# kantaloupe-chart

![Version: 0.17.9](https://img.shields.io/badge/Version-0.17.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.13.0](https://img.shields.io/badge/AppVersion-0.13.0-informational?style=flat-square)

A Helm chart for Kubernetes

**Homepage:** <https://github.com/dynamia-ai/kantaloupe>

## Maintainers

| Name | Email | Url |
| ---- | ------ | --- |
| Dynamia AI |  | <https://dynamia.ai> |

## Source Code

* <https://github.com/dynamia-ai/kantaloupe>

## Requirements

| Repository | Name | Version |
|------------|------|---------|
| https://cloudtty.github.io/cloudtty/ | cloudtty | >=0.8.0 |

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| apiserver.affinity | object | `{}` | apiserver affinity settings |
| apiserver.clusterAPIBurst | int | `100` | Burst to use while talking with cluster kube-apiserver |
| apiserver.clusterAPIQPS | int | `50` | QPS to use while talking with cluster kube-apiserver |
| apiserver.image.pullPolicy | string | `"IfNotPresent"` | kantaloupe image pull policy |
| apiserver.image.pullSecrets | list | `[]` | Specify docker-registry secret names as an array |
| apiserver.image.registry | string | `"ghcr.io"` | kantaloupe image registry |
| apiserver.image.repository | string | `"dynamia-ai/kantaloupe-apiserver"` | kantaloupe image repository |
| apiserver.image.tag | string | `"v0.13.0"` | kantaloupe image tag (immutable tags are recommended) |
| apiserver.labels | object | `{}` | apiserver labels |
| apiserver.leaderElection.enabled | bool | `true` | Enable apiserver leader election for auth singleton bootstrap when auth.storeBackend=crd |
| apiserver.leaderElection.leaseDuration | string | `"15s"` | Lease duration for apiserver leader election |
| apiserver.leaderElection.renewDeadline | string | `"10s"` | Renew deadline for apiserver leader election |
| apiserver.leaderElection.resourceNamespace | string | `""` | Namespace of the Lease object; empty means use the release namespace |
| apiserver.leaderElection.retryPeriod | string | `"2s"` | Retry period for apiserver leader election |
| apiserver.livenessProbe.enabled | bool | `false` | Enable livenessProbe on apiserver containers |
| apiserver.logLevel | int | `4` | apiserver glog verbosity level (0=minimal, 4=info, 5=debug) |
| apiserver.nodeSelector | object | `{}` | apiserver node labels for pod assignment |
| apiserver.podAnnotations | object | `{}` | apiserver pod annotations |
| apiserver.podLabels | object | `{}` | apiserver pod labels |
| apiserver.prometheusAddr | string | `""` | Prometheus server address for apiserver metrics querying |
| apiserver.readinessProbe.enabled | bool | `false` | Enable readinessProbe on ui containers |
| apiserver.replicaCount | int | `1` | apiserver target replica count |
| apiserver.resources | object | `{}` | apiserver resource requests and limits |
| apiserver.service.nodePort | int | `31800` |  |
| apiserver.service.port | int | `8000` |  |
| apiserver.service.type | string | `"ClusterIP"` |  |
| apiserver.tolerations | object | `{}` | apiserver tolerations for pod assignment |
| auth.apiserverServiceAccountName | string | `""` | ServiceAccount name of the kantaloupe-apiserver, used by the auth assignment admission webhook to validate the requester identity. Defaults to the release fullname. |
| auth.bootstrapAdminEmail | string | `"admin@email.com"` | Bootstrap PlatformAdmin email address |
| auth.bootstrapAdminFullName | string | `"Platform Administrator"` | Bootstrap PlatformAdmin full name (display name) |
| auth.bootstrapAdminPassword | string | `"admin12345"` | Bootstrap admin password (plain text, dev only) |
| auth.bootstrapAdminUsername | string | `"bootstrap-platform-admin"` | Bootstrap PlatformAdmin username |
| auth.crdAuditWindowSize | int | `1000` | Max number of audit CRDs retained by the apiserver write path |
| auth.dbPath | string | `"/data/kantaloupe/auth.db"` | SQLite database path for auth data when `auth.storeBackend=sqlite` |
| auth.dryRun | bool | `false` | Allow requests without enforcing auth; inject bootstrap admin when no valid token is provided |
| auth.enabled | bool | `true` | Enable kantaloupe auth (JWT login, RBAC, audit) |
| auth.existingAuthSecret | string | `""` | Name of an existing K8s Secret with keys "jwt-secret" and "bootstrap-admin-password" (use instead of plain-text values for production) |
| auth.image.pullPolicy | string | `"IfNotPresent"` | db-migrate image pull policy for sqlite backend |
| auth.image.registry | string | `"ghcr.io"` | db-migrate image registry for sqlite backend |
| auth.image.repository | string | `"dynamia-ai/kantaloupe-db-migrate"` | db-migrate image repository for sqlite backend |
| auth.image.tag | string | `"v0.12.0"` | db-migrate image tag for sqlite backend |
| auth.jwtSecret | string | `"your-own-jwt-secret"` | JWT signing secret (plain text, dev only) |
| auth.persistence.enabled | bool | `false` | Enable persistence using PVC for sqlite backend (PV is dynamically provisioned via cluster default StorageClass) |
| auth.persistence.existingClaim | string | `""` | Name of an existing PVC to use for sqlite backend (if set, a new PVC will not be created) |
| auth.persistence.size | string | `"1Gi"` | PVC storage size for sqlite backend |
| auth.persistence.storageClass | string | `""` | PVC storage class for sqlite backend (empty = use cluster default StorageClass for dynamic PV provisioning) |
| auth.storeBackend | string | `"crd"` | Auth store backend. Supported values: `crd`, `sqlite` |
| cloudtty.enabled | bool | `true` |  |
| controlPlaneName | string | `"control-plane"` |  |
| controllerManager.affinity | object | `{}` | controllerManager affinity settings |
| controllerManager.enablePromoteKantaloupeflowController | bool | `false` | Automatically create KantaloupeFlow CRs for existing GPU deployments in member clusters. |
| controllerManager.image.pullPolicy | string | `"IfNotPresent"` | kantaloupe image pull policy |
| controllerManager.image.pullSecrets | list | `[]` | Specify docker-registry secret names as an array |
| controllerManager.image.registry | string | `"ghcr.io"` | kantaloupe image registry |
| controllerManager.image.repository | string | `"dynamia-ai/kantaloupe-controller-manager"` | kantaloupe image repository |
| controllerManager.image.tag | string | `"v0.13.0"` | kantaloupe image tag (immutable tags are recommended) |
| controllerManager.labels | object | `{}` | controllerManager labels |
| controllerManager.livenessProbe.enabled | bool | `false` | Enable livenessProbe on controllerManager containers |
| controllerManager.metricsPort | int | `31001` |  |
| controllerManager.nodeSelector | object | `{}` | controllerManager node labels for pod assignment |
| controllerManager.podAnnotations | object | `{}` | controllerManager pod annotations |
| controllerManager.podLabels | object | `{}` | controllerManager pod labels |
| controllerManager.prometheusAddr | string | `""` | The Prometheus-compatible query endpoint for controller-manager. If empty, uses the default value from Go code. |
| controllerManager.readinessProbe.enabled | bool | `false` | Enable readinessProbe on controllerManager containers |
| controllerManager.replicaCount | int | `1` | controllerManager target replica count |
| controllerManager.resources | object | `{}` | controllerManager resource requests and limits |
| controllerManager.tolerations | object | `{}` | controllerManager tolerations for pod assignment |
| controllerManager.webhook.certDir | string | `"/var/run/kantaloupe/webhook-certs"` |  |
| controllerManager.webhook.certName | string | `"tls.crt"` |  |
| controllerManager.webhook.enabled | bool | `true` |  |
| controllerManager.webhook.keyName | string | `"tls.key"` |  |
| controllerManager.webhook.port | int | `9443` |  |
| controllerManager.webhook.servicePort | int | `443` |  |
| fullnameOverride | string | `"kantaloupe"` | String to fully override the fullname template |
| gateway.apiserverCors | object | `{"allowCredentials":false,"allowHeaders":["authorization","content-type","accept","origin"],"allowMethods":["GET","POST","PUT","PATCH","DELETE","OPTIONS"],"allowOrigins":[],"enabled":false,"exposeHeaders":[],"maxAge":null}` | Optional CORS policy attached only to the apiserver HTTPRoute (`/apis`) |
| gateway.apiserverCors.allowCredentials | bool | `false` | Whether credentialed cross-origin requests are allowed |
| gateway.apiserverCors.allowHeaders | list | `["authorization","content-type","accept","origin"]` | Allowed request headers returned on CORS preflight responses |
| gateway.apiserverCors.allowMethods | list | `["GET","POST","PUT","PATCH","DELETE","OPTIONS"]` | Allowed methods returned on CORS preflight responses |
| gateway.apiserverCors.allowOrigins | list | `[]` | Allowed browser origins for apiserver CORS; required when enabled |
| gateway.apiserverCors.enabled | bool | `false` | Enable Envoy Gateway SecurityPolicy-based CORS on the apiserver route |
| gateway.apiserverCors.exposeHeaders | list | `[]` | Response headers exposed to browser JavaScript |
| gateway.apiserverCors.maxAge | string | `nil` | Optional browser preflight cache max age in seconds |
| gateway.apiserverHostnames | list | `[]` | Dedicated external hostnames for direct apiserver access, separate from gateway.hostnames (the UI/site domain). When non-empty, a dedicated HTTPRoute routes these hosts to the apiserver; they must be covered by the HTTPS listener's TLS certificate. |
| gateway.className | string | `"kantaloupe"` | GatewayClass name |
| gateway.enabled | bool | `true` | Enable Gateway API resources |
| gateway.envoy | object | `{"proxy":{"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"registry":"","repository":"","tag":""}},"service":{"ports":{"http":{"nodePort":30080},"https":{"nodePort":30443}},"type":"NodePort"}}` | Envoy Gateway implementation details |
| gateway.envoy.service | object | `{"ports":{"http":{"nodePort":30080},"https":{"nodePort":30443}},"type":"NodePort"}` | Envoy service configuration |
| gateway.envoy.service.ports.http | object | `{"nodePort":30080}` | HTTP port configuration |
| gateway.envoy.service.ports.http.nodePort | int | `30080` | HTTP NodePort |
| gateway.envoy.service.ports.https | object | `{"nodePort":30443}` | HTTPS port configuration |
| gateway.envoy.service.ports.https.nodePort | int | `30443` | HTTPS NodePort |
| gateway.envoy.service.type | string | `"NodePort"` | Envoy service type (LoadBalancer or NodePort) |
| gateway.hostnames | list | `[]` | External hostnames for the Gateway |
| gateway.ipAddress | string | `""` | Gateway IP address |
| gateway.listeners | list | `[{"name":"http","port":80,"protocol":"HTTP"}]` | Gateway listeners configuration |
| global.imagePullSecrets | list | `[]` | Global Docker image pull secrets |
| global.imageRegistry | string | `""` | Global Docker image registry |
| hamiNamespace | string | `"hami-system"` |  |
| hook.image.pullPolicy | string | `"IfNotPresent"` | CRD hook image pull policy |
| hook.image.pullSecrets | list | `[]` | Specify docker-registry secret names as an array |
| hook.image.registry | string | `""` | CRD hook image registry |
| hook.image.repository | string | `""` | CRD hook image repository |
| hook.image.tag | string | `""` | CRD hook image tag (immutable tags are recommended) |
| installCRDs | bool | `true` | define flag whether to install CRD resources |
| monitoring.enabled | bool | `true` |  |
| monitoring.hamiServiceMonitor.enabled | bool | `true` |  |
| monitoring.namespace | string | `""` | Namespace where monitoring resources (ServiceMonitor, PrometheusRule, ScrapeConfig) are created. Empty means use the release namespace. |
| monitoring.serviceMonitorReleaseLabel | string | `"prometheus"` | The release label added to ServiceMonitor and PrometheusRule resources. Used by vmagent's serviceScrapeSelector to discover scrape targets. |
| monitoring.vendorServiceMonitor.enableAlibabaPPUServicemonitor | bool | `false` | to create alibaba PPU (太初) exporter service monitors (targets Service in kube-system, e.g. ppu-vgpu-monitor) |
| monitoring.vendorServiceMonitor.enableAscendServicemonitor | bool | `false` | to create ascend servicemonitors for ascend exporters in control plane |
| monitoring.vendorServiceMonitor.enableEnflameServicemonitor | bool | `false` | to create enflame (燧原) GCU exporter service monitors (targets Service in kube-system, e.g. gcu-exporter-service) |
| monitoring.vendorServiceMonitor.enableMetaxServicemonitor | bool | `false` | to create metax servicemonitors for metax exporters in control plane |
| monitoring.vendorServiceMonitor.enableNvidiaServicemonitor | bool | `true` | to create nvidia servicemonitors for nvidia exporters in control plane |
| monitoring.vendorServiceMonitor.enabled | bool | `true` | to automatically create servicemonitors for vendor exporters |
| mpu.enabled | bool | `false` |  |
| mpu.image.pullPolicy | string | `"IfNotPresent"` |  |
| mpu.image.pullSecrets | list | `[]` |  |
| mpu.image.registry | string | `"ghcr.io"` |  |
| mpu.image.repository | string | `"dynamia-ai/mpu"` |  |
| mpu.image.tag | string | `"dev-ubuntu24.04"` |  |
| nameOverride | string | `""` | String to partially override the fullname template (will maintain the release name) |
| ui.affinity | object | `{}` | ui affinity settings |
| ui.forceChinese | bool | `false` | Force UI to display Chinese language |
| ui.image.pullPolicy | string | `"IfNotPresent"` | kantaloupe image pull policy |
| ui.image.pullSecrets | list | `[]` | Specify docker-registry secret names as an array |
| ui.image.registry | string | `"ghcr.io"` | kantaloupe image registry |
| ui.image.repository | string | `"dynamia-ai/kantaloupe-ui"` | kantaloupe image repository |
| ui.image.tag | string | `"v0.10.0"` | kantaloupe image tag (immutable tags are recommended) |
| ui.labels | object | `{}` | ui labels |
| ui.livenessProbe.enabled | bool | `false` | Enable livenessProbe on ui containers |
| ui.nodeSelector | object | `{}` | ui node labels for pod assignment |
| ui.podAnnotations | object | `{}` | ui pod annotations |
| ui.podLabels | object | `{}` | ui pod labels |
| ui.readinessProbe.enabled | bool | `false` | Enable readinessProbe on ui containers |
| ui.replicaCount | int | `1` | ui target replica count |
| ui.resources | object | `{}` | ui resource requests and limits |
| ui.service.nodePort | int | `31300` |  |
| ui.service.port | int | `80` |  |
| ui.service.type | string | `"ClusterIP"` |  |
| ui.tolerations | object | `{}` | ui tolerations for pod assignment |