Skip to main content

Helm Chart Reference

Complete reference for configuring the PDB Operator Helm chart.

Install

helm install pdb-operator oci://ghcr.io/pdb-operator/charts/pdb-operator \
  --namespace pdb-operator-system \
  --create-namespace

Controller

ParameterDefaultDescription
controller.maxConcurrentReconciles5Maximum concurrent reconciliation loops
controller.watchNamespace""Namespace to watch (empty = all namespaces)
controller.syncPeriod"10h"Full cache resync period
controller.logLevel"info"Log level: debug, info, error

Cache

ParameterDefaultDescription
cache.policyCacheTTL"5m"Time-to-live for cached policies
cache.policyCacheSize100Maximum number of cached policies
cache.maintenanceWindowCacheTTL"1m"TTL for maintenance window evaluations

Retry

ParameterDefaultDescription
retry.maxAttempts5Maximum retry attempts
retry.initialDelay"100ms"Initial backoff delay
retry.maxDelay"30s"Maximum backoff delay
retry.backoffFactor2.0Exponential backoff multiplier

Webhooks

ParameterDefaultDescription
webhooks.enabledtrueEnable admission webhooks
webhooks.port443Webhook service port
webhooks.targetPort9443Webhook container port
webhooks.failurePolicyFailWebhook failure policy
webhooks.timeoutSeconds10Webhook timeout

cert-manager

ParameterDefaultDescription
certManager.enabledtrueUse cert-manager for webhook TLS
certManager.selfSignedtrueCreate a self-signed Issuer
certManager.issuerKindIssuerIssuer or ClusterIssuer
certManager.issuerName""External issuer name (when not self-signed)

Metrics

ParameterDefaultDescription
metrics.bindAddress":8443"Metrics bind address
metrics.securetrueServe metrics over HTTPS
metrics.service.enabledtrueCreate metrics Service
metrics.service.port8443Metrics service port

Tracing

ParameterDefaultDescription
tracing.enabledtrueEnable OpenTelemetry tracing
tracing.endpoint""OTLP collector endpoint
tracing.sampleRateTrace sampling rate (0.0-1.0)

High Availability

ParameterDefaultDescription
replicaCount2Operator replicas
leaderElection.enabledtrueEnable leader election
autoscaling.enabledtrueEnable HPA
autoscaling.minReplicas2Minimum replicas
autoscaling.maxReplicas4Maximum replicas
autoscaling.targetCPUUtilizationPercentage80CPU target
autoscaling.targetMemoryUtilizationPercentage80Memory target
podDisruptionBudget.enabledtruePDB for operator pods
podDisruptionBudget.minAvailable1Min available operator pods

Observability

ParameterDefaultDescription
serviceMonitor.enabledfalseCreate Prometheus ServiceMonitor
serviceMonitor.intervalScrape interval
serviceMonitor.scrapeTimeoutScrape timeout
prometheusRule.enabledfalseCreate PrometheusRule with alerting rules
prometheusRule.rules[]Custom alert rules (uses built-in when empty)

Security

ParameterDefaultDescription
podSecurityContext.runAsNonRoottrueRun as non-root
securityContext.allowPrivilegeEscalationfalseNo privilege escalation
securityContext.readOnlyRootFilesystemtrueRead-only root filesystem
securityContext.capabilities.drop["ALL"]Drop all capabilities
networkPolicy.enabledfalseCreate NetworkPolicy for metrics
http2.enabledfalseEnable HTTP/2 (disabled for CVE mitigation)
crdRoles.enabledtrueCreate admin/editor/viewer ClusterRoles for PDBPolicy

Resources

ParameterDefaultDescription
resources.limits.cpu500mCPU limit
resources.limits.memory512MiMemory limit
resources.requests.cpu100mCPU request
resources.requests.memory256MiMemory request

Scheduling

ParameterDefaultDescription
nodeSelector{}Node selector
tolerations[]Tolerations
affinity{}Affinity rules
topologySpreadConstraints[]Topology spread constraints
priorityClassName""Priority class name

Extension Points

ParameterDefaultDescription
extraEnv[]Additional environment variables
extraVolumes[]Additional volumes
extraVolumeMounts[]Additional volume mounts
commonLabels{}Labels applied to all resources
podAnnotationsAdditional pod annotations
podLabels{}Additional pod labels