Controller Options

Controller command flags and defaults.

To customise the controller options at install time, please see the bootstrap customization guide.

Flags

NameTypeDescription
--concurrentintThe number of concurrent HelmRelease reconciles. (default 4)
--default-service-accountstringDefault service account used for impersonation.
--enable-leader-electionbooleanEnable leader election for controller manager. Enabling this will ensure there is only one active controller manager.
--events-addrstringThe address of the events receiver.
--graceful-shutdown-timeoutintThe duration given to the reconciler to finish before forcibly stopping. (default 600s)
--health-addrstringThe address the health endpoint binds to. (default “:9440”)
--http-retryintThe maximum number of retries when failing to fetch artifacts over HTTP. (default 9)
--insecure-kubeconfig-execbooleanAllow use of the user.exec section in kubeconfigs provided for remote apply.
--insecure-kubeconfig-tlsbooleanAllow that kubeconfigs provided for remote apply can disable TLS verification.
--kube-api-burstintThe maximum burst queries-per-second of requests sent to the Kubernetes API. (default 100)
--kube-api-qpsfloat32The maximum queries-per-second of requests sent to the Kubernetes API. (default 50)
--leader-election-lease-durationdurationInterval at which non-leader candidates will wait to force acquire leadership (duration string). (default 35s)
--leader-election-release-on-cancelbooleanDefines if the leader should step down voluntarily on controller manager shutdown. (default true)
--leader-election-renew-deadlinedurationDuration that the leading controller manager will retry refreshing leadership before giving up (duration string). (default 30s)
--leader-election-retry-perioddurationDuration the LeaderElector clients should wait between tries of actions (duration string). (default 5s)
--log-encodingstringLog encoding format. Can be ‘json’ or ‘console’. (default “json”)
--log-levelstringLog verbosity level. Can be one of ’trace’, ‘debug’, ‘info’, ’error’. (default “info”)
--max-retry-delaydurationThe maximum amount of time for which an object being reconciled will have to wait before a retry. (default 15m0s)
--metrics-addrstringThe address the metric endpoint binds to. (default “:8080”)
--min-retry-delaydurationThe minimum amount of time for which an object being reconciled will have to wait before a retry. (default 750ms)
--no-cross-namespace-refsbooleanWhen set to true, references between custom resources are allowed only if the reference and the referee are in the same namespace.
--requeue-dependencydurationThe interval at which failing dependencies are reevaluated. (default 30s)
--watch-all-namespacesbooleanWatch for custom resources in all namespaces, if set to false it will only watch the runtime namespace. (default true)
--watch-label-selectorstringWatch for resources with matching labels e.g. ‘sharding.fluxcd.io/key=shard1’.
--feature-gatesmapStringBoolA comma separated list of key=value pairs defining the state of experimental features.
--oom-watch-intervaldurationThe interval at which the OOM watcher will check for memory usage. Requires feature gate ‘OOMWatch’ to be enabled. (default 500ms)
--oom-watch-memory-thresholdunit8The memory threshold in percentage at which the OOM watcher will trigger a graceful shutdown. Requires feature gate ‘OOMWatch’ to be enabled. (default 95)
--oom-watch-max-memory-pathstringThe path to the cgroup memory limit file. Requires feature gate ‘OOMWatch’ to be enabled. If not set, the path will be automatically detected.
--oom-watch-current-memory-pathstringThe path to the cgroup current memory usage file. Requires feature gate ‘OOMWatch’ to be enabled. If not set, the path will be automatically detected.
--interval-jitter-percentageuint8Percentage of jitter to apply to interval durations. A value of 10 will apply a jitter of +/-10% to the interval duration. It cannot be negative, and must be less than 100. (default 5)
--snapshot-digest-algostringThe algorithm to use to calculate the digest of Helm release storage snapshots. (default “sha256”)

Feature Gates

NameDefault ValueDescription
AllowDNSLookupsfalseAllows the controller to perform DNS lookups when rendering Helm templates. This is disabled by default, as it can be a security risk.
CacheSecretsAndConfigMapsfalseConfigures the caching of Secrets and ConfigMaps by the controller-runtime client. When enabled, it will cache both object types, resulting in increased memory usage and cluster-wide RBAC permissions (list and watch).
OOMWatchfalseEnables the OOM watcher, which will gracefully shut down the controller when the memory usage exceeds the configured limit. This is disabled by default.
AdoptLegacyReleasestrueEnables the adoption of the historical Helm release based on the status fields from a v2beta1 HelmRelease object. This is enabled by default to support an upgrade path from v2beta1 to v2beta2 without the need to upgrade the Helm release.