This article lists all available configuration options for the Entitle agent. Helm values are set at install or upgrade time via --set or a values.yaml file. Environment variables are set directly on the agent pod after deployment.
| Parameter | Description | Values | Required |
|---|
agent.token | Agent authentication token. Each token can only be used for a single agent. | String | Yes |
| Parameter | Description | Values | Required |
|---|
kmsType | Secret manager for storing agent secrets. | aws_secret_manager, azure_secret_manager, gcp_secret_manager, hashicorp_vault, kubernetes_secret_manager | Yes |
| Parameter | Description | Values | Required |
|---|
platform.mode | Cloud platform the agent is deployed on. | gcp (default), aws, azure | Yes CONFIRM |
platform.aws.iamRole | IAM role for agent's service account annotation. | String | If platform.mode=aws |
platform.azure.clientId | Client ID of the Azure managed identity assigned to the agent pod. | String | If platform.mode=azure |
platform.azure.keyVaultName | Name of the Azure Key Vault used to store agent secrets. | String | If platform.mode=azure |
platform.azure.tenantId | Azure AD tenant ID for the agent pod. | String | If platform.mode=azure |
platform.gke.projectId | GCP project ID for the agent's service account. | String | If platform.mode=gcp |
platform.gke.serviceAccount | GCP service account name for the agent's service account. | String | If platform.mode=gcp |
| Parameter | Description | Values | Required |
|---|
agent.resources.limits.cpu | CPU limit for the agent pod. | 1000m(default) | No |
agent.resources.limits.memory | Memory limit for the agent pod. | 3Gi (default) | No |
agent.resources.requests.cpu | CPU request for the agent pod. | 500m (default) | No |
agent.resources.requests.memory | Memory request for the agent pd. | 1Gi (default) | No |
These parameters are used to monitor self-hosted agent health.
| Parameter | Description | Values | Required |
|---|
datadog.datadog.tags | Datadog tags applied to agent telemetry. Add your company name. | String | Yes |
datadog.providers.gke.autopilot | Enable if deploying on GKE Autopilot. | false (default), true | No |
| Parameter | Description | Values | Required |
|---|
agent.agent_version | Controls agent version and update behavior. Default behavior is auto-update. See Auto-update for self-hosted agent deployments for details. | auto-update(default) , latest-on-restart, pinned version (e.g. 2.7.4) | No |
agent.image.repository | Docker image repository for the agent. | ghcr.io/anycred/entitle-agent (default) | No |
(Legacy)agent.image.tag | Use agent.agent_version instead. | latest (default) | No |
agent.replicas | Number of agent pods to run. | 1 | No |
global.environment | Environment label used in deployment metadata. | onprem(default) | No |
nodeSelector | Constrains the agent pod to specific nodes. | Object | No |
podAnnotations | Custom annotations to apply to the agent pad. | Object | No |
The following environment variables are set directly on the agent pod and are not configurable via Helm -- set. To apply them, patch the deployment after install:
kubectl set env deployment/entitle-agent VARIABLE=value -n entitle
| Parameter | Description | Values | Required |
|---|
ENTITLE_CUSTOM_CA_CERT_PATH | Absolute path to a PEM CA bundle the agent should trust for outbound TLS. Use for private PKI or self-signed CAs. If unset, the system's public CA store is used. | File path string | No |
