Helm Values Reference
This document covers all configuration options for the Omnia Helm chart.
Installation
Section titled “Installation”helm install omnia oci://ghcr.io/altairalabs/omnia \ --namespace omnia-system \ --create-namespace \ -f values.yamlOperator Configuration
Section titled “Operator Configuration”Basic Settings
Section titled “Basic Settings”replicaCount: 1
image: repository: ghcr.io/altairalabs/omnia pullPolicy: IfNotPresent tag: "" # Defaults to Chart appVersion
imagePullSecrets: []nameOverride: ""fullnameOverride: ""Service Account
Section titled “Service Account”serviceAccount: create: true annotations: {} name: "" # Generated if not setPod Configuration
Section titled “Pod Configuration”podAnnotations: {}
podSecurityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault
securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALLResources
Section titled “Resources”resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64MiScheduling
Section titled “Scheduling”nodeSelector: {}tolerations: []affinity: {}Leader Election
Section titled “Leader Election”leaderElection: enabled: true # Enable for HA deploymentsHealth Probes
Section titled “Health Probes”probes: port: 8081 liveness: initialDelaySeconds: 15 periodSeconds: 20 readiness: initialDelaySeconds: 5 periodSeconds: 10Metrics
Section titled “Metrics”metrics: enabled: false port: 8443 secure: trueWebhooks
Section titled “Webhooks”webhook: enabled: false port: 9443rbac: create: truecrds: install: trueAgent Configuration
Section titled “Agent Configuration”agent: image: repository: ghcr.io/altairalabs/omnia-agent tag: "" # Defaults to Chart appVersionObservability Stack
Section titled “Observability Stack”All observability components are optional and disabled by default.
Prometheus
Section titled “Prometheus”prometheus: enabled: true server: persistentVolume: enabled: false # Enable for production size: 50Gi prefixURL: /prometheus baseURL: /prometheus resources: requests: cpu: 500m memory: 512Mi alertmanager: enabled: false prometheus-pushgateway: enabled: false prometheus-node-exporter: enabled: false kube-state-metrics: enabled: falseGrafana
Section titled “Grafana”grafana: enabled: true adminPassword: admin # Change in production! grafana.ini: server: root_url: "%(protocol)s://%(domain)s:%(http_port)s/grafana/" serve_from_sub_path: true sidecar: dashboards: enabled: true label: grafana_dashboard searchNamespace: ALL datasources: enabled: true label: grafana_datasource searchNamespace: ALL service: type: ClusterIP resources: requests: cpu: 100m memory: 128Miloki: enabled: true deploymentMode: SingleBinary loki: auth_enabled: false useTestSchema: true storage: type: filesystem commonConfig: replication_factor: 1 singleBinary: replicas: 1 persistence: enabled: true size: 10Gi backend: replicas: 0 read: replicas: 0 write: replicas: 0 gateway: enabled: false chunksCache: enabled: false resultsCache: enabled: falsealloy: enabled: true alloy: configMap: content: | // Kubernetes pod discovery and log collection // See values.yaml for full configurationtempo: enabled: true tempo: reportingEnabled: false tempoQuery: enabled: false persistence: enabled: false # Enable for production size: 10GiGateway API
Section titled “Gateway API”External Gateway
Section titled “External Gateway”For exposing agents externally:
gateway: enabled: true name: agents className: istio listeners: http: port: 80 protocol: HTTP https: enabled: false port: 443 protocol: HTTPS tlsSecretName: ""Internal Gateway
Section titled “Internal Gateway”For observability tools:
internalGateway: enabled: true name: internal className: istio port: 8080 grafana: enabled: true path: /grafana prometheus: enabled: true path: /prometheusIstio Integration
Section titled “Istio Integration”istio: enabled: false tempoService: omnia-tempo.omnia-system.svc.cluster.local tempoPort: 4317Authentication
Section titled “Authentication”JWT-based authentication using Istio RequestAuthentication:
authentication: enabled: false jwt: issuer: "" # e.g., https://your-tenant.auth0.com/ jwksUri: "" # Defaults to {issuer}/.well-known/jwks.json audiences: [] forwardOriginalToken: true outputClaimToHeaders: [] # - header: x-user-id # claim: sub authorization: requiredClaims: [] # - claim: "scope" # values: ["agents:access"] excludePaths: - /healthz - /readyzAdvanced autoscaling with scale-to-zero support:
keda: enabled: false operator: watchNamespace: "" # Empty = all namespaces prometheus: serverAddress: "http://omnia-prometheus-server.omnia-system.svc.cluster.local"Example Configurations
Section titled “Example Configurations”Minimal (Development)
Section titled “Minimal (Development)”prometheus: enabled: truegrafana: enabled: trueProduction
Section titled “Production”replicaCount: 2
resources: limits: cpu: 1000m memory: 256Mi requests: cpu: 100m memory: 128Mi
leaderElection: enabled: true
prometheus: enabled: true server: persistentVolume: enabled: true size: 100Gi
grafana: enabled: true adminPassword: "" # Use existingSecret instead admin: existingSecret: grafana-admin userKey: admin-user passwordKey: admin-password
loki: enabled: true singleBinary: persistence: enabled: true size: 50Gi
tempo: enabled: true persistence: enabled: true size: 20Gi
gateway: enabled: true listeners: https: enabled: true tlsSecretName: agents-tls
istio: enabled: true
authentication: enabled: true jwt: issuer: "https://auth.example.com" audiences: - "agents-api"
keda: enabled: trueObservability Only
Section titled “Observability Only”Use existing agent deployments with just observability:
prometheus: enabled: truegrafana: enabled: trueloki: enabled: truealloy: enabled: truetempo: enabled: true
gateway: enabled: false
authentication: enabled: false
keda: enabled: false