Open Source Webhooks Gateway
| Name | Url | |
|---|---|---|
| Convoy Engineering Team | engineering@getconvoy.io | https://getconvoy.io |
| Repository | Name | Version |
|---|---|---|
| agent | 3.7.7 | |
| server | 3.7.7 | |
| oci://registry-1.docker.io/bitnamicharts | postgresql | 12.5.6 |
| oci://registry-1.docker.io/bitnamicharts | redis | 17.11.3 |
helm repo add convoy https://frain-dev.github.io/helm-charts
helm repo updatehelm install convoy convoy/convoyhelm install convoy convoy/convoy --values values.yamlhelm install convoy .Convoy supports s3, on_prem, and azure_blob storage backends, selected via
server.env.storage.type (and agent.env.storage.type).
For both S3 and Azure Blob you can keep credentials out of your values by referencing an existing Kubernetes Secret. Note that the key name inside the Secret differs by backend — they are intentionally not symmetric:
| Backend | Values field | Required key inside the Secret |
|---|---|---|
| S3 | storage.s3.secret |
secretKey |
| Azure Blob | storage.azure_blob.secret |
accountKey |
Example Azure Blob secret:
kubectl create secret generic convoy-azure-storage \
--from-literal=accountKey='<your-azure-account-key>'server:
env:
storage:
enabled: true
type: azure_blob
azure_blob:
account_name: myaccount
container_name: convoy-archive
secret: convoy-azure-storage # must contain key "accountKey"Upgrade note (Azure Blob): Earlier deployments enabled Azure Blob through the
extraEnvsworkaround and typically created their Secret with the keyaccount_key. The nativestorage.azure_blob.secretintegration reads the key asaccountKey(camelCase). If you are migrating offextraEnvs, recreate the Secret with theaccountKeykey, otherwise the account key will not be injected.
| Key | Type | Default | Description |
|---|---|---|---|
| agent.app.replicaCount | int | 1 |
|
| agent.app.resources | object | {} |
|
| agent.autoscaling.behavior.scaleDown.policies[0].periodSeconds | int | 60 |
|
| agent.autoscaling.behavior.scaleDown.policies[0].type | string | "Percent" |
|
| agent.autoscaling.behavior.scaleDown.policies[0].value | int | 50 |
|
| agent.autoscaling.behavior.scaleDown.policies[1].periodSeconds | int | 60 |
|
| agent.autoscaling.behavior.scaleDown.policies[1].type | string | "Pods" |
|
| agent.autoscaling.behavior.scaleDown.policies[1].value | int | 2 |
|
| agent.autoscaling.behavior.scaleDown.selectPolicy | string | "Min" |
|
| agent.autoscaling.behavior.scaleDown.stabilizationWindowSeconds | int | 300 |
|
| agent.autoscaling.behavior.scaleUp.policies[0].periodSeconds | int | 60 |
|
| agent.autoscaling.behavior.scaleUp.policies[0].type | string | "Percent" |
|
| agent.autoscaling.behavior.scaleUp.policies[0].value | int | 100 |
|
| agent.autoscaling.behavior.scaleUp.policies[1].periodSeconds | int | 60 |
|
| agent.autoscaling.behavior.scaleUp.policies[1].type | string | "Pods" |
|
| agent.autoscaling.behavior.scaleUp.policies[1].value | int | 2 |
|
| agent.autoscaling.behavior.scaleUp.selectPolicy | string | "Max" |
|
| agent.autoscaling.behavior.scaleUp.stabilizationWindowSeconds | int | 0 |
|
| agent.autoscaling.enabled | bool | false |
Enable autoscaling for the agent |
| agent.autoscaling.maxReplicas | int | 10 |
|
| agent.autoscaling.minReplicas | int | 2 |
|
| agent.autoscaling.targetCPUUtilizationPercentage | int | 80 |
|
| agent.autoscaling.targetMemoryUtilizationPercentage | int | 80 |
|
| agent.enabled | bool | true |
Enable the agent component |
| agent.env.analytics_enabled | bool | true |
|
| agent.env.auth.jwt.enabled | bool | true |
|
| agent.env.auth.jwt.refresh_secret | string | "convoy-refresh-secret" |
|
| agent.env.auth.jwt.secret | string | "convoy-secret" |
|
| agent.env.consumer_pool_size | int | 100 |
|
| agent.env.dispatcher.allow_list[0] | string | "0.0.0.0/0" |
|
| agent.env.dispatcher.deny_list[0] | string | "127.0.0.1/8" |
|
| agent.env.dispatcher.deny_list[1] | string | "169.254.169.254/32" |
|
| agent.env.dispatcher.insecure_skip_verify | bool | false |
|
| agent.env.enable_feature_flag | list | [] |
|
| agent.env.enable_profiling | bool | false |
|
| agent.env.environment | string | "oss" |
|
| agent.env.instance_ingest_rate | int | 100 |
|
| agent.env.license_key | string | "" |
|
| agent.env.log_level | string | "error" |
|
| agent.env.max_retry_seconds | int | 7200 |
|
| agent.env.metrics.enabled | bool | false |
|
| agent.env.metrics.metrics_backend | string | "prometheus" |
|
| agent.env.metrics.prometheus_metrics.sample_time | int | 5 |
|
| agent.env.proxy | string | "" |
|
| agent.env.pyroscope.enabled | bool | false |
|
| agent.env.pyroscope.password | string | "" |
|
| agent.env.pyroscope.profile_id | string | "" |
|
| agent.env.pyroscope.url | string | "" |
|
| agent.env.pyroscope.username | string | "" |
|
| agent.env.retention_policy.enabled | bool | false |
|
| agent.env.retention_policy.policy | string | "720h" |
|
| agent.env.sign_up_enabled | bool | false |
|
| agent.env.smtp.enabled | bool | false |
|
| agent.env.smtp.from | string | "" |
|
| agent.env.smtp.password | string | "" |
Ignored in case of secret parameter with non-empty value |
| agent.env.smtp.port | int | 0 |
|
| agent.env.smtp.provider | string | "" |
|
| agent.env.smtp.reply_to | string | "" |
|
| agent.env.smtp.secret | string | "" |
If this secret parameter is not empty, password value will be ignored. The password in the secret should be in the 'password' key |
| agent.env.smtp.ssl | bool | false |
|
| agent.env.smtp.url | string | "" |
|
| agent.env.smtp.username | string | "" |
|
| agent.env.storage.azure_blob.account_key | string | "" |
Ignored in case of secret parameter with non-empty value |
| agent.env.storage.azure_blob.account_name | string | "" |
|
| agent.env.storage.azure_blob.container_name | string | "" |
|
| agent.env.storage.azure_blob.endpoint | string | "" |
|
| agent.env.storage.azure_blob.prefix | string | "" |
|
| agent.env.storage.azure_blob.secret | string | "" |
If this secret parameter is not empty, account_key value will be ignored. The account key should be in the 'accountKey' key |
| agent.env.storage.enabled | bool | false |
|
| agent.env.storage.on_prem.path | string | "" |
|
| agent.env.storage.s3.accessKey | string | "" |
|
| agent.env.storage.s3.bucket | string | "" |
|
| agent.env.storage.s3.endpoint | string | "" |
|
| agent.env.storage.s3.prefix | string | "" |
|
| agent.env.storage.s3.region | string | "" |
|
| agent.env.storage.s3.secret | string | "" |
If this secret parameter is not empty, secretKey value will be ignored. The password in the secret should be in the 'secretKey' key |
| agent.env.storage.s3.secretKey | string | "" |
Ignored in case of secret parameter with non-empty value |
| agent.env.storage.s3.session_token | string | "" |
|
| agent.env.storage.type | string | "" |
|
| agent.env.worker_execution_mode | string | "default" |
|
| agent.image.pullPolicy | string | "IfNotPresent" |
Pull policy for the agent image |
| agent.image.repository | string | "getconvoy/convoy" |
Repository to be used by the agent. The latest tag is used by default |
| agent.podDisruptionBudget | object | {} |
|
| agent.securityContext | object | {} |
|
| agent.service.port | int | 80 |
Port for the agent service |
| agent.service.type | string | "ClusterIP" |
Type of service for the agent |
| global.convoy.api_version | string | "2024-01-01" |
API version |
| global.convoy.cacert_content | string | "" |
Dispatcher CA Certificate content. If provided, a secret will be created with this content |
| global.convoy.cacert_secret_name | string | "" |
Dispatcher CA Certificate configuration. If provided, it will use the content of the secret |
| global.convoy.enable_usage_analytics | bool | true |
Enable usage analytics |
| global.convoy.environment | string | "oss" |
Convoy Environment |
| global.convoy.google_oauth_client_id | string | "" |
Google OAuth Client ID from Google Cloud Console |
| global.convoy.google_oauth_enabled | bool | false |
Enable Google OAuth SSO for user authentication |
| global.convoy.google_oauth_redirect_url | string | "" |
Google OAuth Redirect URL for callback handling |
| global.convoy.image | string | "getconvoy/convoy" |
Docker image tags for all convoy components |
| global.convoy.jwt_refresh_secret | string | "convoy-refresh-secret" |
JWT Refresh Secret key |
| global.convoy.jwt_secret | string | "convoy-secret" |
JWT Secret key |
| global.convoy.jwt_secret_name | string | "" |
Existing Kubernetes Secret name for JWT secrets. Recommended for production. When set, JWT secret values are ignored; the secret must contain 'jwt_secret' and 'jwt_refresh_secret' keys. |
| global.convoy.license_key | string | "" |
License Key |
| global.convoy.license_key_secret_name | string | "" |
If this secret parameter is not empty, the inline license key value will be ignored. The license key should be present in the 'license_key' key of the specified secret. |
| global.convoy.log_level | string | "error" |
Logger Level for all convoy components |
| global.convoy.otel_auth_header_name | string | "" |
Open Telemetry auth header name |
| global.convoy.otel_auth_header_value | string | "" |
Open Telemetry auth header value |
| global.convoy.otel_collector_url | string | "" |
Open Telemetry collector url |
| global.convoy.otel_insecure_skip_verify | bool | true |
Open Telemetry insecure skip verify |
| global.convoy.otel_sample_rate | int | 1 |
Open Telemetry sample rate |
| global.convoy.portal_realm_enabled | bool | false |
Enable Portal Realm authentication for enhanced security |
| global.convoy.read_replica_dsn | string | "" |
Database read replica DSN for improved performance |
| global.convoy.retention_policy_duration | string | "720h" |
|
| global.convoy.retention_policy_enabled | bool | false |
Retention policy enabled |
| global.convoy.sentry_debug | bool | false |
Sentry debug mode |
| global.convoy.sentry_dsn | string | "" |
Sentry DSN |
| global.convoy.sentry_environment | string | "oss" |
Sentry environment |
| global.convoy.sentry_sample_rate | float | 1 |
Sentry sample rate for error sampling (0.0 to 1.0) |
| global.convoy.tag | string | "v26.3.7" |
Docker image tags for all convoy components |
| global.convoy.tracer_enabled | bool | false |
Tracing config for all convoy services |
| global.convoy.tracer_type | string | "otel" |
Tracing provider type |
| global.externalDatabase.database | string | "convoy" |
Database name for the external database |
| global.externalDatabase.enabled | bool | true |
Enable an external database; This will use postgresql chart, Change values if you use an external database |
| global.externalDatabase.host | string | "postgresql" |
Host for the external database |
| global.externalDatabase.options | string | "sslmode=disable&connect_timeout=30" |
Query params for the external database |
| global.externalDatabase.password | string | "postgres" |
Password for the external database, ignored in case of secret parameter with non-empty value |
| global.externalDatabase.port | int | 5432 |
Port for the external database |
| global.externalDatabase.postgresPassword | string | "postgres" |
Password for the external database |
| global.externalDatabase.readReplicas | object | {} |
Read replicas configuration for the external database |
| global.externalDatabase.secret | string | "" |
If this secret parameter is not empty, the password value will be ignored. The password in the secret should be in the 'password' key |
| global.externalDatabase.username | string | "postgres" |
Username for the external database |
| global.externalRedis.addresses | string | "" |
redis cluster addresses, if set the other values won't be used |
| global.externalRedis.database | string | "0" |
Database name for the external redis. |
| global.externalRedis.enabled | bool | false |
Enable external redis, Enable this if you use an external redis and disable Native redis |
| global.externalRedis.host | string | "redis-master" |
Host for the external redis |
| global.externalRedis.password | string | "convoy" |
password for the external redis, ignored in case of secret parameter with non-empty value |
| global.externalRedis.port | string | "6379" |
Port for the external redis |
| global.externalRedis.scheme | string | "redis" |
Scheme for the external redis. This can be redis, rediss, redis-socket or redis-sentinel |
| global.externalRedis.secret | string | "" |
If this secret parameter is not empty, password value will be ignored. The password in the secret should be in the 'password' key |
| global.externalRedis.sentinelMasterName | string | "mymaster" |
Redis Sentinel master name (required when scheme is redis-sentinel) |
| global.externalRedis.sentinelPassword | string | "" |
Redis Sentinel auth password (optional) |
| global.externalRedis.sentinelSecret | string | "" |
Secret containing sentinel password; key: password. If set, sentinelPassword is ignored |
| global.externalRedis.sentinelUsername | string | "" |
Redis Sentinel auth username (optional) |
| global.externalRedis.username | string | "" |
username for the external redis. |
| global.nativeRedis.enabled | bool | true |
Enable redis; This will use redis chart, Disable if you use an external redis |
| global.nativeRedis.host | string | "redis-master" |
Host for the redis |
| global.nativeRedis.password | string | "convoy" |
password for the redis, ignored in case of secret parameter with non-empty value |
| global.nativeRedis.port | int | 6379 |
Port for the redis |
| global.nativeRedis.secret | string | "" |
If this secret parameter is not empty, password value will be ignored. The password in the secret should be in the 'password' key |
| server.app.replicaCount | int | 1 |
|
| server.app.resources | object | {} |
|
| server.autoscaling.behavior.scaleDown.policies[0].periodSeconds | int | 60 |
|
| server.autoscaling.behavior.scaleDown.policies[0].type | string | "Percent" |
|
| server.autoscaling.behavior.scaleDown.policies[0].value | int | 50 |
|
| server.autoscaling.behavior.scaleDown.policies[1].periodSeconds | int | 60 |
|
| server.autoscaling.behavior.scaleDown.policies[1].type | string | "Pods" |
|
| server.autoscaling.behavior.scaleDown.policies[1].value | int | 2 |
|
| server.autoscaling.behavior.scaleDown.selectPolicy | string | "Min" |
|
| server.autoscaling.behavior.scaleDown.stabilizationWindowSeconds | int | 300 |
|
| server.autoscaling.behavior.scaleUp.policies[0].periodSeconds | int | 60 |
|
| server.autoscaling.behavior.scaleUp.policies[0].type | string | "Percent" |
|
| server.autoscaling.behavior.scaleUp.policies[0].value | int | 100 |
|
| server.autoscaling.behavior.scaleUp.policies[1].periodSeconds | int | 60 |
|
| server.autoscaling.behavior.scaleUp.policies[1].type | string | "Pods" |
|
| server.autoscaling.behavior.scaleUp.policies[1].value | int | 2 |
|
| server.autoscaling.behavior.scaleUp.selectPolicy | string | "Max" |
|
| server.autoscaling.behavior.scaleUp.stabilizationWindowSeconds | int | 0 |
|
| server.autoscaling.enabled | bool | false |
Enable autoscaling for the server |
| server.autoscaling.maxReplicas | int | 10 |
|
| server.autoscaling.minReplicas | int | 2 |
|
| server.autoscaling.targetCPUUtilizationPercentage | int | 80 |
|
| server.autoscaling.targetMemoryUtilizationPercentage | int | 80 |
|
| server.enabled | bool | true |
Enable the server component |
| server.env.analytics.enabled | bool | true |
|
| server.env.analytics_enabled | bool | true |
|
| server.env.api_version | string | "2024-01-01" |
|
| server.env.auth.file.basic | object | {} |
|
| server.env.auth.file.secret | string | "" |
If this secret parameter is not empty, basic auth inline value will be ignored. The basic auth config should be in the 'basic_auth_config' key |
| server.env.auth.jwt.enabled | bool | true |
|
| server.env.auth.jwt.refresh_secret | string | "convoy-refresh-secret" |
|
| server.env.auth.jwt.secret | string | "convoy-secret" |
|
| server.env.auth.native.enabled | bool | true |
|
| server.env.enable_feature_flag | list | [] |
|
| server.env.enable_profiling | bool | false |
|
| server.env.environment | string | "oss" |
|
| server.env.host | string | "" |
|
| server.env.instance_ingest_rate | int | 100 |
|
| server.env.license_key | string | "" |
|
| server.env.log_level | string | "error" |
|
| server.env.max_response_size | int | 50 |
Max response body when ingesting webhooks (might be renamed). Defaults to 50KB |
| server.env.max_retry_seconds | int | 7200 |
|
| server.env.metrics.enabled | bool | false |
|
| server.env.metrics.metrics_backend | string | "prometheus" |
|
| server.env.metrics.prometheus_metrics.sample_time | int | 5 |
|
| server.env.pyroscope.enabled | bool | false |
|
| server.env.pyroscope.password | string | "" |
|
| server.env.pyroscope.profile_id | string | "" |
|
| server.env.pyroscope.url | string | "" |
|
| server.env.pyroscope.username | string | "" |
|
| server.env.retention_policy.enabled | bool | false |
|
| server.env.retention_policy.policy | string | "720h" |
|
| server.env.root_path | string | "" |
Configure root patth for convoy server e.g. "/convoy" |
| server.env.sign_up_enabled | bool | false |
|
| server.env.storage.azure_blob.account_key | string | "" |
Ignored in case of secret parameter with non-empty value |
| server.env.storage.azure_blob.account_name | string | "" |
|
| server.env.storage.azure_blob.container_name | string | "" |
|
| server.env.storage.azure_blob.endpoint | string | "" |
|
| server.env.storage.azure_blob.prefix | string | "" |
|
| server.env.storage.azure_blob.secret | string | "" |
If this secret parameter is not empty, account_key value will be ignored. The account key should be in the 'accountKey' key |
| server.env.storage.enabled | bool | false |
|
| server.env.storage.on_prem.path | string | "" |
|
| server.env.storage.s3.accessKey | string | "" |
|
| server.env.storage.s3.bucket | string | "" |
|
| server.env.storage.s3.endpoint | string | "" |
|
| server.env.storage.s3.prefix | string | "" |
|
| server.env.storage.s3.region | string | "" |
|
| server.env.storage.s3.secret | string | "" |
If this secret parameter is not empty, secretKey value will be ignored. The password in the secret should be in the 'secretKey' key |
| server.env.storage.s3.secretKey | string | "" |
Ignored in case of secret parameter with non-empty value |
| server.env.storage.s3.session_token | string | "" |
|
| server.env.storage.type | string | "" |
|
| server.gateway.annotations | object | {} |
Annotations for the HTTPRoute |
| server.gateway.create | bool | false |
Whether to create a Gateway resource |
| server.gateway.enabled | bool | false |
Enable Gateway API for the server |
| server.gateway.hostnames | list | ["test.com"] |
Hostnames for the HTTPRoute |
| server.gateway.parentRefs | list | [{"name":"convoy-gateway","namespace":"gateway-system"}] |
Parent refs for the HTTPRoute (e.g., the Gateway) |
| server.gateway.rules | list | [{"matches":[{"path":{"type":"PathPrefix","value":"/"}}]}] |
Rules for the HTTPRoute |
| server.image.pullPolicy | string | "IfNotPresent" |
Pull policy for the server image |
| server.image.repository | string | "getconvoy/convoy" |
Repository to be used by the server. The latest tag is used by default |
| server.ingress.annotations | object | {} |
|
| server.ingress.enabled | bool | true |
Enable ingress for the server |
| server.ingress.hosts[0].host | string | "test.com" |
|
| server.ingress.hosts[0].http.paths[0].path | string | "/" |
|
| server.ingress.hosts[0].http.paths[0].pathType | string | "Prefix" |
|
| server.ingress.ingressClassName | string | "" |
|
| server.ingress.tls[0].hosts[0] | string | "test.com" |
|
| server.ingress.tls[0].secretName | string | "test-tls-secret" |
|
| server.podDisruptionBudget | object | {} |
|
| server.securityContext | object | {} |
Pod disruption budget maxUnavailable: 1 minAvailable: 1 |
| server.service.port | int | 80 |
Port for the server service |
| server.service.type | string | "ClusterIP" |
Type of service for the server |
Autogenerated from chart metadata using helm-docs v1.14.2