Helm Values Reference
The three starter values files for the FOSSA fossa-core Helm chart, simplified (managed hosting), simplified self-hosted, and advanced.
Overview
FOSSA provides three starter values files to begin configuring your fossa-core Helm release. All three configure the same underlying schema, the simplified files only add YAML anchors and references to make common configuration tasks more convenient. Pick the one that matches your hosting model, then customize it as described in Configuring your Helm values.
- Simplified (managed hosting): recommended when you use managed external hosting (Amazon S3, Amazon RDS, or equivalents) for FOSSA's dependencies.
- Simplified (self-hosted): when you want FOSSA to self-host its dependencies in-cluster.
- Advanced: exposes the full chart configuration directly, without anchors. Reference the comments in the chart's
values.yamlwhen using it.
Warning
The self-hosted starter file provisions Postgres and MinIO in-cluster. fossa-core 6.x has removed in-cluster Postgres provisioning and decoupled MinIO from the chart. On current charts, configure Postgres (version 17) and S3-compatible storage as external services. See Migrating to Postgres 17 and Decoupling MinIO from fossa-core, and always check the chart's own CHANGELOG.md for breaking changes before upgrading.
---################################################################################ ## FOSSA on-premises Helm values (simplified)################################################################################ #################################################################################### Modify these values##################################################################################global: # Environment name (used for logging). environment: production # The FOSSA image credentials that you were given by your account manager. imageCredentials: username: password: # 64-character hexadecimal string, used to encrypt application secrets. Please# pick something more random than the default value.encryptionSecret: 0000000000000000000000000000000000000000000000000000000000000000 # The URL hostname and port that the FOSSA web server should listen on.## This hostname must be accessible to users, and you'll need to configure a DNS# record for this hostname.hostname: &core-web-hostname fossa.localport: 80 # If you want your ingress controller to serve FOSSA via HTTPS, you'll need to# configure that here. Please see your ingress controller's relevant# documentation to set the correct annotations, if required.coreIngressAnnotations: &coreIngressAnnotations {}coreIngressTLS: &coreIngressTLS [] # Set Postgres connection configuration.postgres: &postgres # The URL of the database. host: # Database user credentials. username: password: # Database name to use for the FOSSA web application's database. database: fossa # Set S3-compatible object storage configuration.## Bucket name for web application file storage.storageCoreBucket: &storage-core-bucket files.fossa.local# Bucket name for analysis results storage.storageHubbleBucket: &storage-hubble-bucket analysis.fossa.local# The endpoint of the S3 service, including protocol.storageEndpoint: &storage-endpoint https://s3.us-east-2.amazonaws.com# The S3 endpoint's region.storageRegion: &storage-region# The S3 access key and secret key.storageAuth: &storage-auth accessKey: secretKey: # Configuration for the self-hosted job queue instances.## Password to use for self-hosted web application job queue.faktoryCorePassword: &faktory-core-password "password"# Password to use for self-hosted code analysis job queue.faktoryHubblePassword: &faktory-hubble-password "password" # Email server for FOSSA web application.email: # The address from which FOSSA will send email. from: support@fossa.local # SMTP server configuration. host: smtp.fossa.local port: 1025 # Credentials for the SMTP server. Remove this section if no auth is required. auth: user: user pass: password # Self-signed certificates configuration.trustedCertificates: # Third-party integrations.## Other providers include `google`, `slack`, and `azureRepos`. For details, see# the reference documentation in the chart's top-level `values.yaml` file.github: {} # clientId: # clientSecret: #################################################################################### Generated configuration values.#### DO NOT MODIFY THESE unless you know what you're doing.################################################################################## faktory: auth: password: *faktory-core-password storageCommonConfig: &storage endpoint: *storage-endpoint region: *storage-region auth: *storage-auth storage: <<: *storage bucket: *storage-core-bucket hubble: postgres: *postgres faktory: auth: password: *faktory-hubble-password storage: <<: *storage bucket: *storage-hubble-bucket ingress: enabled: true annotations: *coreIngressAnnotations tls: *coreIngressTLS hosts: - *core-web-hostname enabledFeatureFlags: # Dependency Path in Global Issues Report - dependencyPathGlobalIssuesReport # Release Groups - projectGrouping # Disable Org Alert Banner - disableOrgAlertBanner # License Headers In Reports - licenseHeaderReports # File Path in Reports - filePathInReports # Copyright Notices in Reports - copyrightReports # Show Locators in Plaintext Reports - locatorsInPlainTextReports # Show Depth in Plaintext Reports - depthInPlainTextReports