HookbaseDocs
GuideAPI ReferenceIntegrationsUse CasesCLIMCP
Getting StartedSDK ReferencePortal ComponentsAPI Reference
Get Started

Getting Started

IntroductionQuick StartBest PracticesPipeline Architecture

Core Concepts

SourcesDestinationsRoutes

Advanced Features

TransformsAI TransformsFiltersSchemasDeduplicationCustom DomainsTunnelsCron JobsScheduled Sends

Enterprise Security

OverviewCircuit BreakerFailover DestinationsIP FilteringStatic IP DeliveryNotification ChannelsObservability ExportField EncryptionAudit Logs

Kubernetes

Operator GuideCRD ReferenceHelm Chart

Operations

Plans & LimitsProduction ReadinessTroubleshootingTestingComparison
DocsReceiveGuideKubernetes Helm

Helm Chart Reference

The Hookbase Operator is distributed as a Helm chart for production deployment.

Installation

helm repo add hookbase https://charts.hookbase.app
helm repo update
 
helm install hookbase-operator hookbase/hookbase-operator \
  --namespace hookbase-system \
  --create-namespace \
  --set hookbase.apiKeySecretRef.name=hookbase-bootstrap-key \
  --set hookbase.apiKeySecretRef.key=apiKey

Values Reference

Hookbase Configuration

ValueDefaultDescription
hookbase.apiKey""Bootstrap API key (plaintext, creates a Secret)
hookbase.apiKeySecretRef.name""Existing Secret name containing the API key
hookbase.apiKeySecretRef.key"apiKey"Key within the Secret
hookbase.baseURL"https://api.hookbase.app"Hookbase API base URL

Operator Settings

ValueDefaultDescription
image.repository"ghcr.io/hookbase/hookbase-operator"Operator image repository
image.tag""Image tag (defaults to chart appVersion)
image.pullPolicy"IfNotPresent"Image pull policy
replicaCount1Number of operator replicas
watchNamespaces[]Namespaces to watch (empty = all namespaces)
reconcileInterval"5m"Drift detection reconciliation interval
leaderElection.enabledtrueEnable leader election for HA
defaultAgentImage"ghcr.io/hookbase/hookbase-agent:latest"Default tunnel agent sidecar image

Resources

ValueDefaultDescription
resources.requests.cpu"50m"CPU request
resources.requests.memory"128Mi"Memory request
resources.limits.cpu"500m"CPU limit
resources.limits.memory"256Mi"Memory limit

Admission Webhooks

ValueDefaultDescription
webhook.enabledfalseEnable admission webhooks
webhook.certManager.enabledfalseUse cert-manager for webhook TLS
webhook.certManager.issuerRef.name""cert-manager Issuer name
webhook.certManager.issuerRef.kind"ClusterIssuer"Issuer kind

Prometheus Metrics

ValueDefaultDescription
metrics.enabledtrueExpose Prometheus metrics
metrics.port8080Metrics port
metrics.serviceMonitor.enabledfalseCreate ServiceMonitor for Prometheus Operator
metrics.serviceMonitor.namespace""ServiceMonitor namespace (defaults to release namespace)
metrics.serviceMonitor.interval"30s"Scrape interval
metrics.serviceMonitor.labels{}Additional labels for ServiceMonitor

Security Context

ValueDefaultDescription
securityContext.runAsNonRoottrueRun as non-root
securityContext.runAsUser65532UID
securityContext.fsGroup65532FS group

Pod Scheduling

ValueDefaultDescription
nodeSelector{}Node selector
tolerations[]Tolerations
affinity{}Affinity rules
topologySpreadConstraints[]Topology spread constraints

Service Account

ValueDefaultDescription
serviceAccount.createtrueCreate a service account
serviceAccount.name""Service account name (generated if empty)
serviceAccount.annotations{}Service account annotations

Example Configurations

Minimal

hookbase:
  apiKey: "whr_your_api_key_here"

Production

hookbase:
  apiKeySecretRef:
    name: hookbase-bootstrap-key
    key: apiKey
  baseURL: "https://api.hookbase.app"
 
replicaCount: 2
 
leaderElection:
  enabled: true
 
reconcileInterval: "5m"
 
resources:
  requests:
    cpu: 100m
    memory: 256Mi
  limits:
    cpu: "1"
    memory: 512Mi
 
webhook:
  enabled: true
  certManager:
    enabled: true
 
metrics:
  serviceMonitor:
    enabled: true
    interval: "30s"
 
affinity:
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
              - key: app.kubernetes.io/name
                operator: In
                values:
                  - hookbase-operator
          topologyKey: kubernetes.io/hostname

Namespace-Scoped

Watch only specific namespaces:

hookbase:
  apiKeySecretRef:
    name: hookbase-bootstrap-key
    key: apiKey
 
watchNamespaces:
  - production
  - staging

CRD Management

CRDs are included in the templates/crds/ directory and are installed with the chart. To skip CRD installation (e.g., during upgrades managed separately):

helm install hookbase-operator hookbase/hookbase-operator \
  --skip-crds \
  --namespace hookbase-system

Upgrading

helm repo update
helm upgrade hookbase-operator hookbase/hookbase-operator \
  --namespace hookbase-system

CRDs are not automatically upgraded by Helm. To update CRDs:

kubectl apply -f https://charts.hookbase.app/crds/hookbase-crds.yaml

Uninstalling

helm uninstall hookbase-operator --namespace hookbase-system

Warning

Uninstalling the chart does not remove CRDs or custom resources. Delete custom resources first to trigger finalizer cleanup, then remove CRDs manually if desired:

kubectl delete webhooksources,webhookdestinations,webhookroutes --all -A
kubectl delete crd webhooksources.hookbase.io webhookdestinations.hookbase.io webhookroutes.hookbase.io

RBAC

The chart creates a ClusterRole with fine-grained permissions for all 10 CRD types, Secrets (for API key resolution), Deployments (for sidecar injection), and Ingress resources.

See Also

  • Kubernetes Operator Guide -- getting started
  • CRD Reference -- all CRD specifications
PreviousCRD ReferenceNextPlans & Limits

On this page

InstallationValues ReferenceHookbase ConfigurationOperator SettingsResourcesAdmission WebhooksPrometheus MetricsSecurity ContextPod SchedulingService AccountExample ConfigurationsMinimalProductionNamespace-ScopedCRD ManagementUpgradingUninstallingRBACSee Also