Platform Values¶
kMetal is delivered as a Helm umbrella chart. This page describes the values shape — the top-level keys you can override in your kmetal-values.yaml overlay file.
For full per-component schemas, see Helm Values Reference.
Top-level values¶
The chart exposes one top-level key per component or capability:
| Key | Purpose | Notes |
|---|---|---|
network.flannel |
Primary CNI | enabled, podCidr, backend |
network.kubeOvn |
Secondary CNI (tenant overlay/VLAN, provider network) | enabled, podCidr, joinCidr, svcCidr, tunnelInterface, tunnelType |
network.multus |
Multus CNI plugin (required for Kube-OVN-as-secondary) | enabled |
metallb |
LoadBalancer IP allocation | enabled, pools, l2Advertisements |
kubevirt |
KubeVirt operator + CR | enabled, version, namespace, spec |
cdi |
Containerized Data Importer | enabled, version, spec |
kamaji |
Kamaji controller | enabled, replicas |
capi |
Cluster API core + providers | enabled, namespace, providers.{core,bootstrap,infrastructure,controlPlane} |
certManager |
cert-manager | enabled, installCRDs |
glue.kamajiAddonOvn |
CP↔OVN bridge DaemonSet | enabled |
storage.localPath |
local-path provisioner | enabled, nodePathMap |
tenants.defaults |
Defaults for tenant cluster provisioning | workerImage, workerSize |
Each component also accepts a sub-chart override block at the matching top-level key (e.g. kube-ovn:, metallb:, kamaji:, cert-manager:). These pass through to the underlying sub-chart's own values shape.
Minimum-viable overlay¶
A real install needs at least the Kube-OVN tunnel interface and a MetalLB pool:
network:
kubeOvn:
tunnelInterface: "data.205" # NIC carrying Geneve traffic (chart example shape)
metallb:
pools:
- name: default-pool
addresses:
- 192.168.1.100-192.168.1.200
l2Advertisements:
- name: default-l2-adv
ipAddressPools:
- default-pool
The chart provides sensible defaults for everything else. See the chart's values.yaml and the shipped per-environment overlays (values-primary.yaml, values-secondary.yaml) for the canonical reference.
Disabling optional components¶
Each component can be turned off via its enabled flag:
storage:
localPath:
enabled: false # Use your own CSI driver instead
glue:
kamajiAddonOvn:
enabled: false # Only if you don't need OVN-bridged tenant CP connectivity
Resource limits & node placement¶
Per-component resource limits and nodeSelector / tolerations are configured under the sub-chart override block, not under the top-level key. Example for Kamaji:
kamaji:
enabled: true # operator-facing toggle
replicas: 2
# Sub-chart override (passes through to clastix/kamaji)
kamaji:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
resources:
requests: { cpu: "1", memory: 512Mi }
limits: { cpu: "2", memory: 1Gi }
YAML anchors for repeated values
Some values (e.g. tunnelInterface) appear in two places — under network.kubeOvn for documentation and under kube-ovn for the sub-chart override. The chart's reference overlays use YAML anchors so each canonical value is set once. See the chart's values.yaml header comments for the pattern.
Environment-specific overlays¶
Maintain one overlay per environment (lab, staging, prod) and pass with --values:
helm install kmetal oci://ghcr.io/clastix/oci/kmetal \
--namespace kmetal-flux \
--values kmetal-values-prod.yaml \
--wait --timeout=15m
Per-environment-specific knobs that change between deployments:
network.kubeOvn.tunnelInterface— NIC name varies by host modelmetallb.pools[].addresses— IP range varies by datacenterstorage.localPath.nodePathMap— node→path mapping varies- Resource limits and replica counts on production vs lab
Defaults that should stay consistent across deployments:
network.flannel.podCidr,network.kubeOvn.podCidr,network.kubeOvn.svcCidr(changing these requires coordinated changes elsewhere)- Component versions (the chart pins tested versions)
Validation¶
Render the chart with your overlay before installing:
Inspect rendered.yaml for unexpected resources or namespace assignments before running helm install.
See Also: Helm Values Reference, Component Configuration.