# Helm chart configuration options
The following table lists the configurable parameters of the Portainer Helm chart and their default values. Find the values file in our [GitHub repository](https://github.com/portainer/k8s/blob/master/charts/portainer/values.yaml) under `k8s/charts/portainer/values.yaml`.
| Parameter | Description | Default |
| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- |
| `replicaCount` | Number of Portainer service replicas (always set to 1). | `1` |
| `enterpriseEdition.enabled` | If enterpriseEdition is enabled, then use the values here instead of those in `.image` | `true` |
| `enterpriseEdition.image.repository` | Portainer Docker Hub repository. | `portainer/portainer-ee` |
| `enterpriseEdition.image.tag` | Tag for the Portainer image. | `latest` |
| `enterpriseEdition.image.pullPolicy` | Portainer image-pulling policy. | `Always` |
| `image.repository` | Portainer Docker Hub repository. | `portainer/portainer-ce` |
| `image.tag` | Tag for the Portainer image. | `latest` |
| `image.pullPolicy` | Portainer image-pulling policy. | `Always` |
| `imagePullSecrets` | If the Portainer image needs to be in a private repository. | `[]` |
| `nodeSelector` | Used to apply a nodeSelector to the deployment. | `{}` |
| `tolerations` | Defines any Kubernetes taints that the Portainer pod is allowed to tolerate. | `[]` |
| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` |
| `serviceAccount.name` | The name of the service account to use. | `portainer-sa-clusteradmin` |
| `localMgmt` | Provides the ability to enable or disable RBAC-related resources during the deployment of the Portainer application.
If you are using Portainer to manage the K8s cluster it is deployed to, this flag must be set to true.
| `true` |
| `service.type` | Service type for the main Portainer Service. Valid values: `ClusterIP`, `NodePort`, `LoadBalancer`. | `NodePort` |
| `service.httpPort` | HTTP port for accessing the Portainer web interface. | `9000` |
| `service.httpsPort` | HTTPS port for accessing the Portainer web interface. | `9443` |
| `service.httpNodePort` | Static HTTP NodePort for accessing the Portainer web interface. Specify only if the type is `NodePort`. | `30777` |
| `service.edgePort` | TCP port for accessing Portainer Edge. | `8000` |
| `service.edgeNodePort` | Static NodePort for accessing Portainer Edge. Specify only if the type is `NodePort`. | `30776` |
| `service.httpsNodePort` | Static HTTPS NodePort for accessing the Portainer web interface. Specify only if the type is `NodePort`. | `30779` |
| `service.annotations` | Annotations to add to the service. | `{}` |
| `tls.force` | If true, Portainer will be configured to use TLS only | `false` |
| `tls.existingSecret` | If set, will mount the existing secret into the pod | `""` |
| `trusted_origins.enabled` | If true, Portainer will be configured to trust the domains specified in domains | `false` |
| `trusted_origins.domains` | specify (in a comma-separated list) the domain(s) used to access Portainer when it is behind a reverse proxy. For example: portainer.mydomain.com,portainer.example.com | `""` |
| `mtls.enable` | If set, Portainer will be configured to trust the domains specified in domains | `false` |
| `mtls.existingSecret` | If set, will mount the existing secret into the pod | `""` |
| `dbEncryption.existingSecret` | If set, will mount the existing secret into the pod to enable Portainer database encryption.
WARNING: Enabling database encryption is a non-reversible change.
| `""` |
| `AdminPassword.existingSecret` | If set, will mount the existing secret into the pod and pass --admin-password-file to Portainer.
The secret must contain a key named 'password' holding the plain text password.
| `""` |
| `feature.flags` | Used to enable or disable Portainer feature flags at container start | `[]` |
| `ingress.enabled` | Creates an ingress for Portainer. | `false` |
| `ingress.ingressClassName` | Sets the `ingressClassName` field on the Kubernetes Ingress object so the correct controller picks it up. | `""` |
| `ingress.annotations` | Annotations to add to the ingress. For example:
kubernetes.io/ingress.class: nginx
| `{}` |
| `ingress.hosts.host` | URL for Portainer Web. For example, `portainer.example.io`. | `nil` |
| `ingress.hosts.paths` | Path for the Portainer web interface. | `[]` |
| `ingress.tls` | TLS support on ingress. Must create a secret with TLS certificates in advance. | `[]` |
| `extraEnv` | Extra environment variables to set on the Portainer container. | `[]` |
| `resources` | Portainer resource requests and limits. | `{}` |
| `persistence.enabled` | Whether or not to enable data persistence. | `true` |
| `persistence.existingClaim` | Name of an existing PVC to use for data persistence. | `default` |
| `persistence.size` | Size of the PVC used for persistence. | `10Gi` |
| `persistence.annotations` | Annotations to apply to PVC used for persistence. | `{}` |
| `persistence.storageClass` | StorageClass to apply to PVC used for persistence. | `default` |