Helm Chart

gNMIc Operator Helm chart configuration reference

This page documents all configuration options available in the gNMIc Operator Helm chart.

Installation

# From OCI registry
helm install gnmic-operator oci://ghcr.io/gnmic/operator/charts/gnmic-operator \
  --namespace gnmic-system \
  --create-namespace

# From source
helm install gnmic-operator ./helm \
  --namespace gnmic-system \
  --create-namespace

Values

Image Configuration

ParameterDescriptionDefault
image.repositoryContainer image repositoryghcr.io/gnmic/operator
image.tagContainer image tagChart’s appVersion
image.pullPolicyImage pull policyIfNotPresent
imagePullSecretsImage pull secrets[]
image:
  repository: ghcr.io/gnmic/operator
  tag: "0.1.0"
  pullPolicy: IfNotPresent

imagePullSecrets:
  - name: my-registry-secret

Deployment Configuration

ParameterDescriptionDefault
replicaCountNumber of operator replicas1
nameOverrideOverride the chart name""
fullnameOverrideOverride the full resource name""
replicaCount: 1
nameOverride: ""
fullnameOverride: "my-operator"

Service Account

ParameterDescriptionDefault
serviceAccount.createCreate a service accounttrue
serviceAccount.annotationsAnnotations for the service account{}
serviceAccount.nameName of the service accountGenerated from fullname
serviceAccount:
  create: true
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::123456789:role/my-role
  name: "gnmic-operator"

Pod Configuration

ParameterDescriptionDefault
podAnnotationsAnnotations for the operator pod{}
podSecurityContextSecurity context for the pod{runAsNonRoot: true}
securityContextSecurity context for the containerSee below
nodeSelectorNode selector for pod scheduling{}
tolerationsTolerations for pod scheduling[]
affinityAffinity rules for pod scheduling{}
podAnnotations:
  prometheus.io/scrape: "true"

podSecurityContext:
  runAsNonRoot: true

securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"

nodeSelector:
  node-role.kubernetes.io/infra: ""

tolerations:
  - key: "dedicated"
    operator: "Equal"
    value: "infra"
    effect: "NoSchedule"

affinity:
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchLabels:
              app.kubernetes.io/name: gnmic-operator
          topologyKey: kubernetes.io/hostname

Resources

ParameterDescriptionDefault
resources.limits.cpuCPU limit500m
resources.limits.memoryMemory limit256Mi
resources.requests.cpuCPU request10m
resources.requests.memoryMemory request64Mi
resources:
  limits:
    cpu: 1000m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 128Mi

Leader Election

ParameterDescriptionDefault
leaderElection.enabledEnable leader electiontrue

Leader election ensures only one controller instance is active when running multiple replicas.

leaderElection:
  enabled: true

Webhooks

ParameterDescriptionDefault
webhook.enabledEnable admission webhookstrue
webhook.portWebhook server port9443

Webhooks provide validation and defaulting for custom resources. Requires cert-manager when enabled.

webhook:
  enabled: true
  port: 9443

Metrics

ParameterDescriptionDefault
metrics.enabledEnable metrics servicetrue
metrics.portMetrics endpoint port8080
metrics.serviceMonitor.enabledCreate ServiceMonitor for Prometheusfalse
metrics.serviceMonitor.namespaceNamespace for ServiceMonitorRelease namespace
metrics.serviceMonitor.intervalScrape interval30s
metrics.serviceMonitor.scrapeTimeoutScrape timeout10s
metrics:
  enabled: true
  port: 8080
  serviceMonitor:
    enabled: true
    namespace: monitoring
    interval: 30s
    scrapeTimeout: 10s

Health Probes

ParameterDescriptionDefault
health.livenessProbeLiveness probe configurationSee below
health.readinessProbeReadiness probe configurationSee below
health:
  livenessProbe:
    httpGet:
      path: /healthz
      port: 8081
    initialDelaySeconds: 15
    periodSeconds: 20
  readinessProbe:
    httpGet:
      path: /readyz
      port: 8081
    initialDelaySeconds: 5
    periodSeconds: 10

cert-manager Integration

ParameterDescriptionDefault
certManager.enabledUse cert-manager for webhook certificatestrue
certManager.issuer.createCreate a self-signed issuertrue
certManager.issuer.kindIssuer kind (Issuer or ClusterIssuer)Issuer
certManager.issuer.nameName of existing issuer (if not creating)Generated
certManager.durationCertificate duration8760h (1 year)
certManager.renewBeforeRenew certificate before expiry720h (30 days)
certManager:
  enabled: true
  issuer:
    create: true
    kind: Issuer
    name: ""
  duration: 8760h
  renewBefore: 720h

To use an existing ClusterIssuer:

certManager:
  enabled: true
  issuer:
    create: false
    kind: ClusterIssuer
    name: my-cluster-issuer

CRDs

ParameterDescriptionDefault
crds.installInstall CRDs with the charttrue
crds.keepKeep CRDs on uninstalltrue
crds:
  install: true
  keep: true

Discovery Buffering

ParameterDescriptionDefault
discovery.chunkSizeMaximum number of targets/events sent in a single discovery message100
discovery.bufferSizeAmount of discovery messages that can be queued in the channel buffer10

Controls Go channel buffering between discovery senders (API server, target loader) and receiver (message processor). Directly impacts throughput, latency, and memory consumption. For detailed tuning guidance, see Discovery Buffering.

discovery:
  chunkSize: 100
  bufferSize: 10

Examples

Minimal Installation

# values-minimal.yaml
replicaCount: 1
helm install gnmic-operator oci://ghcr.io/gnmic/operator/charts/gnmic-operator \
  -f values-minimal.yaml \
  --namespace gnmic-system \
  --create-namespace

Production Ready Installation

# values-production.yaml
replicaCount: 2

resources:
  limits:
    cpu: 1000m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 128Mi

affinity:
  podAntiAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchLabels:
            app.kubernetes.io/name: gnmic-operator
        topologyKey: kubernetes.io/hostname

metrics:
  serviceMonitor:
    enabled: true
    interval: 30s
helm install gnmic-operator oci://ghcr.io/gnmic/operator/charts/gnmic-operator \
  -f values-production.yaml \
  --namespace gnmic-system \
  --create-namespace

Without Webhooks

# values-dev.yaml
webhook:
  enabled: false

certManager:
  enabled: false
helm install gnmic-operator oci://ghcr.io/gnmic/operator/charts/gnmic-operator \
  -f values-dev.yaml \
  --namespace gnmic-system \
  --create-namespace

Air-Gapped Installation

# values-airgapped.yaml
image:
  repository: my-registry.internal/gnmic/operator
  tag: "0.1.0"

imagePullSecrets:
  - name: registry-credentials
helm install gnmic-operator ./helm \
  -f values-airgapped.yaml \
  --namespace gnmic-system \
  --create-namespace

Upgrading

# Get current values
helm get values gnmic-operator -n gnmic-system > current-values.yaml

# Upgrade with new version
helm upgrade gnmic-operator oci://ghcr.io/gnmic/operator/charts/gnmic-operator \
  --version 0.2.0 \
  -f current-values.yaml \
  --namespace gnmic-system

Uninstalling

# Uninstall the release
helm uninstall gnmic-operator -n gnmic-system

# CRDs are kept by default. To remove them:
kubectl delete crds \
  clusters.operator.gnmic.dev \
  inputs.operator.gnmic.dev \
  outputs.operator.gnmic.dev \
  pipelines.operator.gnmic.dev \
  processors.operator.gnmic.dev \
  subscriptions.operator.gnmic.dev \
  targetprofiles.operator.gnmic.dev \
  targets.operator.gnmic.dev \
  targetsources.operator.gnmic.dev \
  tunneltargetpolicies.operator.gnmic.dev