{"id":25190074,"url":"https://github.com/keyfactor/signserver-community-helm","last_synced_at":"2026-01-17T17:41:09.279Z","repository":{"id":198259830,"uuid":"685928236","full_name":"Keyfactor/signserver-community-helm","owner":"Keyfactor","description":"Helm chart for deploying SignServer in Kubernetes","archived":false,"fork":false,"pushed_at":"2026-01-12T18:46:40.000Z","size":124,"stargazers_count":1,"open_issues_count":2,"forks_count":1,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-01-13T00:17:18.507Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Smarty","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-2.1","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Keyfactor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-09-01T10:36:34.000Z","updated_at":"2026-01-12T18:46:25.000Z","dependencies_parsed_at":"2024-12-23T16:25:06.078Z","dependency_job_id":"3519eb76-c586-4988-958c-4a4780c61b3b","html_url":"https://github.com/Keyfactor/signserver-community-helm","commit_stats":null,"previous_names":["keyfactor/signserver-community-helm"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/Keyfactor/signserver-community-helm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fsignserver-community-helm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fsignserver-community-helm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fsignserver-community-helm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fsignserver-community-helm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Keyfactor","download_url":"https://codeload.github.com/Keyfactor/signserver-community-helm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fsignserver-community-helm/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28513972,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T13:38:16.342Z","status":"ssl_error","status_checked_at":"2026-01-17T13:37:44.060Z","response_time":85,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-09T21:18:51.833Z","updated_at":"2026-01-17T17:41:09.247Z","avatar_url":"https://github.com/Keyfactor.png","language":"Smarty","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!--SignServer Community logo for light and dark mode --\u003e\n\u003ca href=\"https://signserver.org\"\u003e\n \u003cpicture\u003e\n \u003csource media=\"(prefers-color-scheme: light)\" srcset=\".github/community-signserver.png?raw=true\"\u003e\n \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\".github/community-signserver-lite.png?raw=true\"\u003e\n \u003cimg alt=\"SignServer Community\" src=\".github/community-signserver.png?raw=true\" title=\"SignServer Community\" height=\"70\" \u003e\n \u003c/picture\u003e\n\u003c/a\u003e\n\u003c!--SignServer Enterprise logo for light and dark mode --\u003e\n\u003ca href=\"https://www.keyfactor.com/products/signserver-enterprise/\"\u003e\n \u003cpicture\u003e\n \u003csource media=\"(prefers-color-scheme: light)\" srcset=\".github/keyfactor-signserver-enterprise.png?raw=true\"\u003e\n \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\".github/keyfactor-signserver-enterprise-lite.png?raw=true\"\u003e\n \u003cimg alt=\"SignServer Enterprise\" src=\".github/keyfactor-signserver-enterprise.png?raw=true\" title=\"SignServer Enterprise\" height=\"70\" \u003e\n \u003c/picture\u003e\n\u003c/a\u003e\n\n##\n\n* **SignServer Community** (SignServer CE) - free and open source, OSI Certified Open Source Software, LGPL-licensed subset of SignServer Enterprise\n* **SignServer Enterprise** (SignServer EE) - developed and commercially supported\n\n# Helm Chart for SignServer Enterprise\n\n**[Documentation](https://docs.keyfactor.com/container/latest/signserver/)** for SignServer Enterprise\n\n# Helm Chart for SignServer Community\n\nHelm chart for deploying SignServer in Kubernetes. Designed to be simple and flexible.\n\nWelcome to SignServer – the Open Source Signing Software. Digitally sign documents, code, and timestamps while keeping your signature process and keys secure.\n\nOSI Certified is a certification mark of the Open Source Initiative.\n\n## Community Support\n\nIn our Community we welcome contributions. The Community software is open source and community supported, there is no support SLA, but a helpful best-effort Community.\n\n* To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab.\n* If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.\n* Ask the community for ideas: **[SignServer Discussions](https://github.com/Keyfactor/signserver-ce/discussions)**.\n* Read more in our documentation: **[SignServer Documentation](https://doc.primekey.com/signserver)**.\n* See release information: **[SignServer Release information](https://doc.primekey.com/signserver/signserver-release-information)**.\n* Read more on the open source project website: **[SignServer website](https://www.signserver.org/)**.\n\n## Commercial Support\nCommercial support is available for **[SignServer Enterprise](https://www.keyfactor.com/platform/keyfactor-signserver-enterprise/)**.\n\n## License\nSignServer Community is licensed under the LGPL license, please see **[LICENSE](LICENSE)**.\n\n\n## Prerequisites\n\n- [Kubernetes](http://kubernetes.io) v1.19+\n- [Helm](https://helm.sh) v3+\n- [EJBCA](https://www.ejbca.org), or another certificate authority for infrastructure and signer certificates. \n\n## Getting started\n\nThe **SignServer Community Helm Chart** bootstraps **SignServer Community** on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.\n\nSignServer depends on an existing PKI for infrastructure certificates (client TLS for administration and optionally server TLS) as well as for signer certificates for workers. [EJBCA](https://www.ejbca.org) is an open-source, enterprise-grade, PKI software that is [easy to get started](https://www.ejbca.org/use-cases/get-started-with-ejbca-pki/) with and [can be deployed in Kubernetes using Helm](https://github.com/Keyfactor/ejbca-community-helm).\n\n### Fetch the SignServer Community Chart\n```shell\nhelm pull oci://repo.keyfactor.com/charts/signserver-ce --untar\n```\n\n### Quick start\n\nDeploying `signserver-community-helm` using default configurations will start SignServer with an ephemeral database and without the possibility of accessing the administration web interface. In order to be able to use SignServer, you should customize the deployment to allow admin web access and/or use pre-configured worker properties files.\n\n### Custom deployment\n\nTo customize the installation, create and edit a custom values file with deployment parameters:\n```shell\nhelm show values signserver-ce \u003e signserver.yaml\n```\nDeploy `signserver-community-helm` on the Kubernetes cluster with custom configurations:\n```shell\nhelm install signserver signserver-ce --namespace signserver --create-namespace --values signserver.yaml\n```\n## Access to AdminWeb\n\nBy default, you will not have access to AdminWeb. \n\n**IMPORTANT**\n\nFor first time deployments `allowAny` need to be set to true for access to AdminWeb and restrction can then be set under the administartion page.\n\n**WARNING** \n\n`allowAny` needs to be changed back to false for redeployment unless you want restricted changes to be overwritten.\n\n## Example Custom Deployments\n\nThis section contains examples of how to customize the deployment for common scenarios.\n\n## Connecting SignServer to an external database\n\nAll serious deployments of SignServer should use an external database for data persistence.\nSignServer supports Microsoft SQL Server, MariaDB/MySQL, PostgreSQL, and Oracle databases. \n\nThe following example shows modifications to the helm chart values file used to connect SignServer to a MariaDB database with server name `mariadb-server` and database name `signserverdb` using username `signserver` and password `foo123`:\n\n```yaml\nsignserver:\n useEphemeralH2Database: false\n env:\n DATABASE_JDBC_URL: jdbc:mariadb://mariadb-server:3306/signserverdb?characterEncoding=UTF-8\n DATABASE_USER: signserver\n DATABASE_PASSWORD: foo123\n```\n\nThis example connects SignServer to a PostgreSQL database and uses a Kubernetes secret for storing the database username and password:\n\n```yaml\nsignserver:\n useEphemeralH2Database: false\n env:\n DATABASE_JDBC_URL: jdbc:postgresql://postgresql-server:5432/signserverdb\n envRaw:\n - name: DATABASE_PASSWORD\n valueFrom:\n secretKeyRef:\n name: signserver-db-credentials\n key: database_password\n - name: DATABASE_USER\n valueFrom:\n secretKeyRef:\n name: signserver-db-credentials\n key: database_user\n```\n\nHelm charts can be used to deploy a database in Kubernetes, for example the following by Bitnami:\n\n- https://artifacthub.io/packages/helm/bitnami/postgresql\n- https://artifacthub.io/packages/helm/bitnami/mariadb\n\n\n### Configuring TLS termination in container for administrator access\n\nThe SignServer container can be provided with a custom keystore and truststore for TLS termination directly in the container. \n\nCreate Kubernetes secrets using the following commands:\n\n```shell\nkubectl create secret generic keystore-secret --from-file=server.jks=server.jks --from-file=server.storepasswd=server.storepasswd\n\nkubectl create secret generic truststore-secret --from-file=truststore.jks=ManagementCA-chain.jks --from-file=truststore.storepasswd=truststore.storepasswd\n```\n\n*server.jks* is the server keystore in JKS format, *server.storepasswd* is a text file containing the password to *server.jks*.\n\n*truststore.jks* is the mTLS truststore and should contain certificate(s) of trusted CA(s) that issue administrator client TLS certificates.\n\nConfigure the helm chart to import keystore and truststore from the created secrets:\n\n```yaml\nsignserver:\n importAppserverKeystore: true\n appserverKeystoreSecret: keystore-secret\n importAppserverTruststore: true\n appserverTruststoreSecret: truststore-secret\n```\n\n### Configuring SignServer to sit behind a reverse proxy \n\nIt is best practice to place SignServer behind a reverse proxy server that handles TLS termination and/or load balancing.\n\nThe following example shows how to configure a deployment to expose an AJP proxy port as a ClusterIP service:\n\n```yaml\nservices:\n directHttp:\n enabled: false\n proxyAJP:\n enabled: true\n type: ClusterIP\n bindIP: 0.0.0.0\n port: 8009\n proxyHttp:\n enabled: false\n```\n\nThis example exposes two proxy HTTP ports, where port 8082 will accept the SSL_CLIENT_CERT HTTP header to enable mTLS:\n\n```yaml\nservices:\n directHttp:\n enabled: false\n proxyAJP:\n enabled: false\n proxyHttp:\n enabled: true\n type: ClusterIP\n bindIP: 0.0.0.0\n httpPort: 8081\n httpsPort: 8082\n```\n\n### Enabling Ingress in front of SignServer\n\nIngress is a Kubernetes native way of exposing HTTP and HTTPS routes from outside to Kubernetes services.\n\nThe following example shows how Ingress can be enabled with this helm chart using proxy AJP. \nNote that a TLS secret containing `tls.crt` and `tls.key` with certificate and private key would need to be prepared in advance and that *nginx.ingress.kubernetes.io/auth-tls-secret* must reference a secret containing a file named `ca.crt` with CA certificates that allow authentication.\n\n```yaml\nservices:\n directHttp:\n enabled: false\n proxyAJP:\n enabled: true\n type: ClusterIP\n bindIP: 0.0.0.0\n port: 8009\n proxyHttp:\n enabled: false\n\ningress:\n enabled: true\n className: \"nginx\"\n annotations:\n nginx.ingress.kubernetes.io/ssl-redirect: \"false\"\n nginx.ingress.kubernetes.io/auth-tls-verify-client: \"on\"\n nginx.ingress.kubernetes.io/auth-tls-secret: \"default/managementca-secret\"\n nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: \"true\"\n hosts:\n - host: \"signserver.minikube.local\"\n paths:\n - path: /signserver\n pathType: Prefix\n tls:\n - hosts:\n - signserver.minikube.local\n secretName: ingress-tls\n```\n\n### Importing signer keystores into SignServer container\n\nKeystore files containing signer keys and certificates that should be used by SignServer workers can be imported from a Kubernetes secret.\n\nUse the following command to create a secret containing one or more keystore files:\n\n```shell\nkubectl create secret generic signer-keystores-secret --from-file=signer_keystore.p12=signer_keystore.p12\n```\n\nConfigure the chart to mount keystore files from the secret. `keystoresMountPath` is where the files should be placed in the container:\n\n```yaml\nsignserver:\n importKeystores: true\n keystoresSecret: signer-keystores-secret\n keystoresMountPath: /mnt/external\n```\n\n### Configuring SignServer using worker properties files\n\nSignServer can be fully configured using properties files. \n\nThe example below configures two workers, a crypto worker that connects to keystore files located at `/mnt/external/signer_keystore.p12` and a PlainSigner that signs using the key signKey0001 from this keystore:\n\n```\nWORKER1.NAME=SignerCryptoToken\nWORKER1.TYPE=CRYPTO_WORKER\nWORKER1.IMPLEMENTATION_CLASS=org.signserver.server.signers.CryptoWorker\nWORKER1.CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.server.cryptotokens.KeystoreCryptoToken\nWORKER1.KEYSTORETYPE=PKCS12\nWORKER1.KEYSTOREPATH=/mnt/external/signer_keystore.p12\nWORKER1.KEYSTOREPASSWORD=foo123\nWORKER1.DEFAULTKEY=testKey\n\nWORKER2.NAME=PlainSigner\nWORKER2.TYPE=PROCESSABLE\nWORKER2.IMPLEMENTATION_CLASS=org.signserver.module.cmssigner.PlainSigner\nWORKER2.CRYPTOTOKEN=SignerCryptoToken\nWORKER2.DEFAULTKEY=signKey0001\nWORKER2.DISABLEKEYUSAGECOUNTER=true\nWORKER2.AUTHTYPE=NOAUTH\n```\n\nCreate a secret from one or more text files with worker properties:\n\n```shell\nkubectl create secret generic workers-secret --from-file=workers.properties=workers.properties\n```\n\nConfigure the chart to import worker properties at start-up:\n\n```yaml\nsignserver:\n importWorkerProperties: true\n workerPropertiesSecret: workers-secret\n```\n\nSample properties files for different types of workers are available in the [SignServer GitHub repository](https://github.com/Keyfactor/signserver-ce/tree/main/signserver/doc/sample-configs).\n\nNote that the samples prefix properties with `WORKERGENID1` which always creates a new worker. In order to handle container restarts, exact worker ID should be used like in the example above. This way the worker is created if it does not already exist, otherwise properties are applied to the existing worker with that ID.\n\n## Parameters\n\n### SignServer Deployment Parameters\n\n| Name | Description | Default |\n| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |\n| signserver.allowAny | Provides access to AdminWeb. Change to true at first deployment for access. Should be changed back to false for restricted access to not be overwritten. | false |\n| signserver.useP11NgAsP11 | If set to false, do no back PKCS11CryptoToken by P11NG. If not set the default depends on the default in the current version of SignServer. | |\n| signserver.useEphemeralH2Database | If in-memory internal H2 database should be used | true |\n| signserver.useH2Persistence | If internal H2 database with persistence should be used. Requires existingH2PersistenceClaim to be set | false |\n| signserver.existingH2PersistenceClaim | PersistentVolumeClaim that internal H2 database can use for data persistence | |\n| signserver.importAppserverKeystore | If an existing keystore should be used for TLS configurations when reverse proxy is not used | false |\n| signserver.appserverKeystoreSecret | Secret containing keystore for TLS configuration of SignServer application server | |\n| signserver.importAppserverTruststore | If an existing truststore should be used for TLS configurations when reverse proxy is not used | false |\n| signserver.appserverTruststoreSecret | Secret containing truststore for TLS configuration of SignServer application server | |\n| signserver.importWorkerProperties | If properties files should be used to configure SignServer | false |\n| signserver.workerPropertiesSecret | Secret containing properties files used for configuring SignServer at startup | |\n| signserver.importKeystores | If keystore files should be mounted into the SignServer container | false |\n| signserver.keystoresSecret | Secret containing keystore files that can be used by SignServer workers | |\n| signserver.keystoresMountPath | Mount path in the SignServer container for mounted keystore files | |\n| signserver.env | Environment variables to pass to container | |\n| signserver.envRaw | Environment variables to pass to container in Kubernetes YAML format | |\n| signserver.initContainers | Extra init containers to be added to the deployment | [] |\n| signserver.sidecarContainers | Extra sidecar containers to be added to the deployment | [] |\n| signserver.volumes | Extra volumes to be added to the deployment | [] |\n| signserver.volumeMounts | Extra volume mounts to be added to the deployment | [] |\n\n### SignServer Environment Variables\n\n| Name | Description | Default |\n| -------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |\n| signserver.env.DATABASE_JDBC_URL | JDBC URL to external database | |\n| signserver.env.DATABASE_USER | The username part of the credentials to access the external database | |\n| signserver.env.DATABASE_PASSWORD | The password part of the credentials to access the external database | |\n| signserver.env.DATABASE_USER_PRIVILEGED | The username part of the credentials to access the external database if separate account is used for creating tables and schema changes | |\n| signserver.env.DATABASE_PASSWORD_PRIVILEGED | The password part of the credentials to access the external database if separate account is used for creating tables and schema changes | |\n| signserver.env.LOG_LEVEL_APP | Application log level | |\n| signserver.env.LOG_LEVEL_APP_WS_TRANSACTIONS | Application log level for WS transaction logging | |\n| signserver.env.LOG_LEVEL_SERVER | Application server log level for main system | |\n| signserver.env.LOG_LEVEL_SERVER_SUBSYSTEMS | Application server log level for sub-systems | |\n| signserver.env.LOG_STORAGE_LOCATION | Path in the Container (directory) where the log will be saved, so it can be mounted to a host directory. The mounted location must be a writable directory | |\n| signserver.env.LOG_STORAGE_MAX_SIZE_MB | Maximum total size of log files (in MB) before being discarded during log rotation. Minimum requirement: 2 (MB) | |\n| signserver.env.LOG_AUDIT_TO_DB | Set this value to true if the internal SignServer audit log is needed | |\n| signserver.env.TZ | TimeZone to use in the container | |\n| signserver.env.APPSERVER_DEPLOYMENT_TIMEOUT | This value controls the deployment timeout in seconds for the application server when starting the application | |\n| signserver.env.JAVA_OPTS_CUSTOM | Allows you to override the default JAVA_OPTS that are set in the standalone.conf | |\n| signserver.env.PROXY_AJP_BIND | Run container with an AJP proxy port :8009 bound to the IP address in this variable, e.g. PROXY_AJP_BIND=0.0.0.0 | |\n| signserver.env.PROXY_HTTP_BIND | Run container with two HTTP back-end proxy ports :8081 and :8082 configured bound to the IP address in this variable. Port 8082 will accepts the SSL_CLIENT_CERT HTTP header, e.g. PROXY_HTTP_BIND=0.0.0.0 | |\n\n### Services Parameters\n\n| Name | Description | Default |\n| ----------------------------- | --------------------------------------------------------------------------------------------------------- | --------- |\n| services.directHttp.enabled | If service for communicating directly with SignServer container should be enabled | true |\n| services.directHttp.type | Service type for communicating directly with SignServer container | NodePort |\n| services.directHttp.httpPort | HTTP port for communicating directly with SignServer container | 31080 |\n| services.directHttp.httpsPort | HTTPS port for communicating directly with SignServer container | 31443 |\n| services.proxyAJP.enabled | If service for reverse proxy servers to communicate with SignServer container over AJP should be enabled | false |\n| services.proxyAJP.type | Service type for proxy AJP communication | ClusterIP |\n| services.proxyAJP.bindIP | IP to bind for proxy AJP communication | 0.0.0.0 |\n| services.proxyAJP.port | Service port for proxy AJP communication | 8009 |\n| services.proxyHttp.enabled | If service for reverse proxy servers to communicate with SignServer container over HTTP should be enabled | false |\n| services.proxyHttp.type | Service type for proxy HTTP communication | ClusterIP |\n| services.proxyHttp.bindIP | IP to bind for proxy HTTP communication | 0.0.0.0 |\n| services.proxyHttp.httpPort | Service port for proxy HTTP communication | 8081 |\n| services.proxyHttp.httpsPort | Service port for proxy HTTP communication that accepts SSL_CLIENT_CERT header | 8082 |\n| services.sidecarPorts | Additional ports to expose in sidecar containers | [] |\n\n\n### Ingress Parameters\n\n| Name | Description | Default |\n| ------------------- | ------------------------------------------- | ----------------- |\n| ingress.enabled | If ingress should be created for SignServer | false |\n| ingress.className | Ingress class name | \"nginx\" |\n| ingress.annotations | Ingress annotations | \u003csee values.yaml\u003e |\n| ingress.hosts | Ingress hosts configurations | [] |\n| ingress.tls | Ingress TLS configurations | [] |\n\n### Deployment Parameters\n\n| Name | Description | Default |\n|-----------------------------------------------|------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------|\n| replicaCount | Number of SignServer replicas | 1 |\n| image.repository | SignServer image repository | keyfactor/signserver-ce |\n| image.pullPolicy | SignServer image pull policy | IfNotPresent |\n| image.tag | Overrides the image tag whose default is the chart appVersion | |\n| imagePullSecrets | SignServer image pull secrets | [] |\n| nameOverride | Overrides the chart name | \"\" |\n| fullnameOverride | Fully overrides generated name | \"\" |\n| probes.signserver.startup | Overrides the default configuration of the startup probe (initialDelaySeconds, periodSeconds, etc.) | initialDelaySeconds: 20, periodSeconds: 10, timeoutSeconds:1, failureThreshold: 30 |\n| probes.signserver.liveness | Overrides the default configuration of the liveness probe (initialDelaySeconds, periodSeconds, etc.) | initialDelaySeconds: 5, periodSeconds: 10, timeoutSeconds:1, failureThreshold: 3 |\n| probes.signserver.readiness | Overrides the default configuration of the readiness probe (initialDelaySeconds, periodSeconds, etc.) | initialDelaySeconds: 5, periodSeconds: 10, timeoutSeconds:1, failureThreshold: 3 |\n| serviceAccount.create | Specifies whether a service account should be created | true |\n| serviceAccount.annotations | Annotations to add to the service account | {} |\n| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | \"\" |\n| podAnnotations | Additional pod annotations | {} |\n| podSecurityContext | Pod security context | {} |\n| securityContext | Container security context | {} |\n| resources | Resource requests and limits | {} |\n| autoscaling.enabled | If autoscaling should be used | false |\n| autoscaling.minReplicas | Minimum number of replicas for autoscaling deployment | 1 |\n| autoscaling.maxReplicas | Maximimum number of replicas for autoscaling deployment | 5 |\n| autoscaling.targetCPUUtilizationPercentage | Target CPU utilization for autoscaling deployment | 80 |\n| autoscaling.targetMemoryUtilizationPercentage | Target memory utilization for autoscaling deployment | |\n| nodeSelector | Node labels for pod assignment | {} |\n| tolerations | Tolerations for pod assignment | [] |\n| affinity | Affinity for pod assignment | {} |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeyfactor%2Fsignserver-community-helm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeyfactor%2Fsignserver-community-helm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeyfactor%2Fsignserver-community-helm/lists"}