Helm Values Reference¶
The kMetal umbrella chart exposes the following top-level keys. Defaults are documented in the chart's values.yaml; this page shows the shape you'd use in your overlay.
Top-level shape¶
network:
flannel: { ... }
kubeOvn: { ... }
multus: { ... }
metallb: { ... }
kubevirt: { ... }
cdi: { ... }
kamaji: { ... }
capi: { ... }
certManager: { ... }
glue:
kamajiAddonOvn: { ... }
storage:
localPath: { ... }
tenants:
defaults: { ... }
# Sub-chart override blocks (passed straight through to each sub-chart)
cert-manager: { ... }
flannel: { ... }
kube-ovn: { ... }
metallb: { ... } # operator-facing key above; this is the sub-chart override
local-path-provisioner: { ... }
kamaji: { ... } # operator-facing key above; this is the sub-chart override
capi-operator: { ... }
kubevirt-operator: { ... }
kubevirt: { ... } # operator-facing key above; this is the sub-chart override
cdi-operator: { ... }
cdi: { ... } # operator-facing key above; this is the sub-chart override
kamaji-addon-ovn: { ... }
The operator-facing key (kamaji, kubevirt, cdi, …) sets a small surface of opinionated knobs; the matching sub-chart override block accepts the underlying chart's full schema for everything else. The two are merged at install time.
Operator-facing keys¶
network¶
network:
flannel:
enabled: true
podCidr: "10.93.0.0/16"
backend: "host-gw"
kubeOvn:
enabled: true
podCidr: "10.16.0.0/16"
podGateway: "10.16.0.1"
svcCidr: "10.96.0.0/16"
joinCidr: "100.64.0.0/16"
tunnelInterface: "" # REQUIRED per deployment
tunnelType: "geneve" # geneve | vxlan | stt
externalGatewaySwitch: "external"
externalGatewayVlanId: "0"
multus:
enabled: true
metallb¶
metallb:
enabled: true
pools: [] # per-deployment overlay populates this
l2Advertisements: []
controller:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
kubevirt¶
kubevirt:
enabled: true
version: v1.7.2 # vendored upstream; bump only when re-vendoring
namespace: system-kubevirt
spec: {} # KubeVirt CR spec; {} = operator defaults
cdi¶
cdi:
enabled: true
version: v1.64.0
spec:
config:
featureGates:
- HonorWaitForFirstConsumer
infra:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
kamaji¶
capi¶
capi:
enabled: true
namespace: kmetal-capi-providers
providers:
core:
version: "v1.10.10"
bootstrap:
kubeadm:
enabled: true
version: "v1.10.10"
infrastructure:
kubevirt:
enabled: true
version: "v0.10.5" # CAPK
controlPlane:
kamaji:
enabled: true
version: "v0.19.0" # CACPK
certManager¶
glue.kamajiAddonOvn¶
storage.localPath¶
storage:
localPath:
enabled: true # set false to use a vendor CSI driver instead
nodePathMap: [] # per-deployment overlay
tenants.defaults¶
Sub-chart override blocks¶
Each sub-chart accepts its upstream schema verbatim under the matching top-level key. See the upstream chart's values.yaml for the full set of options.
cert-manager (sub-chart)¶
Defaults pin all four cert-manager components (controller, cainjector, webhook, startupapicheck) to control-plane nodes.
cert-manager:
crds:
enabled: true
nodeSelector:
node-role.kubernetes.io/control-plane: ""
cainjector:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
webhook:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
startupapicheck:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
kube-ovn (sub-chart)¶
Critical Kube-OVN overrides (these line up with network.kubeOvn.* via YAML anchors in the reference overlays):
kube-ovn:
ipv4:
POD_CIDR: "10.16.0.0/16"
POD_GATEWAY: "10.16.0.1"
SVC_CIDR: "10.96.0.0/16"
networking:
IFACE: "" # NIC for Geneve traffic (REQUIRED)
TUNNEL_TYPE: "geneve"
ENABLE_EIP_SNAT: true
cni_conf:
NON_PRIMARY_CNI: true # Kube-OVN runs as secondary CNI via Multus
CNI_CONFIG_PRIORITY: "99" # ensures Flannel is the default delegate
func:
ENABLE_NAT_GW: false # we use OVN distributed gateway, not vpc-nat-gw
kamaji (sub-chart)¶
kamaji:
imagePullSecrets:
- name: clastix-ghcr
nodeSelector:
node-role.kubernetes.io/control-plane: ""
resources:
requests: { cpu: "1", memory: 512Mi }
limits: { cpu: "2", memory: 1Gi }
defaultDatastoreName: ""
local-path-provisioner (sub-chart)¶
local-path-provisioner:
storageClass:
create: true
defaultClass: true
name: local-path
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
nodeSelector:
node-role.kubernetes.io/control-plane: ""
nodePathMap: []
Others¶
flannel, kubevirt-operator, cdi-operator, kamaji-addon-ovn, capi-operator accept their upstream schemas. For most deployments, the chart's defaults are sufficient.
Per-environment overlays¶
Maintain one overlay per environment. The repeated values that change between deployments:
network.kubeOvn.tunnelInterfaceandkube-ovn.networking.IFACEmetallb.pools[].addressesstorage.localPath.nodePathMapandlocal-path-provisioner.nodePathMap- Resource limits and replica counts (sub-chart override blocks)
The chart's reference overlays use YAML anchors so each canonical value appears once. See the chart's values.yaml header comments for the anchor pattern.
Validation¶
Inspect rendered.yaml for the resources, namespaces, and image tags you expect before running helm install / helm upgrade.