Helm Values Reference
Helm Values Reference
Section titled “Helm Values Reference”Complete reference for all Helm chart configuration values.
Overview
Section titled “Overview”The OptiPod Helm chart provides extensive configuration options for customizing the deployment. This reference documents all available values with their defaults, types, and descriptions.
Installation
Section titled “Installation”helm install optipod charts/optipod \ --namespace optipod-system \ --create-namespace \ --values custom-values.yamlGlobal Settings
Section titled “Global Settings”nameOverride
Section titled “nameOverride”Override the chart name.
Type: string Default: ""
Example:
nameOverride: "my-optipod"fullnameOverride
Section titled “fullnameOverride”Override the full resource names.
Type: string Default: ""
Example:
fullnameOverride: "optipod-prod"namespaceOverride
Section titled “namespaceOverride”Override the namespace for all resources.
Type: string Default: "" (uses release namespace)
Example:
namespaceOverride: "custom-namespace"Image Configuration
Section titled “Image Configuration”image.repository
Section titled “image.repository”Container image repository.
Type: string Default: "ghcr.io/sagart-cactus/optipod"
Example:
image: repository: "my-registry.io/optipod"image.pullPolicy
Section titled “image.pullPolicy”Image pull policy.
Type: string Default: "IfNotPresent" Options: Always, IfNotPresent, Never
Example:
image: pullPolicy: Alwaysimage.tag
Section titled “image.tag”Image tag to use.
Type: string Default: "" (uses Chart.appVersion)
Example:
image: tag: "v1.5.3"imagePullSecrets
Section titled “imagePullSecrets”Secrets for pulling images from private registries.
Type: array Default: []
Example:
imagePullSecrets: - name: my-registry-secretService Account
Section titled “Service Account”serviceAccount.create
Section titled “serviceAccount.create”Create a service account.
Type: boolean Default: true
Example:
serviceAccount: create: trueserviceAccount.annotations
Section titled “serviceAccount.annotations”Annotations for the service account.
Type: object Default: {}
Example:
serviceAccount: annotations: eks.amazonaws.com/role-arn: "arn:aws:iam::123456789:role/optipod"serviceAccount.name
Section titled “serviceAccount.name”Service account name to use.
Type: string Default: "" (auto-generated)
Example:
serviceAccount: name: "optipod-sa"rbac.create
Section titled “rbac.create”Create RBAC resources.
Type: boolean Default: true
Example:
rbac: create: trueController Configuration
Section titled “Controller Configuration”controller.replicaCount
Section titled “controller.replicaCount”Number of controller replicas.
Type: integer Default: 1
Example:
controller: replicaCount: 1Note: Controller uses leader election, so only one replica is active at a time.
controller.strategy
Section titled “controller.strategy”Deployment strategy for controller.
Type: object Default:
strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 0 maxSurge: 1controller.ports
Section titled “controller.ports”Port configuration for controller.
Type: object Default:
ports: health: 8081 metrics: 8080controller.dryRun
Section titled “controller.dryRun”Enable dry-run mode (no actual changes).
Type: boolean Default: false
Example:
controller: dryRun: trueUse case: Testing without applying changes.
controller.leaderElect
Section titled “controller.leaderElect”Enable leader election for high availability.
Type: boolean Default: true
Example:
controller: leaderElect: truecontroller.reconciliationInterval
Section titled “controller.reconciliationInterval”Default reconciliation interval for policies.
Type: string (duration) Default: "5m"
Example:
controller: reconciliationInterval: "10m"controller.enableHTTP2
Section titled “controller.enableHTTP2”Enable HTTP/2 for controller.
Type: boolean Default: false
Example:
controller: enableHTTP2: falsecontroller.priorityClassName
Section titled “controller.priorityClassName”Priority class for controller pods.
Type: string Default: ""
Example:
controller: priorityClassName: "system-cluster-critical"controller.terminationGracePeriodSeconds
Section titled “controller.terminationGracePeriodSeconds”Grace period for pod termination.
Type: integer Default: 30
Example:
controller: terminationGracePeriodSeconds: 60controller.dnsPolicy
Section titled “controller.dnsPolicy”DNS policy for controller pods.
Type: string Default: "" (uses cluster default) Options: ClusterFirst, ClusterFirstWithHostNet, Default, None
Example:
controller: dnsPolicy: "ClusterFirst"controller.topologySpreadConstraints
Section titled “controller.topologySpreadConstraints”Topology spread constraints for controller pods.
Type: array Default: []
Example:
controller: topologySpreadConstraints: - maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: app.kubernetes.io/component: controllercontroller.resources
Section titled “controller.resources”Resource requests and limits for controller.
Type: object Default:
resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 128MiExample:
controller: resources: limits: cpu: 1000m memory: 1Gi requests: cpu: 200m memory: 256Micontroller.nodeSelector
Section titled “controller.nodeSelector”Node selector for controller pods.
Type: object Default: {}
Example:
controller: nodeSelector: node-role.kubernetes.io/control-plane: ""controller.tolerations
Section titled “controller.tolerations”Tolerations for controller pods.
Type: array Default: []
Example:
controller: tolerations: - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "NoSchedule"controller.affinity
Section titled “controller.affinity”Affinity rules for controller pods.
Type: object Default: {}
Example:
controller: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node-role.kubernetes.io/control-plane operator: Existscontroller.podAnnotations
Section titled “controller.podAnnotations”Annotations for controller pods.
Type: object Default: {}
Example:
controller: podAnnotations: prometheus.io/scrape: "true" prometheus.io/port: "8080"controller.podSecurityContext
Section titled “controller.podSecurityContext”Security context for controller pods.
Type: object Default:
podSecurityContext: runAsNonRoot: true runAsUser: 65532 fsGroup: 65532controller.securityContext
Section titled “controller.securityContext”Security context for controller container.
Type: object Default:
securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: truecontroller.livenessProbe
Section titled “controller.livenessProbe”Liveness probe configuration.
Type: object Default:
livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20controller.readinessProbe
Section titled “controller.readinessProbe”Readiness probe configuration.
Type: object Default:
readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10Webhook Configuration
Section titled “Webhook Configuration”webhook.enabled
Section titled “webhook.enabled”Enable the mutating webhook.
Type: boolean Default: true
Example:
webhook: enabled: trueNote: Requires cert-manager for certificate management.
webhook.port
Section titled “webhook.port”Webhook server port.
Type: integer Default: 9443
Example:
webhook: port: 9443webhook.ports
Section titled “webhook.ports”Port configuration for webhook metrics and health.
Type: object Default:
ports: health: 8081 metrics: 8080webhook.certDir
Section titled “webhook.certDir”Certificate directory for webhook TLS.
Type: string Default: "/tmp/k8s-webhook-server/serving-certs"
Example:
webhook: certDir: "/tmp/k8s-webhook-server/serving-certs"webhook.failurePolicy
Section titled “webhook.failurePolicy”Webhook failure policy.
Type: string Default: "Ignore" Options: Ignore, Fail
Values:
Ignore- Allow pod creation even if webhook fails (recommended for initial setup)Fail- Block pod creation if webhook fails (stricter enforcement)
Example:
webhook: failurePolicy: Ignorewebhook.timeoutSeconds
Section titled “webhook.timeoutSeconds”Webhook timeout in seconds.
Type: integer Default: 10
Example:
webhook: timeoutSeconds: 10webhook.namespaceSelector
Section titled “webhook.namespaceSelector”Namespace selector for webhook.
Type: object Default:
namespaceSelector: matchExpressions: - key: name operator: NotIn values: ["kube-system", "kube-public", "kube-node-lease"] - key: control-plane operator: DoesNotExistExample:
webhook: namespaceSelector: matchLabels: optipod-webhook: "enabled"webhook.objectSelector
Section titled “webhook.objectSelector”Object selector for webhook.
Type: object Default: {}
Note: Kubernetes objectSelector only supports label matching, not annotations. OptiPod filters by annotations in webhook code.
webhook.service
Section titled “webhook.service”Webhook service configuration.
Type: object Default:
service: type: ClusterIP port: 443 targetPort: 9443webhook.deployment.replicaCount
Section titled “webhook.deployment.replicaCount”Number of webhook replicas.
Type: integer Default: 2
Example:
webhook: deployment: replicaCount: 3Recommendation: Use 2+ replicas for high availability.
webhook.deployment.strategy
Section titled “webhook.deployment.strategy”Deployment strategy for webhook.
Type: object Default:
strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 0 maxSurge: 1webhook.deployment.resources
Section titled “webhook.deployment.resources”Resource requests and limits for webhook.
Type: object Default:
resources: limits: cpu: 200m memory: 256Mi requests: cpu: 50m memory: 64Miwebhook.deployment.affinity
Section titled “webhook.deployment.affinity”Affinity rules for webhook pods.
Type: object Default:
affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/component operator: In values: - webhook topologyKey: kubernetes.io/hostnameNote: Default affinity spreads webhook pods across nodes for high availability.
webhook.pdb.enabled
Section titled “webhook.pdb.enabled”Enable Pod Disruption Budget for webhook.
Type: boolean Default: true
Example:
webhook: pdb: enabled: truewebhook.pdb.minAvailable
Section titled “webhook.pdb.minAvailable”Minimum available webhook pods.
Type: integer Default: 1
Example:
webhook: pdb: minAvailable: 1webhook.networkPolicy.enabled
Section titled “webhook.networkPolicy.enabled”Enable network policy for webhook.
Type: boolean Default: true
Example:
webhook: networkPolicy: enabled: truewebhook.networkPolicy.ingress
Section titled “webhook.networkPolicy.ingress”Ingress rules for webhook network policy.
Type: array Default:
ingress: - from: - namespaceSelector: {} ports: - protocol: TCP port: 9443Certificate Manager
Section titled “Certificate Manager”certManager.install
Section titled “certManager.install”Install cert-manager as a subchart.
Type: boolean Default: true
Values:
true- Install cert-manager with OptiPodfalse- Use existing cert-manager in cluster
Example:
certManager: install: false # Use existing cert-managercertManager.installCRDs
Section titled “certManager.installCRDs”Install cert-manager CRDs.
Type: boolean Default: true
Note: Only used if certManager.install is true.
certManager.issuer.kind
Section titled “certManager.issuer.kind”Issuer type.
Type: string Default: "Issuer" Options: Issuer, ClusterIssuer
Example:
certManager: issuer: kind: ClusterIssuercertManager.issuer.name
Section titled “certManager.issuer.name”Issuer name.
Type: string Default: "optipod-selfsigned-issuer"
Example:
certManager: issuer: name: "my-issuer"certManager.issuer.selfSigned
Section titled “certManager.issuer.selfSigned”Use self-signed issuer.
Type: boolean Default: true
Example:
certManager: issuer: selfSigned: truecertManager.certificate.secretName
Section titled “certManager.certificate.secretName”Secret name for webhook certificate.
Type: string Default: "webhook-server-certs"
Example:
certManager: certificate: secretName: "optipod-webhook-certs" # pragma: allowlist secretcertManager.certificate.duration
Section titled “certManager.certificate.duration”Certificate duration.
Type: string (duration) Default: "8760h" (1 year)
Example:
certManager: certificate: duration: "4380h" # 6 monthscertManager.certificate.renewBefore
Section titled “certManager.certificate.renewBefore”Renew certificate before expiry.
Type: string (duration) Default: "720h" (30 days)
Example:
certManager: certificate: renewBefore: "1440h" # 60 dayscertManager.certificate.privateKey
Section titled “certManager.certificate.privateKey”Private key configuration.
Type: object Default:
privateKey: algorithm: RSA size: 2048Metrics Configuration
Section titled “Metrics Configuration”metrics.enabled
Section titled “metrics.enabled”Enable metrics endpoint.
Type: boolean Default: true
Example:
metrics: enabled: truemetrics.secure
Section titled “metrics.secure”Enable TLS for metrics endpoint.
Type: boolean Default: true
Example:
metrics: secure: truemetrics.serviceMonitor.enabled
Section titled “metrics.serviceMonitor.enabled”Enable Prometheus ServiceMonitor.
Type: boolean Default: false
Example:
metrics: serviceMonitor: enabled: trueNote: Requires Prometheus Operator.
metrics.serviceMonitor.interval
Section titled “metrics.serviceMonitor.interval”Scrape interval for ServiceMonitor.
Type: string (duration) Default: "30s"
Example:
metrics: serviceMonitor: interval: "15s"metrics.serviceMonitor.scrapeTimeout
Section titled “metrics.serviceMonitor.scrapeTimeout”Scrape timeout for ServiceMonitor.
Type: string (duration) Default: "10s"
Example:
metrics: serviceMonitor: scrapeTimeout: "5s"Metrics Provider
Section titled “Metrics Provider”metricsProvider.type
Section titled “metricsProvider.type”Metrics provider type.
Type: string Default: "metrics-server" Options: metrics-server, prometheus
Example:
metricsProvider: type: "prometheus"metricsProvider.prometheus.url
Section titled “metricsProvider.prometheus.url”Prometheus server URL.
Type: string Default: "http://prometheus:9090"
Example:
metricsProvider: prometheus: url: "http://prometheus-server.monitoring:9090"metricsProvider.prometheus.auth.type
Section titled “metricsProvider.prometheus.auth.type”Prometheus authentication type.
Type: string Default: "none" Options: none, basic, bearer
Example:
metricsProvider: prometheus: auth: type: "basic"metricsProvider.prometheus.auth.basic
Section titled “metricsProvider.prometheus.auth.basic”Basic authentication configuration.
Type: object Default:
basic: username: "" password: "" existingSecret: name: "" usernameKey: "username" passwordKey: "password" # pragma: allowlist secretExample:
metricsProvider: prometheus: auth: type: "basic" basic: existingSecret: name: "prometheus-auth" usernameKey: "username" passwordKey: "password" # pragma: allowlist secretmetricsProvider.prometheus.auth.bearer
Section titled “metricsProvider.prometheus.auth.bearer”Bearer token authentication configuration.
Type: object Default:
bearer: token: "" existingSecret: name: "" key: "token"Example:
metricsProvider: prometheus: auth: type: "bearer" bearer: existingSecret: name: "prometheus-token" key: "token"metricsProvider.prometheus.tls
Section titled “metricsProvider.prometheus.tls”TLS configuration for Prometheus.
Type: object Default:
tls: enabled: false insecureSkipVerify: false existingSecret: name: "" caKey: "ca.crt" certKey: "tls.crt" keyKey: "tls.key"Example:
metricsProvider: prometheus: tls: enabled: true existingSecret: name: "prometheus-tls"metricsProvider.prometheus.timeout
Section titled “metricsProvider.prometheus.timeout”HTTP client timeout for Prometheus.
Type: string (duration) Default: "30s"
Example:
metricsProvider: prometheus: timeout: "60s"metricsProvider.metricsServer.samplingInterval
Section titled “metricsProvider.metricsServer.samplingInterval”Background sampling interval for metrics-server.
Type: string (duration) Default: "5m"
Example:
metricsProvider: metricsServer: samplingInterval: "10m"metricsProvider.metricsServer.maxSamplesPerTarget
Section titled “metricsProvider.metricsServer.maxSamplesPerTarget”Maximum samples to cache per target.
Type: integer Default: 2880
Example:
metricsProvider: metricsServer: maxSamplesPerTarget: 5000metricsProvider.metricsServer.minSamplesRequired
Section titled “metricsProvider.metricsServer.minSamplesRequired”Minimum samples required for recommendations.
Type: integer Default: 10
Example:
metricsProvider: metricsServer: minSamplesRequired: 20metricsProvider.metricsServer.targetTTL
Section titled “metricsProvider.metricsServer.targetTTL”Target eviction TTL.
Type: string (duration) Default: "15m"
Example:
metricsProvider: metricsServer: targetTTL: "30m"Observability
Section titled “Observability”logging.level
Section titled “logging.level”Log level.
Type: string Default: "info" Options: debug, info, warn, error
Example:
logging: level: "debug"logging.format
Section titled “logging.format”Log format.
Type: string Default: "json" Options: json, console
Example:
logging: format: "console"Additional Configuration
Section titled “Additional Configuration”extraVolumes
Section titled “extraVolumes”Additional volumes for controller.
Type: array Default: []
Example:
extraVolumes: - name: config configMap: name: optipod-configextraVolumeMounts
Section titled “extraVolumeMounts”Additional volume mounts for controller.
Type: array Default: []
Example:
extraVolumeMounts: - name: config mountPath: /etc/optipod readOnly: trueextraEnv
Section titled “extraEnv”Additional environment variables for controller.
Type: array Default: []
Example:
extraEnv: - name: CUSTOM_VAR value: "custom-value" - name: SECRET_VAR valueFrom: secretKeyRef: name: my-secret key: secret-keyCommon Configuration Examples
Section titled “Common Configuration Examples”Minimal Configuration
Section titled “Minimal Configuration”# Minimal setup with defaultscontroller: replicaCount: 1
webhook: enabled: true
metricsProvider: type: "metrics-server"Production Configuration
Section titled “Production Configuration”# Production setup with HA and monitoringcontroller: replicaCount: 1 resources: limits: cpu: 1000m memory: 1Gi requests: cpu: 200m memory: 256Mi affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node-role.kubernetes.io/control-plane operator: Exists
webhook: enabled: true deployment: replicaCount: 3 resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 128Mi pdb: enabled: true minAvailable: 2
metrics: serviceMonitor: enabled: true
metricsProvider: type: "prometheus" prometheus: url: "http://prometheus-server.monitoring:9090" auth: type: "basic" basic: existingSecret: name: "prometheus-auth"
logging: level: "info" format: "json"GitOps Configuration
Section titled “GitOps Configuration”# GitOps-friendly setupwebhook: enabled: true failurePolicy: Ignore deployment: replicaCount: 2
metricsProvider: type: "prometheus" prometheus: url: "http://prometheus:9090"
certManager: install: false # Use existing cert-managerDevelopment Configuration
Section titled “Development Configuration”# Development setupcontroller: dryRun: true resources: limits: cpu: 200m memory: 256Mi requests: cpu: 50m memory: 64Mi
webhook: enabled: false
metricsProvider: type: "metrics-server"
logging: level: "debug" format: "console"Related Documentation
Section titled “Related Documentation”- Installation Guide - Installation instructions
- CRD Specification - OptimizationPolicy field reference
- Prometheus Authentication - Prometheus auth setup
- Webhook Configuration - Advanced webhook configuration