) scoped to the whole namespace, which sits at lower precedence than the workload ALLOW. Linkerd has no per-object deny-all; the namespace default is set via the config.linkerd.io/default-inbound-policy annotation, so this is stamped onto the chart-managed Namespace (requires namespace.create=true) — otherwise annotate the namespace out-of-band. Enable only when jaas owns its namespace; it also denies co-located workloads. |
serviceMesh.defaultDeny.enabled | boolean | false | |
serviceMesh.enabled | boolean | false | Opt-in. When enabled, the chart renders the selected engine's authorization + mTLS objects for the jaas pod. Inert unless that mesh (Istio or Linkerd) is actually installed and the pod is injected. |
serviceMesh.engine | string | istio | Mesh engine to render for. istio emits security.istio.io AuthorizationPolicy (+ optional PeerAuthentication). linkerd emits policy.linkerd.io Server / AuthorizationPolicy / MeshTLSAuthentication objects. |
serviceMesh.http | object | (empty) | Per-port allowed mesh identities. Each `from` entry is a source matcher: - principals: SPIFFE/mesh identities (Istio source.principals, e.g. cluster.local/ns/<ns>/sa/<sa>). For Linkerd these map to MeshTLSAuthentication identities (the proxy identity string, e.g. <sa>.<ns>.serviceaccount.identity.linkerd.cluster.local, or "*"). - namespaces: source namespaces (Istio source.namespaces). ISTIO-ONLY — Linkerd authenticates by workload identity, not by namespace, so this field is ignored on the linkerd engine. An EMPTY `from` list on a port means OPEN (allow any caller), mirroring networkPolicy's empty-`from`=open semantics. On Istio that is a port rule with no `from`; on Linkerd it is a MeshTLSAuthentication of identities: ["*"] (any authenticated meshed client). Mesh identities allowed to hit the jsonnet HTTP endpoint (ports.http). Empty = open. |
serviceMesh.http.from | array | (empty) | |
serviceMesh.istio | object | (empty) | Istio engine raw passthrough. Entries are merged verbatim into the AuthorizationPolicy's spec.rules (security.istio.io/v1 rule schema). Use this to add rules the per-port `from` knobs above can't express — path/method matchers, `when` JWT-claim conditions, ipBlocks, etc. |
serviceMesh.istio.rules | array | (empty) | |
serviceMesh.linkerd | object | (empty) | Linkerd engine raw passthrough. Entries are appended verbatim as additional documents after the rendered Server / AuthorizationPolicy / MeshTLSAuthentication set — each entry must be a complete object (policy.linkerd.io AuthorizationPolicy, HTTPRoute, etc.). |
serviceMesh.linkerd.authorizations | array | (empty) | |
serviceMesh.metrics | object | (empty) | Mesh identities allowed to scrape the operator metrics port (ports.metrics). Operator mode + metrics only. Empty = open. |
serviceMesh.metrics.from | array | (empty) | |
serviceMesh.mtls | string | (empty) | mTLS posture (Istio engine only). Empty defers to the mesh's own default (mesh-wide PeerAuthentication / MeshConfig). permissive renders a PeerAuthentication accepting both mTLS and plaintext. strict requires mTLS on the workload's ports EXCEPT the webhook + management ports, which get a port-level PERMISSIVE carve-out so the non-mesh kube-apiserver and kubelet still connect. Linkerd negotiates mTLS automatically between meshed pods, so this knob does not apply to the linkerd engine. |
serviceMesh.storage | object | (empty) | Mesh identities allowed to read published artifacts from the storage port (ports.storage). Operator mode only. Empty = open. |
serviceMesh.storage.from | array | (empty) | |
snippets | object|null | (empty) | Snippet OCI volumes to mount. The key is the name of the directory and the value is an OCI volume that will be mounted beneath .Values.paths.snippets, e.g., the commented example below would result in all files from 'ghcr.io/metio/something:latest' to be mounted at '/srv/snippets/something/' (using the default configuration) |
joi library chart
The joi
chart
publishes Jsonnet OCI Images
as
JsonnetLibrary + OCIRepository pairs, so snippets can import vendored
libraries (grafonnet, k8s-libsonnet, …) without bundling them. Deploy it
alongside jaas when snippets reference shared libraries.
| Value | Type | Default | Description |
|---|---|---|---|
global | object | (empty) | Global values are values that can be accessed from any chart or subchart by exactly the same name. |
imagePullSecret | string | (empty) | dockerconfigjson Secret for authenticated (private-mirror) pulls. |
interval | string | 60m | OCIRepository re-pull cadence (a moved `latest` tag is picked up here). |
libraries | | (empty) | One entry per JOI image. Pick the LIBRARY version in the import path, e.g. `import 'github.com/jsonnet-libs/k8s-libsonnet/1.34/main.libsonnet'` or `.../latest/main.libsonnet`. `path: ""` exposes the whole vendor tree. The `tag` defaults to `latest` (moving); set it to a dated JOI snapshot (e.g. `2026.6.16`) to pin the image for reproducible pulls. |
libraries.actions-runner-controller-libsonnet | object | (empty) | |
libraries.actions-runner-controller-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.actions-runner-controller-libsonnet.enabled | boolean | false | |
libraries.actions-runner-controller-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-actions-runner-controller-libsonnet | |
libraries.actions-runner-controller-libsonnet.path | string | (empty) | |
libraries.actions-runner-controller-libsonnet.tag | string | latest | |
libraries.aiven-libsonnet | object | (empty) | |
libraries.aiven-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.aiven-libsonnet.enabled | boolean | false | |
libraries.aiven-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-aiven-libsonnet | |
libraries.aiven-libsonnet.path | string | (empty) | |
libraries.aiven-libsonnet.tag | string | latest | |
libraries.amazon-vpc-resource-controller-libsonnet | object | (empty) | |
libraries.amazon-vpc-resource-controller-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.amazon-vpc-resource-controller-libsonnet.enabled | boolean | false | |
libraries.amazon-vpc-resource-controller-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-amazon-vpc-resource-controller-libsonnet | |
libraries.amazon-vpc-resource-controller-libsonnet.path | string | (empty) | |
libraries.amazon-vpc-resource-controller-libsonnet.tag | string | latest | |
libraries.argo-cd-libsonnet | object | (empty) | |
libraries.argo-cd-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.argo-cd-libsonnet.enabled | boolean | false | |
libraries.argo-cd-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-argo-cd-libsonnet | |
libraries.argo-cd-libsonnet.path | string | (empty) | |
libraries.argo-cd-libsonnet.tag | string | latest | |
libraries.argo-rollouts-libsonnet | object | (empty) | |
libraries.argo-rollouts-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.argo-rollouts-libsonnet.enabled | boolean | false | |
libraries.argo-rollouts-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-argo-rollouts-libsonnet | |
libraries.argo-rollouts-libsonnet.path | string | (empty) | |
libraries.argo-rollouts-libsonnet.tag | string | latest | |
libraries.argo-workflows-libsonnet | object | (empty) | |
libraries.argo-workflows-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.argo-workflows-libsonnet.enabled | boolean | false | |
libraries.argo-workflows-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-argo-workflows-libsonnet | |
libraries.argo-workflows-libsonnet.path | string | (empty) | |
libraries.argo-workflows-libsonnet.tag | string | latest | |
libraries.argocd-operator-libsonnet | object | (empty) | |
libraries.argocd-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.argocd-operator-libsonnet.enabled | boolean | false | |
libraries.argocd-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-argocd-operator-libsonnet | |
libraries.argocd-operator-libsonnet.path | string | (empty) | |
libraries.argocd-operator-libsonnet.tag | string | latest | |
libraries.aws-load-balancer-controller-libsonnet | object | (empty) | |
libraries.aws-load-balancer-controller-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.aws-load-balancer-controller-libsonnet.enabled | boolean | false | |
libraries.aws-load-balancer-controller-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-aws-load-balancer-controller-libsonnet | |
libraries.aws-load-balancer-controller-libsonnet.path | string | (empty) | |
libraries.aws-load-balancer-controller-libsonnet.tag | string | latest | |
libraries.aws-rds-controller-libsonnet | object | (empty) | |
libraries.aws-rds-controller-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.aws-rds-controller-libsonnet.enabled | boolean | false | |
libraries.aws-rds-controller-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-aws-rds-controller-libsonnet | |
libraries.aws-rds-controller-libsonnet.path | string | (empty) | |
libraries.aws-rds-controller-libsonnet.tag | string | latest | |
libraries.azure-load-balancer-controller-libsonnet | object | (empty) | |
libraries.azure-load-balancer-controller-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.azure-load-balancer-controller-libsonnet.enabled | boolean | false | |
libraries.azure-load-balancer-controller-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-azure-load-balancer-controller-libsonnet | |
libraries.azure-load-balancer-controller-libsonnet.path | string | (empty) | |
libraries.azure-load-balancer-controller-libsonnet.tag | string | latest | |
libraries.banzai-logging-libsonnet | object | (empty) | |
libraries.banzai-logging-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.banzai-logging-libsonnet.enabled | boolean | false | |
libraries.banzai-logging-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-banzai-logging-libsonnet | |
libraries.banzai-logging-libsonnet.path | string | (empty) | |
libraries.banzai-logging-libsonnet.tag | string | latest | |
libraries.banzaicloud-bank-vaults-libsonnet | object | (empty) | |
libraries.banzaicloud-bank-vaults-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.banzaicloud-bank-vaults-libsonnet.enabled | boolean | false | |
libraries.banzaicloud-bank-vaults-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-banzaicloud-bank-vaults-libsonnet | |
libraries.banzaicloud-bank-vaults-libsonnet.path | string | (empty) | |
libraries.banzaicloud-bank-vaults-libsonnet.tag | string | latest | |
libraries.calico-libsonnet | object | (empty) | |
libraries.calico-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.calico-libsonnet.enabled | boolean | false | |
libraries.calico-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-calico-libsonnet | |
libraries.calico-libsonnet.path | string | (empty) | |
libraries.calico-libsonnet.tag | string | latest | |
libraries.cert-manager-libsonnet | object | (empty) | |
libraries.cert-manager-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.cert-manager-libsonnet.enabled | boolean | false | |
libraries.cert-manager-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-cert-manager-libsonnet | |
libraries.cert-manager-libsonnet.path | string | (empty) | |
libraries.cert-manager-libsonnet.tag | string | latest | |
libraries.cilium-libsonnet | object | (empty) | |
libraries.cilium-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.cilium-libsonnet.enabled | boolean | false | |
libraries.cilium-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-cilium-libsonnet | |
libraries.cilium-libsonnet.path | string | (empty) | |
libraries.cilium-libsonnet.tag | string | latest | |
libraries.clickhouse-operator-libsonnet | object | (empty) | |
libraries.clickhouse-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.clickhouse-operator-libsonnet.enabled | boolean | false | |
libraries.clickhouse-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-clickhouse-operator-libsonnet | |
libraries.clickhouse-operator-libsonnet.path | string | (empty) | |
libraries.clickhouse-operator-libsonnet.tag | string | latest | |
libraries.cloudnative-pg-barman-cloud-plugin-libsonnet | object | (empty) | |
libraries.cloudnative-pg-barman-cloud-plugin-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.cloudnative-pg-barman-cloud-plugin-libsonnet.enabled | boolean | false | |
libraries.cloudnative-pg-barman-cloud-plugin-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-cloudnative-pg-barman-cloud-plugin-libsonnet | |
libraries.cloudnative-pg-barman-cloud-plugin-libsonnet.path | string | (empty) | |
libraries.cloudnative-pg-barman-cloud-plugin-libsonnet.tag | string | latest | |
libraries.cloudnative-pg-libsonnet | object | (empty) | |
libraries.cloudnative-pg-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.cloudnative-pg-libsonnet.enabled | boolean | false | |
libraries.cloudnative-pg-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-cloudnative-pg-libsonnet | |
libraries.cloudnative-pg-libsonnet.path | string | (empty) | |
libraries.cloudnative-pg-libsonnet.tag | string | latest | |
libraries.cluster-api-libsonnet | object | (empty) | |
libraries.cluster-api-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.cluster-api-libsonnet.enabled | boolean | false | |
libraries.cluster-api-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-cluster-api-libsonnet | |
libraries.cluster-api-libsonnet.path | string | (empty) | |
libraries.cluster-api-libsonnet.tag | string | latest | |
libraries.cluster-api-operator-libsonnet | object | (empty) | |
libraries.cluster-api-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.cluster-api-operator-libsonnet.enabled | boolean | false | |
libraries.cluster-api-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-cluster-api-operator-libsonnet | |
libraries.cluster-api-operator-libsonnet.path | string | (empty) | |
libraries.cluster-api-operator-libsonnet.tag | string | latest | |
libraries.cluster-api-provider-aws-libsonnet | object | (empty) | |
libraries.cluster-api-provider-aws-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.cluster-api-provider-aws-libsonnet.enabled | boolean | false | |
libraries.cluster-api-provider-aws-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-cluster-api-provider-aws-libsonnet | |
libraries.cluster-api-provider-aws-libsonnet.path | string | (empty) | |
libraries.cluster-api-provider-aws-libsonnet.tag | string | latest | |
libraries.cluster-api-provider-tinkerbell-libsonnet | object | (empty) | |
libraries.cluster-api-provider-tinkerbell-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.cluster-api-provider-tinkerbell-libsonnet.enabled | boolean | false | |
libraries.cluster-api-provider-tinkerbell-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-cluster-api-provider-tinkerbell-libsonnet | |
libraries.cluster-api-provider-tinkerbell-libsonnet.path | string | (empty) | |
libraries.cluster-api-provider-tinkerbell-libsonnet.tag | string | latest | |
libraries.cnrm-libsonnet | object | (empty) | |
libraries.cnrm-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.cnrm-libsonnet.enabled | boolean | false | |
libraries.cnrm-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-cnrm-libsonnet | |
libraries.cnrm-libsonnet.path | string | (empty) | |
libraries.cnrm-libsonnet.tag | string | latest | |
libraries.composable-libsonnet | object | (empty) | |
libraries.composable-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.composable-libsonnet.enabled | boolean | false | |
libraries.composable-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-composable-libsonnet | |
libraries.composable-libsonnet.path | string | (empty) | |
libraries.composable-libsonnet.tag | string | latest | |
libraries.consul-libsonnet | object | (empty) | |
libraries.consul-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.consul-libsonnet.enabled | boolean | false | |
libraries.consul-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-consul-libsonnet | |
libraries.consul-libsonnet.path | string | (empty) | |
libraries.consul-libsonnet.tag | string | latest | |
libraries.contour-libsonnet | object | (empty) | |
libraries.contour-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.contour-libsonnet.enabled | boolean | false | |
libraries.contour-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-contour-libsonnet | |
libraries.contour-libsonnet.path | string | (empty) | |
libraries.contour-libsonnet.tag | string | latest | |
libraries.crossplane-core-libsonnet | object | (empty) | |
libraries.crossplane-core-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.crossplane-core-libsonnet.enabled | boolean | false | |
libraries.crossplane-core-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-crossplane-core-libsonnet | |
libraries.crossplane-core-libsonnet.path | string | (empty) | |
libraries.crossplane-core-libsonnet.tag | string | latest | |
libraries.crossplane-libsonnet | object | (empty) | |
libraries.crossplane-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.crossplane-libsonnet.enabled | boolean | false | |
libraries.crossplane-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-crossplane-libsonnet | |
libraries.crossplane-libsonnet.path | string | (empty) | |
libraries.crossplane-libsonnet.tag | string | latest | |
libraries.crossplane-provider-grafana-libsonnet | object | (empty) | |
libraries.crossplane-provider-grafana-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.crossplane-provider-grafana-libsonnet.enabled | boolean | false | |
libraries.crossplane-provider-grafana-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-crossplane-provider-grafana-libsonnet | |
libraries.crossplane-provider-grafana-libsonnet.path | string | (empty) | |
libraries.crossplane-provider-grafana-libsonnet.tag | string | latest | |
libraries.crossplane-provider-upjet-aws-libsonnet | object | (empty) | |
libraries.crossplane-provider-upjet-aws-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.crossplane-provider-upjet-aws-libsonnet.enabled | boolean | false | |
libraries.crossplane-provider-upjet-aws-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-crossplane-provider-upjet-aws-libsonnet | |
libraries.crossplane-provider-upjet-aws-libsonnet.path | string | (empty) | |
libraries.crossplane-provider-upjet-aws-libsonnet.tag | string | latest | |
libraries.crossplane-provider-upjet-azure-libsonnet | object | (empty) | |
libraries.crossplane-provider-upjet-azure-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.crossplane-provider-upjet-azure-libsonnet.enabled | boolean | false | |
libraries.crossplane-provider-upjet-azure-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-crossplane-provider-upjet-azure-libsonnet | |
libraries.crossplane-provider-upjet-azure-libsonnet.path | string | (empty) | |
libraries.crossplane-provider-upjet-azure-libsonnet.tag | string | latest | |
libraries.crossplane-provider-upjet-azuread-libsonnet | object | (empty) | |
libraries.crossplane-provider-upjet-azuread-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.crossplane-provider-upjet-azuread-libsonnet.enabled | boolean | false | |
libraries.crossplane-provider-upjet-azuread-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-crossplane-provider-upjet-azuread-libsonnet | |
libraries.crossplane-provider-upjet-azuread-libsonnet.path | string | (empty) | |
libraries.crossplane-provider-upjet-azuread-libsonnet.tag | string | latest | |
libraries.crossplane-provider-upjet-gcp-libsonnet | object | (empty) | |
libraries.crossplane-provider-upjet-gcp-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.crossplane-provider-upjet-gcp-libsonnet.enabled | boolean | false | |
libraries.crossplane-provider-upjet-gcp-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-crossplane-provider-upjet-gcp-libsonnet | |
libraries.crossplane-provider-upjet-gcp-libsonnet.path | string | (empty) | |
libraries.crossplane-provider-upjet-gcp-libsonnet.tag | string | latest | |
libraries.crossplane-provider-upjet-github-libsonnet | object | (empty) | |
libraries.crossplane-provider-upjet-github-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.crossplane-provider-upjet-github-libsonnet.enabled | boolean | false | |
libraries.crossplane-provider-upjet-github-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-crossplane-provider-upjet-github-libsonnet | |
libraries.crossplane-provider-upjet-github-libsonnet.path | string | (empty) | |
libraries.crossplane-provider-upjet-github-libsonnet.tag | string | latest | |
libraries.dapr-libsonnet | object | (empty) | |
libraries.dapr-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.dapr-libsonnet.enabled | boolean | false | |
libraries.dapr-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-dapr-libsonnet | |
libraries.dapr-libsonnet.path | string | (empty) | |
libraries.dapr-libsonnet.tag | string | latest | |
libraries.datadog-operator-libsonnet | object | (empty) | |
libraries.datadog-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.datadog-operator-libsonnet.enabled | boolean | false | |
libraries.datadog-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-datadog-operator-libsonnet | |
libraries.datadog-operator-libsonnet.path | string | (empty) | |
libraries.datadog-operator-libsonnet.tag | string | latest | |
libraries.docsonnet | object | (empty) | |
libraries.docsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.docsonnet.enabled | boolean | false | |
libraries.docsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-docsonnet | |
libraries.docsonnet.path | string | (empty) | |
libraries.docsonnet.tag | string | latest | |
libraries.eck-operator-libsonnet | object | (empty) | |
libraries.eck-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.eck-operator-libsonnet.enabled | boolean | false | |
libraries.eck-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-eck-operator-libsonnet | |
libraries.eck-operator-libsonnet.path | string | (empty) | |
libraries.eck-operator-libsonnet.tag | string | latest | |
libraries.edp-keycloak-operator-libsonnet | object | (empty) | |
libraries.edp-keycloak-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.edp-keycloak-operator-libsonnet.enabled | boolean | false | |
libraries.edp-keycloak-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-edp-keycloak-operator-libsonnet | |
libraries.edp-keycloak-operator-libsonnet.path | string | (empty) | |
libraries.edp-keycloak-operator-libsonnet.tag | string | latest | |
libraries.emissary-libsonnet | object | (empty) | |
libraries.emissary-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.emissary-libsonnet.enabled | boolean | false | |
libraries.emissary-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-emissary-libsonnet | |
libraries.emissary-libsonnet.path | string | (empty) | |
libraries.emissary-libsonnet.tag | string | latest | |
libraries.envoy-gateway-libsonnet | object | (empty) | |
libraries.envoy-gateway-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.envoy-gateway-libsonnet.enabled | boolean | false | |
libraries.envoy-gateway-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-envoy-gateway-libsonnet | |
libraries.envoy-gateway-libsonnet.path | string | (empty) | |
libraries.envoy-gateway-libsonnet.tag | string | latest | |
libraries.etcd-operator-libsonnet | object | (empty) | |
libraries.etcd-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.etcd-operator-libsonnet.enabled | boolean | false | |
libraries.etcd-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-etcd-operator-libsonnet | |
libraries.etcd-operator-libsonnet.path | string | (empty) | |
libraries.etcd-operator-libsonnet.tag | string | latest | |
libraries.external-dns-libsonnet | object | (empty) | |
libraries.external-dns-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.external-dns-libsonnet.enabled | boolean | false | |
libraries.external-dns-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-external-dns-libsonnet | |
libraries.external-dns-libsonnet.path | string | (empty) | |
libraries.external-dns-libsonnet.tag | string | latest | |
libraries.external-secrets-libsonnet | object | (empty) | |
libraries.external-secrets-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.external-secrets-libsonnet.enabled | boolean | false | |
libraries.external-secrets-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-external-secrets-libsonnet | |
libraries.external-secrets-libsonnet.path | string | (empty) | |
libraries.external-secrets-libsonnet.tag | string | latest | |
libraries.flagger-libsonnet | object | (empty) | |
libraries.flagger-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.flagger-libsonnet.enabled | boolean | false | |
libraries.flagger-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-flagger-libsonnet | |
libraries.flagger-libsonnet.path | string | (empty) | |
libraries.flagger-libsonnet.tag | string | latest | |
libraries.fluxcd-libsonnet | object | (empty) | |
libraries.fluxcd-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.fluxcd-libsonnet.enabled | boolean | false | |
libraries.fluxcd-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-fluxcd-libsonnet | |
libraries.fluxcd-libsonnet.path | string | (empty) | |
libraries.fluxcd-libsonnet.tag | string | latest | |
libraries.gatekeeper-libsonnet | object | (empty) | |
libraries.gatekeeper-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.gatekeeper-libsonnet.enabled | boolean | false | |
libraries.gatekeeper-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-gatekeeper-libsonnet | |
libraries.gatekeeper-libsonnet.path | string | (empty) | |
libraries.gatekeeper-libsonnet.tag | string | latest | |
libraries.gateway-api-libsonnet | object | (empty) | |
libraries.gateway-api-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.gateway-api-libsonnet.enabled | boolean | false | |
libraries.gateway-api-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-gateway-api-libsonnet | |
libraries.gateway-api-libsonnet.path | string | (empty) | |
libraries.gateway-api-libsonnet.tag | string | latest | |
libraries.google-cloud-sql-proxy-operator-libsonnet | object | (empty) | |
libraries.google-cloud-sql-proxy-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.google-cloud-sql-proxy-operator-libsonnet.enabled | boolean | false | |
libraries.google-cloud-sql-proxy-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-google-cloud-sql-proxy-operator-libsonnet | |
libraries.google-cloud-sql-proxy-operator-libsonnet.path | string | (empty) | |
libraries.google-cloud-sql-proxy-operator-libsonnet.tag | string | latest | |
libraries.grafana-agent-libsonnet | object | (empty) | |
libraries.grafana-agent-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.grafana-agent-libsonnet.enabled | boolean | false | |
libraries.grafana-agent-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-grafana-agent-libsonnet | |
libraries.grafana-agent-libsonnet.path | string | (empty) | |
libraries.grafana-agent-libsonnet.tag | string | latest | |
libraries.grafana-alloy-libsonnet | object | (empty) | |
libraries.grafana-alloy-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.grafana-alloy-libsonnet.enabled | boolean | false | |
libraries.grafana-alloy-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-grafana-alloy-libsonnet | |
libraries.grafana-alloy-libsonnet.path | string | (empty) | |
libraries.grafana-alloy-libsonnet.tag | string | latest | |
libraries.grafana-operator-libsonnet | object | (empty) | |
libraries.grafana-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.grafana-operator-libsonnet.enabled | boolean | false | |
libraries.grafana-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-grafana-operator-libsonnet | |
libraries.grafana-operator-libsonnet.path | string | (empty) | |
libraries.grafana-operator-libsonnet.tag | string | latest | |
libraries.grafonnet | object | (empty) | |
libraries.grafonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.grafonnet.enabled | boolean | false | |
libraries.grafonnet.image | string | ghcr.io/metio/joi-grafana-grafonnet | |
libraries.grafonnet.path | string | (empty) | |
libraries.grafonnet.tag | string | latest | |
libraries.harbor-operator-libsonnet | object | (empty) | |
libraries.harbor-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.harbor-operator-libsonnet.enabled | boolean | false | |
libraries.harbor-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-harbor-operator-libsonnet | |
libraries.harbor-operator-libsonnet.path | string | (empty) | |
libraries.harbor-operator-libsonnet.tag | string | latest | |
libraries.hcp-terraform-operator-libsonnet | object | (empty) | |
libraries.hcp-terraform-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.hcp-terraform-operator-libsonnet.enabled | boolean | false | |
libraries.hcp-terraform-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-hcp-terraform-operator-libsonnet | |
libraries.hcp-terraform-operator-libsonnet.path | string | (empty) | |
libraries.hcp-terraform-operator-libsonnet.tag | string | latest | |
libraries.istio-libsonnet | object | (empty) | |
libraries.istio-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.istio-libsonnet.enabled | boolean | false | |
libraries.istio-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-istio-libsonnet | |
libraries.istio-libsonnet.path | string | (empty) | |
libraries.istio-libsonnet.tag | string | latest | |
libraries.k8s-libsonnet | object | (empty) | |
libraries.k8s-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.k8s-libsonnet.enabled | boolean | false | |
libraries.k8s-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-k8s-libsonnet | |
libraries.k8s-libsonnet.path | string | (empty) | |
libraries.k8s-libsonnet.tag | string | latest | |
libraries.kargo-libsonnet | object | (empty) | |
libraries.kargo-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.kargo-libsonnet.enabled | boolean | false | |
libraries.kargo-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-kargo-libsonnet | |
libraries.kargo-libsonnet.path | string | (empty) | |
libraries.kargo-libsonnet.tag | string | latest | |
libraries.karpenter-libsonnet | object | (empty) | |
libraries.karpenter-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.karpenter-libsonnet.enabled | boolean | false | |
libraries.karpenter-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-karpenter-libsonnet | |
libraries.karpenter-libsonnet.path | string | (empty) | |
libraries.karpenter-libsonnet.tag | string | latest | |
libraries.keda-libsonnet | object | (empty) | |
libraries.keda-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.keda-libsonnet.enabled | boolean | false | |
libraries.keda-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-keda-libsonnet | |
libraries.keda-libsonnet.path | string | (empty) | |
libraries.keda-libsonnet.tag | string | latest | |
libraries.knative-eventing-libsonnet | object | (empty) | |
libraries.knative-eventing-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.knative-eventing-libsonnet.enabled | boolean | false | |
libraries.knative-eventing-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-knative-eventing-libsonnet | |
libraries.knative-eventing-libsonnet.path | string | (empty) | |
libraries.knative-eventing-libsonnet.tag | string | latest | |
libraries.knative-serving-libsonnet | object | (empty) | |
libraries.knative-serving-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.knative-serving-libsonnet.enabled | boolean | false | |
libraries.knative-serving-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-knative-serving-libsonnet | |
libraries.knative-serving-libsonnet.path | string | (empty) | |
libraries.knative-serving-libsonnet.tag | string | latest | |
libraries.kro-libsonnet | object | (empty) | |
libraries.kro-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.kro-libsonnet.enabled | boolean | false | |
libraries.kro-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-kro-libsonnet | |
libraries.kro-libsonnet.path | string | (empty) | |
libraries.kro-libsonnet.tag | string | latest | |
libraries.kube-prometheus-libsonnet | object | (empty) | |
libraries.kube-prometheus-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.kube-prometheus-libsonnet.enabled | boolean | false | |
libraries.kube-prometheus-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-kube-prometheus-libsonnet | |
libraries.kube-prometheus-libsonnet.path | string | (empty) | |
libraries.kube-prometheus-libsonnet.tag | string | latest | |
libraries.kubernetes-nmstate-libsonnet | object | (empty) | |
libraries.kubernetes-nmstate-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.kubernetes-nmstate-libsonnet.enabled | boolean | false | |
libraries.kubernetes-nmstate-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-kubernetes-nmstate-libsonnet | |
libraries.kubernetes-nmstate-libsonnet.path | string | (empty) | |
libraries.kubernetes-nmstate-libsonnet.tag | string | latest | |
libraries.kubernetes-secret-generator-libsonnet | object | (empty) | |
libraries.kubernetes-secret-generator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.kubernetes-secret-generator-libsonnet.enabled | boolean | false | |
libraries.kubernetes-secret-generator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-kubernetes-secret-generator-libsonnet | |
libraries.kubernetes-secret-generator-libsonnet.path | string | (empty) | |
libraries.kubernetes-secret-generator-libsonnet.tag | string | latest | |
libraries.kubevela-libsonnet | object | (empty) | |
libraries.kubevela-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.kubevela-libsonnet.enabled | boolean | false | |
libraries.kubevela-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-kubevela-libsonnet | |
libraries.kubevela-libsonnet.path | string | (empty) | |
libraries.kubevela-libsonnet.tag | string | latest | |
libraries.kueue-libsonnet | object | (empty) | |
libraries.kueue-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.kueue-libsonnet.enabled | boolean | false | |
libraries.kueue-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-kueue-libsonnet | |
libraries.kueue-libsonnet.path | string | (empty) | |
libraries.kueue-libsonnet.tag | string | latest | |
libraries.kyverno-libsonnet | object | (empty) | |
libraries.kyverno-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.kyverno-libsonnet.enabled | boolean | false | |
libraries.kyverno-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-kyverno-libsonnet | |
libraries.kyverno-libsonnet.path | string | (empty) | |
libraries.kyverno-libsonnet.tag | string | latest | |
libraries.litmus-chaos-libsonnet | object | (empty) | |
libraries.litmus-chaos-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.litmus-chaos-libsonnet.enabled | boolean | false | |
libraries.litmus-chaos-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-litmus-chaos-libsonnet | |
libraries.litmus-chaos-libsonnet.path | string | (empty) | |
libraries.litmus-chaos-libsonnet.tag | string | latest | |
libraries.mariadb-operator-libsonnet | object | (empty) | |
libraries.mariadb-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.mariadb-operator-libsonnet.enabled | boolean | false | |
libraries.mariadb-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-mariadb-operator-libsonnet | |
libraries.mariadb-operator-libsonnet.path | string | (empty) | |
libraries.mariadb-operator-libsonnet.tag | string | latest | |
libraries.metacontroller-libsonnet | object | (empty) | |
libraries.metacontroller-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.metacontroller-libsonnet.enabled | boolean | false | |
libraries.metacontroller-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-metacontroller-libsonnet | |
libraries.metacontroller-libsonnet.path | string | (empty) | |
libraries.metacontroller-libsonnet.tag | string | latest | |
libraries.metallb-libsonnet | object | (empty) | |
libraries.metallb-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.metallb-libsonnet.enabled | boolean | false | |
libraries.metallb-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-metallb-libsonnet | |
libraries.metallb-libsonnet.path | string | (empty) | |
libraries.metallb-libsonnet.tag | string | latest | |
libraries.milvus-operator-libsonnet | object | (empty) | |
libraries.milvus-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.milvus-operator-libsonnet.enabled | boolean | false | |
libraries.milvus-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-milvus-operator-libsonnet | |
libraries.milvus-operator-libsonnet.path | string | (empty) | |
libraries.milvus-operator-libsonnet.tag | string | latest | |
libraries.minio-operator-libsonnet | object | (empty) | |
libraries.minio-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.minio-operator-libsonnet.enabled | boolean | false | |
libraries.minio-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-minio-operator-libsonnet | |
libraries.minio-operator-libsonnet.path | string | (empty) | |
libraries.minio-operator-libsonnet.tag | string | latest | |
libraries.mysql-operator-libsonnet | object | (empty) | |
libraries.mysql-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.mysql-operator-libsonnet.enabled | boolean | false | |
libraries.mysql-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-mysql-operator-libsonnet | |
libraries.mysql-operator-libsonnet.path | string | (empty) | |
libraries.mysql-operator-libsonnet.tag | string | latest | |
libraries.nats-libsonnet | object | (empty) | |
libraries.nats-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.nats-libsonnet.enabled | boolean | false | |
libraries.nats-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-nats-libsonnet | |
libraries.nats-libsonnet.path | string | (empty) | |
libraries.nats-libsonnet.tag | string | latest | |
libraries.node-feature-discovery-libsonnet | object | (empty) | |
libraries.node-feature-discovery-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.node-feature-discovery-libsonnet.enabled | boolean | false | |
libraries.node-feature-discovery-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-node-feature-discovery-libsonnet | |
libraries.node-feature-discovery-libsonnet.path | string | (empty) | |
libraries.node-feature-discovery-libsonnet.tag | string | latest | |
libraries.openshift-libsonnet | object | (empty) | |
libraries.openshift-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.openshift-libsonnet.enabled | boolean | false | |
libraries.openshift-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-openshift-libsonnet | |
libraries.openshift-libsonnet.path | string | (empty) | |
libraries.openshift-libsonnet.tag | string | latest | |
libraries.prometheus-operator-libsonnet | object | (empty) | |
libraries.prometheus-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.prometheus-operator-libsonnet.enabled | boolean | false | |
libraries.prometheus-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-prometheus-operator-libsonnet | |
libraries.prometheus-operator-libsonnet.path | string | (empty) | |
libraries.prometheus-operator-libsonnet.tag | string | latest | |
libraries.pyrra-libsonnet | object | (empty) | |
libraries.pyrra-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.pyrra-libsonnet.enabled | boolean | false | |
libraries.pyrra-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-pyrra-libsonnet | |
libraries.pyrra-libsonnet.path | string | (empty) | |
libraries.pyrra-libsonnet.tag | string | latest | |
libraries.rabbitmq-libsonnet | object | (empty) | |
libraries.rabbitmq-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.rabbitmq-libsonnet.enabled | boolean | false | |
libraries.rabbitmq-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-rabbitmq-libsonnet | |
libraries.rabbitmq-libsonnet.path | string | (empty) | |
libraries.rabbitmq-libsonnet.tag | string | latest | |
libraries.rabbitmq-messaging-topology-operator-libsonnet | object | (empty) | |
libraries.rabbitmq-messaging-topology-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.rabbitmq-messaging-topology-operator-libsonnet.enabled | boolean | false | |
libraries.rabbitmq-messaging-topology-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-rabbitmq-messaging-topology-operator-libsonnet | |
libraries.rabbitmq-messaging-topology-operator-libsonnet.path | string | (empty) | |
libraries.rabbitmq-messaging-topology-operator-libsonnet.tag | string | latest | |
libraries.secrets-store-csi-driver-libsonnet | object | (empty) | |
libraries.secrets-store-csi-driver-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.secrets-store-csi-driver-libsonnet.enabled | boolean | false | |
libraries.secrets-store-csi-driver-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-secrets-store-csi-driver-libsonnet | |
libraries.secrets-store-csi-driver-libsonnet.path | string | (empty) | |
libraries.secrets-store-csi-driver-libsonnet.tag | string | latest | |
libraries.securecodebox-libsonnet | object | (empty) | |
libraries.securecodebox-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.securecodebox-libsonnet.enabled | boolean | false | |
libraries.securecodebox-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-securecodebox-libsonnet | |
libraries.securecodebox-libsonnet.path | string | (empty) | |
libraries.securecodebox-libsonnet.tag | string | latest | |
libraries.spicedb-operator-libsonnet | object | (empty) | |
libraries.spicedb-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.spicedb-operator-libsonnet.enabled | boolean | false | |
libraries.spicedb-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-spicedb-operator-libsonnet | |
libraries.spicedb-operator-libsonnet.path | string | (empty) | |
libraries.spicedb-operator-libsonnet.tag | string | latest | |
libraries.strimzi-libsonnet | object | (empty) | |
libraries.strimzi-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.strimzi-libsonnet.enabled | boolean | false | |
libraries.strimzi-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-strimzi-libsonnet | |
libraries.strimzi-libsonnet.path | string | (empty) | |
libraries.strimzi-libsonnet.tag | string | latest | |
libraries.tailscale-operator-libsonnet | object | (empty) | |
libraries.tailscale-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.tailscale-operator-libsonnet.enabled | boolean | false | |
libraries.tailscale-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-tailscale-operator-libsonnet | |
libraries.tailscale-operator-libsonnet.path | string | (empty) | |
libraries.tailscale-operator-libsonnet.tag | string | latest | |
libraries.tektoncd-libsonnet | object | (empty) | |
libraries.tektoncd-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.tektoncd-libsonnet.enabled | boolean | false | |
libraries.tektoncd-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-tektoncd-libsonnet | |
libraries.tektoncd-libsonnet.path | string | (empty) | |
libraries.tektoncd-libsonnet.tag | string | latest | |
libraries.teleport-operator-libsonnet | object | (empty) | |
libraries.teleport-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.teleport-operator-libsonnet.enabled | boolean | false | |
libraries.teleport-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-teleport-operator-libsonnet | |
libraries.teleport-operator-libsonnet.path | string | (empty) | |
libraries.teleport-operator-libsonnet.tag | string | latest | |
libraries.testonnet | object | (empty) | |
libraries.testonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.testonnet.enabled | boolean | false | |
libraries.testonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-testonnet | |
libraries.testonnet.path | string | (empty) | |
libraries.testonnet.tag | string | latest | |
libraries.tinkerbell-libsonnet | object | (empty) | |
libraries.tinkerbell-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.tinkerbell-libsonnet.enabled | boolean | false | |
libraries.tinkerbell-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-tinkerbell-libsonnet | |
libraries.tinkerbell-libsonnet.path | string | (empty) | |
libraries.tinkerbell-libsonnet.tag | string | latest | |
libraries.traefik-libsonnet | object | (empty) | |
libraries.traefik-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.traefik-libsonnet.enabled | boolean | false | |
libraries.traefik-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-traefik-libsonnet | |
libraries.traefik-libsonnet.path | string | (empty) | |
libraries.traefik-libsonnet.tag | string | latest | |
libraries.triggermesh-libsonnet | object | (empty) | |
libraries.triggermesh-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.triggermesh-libsonnet.enabled | boolean | false | |
libraries.triggermesh-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-triggermesh-libsonnet | |
libraries.triggermesh-libsonnet.path | string | (empty) | |
libraries.triggermesh-libsonnet.tag | string | latest | |
libraries.trust-manager-libsonnet | object | (empty) | |
libraries.trust-manager-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.trust-manager-libsonnet.enabled | boolean | false | |
libraries.trust-manager-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-trust-manager-libsonnet | |
libraries.trust-manager-libsonnet.path | string | (empty) | |
libraries.trust-manager-libsonnet.tag | string | latest | |
libraries.upbound-provider-opentofu-libsonnet | object | (empty) | |
libraries.upbound-provider-opentofu-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.upbound-provider-opentofu-libsonnet.enabled | boolean | false | |
libraries.upbound-provider-opentofu-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-upbound-provider-opentofu-libsonnet | |
libraries.upbound-provider-opentofu-libsonnet.path | string | (empty) | |
libraries.upbound-provider-opentofu-libsonnet.tag | string | latest | |
libraries.vault-secrets-operator-libsonnet | object | (empty) | |
libraries.vault-secrets-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.vault-secrets-operator-libsonnet.enabled | boolean | false | |
libraries.vault-secrets-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-vault-secrets-operator-libsonnet | |
libraries.vault-secrets-operator-libsonnet.path | string | (empty) | |
libraries.vault-secrets-operator-libsonnet.tag | string | latest | |
libraries.vertical-pod-autoscaler-libsonnet | object | (empty) | |
libraries.vertical-pod-autoscaler-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.vertical-pod-autoscaler-libsonnet.enabled | boolean | false | |
libraries.vertical-pod-autoscaler-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-vertical-pod-autoscaler-libsonnet | |
libraries.vertical-pod-autoscaler-libsonnet.path | string | (empty) | |
libraries.vertical-pod-autoscaler-libsonnet.tag | string | latest | |
libraries.victoria-metrics-operator-libsonnet | object | (empty) | |
libraries.victoria-metrics-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.victoria-metrics-operator-libsonnet.enabled | boolean | false | |
libraries.victoria-metrics-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-victoria-metrics-operator-libsonnet | |
libraries.victoria-metrics-operator-libsonnet.path | string | (empty) | |
libraries.victoria-metrics-operator-libsonnet.tag | string | latest | |
libraries.xtd | object | (empty) | |
libraries.xtd.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.xtd.enabled | boolean | false | |
libraries.xtd.image | string | ghcr.io/metio/joi-jsonnet-libs-xtd | |
libraries.xtd.path | string | (empty) | |
libraries.xtd.tag | string | latest | |
libraries.zalando-postgres-operator-libsonnet | object | (empty) | |
libraries.zalando-postgres-operator-libsonnet.closure | array | (empty) | libraries this one imports; auto-enabled with it |
libraries.zalando-postgres-operator-libsonnet.enabled | boolean | false | |
libraries.zalando-postgres-operator-libsonnet.image | string | ghcr.io/metio/joi-jsonnet-libs-zalando-postgres-operator-libsonnet | |
libraries.zalando-postgres-operator-libsonnet.path | string | (empty) | |
libraries.zalando-postgres-operator-libsonnet.tag | string | latest | |
namespace | string | (empty) | Namespace the OCIRepository + JsonnetLibrary objects land in (release ns when empty). |
registryMirror | string | (empty) | Internal registry mirror for the JOI OCI artifacts (rewrites the registry host). |