Skip to content

Platform Values

kMetal is delivered as a Helm umbrella chart. This page describes the values shape — the top-level keys you can override in your kmetal-values.yaml overlay file.

For full per-component schemas, see Helm Values Reference.

Top-level values

The chart exposes one top-level key per component or capability:

Key Purpose Notes
network.flannel Primary CNI enabled, podCidr, backend
network.kubeOvn Secondary CNI (tenant overlay/VLAN, provider network) enabled, podCidr, joinCidr, svcCidr, tunnelInterface, tunnelType
network.multus Multus CNI plugin (required for Kube-OVN-as-secondary) enabled
metallb LoadBalancer IP allocation enabled, pools, l2Advertisements
kubevirt KubeVirt operator + CR enabled, version, namespace, spec
cdi Containerized Data Importer enabled, version, spec
kamaji Kamaji controller enabled, replicas
capi Cluster API core + providers enabled, namespace, providers.{core,bootstrap,infrastructure,controlPlane}
certManager cert-manager enabled, installCRDs
glue.kamajiAddonOvn CP↔OVN bridge DaemonSet enabled
storage.localPath local-path provisioner enabled, nodePathMap
tenants.defaults Defaults for tenant cluster provisioning workerImage, workerSize

Each component also accepts a sub-chart override block at the matching top-level key (e.g. kube-ovn:, metallb:, kamaji:, cert-manager:). These pass through to the underlying sub-chart's own values shape.

Minimum-viable overlay

A real install needs at least the Kube-OVN tunnel interface and a MetalLB pool:

network:
  kubeOvn:
    tunnelInterface: "data.205"       # NIC carrying Geneve traffic (chart example shape)
metallb:
  pools:
    - name: default-pool
      addresses:
        - 192.168.1.100-192.168.1.200
  l2Advertisements:
    - name: default-l2-adv
      ipAddressPools:
        - default-pool

The chart provides sensible defaults for everything else. See the chart's values.yaml and the shipped per-environment overlays (values-primary.yaml, values-secondary.yaml) for the canonical reference.

Disabling optional components

Each component can be turned off via its enabled flag:

storage:
  localPath:
    enabled: false        # Use your own CSI driver instead

glue:
  kamajiAddonOvn:
    enabled: false        # Only if you don't need OVN-bridged tenant CP connectivity

Resource limits & node placement

Per-component resource limits and nodeSelector / tolerations are configured under the sub-chart override block, not under the top-level key. Example for Kamaji:

kamaji:
  enabled: true            # operator-facing toggle
  replicas: 2

# Sub-chart override (passes through to clastix/kamaji)
kamaji:
  nodeSelector:
    node-role.kubernetes.io/control-plane: ""
  resources:
    requests: { cpu: "1", memory: 512Mi }
    limits:   { cpu: "2", memory: 1Gi }

YAML anchors for repeated values

Some values (e.g. tunnelInterface) appear in two places — under network.kubeOvn for documentation and under kube-ovn for the sub-chart override. The chart's reference overlays use YAML anchors so each canonical value is set once. See the chart's values.yaml header comments for the pattern.

Environment-specific overlays

Maintain one overlay per environment (lab, staging, prod) and pass with --values:

helm install kmetal oci://ghcr.io/clastix/oci/kmetal \
  --namespace kmetal-flux \
  --values kmetal-values-prod.yaml \
  --wait --timeout=15m

Per-environment-specific knobs that change between deployments:

  • network.kubeOvn.tunnelInterface — NIC name varies by host model
  • metallb.pools[].addresses — IP range varies by datacenter
  • storage.localPath.nodePathMap — node→path mapping varies
  • Resource limits and replica counts on production vs lab

Defaults that should stay consistent across deployments:

  • network.flannel.podCidr, network.kubeOvn.podCidr, network.kubeOvn.svcCidr (changing these requires coordinated changes elsewhere)
  • Component versions (the chart pins tested versions)

Validation

Render the chart with your overlay before installing:

helm template kmetal oci://ghcr.io/clastix/oci/kmetal \
  --values kmetal-values.yaml > rendered.yaml

Inspect rendered.yaml for unexpected resources or namespace assignments before running helm install.


See Also: Helm Values Reference, Component Configuration.