Here is some context for more advanced configuration options. For an initial setup, they might not be necessary – except please check out Networking about the metrics endpoint.

  • global.registry is the upstream docker registry. It’s used for pulling images. You can change it to your own registry if you mirror all your images. Note: if you just customize the project’s software environment, then you have to change the manage.project.registry setting instead! Why? If set, that manage.project.registry setting overwrites the value of global.registry.

  • global.imagePullSecrets: see Docker registry.

  • global.setup_admin: see Admin Setup, e.g.:

          email: your.admin@email.address
          password: R3pLaC3mE
          name: "Your Name"

    You can also leave out the password and set HELM chart params on the command-line via helm [...] --set global.setup_admin.password=[password].

  • global.setup_registration_token: if your server is publicly available, you probably don’t want anyone to be able to create an account. This sets an initial token, that must be known to a user to be able to sign in. This does not affect SSO logins, because with them you’re already in control about who is allowed to get access. See Admin for more.

  • global.kubectl is the version tag string of an image. It’s used for running Jobs that need to run kubectl commands. The version should roughly match the version of the Kubernetes cluster’s API server you’re running.

  • global.ingress: this is used to populate the Ingress rules. Look at the letsencrypt/ file for more details. Obviously, this has to match whatever you have set up in Networking earlier.

  • global.networkingConfiguration allows you to disable all Ingress or NetworkPolicy rules. This is useful if you have a cluster with a different networking setup. Note: If you use the standard NGINX Ingress Controller, please read about the server-snippet setting in the /metrics endpoint section in Networking. To avoid running into a problem during a deployment, set hideMetrics: false.

  • global.datastore: see Datastore.

  • global.priorityClasses and global.podDisruptionBudgets: if enabled, this will define PriorityClasses to make some Pods more important than others, while the Pod Disruption Budget defines how many pods of a replicated service can be interrupted during maintenance, cluster changes, etc.