# Helm chart configuration options
The following table lists the configurable parameters of the Portainer Helm chart and their default values. Find the values file in our [GitHub repository](https://github.com/portainer/k8s/blob/master/charts/portainer/values.yaml) under `k8s/charts/portainer/values.yaml`.
| Parameter | Description | Default |
| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- |
| `replicaCount` | Number of Portainer service replicas (always set to 1). | `1` |
| `enterpriseEdition.enabled` | If enterpriseEdition is enabled, then use the values here instead of those in `.image` | `true` |
| `enterpriseEdition.image.repository` | Portainer Docker Hub repository. | `portainer/portainer-ee` |
| `enterpriseEdition.image.tag` | Tag for the Portainer image. | `latest` |
| `enterpriseEdition.image.pullPolicy` | Portainer image-pulling policy. | `Always` |
| `image.repository` | Portainer Docker Hub repository. | `portainer/portainer-ce` |
| `image.tag` | Tag for the Portainer image. | `latest` |
| `image.pullPolicy` | Portainer image-pulling policy. | `Always` |
| `imagePullSecrets` | If the Portainer image needs to be in a private repository. | `[]` |
| `nodeSelector` | Used to apply a nodeSelector to the deployment. | `{}` |
| `tolerations` | Defines any Kubernetes taints that the Portainer pod is allowed to tolerate. | `[]` |
| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` |
| `serviceAccount.name` | The name of the service account to use. | `portainer-sa-clusteradmin` |
| `localMgmt` | Provides the ability to enable or disable RBAC-related resources during the deployment of the Portainer application.
If you are using Portainer to manage the K8s cluster it is deployed to, this flag must be set to true.
| `true` |
| `service.type` | Service type for the main Portainer Service. Valid values: `ClusterIP`, `NodePort`, `LoadBalancer`. | `NodePort` |
| `service.httpPort` | HTTP port for accessing the Portainer web interface. | `9000` |
| `service.httpsPort` | HTTPS port for accessing the Portainer web interface. | `9443` |
| `service.httpNodePort` | Static HTTP NodePort for accessing the Portainer web interface. Specify only if the type is `NodePort`. | `30777` |
| `service.edgePort` | TCP port for accessing Portainer Edge. | `8000` |
| `service.edgeNodePort` | Static NodePort for accessing Portainer Edge. Specify only if the type is `NodePort`. | `30776` |
| `service.httpsNodePort` | Static HTTPS NodePort for accessing the Portainer web interface. Specify only if the type is `NodePort`. | `30779` |
| `service.annotations` | Annotations to add to the service. | `{}` |
| `tls.force` | If true, Portainer will be configured to use TLS only | `false` |
| `tls.existingSecret` | If set, will mount the existing secret into the pod | `""` |
| `trusted_origins.enabled` | If true, Portainer will be configured to trust the domains specified in domains | `false` |
| `trusted_origins.domains` | specify (in a comma-separated list) the domain(s) used to access Portainer when it is behind a reverse proxy. For example: portainer.mydomain.com,portainer.example.com | `""` |
| `mtls.enable` | If set, Portainer will be configured to trust the domains specified in domains | `false` |
| `mtls.existingSecret` | If set, will mount the existing secret into the pod | `""` |
| `dbEncryption.existingSecret` | If set, will mount the existing secret into the pod to enable Portainer database encryption.
WARNING: Enabling database encryption is a non-reversible change.
| `""` |
| `AdminPassword.existingSecret` | If set, will mount the existing secret into the pod and pass --admin-password-file to Portainer.
The secret must contain a key named 'password' holding the plain text password.
| `""` |
| `feature.flags` | Used to enable or disable Portainer feature flags at container start | `[]` |
| `ingress.enabled` | Creates an ingress for Portainer. | `false` |
| `ingress.ingressClassName` | Sets the `ingressClassName` field on the Kubernetes Ingress object so the correct controller picks it up. | `""` |
| `ingress.annotations` | Annotations to add to the ingress. For example:
kubernetes.io/ingress.class: nginx
| `{}` |
| `ingress.hosts.host` | URL for Portainer Web. For example, `portainer.example.io`. | `nil` |
| `ingress.hosts.paths` | Path for the Portainer web interface. | `[]` |
| `ingress.tls` | TLS support on ingress. Must create a secret with TLS certificates in advance. | `[]` |
| `extraEnv` | Extra environment variables to set on the Portainer container. | `[]` |
| `resources` | Portainer resource requests and limits. | `{}` |
| `persistence.enabled` | Whether or not to enable data persistence. | `true` |
| `persistence.existingClaim` | Name of an existing PVC to use for data persistence. | `default` |
| `persistence.size` | Size of the PVC used for persistence. | `10Gi` |
| `persistence.annotations` | Annotations to apply to PVC used for persistence. | `{}` |
| `persistence.storageClass` | StorageClass to apply to PVC used for persistence. | `default` |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.portainer.io/advanced/helm-chart-configuration-options.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.