Version: v0.9.x

Data Plane

Dependencies

This chart depends on the following sub-charts. For full configuration options of each dependency, please refer to their official documentation.

Name	Version	Repository	Condition
external-secrets	0.19.2	https://charts.external-secrets.io	`external-secrets.enabled`
kgateway-crds	v2.1.1	oci://cr.kgateway.dev/kgateway-dev/charts	`gateway.enabled`
kgateway	v2.1.1	oci://cr.kgateway.dev/kgateway-dev/charts	`gateway.enabled`
kube-prometheus-stack	78.3.0	https://prometheus-community.github.io/helm-charts	`kube-prometheus-stack.enabled`
opentelemetry-collector	0.140.0	https://open-telemetry.github.io/opentelemetry-helm-charts	`opentelemetry-collector.enabled`
gateway-operator	0.1.0	oci://ghcr.io/wso2/api-platform/helm-charts	`api-platform.enabled`

Api Platform

For full configuration options, please refer to the official chart documentation.

WSO2 API Platform configuration for advanced API management capabilities

Parameter	Description	Type	Default
`api-platform.enabled`	Enable WSO2 API Platform gateway operator	`boolean`	`false`
`api-platform.gateway.helm.chartName`	OCI chart reference for the API Platform gateway	`string`	`oci://ghcr.io/wso2/api-platform/helm-charts/gateway`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.AllowedAlgorithms`	Allowed JWT signing algorithms	`array`	`["RS256","ES256"]`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.AuthHeaderScheme`	Authorization header scheme prefix	`string`	`Bearer`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.ErrorMessage`	Error message returned on authentication failure	`string`	`Authentication failed.`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.ErrorMessageFormat`	Format for error messages	`object`	`json`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.HeaderName`	HTTP header name for JWT token	`string`	`Authorization`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.JwksCacheTtl`	Cache TTL for JWKS keys	`string`	`5m`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.JwksFetchRetryCount`	Number of retry attempts for JWKS fetch	`integer`	`3`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.JwksFetchRetryInterval`	Interval between JWKS fetch retries	`string`	`2s`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.JwksFetchTimeout`	Timeout for fetching JWKS	`string`	`5s`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.KeyManagers`	List of key managers for JWT validation	`array`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.Leeway`	Clock skew tolerance for JWT validation	`string`	`30s`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.OnFailureStatusCode`	HTTP status code returned on authentication failure	`integer`	`401`
`api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.ValidateIssuer`	Validate the JWT issuer claim	`boolean`	`true`

Cluster Agent

Cluster Agent configuration for WebSocket connection to control plane cluster gateway

Parameter	Description	Type	Default
`clusterAgent.affinity`	Affinity rules for pod scheduling	`object`	`{}`
`clusterAgent.dnsRewrite.enabled`	Enable CoreDNS rewrite of *.openchoreo.localhost to host.k3d.internal	`boolean`	`false`
`clusterAgent.enabled`	Enable the cluster agent deployment	`boolean`	`true`
`clusterAgent.heartbeatInterval`	Interval between heartbeat messages to control plane	`string`	`30s`
`clusterAgent.image.pullPolicy`	Image pull policy	`object`	`IfNotPresent`
`clusterAgent.image.repository`	Cluster agent image repository	`string`	`ghcr.io/openchoreo/cluster-agent`
`clusterAgent.image.tag`	Image tag. Empty uses Chart.AppVersion.	`string`
`clusterAgent.logLevel`	Log level for cluster agent	`object`	`info`
`clusterAgent.name`	Name of the cluster agent deployment	`string`	`cluster-agent-dataplane`
`clusterAgent.nodeSelector`	Node selector for pod scheduling	`object`	`{}`
`clusterAgent.planeID`	Logical plane identifier shared across multiple CRs connecting to the same physical plane. Defaults to Helm release name if not specified.	`string`	`default-dataplane`
`clusterAgent.planeType`	Type of plane this agent manages	`object`	`dataplane`
`clusterAgent.podAnnotations`	Annotations to add to cluster agent pods	`object`	`{}`
`clusterAgent.podSecurityContext.fsGroup`	Group ID for volume mounts	`integer`	`1000`
`clusterAgent.podSecurityContext.runAsNonRoot`	Run container as non-root user	`boolean`	`true`
`clusterAgent.podSecurityContext.runAsUser`	User ID to run container as	`integer`	`1000`
`clusterAgent.priorityClass.create`	Create a PriorityClass for cluster agent	`boolean`	`false`
`clusterAgent.priorityClass.name`	PriorityClass name	`string`	`cluster-agent-dataplane`
`clusterAgent.priorityClass.value`	Priority value (higher = more important)	`integer`	`900000`
`clusterAgent.rbac.create`	Create RBAC resources (ClusterRole, ClusterRoleBinding)	`boolean`	`true`
`clusterAgent.reconnectDelay`	Delay before attempting reconnection after disconnect	`string`	`5s`
`clusterAgent.replicas`	Number of cluster agent replicas (typically 1 per data plane)	`integer`	`1`
`clusterAgent.resources.limits.cpu`	CPU limit for the agent	`string`	`100m`
`clusterAgent.resources.limits.memory`	Memory limit for the agent	`string`	`256Mi`
`clusterAgent.resources.requests.cpu`	CPU request for the agent	`string`	`50m`
`clusterAgent.resources.requests.memory`	Memory request for the agent	`string`	`128Mi`
`clusterAgent.securityContext.allowPrivilegeEscalation`	Prevent privilege escalation	`boolean`	`false`
`clusterAgent.securityContext.capabilities.drop`	Capabilities to drop from container	`array`	`["ALL"]`
`clusterAgent.securityContext.readOnlyRootFilesystem`	Mount root filesystem as read-only	`boolean`	`true`
`clusterAgent.serverCANamespace`	Namespace where cluster-gateway CA exists (control plane namespace)	`string`	`openchoreo-control-plane`
`clusterAgent.serverUrl`	WebSocket URL of the cluster gateway in control plane	`string`	`wss://cluster-gateway.openchoreo-control-plane.svc.cluster.local:8443/ws`
`clusterAgent.serviceAccount.annotations`	Annotations to add to the service account	`object`	`{}`
`clusterAgent.serviceAccount.create`	Create a service account for the cluster agent	`boolean`	`true`
`clusterAgent.serviceAccount.name`	Service account name	`string`	`cluster-agent-dataplane`
`clusterAgent.tls.caSecretName`	CA secret name for signing agent client certificates. If empty, self-signed certs will be generated (required for multi-cluster setup).	`string`	`cluster-gateway-ca`
`clusterAgent.tls.caSecretNamespace`	Namespace where the CA secret exists. If empty, self-signed certs will be generated (required for multi-cluster setup).	`string`	`openchoreo-control-plane`
`clusterAgent.tls.caValue`	Inline CA certificate in PEM format (for multi-cluster setup). Takes precedence over caSecretName/caSecretNamespace.	`string`
`clusterAgent.tls.clientSecretName`	Secret name for client certificate (typically same as secretName)	`string`	`cluster-agent-tls`
`clusterAgent.tls.duration`	Certificate validity duration	`string`	`2160h`
`clusterAgent.tls.enabled`	Enable TLS for agent-gateway communication	`boolean`	`true`
`clusterAgent.tls.generateCerts`	Generate client certificates locally using cert-manager (for multi-cluster setups where data plane is in different cluster)	`boolean`	`false`
`clusterAgent.tls.renewBefore`	Time before expiry to renew certificate	`string`	`360h`
`clusterAgent.tls.secretName`	Secret name for client certificate and key	`string`	`cluster-agent-tls`
`clusterAgent.tls.serverCAConfigMap`	ConfigMap name containing server CA certificate for verifying gateway	`string`	`cluster-gateway-ca`
`clusterAgent.tls.serverCAValue`	Inline server CA certificate in PEM format (for multi-cluster setup). Takes precedence over copying from control plane.	`string`
`clusterAgent.tolerations`	Tolerations for pod scheduling	`array`	`[]`

External Secrets

For full configuration options, please refer to the official chart documentation.

External Secrets Operator configuration for syncing secrets from external secret stores (Vault, AWS Secrets Manager, etc.)

Parameter	Description	Type	Default
`external-secrets.enabled`	Enable External Secrets Operator for production secret management	`boolean`	`false`
`external-secrets.fullnameOverride`	Override the full name of External Secrets resources	`string`	`external-secrets`
`external-secrets.nameOverride`	Override the name of External Secrets resources	`string`	`external-secrets`

Fake Secret Store

Fake Secret Store for development and testing. Replace with a real ClusterSecretStore in production.

Parameter	Description	Type	Default
`fakeSecretStore.enabled`	Enable the fake secret store (development only - disable in production)	`boolean`	`true`
`fakeSecretStore.name`	Name of the fake ClusterSecretStore resource	`string`	`default`
`fakeSecretStore.secrets`	List of fake secrets for development testing	`array`

Fluent Bit

Fluent Bit log collector configuration for forwarding container logs to OpenSearch

Parameter	Description	Type	Default
`fluentBit.config.filter.k8sLoggingExclude`	Respect Kubernetes logging exclude annotations	`boolean`	`false`
`fluentBit.config.filter.k8sLoggingParser`	Use Kubernetes logging parser annotations	`boolean`	`true`
`fluentBit.config.filter.kubeCAFile`	Path to Kubernetes CA certificate file	`string`	`/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`
`fluentBit.config.filter.kubeTagPrefix`	Tag prefix for Kubernetes metadata enrichment	`string`	`kube.var.log.containers.`
`fluentBit.config.filter.kubeTokenFile`	Path to Kubernetes service account token file	`string`	`/var/run/secrets/kubernetes.io/serviceaccount/token`
`fluentBit.config.filter.kubeURL`	Kubernetes API server URL	`string`	`https://kubernetes.default.svc:443`
`fluentBit.config.filter.match`	Tag pattern to match for filtering	`string`	`kube.*`
`fluentBit.config.filter.mergeLog`	Merge log content into the main record	`boolean`	`true`
`fluentBit.config.filter.mergeLogKey`	Key name for merged log content	`string`	`log_processed`
`fluentBit.config.filter.name`	Filter plugin name	`string`	`kubernetes`
`fluentBit.config.input.db`	Database file path for tracking read positions	`string`	`/var/log/flb_kube.db`
`fluentBit.config.input.excludePath`	Glob pattern for log files to exclude from collection	`string`	`/var/log/containers/opensearch_openchoreo-observability-plane_.log,/var/log/containers/fluent-bit_openchoreo-data-plane_.log`
`fluentBit.config.input.inotifyWatcher`	Use inotify for file watching (disable on some systems)	`boolean`	`false`
`fluentBit.config.input.memBufLimit`	Memory buffer limit before backpressure	`string`	`256MB`
`fluentBit.config.input.name`	Input plugin name (tail for file-based log collection)	`string`	`tail`
`fluentBit.config.input.parser`	Parser to use for log entries	`string`	`docker`
`fluentBit.config.input.path`	Glob pattern for container log files to collect	`string`	`/var/log/containers/_openchoreo-_.log,/var/log/containers/_dp-_.log,/var/log/containers/_openchoreo-ci-_*.log`
`fluentBit.config.input.refreshInterval`	File refresh interval in seconds	`integer`	`10`
`fluentBit.config.input.skipLongLines`	Skip lines longer than buffer limit	`boolean`	`true`
`fluentBit.config.input.tag`	Tag pattern for collected logs	`string`	`kube.*`
`fluentBit.config.opensearch.authentication.basicauth.password`	OpenSearch password	`string`	`ThisIsTheOpenSearchPassword1`
`fluentBit.config.opensearch.authentication.basicauth.username`	OpenSearch username	`string`	`admin`
`fluentBit.config.opensearch.host`	OpenSearch host address	`string`	`opensearch.openchoreo-observability-plane.svc.cluster.local`
`fluentBit.config.opensearch.port`	OpenSearch port	`string`	`9200`
`fluentBit.config.opensearch.tls`	Enable TLS for OpenSearch connection	`boolean`	`true`
`fluentBit.config.opensearch.tlsVerify`	Verify TLS certificate (disable for self-signed certs)	`boolean`	`false`
`fluentBit.config.output.logstashFormat`	Use Logstash-compatible index format	`boolean`	`true`
`fluentBit.config.output.logstashPrefix`	Index prefix for Logstash format	`string`	`container-logs`
`fluentBit.config.output.match`	Tag pattern to match for output	`string`	`kube.*`
`fluentBit.config.output.name`	Output plugin name	`string`	`opensearch`
`fluentBit.config.output.suppressTypeName`	Suppress type name in output (OpenSearch 2.x compatibility)	`boolean`	`true`
`fluentBit.config.output.timeKey`	Field name for timestamp in output records	`string`	`@timestamp`
`fluentBit.config.output.traceError`	Enable trace-level error logging for debugging	`boolean`	`true`
`fluentBit.config.output.type`	Type field value in output records	`string`	`flb_type`
`fluentBit.config.parser.format`	Log format type	`string`	`json`
`fluentBit.config.parser.name`	Parser name	`string`	`docker`
`fluentBit.config.parser.timeFormat`	strptime format string for parsing timestamps	`string`	`%Y-%m-%dT%H:%M:%S.%L`
`fluentBit.config.parser.timeKeep`	Keep the original time field in output	`boolean`	`true`
`fluentBit.config.parser.timeKey`	Field name containing timestamp	`string`	`time`
`fluentBit.config.service.daemon`	Run Fluent Bit as a daemon (background process)	`object`	`off`
`fluentBit.config.service.flush`	Flush interval in seconds for output plugins	`integer`	`1`
`fluentBit.config.service.logLevel`	Log level for Fluent Bit service	`object`	`info`
`fluentBit.enabled`	Enable Fluent Bit DaemonSet for log collection	`boolean`	`true`
`fluentBit.hostPaths.dockerContainers`	Host path to Docker containers directory	`string`	`/var/lib/docker/containers`
`fluentBit.hostPaths.varLog`	Host path to /var/log directory	`string`	`/var/log`
`fluentBit.image.pullPolicy`	Image pull policy	`object`	`IfNotPresent`
`fluentBit.image.repository`	Fluent Bit image repository	`string`	`fluent/fluent-bit`
`fluentBit.image.tag`	Fluent Bit image tag	`string`	`2.1.10`
`fluentBit.rbac.create`	Create RBAC resources (ClusterRole, ClusterRoleBinding)	`boolean`	`true`
`fluentBit.rbac.serviceAccountName`	Service account name for Fluent Bit pods	`string`	`fluent-bit`

Gateway

For full configuration options, please refer to the official chart documentation.

KGateway API gateway configuration. Provides HTTP/HTTPS traffic routing using Kubernetes Gateway API and Envoy proxy.

Parameter	Description	Type	Default
`gateway.agentgateway.enabled`	Enable Agent Gateway for AI agent connectivity	`boolean`	`false`
`gateway.controller.image.pullPolicy`	Image pull policy for the controller container	`object`	`IfNotPresent`
`gateway.controller.image.registry`	Container registry for the controller image. Empty uses default registry.	`string`
`gateway.controller.image.repository`	Image repository name for the gateway controller	`string`	`kgateway`
`gateway.controller.image.tag`	Image tag. Empty uses Chart.AppVersion.	`string`
`gateway.controller.logLevel`	Log level for the gateway controller	`object`	`info`
`gateway.controller.replicaCount`	Number of gateway controller replicas	`integer`	`1`
`gateway.controller.resources.limits.cpu`	CPU limit for the controller	`string`	`200m`
`gateway.controller.resources.limits.memory`	Memory limit for the controller	`string`	`256Mi`
`gateway.controller.resources.requests.cpu`	CPU request for the controller	`string`	`100m`
`gateway.controller.resources.requests.memory`	Memory request for the controller	`string`	`128Mi`
`gateway.controller.service.ports.agwGrpc`	Agent gateway gRPC port	`integer`	`9978`
`gateway.controller.service.ports.grpc`	gRPC port for xDS communication	`integer`	`9977`
`gateway.controller.service.ports.health`	Health check endpoint port	`integer`	`9093`
`gateway.controller.service.ports.metrics`	Metrics endpoint port	`integer`	`9092`
`gateway.controller.service.type`	Service type for the gateway controller	`object`	`ClusterIP`
`gateway.enabled`	Enable KGateway installation (controls both kgateway and kgateway-crds sub-charts)	`boolean`	`true`
`gateway.envoy.enabled`	Enable Envoy proxy for traffic routing	`boolean`	`true`
`gateway.envoy.mountTmpVolume`	Mount /tmp as emptyDir volume to fix Envoy temporary file creation issues on macOS with Docker Desktop/Colima	`boolean`	`false`
`gateway.httpPort`	Port for the HTTP listener on the gateway	`integer`	`9080`
`gateway.httpsPort`	Port for the HTTPS listener on the gateway	`integer`	`9443`
`gateway.image.pullPolicy`	Image pull policy for gateway containers	`object`	`IfNotPresent`
`gateway.image.registry`	Container registry for gateway images	`string`	`cr.kgateway.dev/kgateway-dev`
`gateway.image.tag`	Image tag. Empty uses Chart.AppVersion.	`string`
`gateway.tls.certName`	Kubernetes Secret name for storing the TLS certificate	`string`	`openchoreo-gateway-tls`
`gateway.tls.clusterIssuer`	Cert-manager ClusterIssuer name for certificate generation. Defaults to openchoreo-selfsigned-issuer if empty.	`string`
`gateway.tls.hostname`	Hostname pattern for the HTTPS listener certificate	`string`	`*.openchoreoapis.localhost`

Global

Global values shared across all components in the data plane

Parameter	Description	Type	Default
`global.commonLabels`	Common labels applied to all resources deployed by this chart	`object`	`{}`

Kgateway Crds

For full configuration options, please refer to the official chart documentation.

KGateway CRDs subchart configuration (values passed through to kgateway-crds)

Parameter	Description	Type	Default
`kgateway-crds`	KGateway CRDs subchart configuration (values passed through to kgateway-crds)	`object`

Kube Prometheus Stack

For full configuration options, please refer to the official chart documentation.

Prometheus stack configuration (kube-prometheus-stack sub-chart). Provides metrics collection for workload observability.

Parameter	Description	Type	Default
`kube-prometheus-stack.alertmanager.enabled`	Enable Alertmanager for alert management (not used by OpenChoreo)	`boolean`	`false`
`kube-prometheus-stack.cleanPrometheusOperatorObjectNames`	Produce cleaner resource names without redundant prefixes	`boolean`	`true`
`kube-prometheus-stack.coreDns.enabled`	Enable CoreDNS metrics collection	`boolean`	`false`
`kube-prometheus-stack.crds.enabled`	Install Prometheus Operator CRDs (ServiceMonitor, PodMonitor, etc.)	`boolean`	`true`
`kube-prometheus-stack.defaultRules.create`	Create default alerting rules (disabled - OpenChoreo uses custom rules)	`boolean`	`false`
`kube-prometheus-stack.enabled`	Enable the Prometheus monitoring stack for metrics collection	`boolean`	`false`
`kube-prometheus-stack.fullnameOverride`	Override the full name of Prometheus stack resources	`string`	`openchoreo-observability`
`kube-prometheus-stack.grafana.enabled`	Enable Grafana dashboards (not used by OpenChoreo - use observability plane instead)	`boolean`	`false`
`kube-prometheus-stack.kube-state-metrics.collectors`	Kubernetes resource types to collect metrics from	`array`	`["pods"]`
`kube-prometheus-stack.kube-state-metrics.fullnameOverride`	Override the full name of kube-state-metrics resources	`string`	`kube-state-metrics`
`kube-prometheus-stack.kube-state-metrics.metricAllowlist`	Specific metrics to collect (allowlist filter)	`array`
`kube-prometheus-stack.kube-state-metrics.metricLabelsAllowlist`	Pod labels to include in metrics for filtering by OpenChoreo resources	`array`
`kube-prometheus-stack.kubeApiServer.enabled`	Enable API server metrics collection	`boolean`	`false`
`kube-prometheus-stack.kubeControllerManager.enabled`	Enable controller manager metrics collection	`boolean`	`false`
`kube-prometheus-stack.kubeEtcd.enabled`	Enable etcd metrics collection	`boolean`	`false`
`kube-prometheus-stack.kubeProxy.enabled`	Enable kube-proxy metrics collection	`boolean`	`false`
`kube-prometheus-stack.kubeScheduler.enabled`	Enable scheduler metrics collection	`boolean`	`false`
`kube-prometheus-stack.nodeExporter.enabled`	Enable node-level metrics collection	`boolean`	`false`
`kube-prometheus-stack.prometheus.agentMode`	Run Prometheus in agent mode for lightweight remote-write only operation	`boolean`	`true`
`kube-prometheus-stack.prometheus.enabled`	Deploy a Prometheus instance (requires Prometheus Operator)	`boolean`	`true`
`kube-prometheus-stack.prometheus.prometheusSpec.remoteWrite`	Remote write endpoints for forwarding metrics to external storage	`array`
`kube-prometheus-stack.prometheusOperator.enabled`	Enable Prometheus Operator for managing Prometheus instances	`boolean`	`true`
`kube-prometheus-stack.prometheusOperator.fullnameOverride`	Override the full name of Prometheus Operator resources	`string`	`prometheus-operator`
`kube-prometheus-stack.prometheusOperator.resources.limits.cpu`	CPU limit for Prometheus Operator	`string`	`40m`
`kube-prometheus-stack.prometheusOperator.resources.limits.memory`	Memory limit for Prometheus Operator	`string`	`50Mi`
`kube-prometheus-stack.prometheusOperator.resources.requests.cpu`	CPU request for Prometheus Operator	`string`	`20m`
`kube-prometheus-stack.prometheusOperator.resources.requests.memory`	Memory request for Prometheus Operator	`string`	`30Mi`

Kubernetes Cluster Domain

Kubernetes cluster DNS domain used for service discovery and certificate generation

Parameter	Description	Type	Default
`kubernetesClusterDomain`	Kubernetes cluster DNS domain used for service discovery and certificate generation	`string`	`cluster.local`

Networking

Network configuration for the data plane

Parameter	Description	Type	Default
`networking.enabled`	Enable networking features (network policies, service mesh integration)	`boolean`	`true`

Observability

Observability configuration controlling metrics, logging, and tracing collection

Parameter	Description	Type	Default
`observability.enabled`	Master switch for all observability features	`boolean`	`true`
`observability.logging.enabled`	Enable log collection. Set to true after observability plane is installed.	`boolean`	`false`
`observability.logging.publishers.fluentbit.enabled`	Enable Fluent Bit as the log publisher	`boolean`	`true`
`observability.metrics.enabled`	Enable metrics collection. Set to true after observability plane is installed.	`boolean`	`false`
`observability.observabilityPlaneUrl`	URL of the observability plane for sending telemetry data (OTLP endpoint)	`string`

Opentelemetry Collector

For full configuration options, please refer to the official chart documentation.

OpenTelemetry Collector configuration for trace and metrics collection

Parameter	Description	Type	Default
`opentelemetry-collector.clusterRole.create`	Create ClusterRole for OpenTelemetry Collector	`boolean`	`true`
`opentelemetry-collector.clusterRole.rules`	RBAC rules for accessing Kubernetes API resources	`array`
`opentelemetry-collector.configMap.create`	Create a new ConfigMap (false to use existing)	`boolean`	`false`
`opentelemetry-collector.configMap.existingName`	Name of existing ConfigMap containing collector configuration	`string`	`opentelemetry-collector-config`
`opentelemetry-collector.enabled`	Enable OpenTelemetry Collector deployment	`boolean`	`false`
`opentelemetry-collector.fullnameOverride`	Override the full name of OpenTelemetry Collector resources	`string`	`opentelemetry-collector`
`opentelemetry-collector.image.repository`	OpenTelemetry Collector image repository (contrib version includes extra receivers/exporters)	`string`	`otel/opentelemetry-collector-contrib`
`opentelemetry-collector.mode`	Deployment mode for the collector	`object`	`deployment`
`opentelemetry-collector.resources.limits.cpu`	CPU limit for the collector	`string`	`100m`
`opentelemetry-collector.resources.limits.memory`	Memory limit for the collector	`string`	`200Mi`
`opentelemetry-collector.resources.requests.cpu`	CPU request for the collector	`string`	`50m`
`opentelemetry-collector.resources.requests.memory`	Memory request for the collector	`string`	`100Mi`

Registry

[DEPRECATED] Container registry configuration. Registry has been moved to Build Plane.

Parameter	Description	Type	Default
`registry.enabled`	[DEPRECATED] Enable the container registry. Use Build Plane registry instead.	`boolean`	`false`
`registry.resources.limits.cpu`	CPU limit for the registry	`string`	`100m`
`registry.resources.limits.memory`	Memory limit for the registry	`string`	`256Mi`
`registry.resources.requests.cpu`	CPU request for the registry	`string`	`50m`
`registry.resources.requests.memory`	Memory request for the registry	`string`	`128Mi`
`registry.service.nodePort`	NodePort for external access to the registry	`integer`	`30003`
`registry.storage.size`	Size of the persistent volume for storing container images	`string`	`2Gi`

Security

Security configuration for the data plane

Parameter	Description	Type	Default
`security.enabled`	Enable security features (certificate issuers, TLS configuration)	`boolean`	`true`

Wait Job

Wait job configuration for post-install Helm hooks that wait for resources

Parameter	Description	Type	Default
`waitJob.image`	Container image for kubectl-based wait jobs used in Helm hooks	`string`	`bitnamilegacy/kubectl:1.32.4`

Dependencies​

Api Platform​

Cluster Agent​

External Secrets​

Fake Secret Store​

Fluent Bit​

Gateway​

Global​

Kgateway Crds​

Kube Prometheus Stack​

Kubernetes Cluster Domain​

Networking​

Observability​

Opentelemetry Collector​

Registry​

Security​

Wait Job​

Dependencies

Api Platform

Cluster Agent

External Secrets

Fake Secret Store

Fluent Bit

Gateway

Global

Kgateway Crds

Kube Prometheus Stack

Kubernetes Cluster Domain

Networking

Observability

Opentelemetry Collector

Registry

Security

Wait Job