Skip to content

Component Reference

The kMetal umbrella chart bundles the following components on the under cluster. Each component is a Helm sub-chart with its own values namespace.

For the values shape, see Helm Values Reference. For per-component override patterns, see Component Configuration.

Networking

cert-manager

TLS certificate lifecycle for under-cluster services.

certManager:
  enabled: true
  installCRDs: true

flannel

Primary CNI on under-cluster nodes — management-plane pod networking.

network:
  flannel:
    enabled: true
    podCidr: "10.93.0.0/16"
    backend: "host-gw"

kube-ovn

Secondary CNI (via Multus). Provides per-tenant VPCs, Subnets, and the provider network for tenant egress.

network:
  kubeOvn:
    enabled: true
    podCidr: "10.16.0.0/16"
    podGateway: "10.16.0.1"
    svcCidr: "10.96.0.0/16"
    joinCidr: "100.64.0.0/16"
    tunnelInterface: ""       # REQUIRED — per-deployment NIC name
    tunnelType: "geneve"
  multus:
    enabled: true

metallb

LoadBalancer service IP allocation.

metallb:
  enabled: true
  pools:
    - name: default-pool
      addresses:
        - 192.168.1.100-192.168.1.200
  l2Advertisements:
    - name: default-l2-adv
      ipAddressPools:
        - default-pool

Virtualization

kubevirt-operator + kubevirt

KubeVirt operator and CR — runs tenant worker nodes as KVM VMs on the under cluster.

kubevirt:
  enabled: true
  version: v1.7.2
  namespace: system-kubevirt

cdi-operator + cdi

Containerized Data Importer — DataVolumes for tenant worker disks.

cdi:
  enabled: true
  version: v1.64.0

Hosted Control Plane

kamaji-crds + kamaji

Operator that runs each tenant cluster's hosted control plane (api-server, controller-manager, scheduler, konnectivity-server) as pods.

kamaji:
  enabled: true
  replicas: 2

kamaji-addon-ovn

Bridges Kamaji-hosted control planes to the tenant's OVN VPC so worker traffic can reach the api-server.

glue:
  kamajiAddonOvn:
    enabled: true

Cluster Lifecycle

cluster-api-operator (alias: capi-operator)

Manages CAPI core + provider controllers in the kmetal-capi-providers namespace.

capi:
  enabled: true
  namespace: kmetal-capi-providers
  providers:
    core:
      version: "v1.10.10"
    bootstrap:
      kubeadm:
        enabled: true
        version: "v1.10.10"
    infrastructure:
      kubevirt:
        enabled: true       # CAPK
        version: "v0.10.5"
    controlPlane:
      kamaji:
        enabled: true       # CACPK
        version: "v0.19.0"

Storage

local-path-provisioner

Default StorageClass for the under cluster. Production deployments typically replace with a vendor CSI driver.

storage:
  localPath:
    enabled: true
    nodePathMap: []           # per-deployment overlay populates this

Component Dependencies

The chart orders installation so dependencies come up first; you generally don't need to manage ordering manually:

  • kamaji requires kamaji-crds and cert-manager (for webhook certs).
  • kamaji-addon-ovn requires kamaji and kube-ovn.
  • cluster-api-operator + CAPI providers require cert-manager.
  • kube-ovn requires multus when running alongside Flannel.

See also