Helm values

Values for the oci://ghcr.io/loopholelabs/architect-chart chart. The console install flow sets the required ones for you. Run helm show values oci://ghcr.io/loopholelabs/architect-chart to print the live defaults.

Required

ValueTypeDefaultDescription
clusterNamestring""Identifier for this cluster in the console. Must be set.

Authentication

Provide the token inline with machineToken, or reference a Secret that holds it with secretRef. Prefer secretRef for any non-interactive or GitOps install: --set machineToken writes the token into your shell history and into the stored Helm release values (helm get values), whereas a referenced Secret keeps it out of both (and works with External Secrets, Sealed Secrets, and similar).

ValueTypeDefaultDescription
machineTokenstring""Install token, set inline. Mutually exclusive with secretRef.
secretRefstring""Name of an existing Secret holding the token. The key inside it must be named machineToken.
secretRefDefaultstringarchitectd-secretsName of the Secret the chart creates when secretRef is unset.

Cluster

ValueTypeDefaultDescription
kubernetesDistrostringkindThe cluster's distribution (the console sets this).
apiUrlstringhttps://api.architect.ioEndpoint Architect authenticates against and sends heartbeats to.
imagePullPolicystringIfNotPresentPull policy for all Architect images.

Persistent checkpoint storage (S3)

Optional. Set all five to let the daemon store checkpoints for the start-from-persistent-checkpoint annotation in an S3-compatible bucket. When secretRef is unset, these are written into the chart-created Secret.

ValueTypeDefaultDescription
s3Endpointstring""S3 endpoint URL.
s3Regionstring""S3 region.
s3Bucketstring""Bucket name.
s3AccessKeyIDstring""Access key ID.
s3SecretAccessKeystring""Secret access key.

Placement and sizing

Each component (architectd, architectAdmissionController, architectControlPlane) takes a node selector, tolerations, and resource requests/limits.

Value patternTypeDefaultDescription
<component>NodeSelectormap{}Node selector for the component's pods.
<component>Tolerationslist[]Tolerations for the component's pods.
<component>Resourcesmap{}Resource requests and limits for the component.
architectdHostAliaseslist[]Extra host aliases for architectd pods.

Images

Each component image can be overridden; leave blank to use the pinned default.

ValueTypeDefault
architectdImagestringghcr.io/loopholelabs/architectd:latest
architectdInstallerImagestringghcr.io/loopholelabs/architectd-installer:latest
architectShimRuncImagestringghcr.io/loopholelabs/architect-shim-runc:latest
architectAdmissionControllerImagestringghcr.io/loopholelabs/architect-admission-controller:latest
architectAdmissionControllerInstallerImagestringghcr.io/loopholelabs/architect-admission-controller-installer:latest
architectControlPlaneImagestringghcr.io/loopholelabs/architect-control-plane:latest
architectHealthCheckProxyImagestringghcr.io/loopholelabs/architect-health-check-proxy:latest

Experimental

Only enable these when advised by Loophole Labs.

ValueTypeDefaultDescription
features.liveMigrationBufferingboolfalseBuffers in-flight traffic across a live migration.
architectRouterAddrstring/ip4/0.0.0.0/tcp/8080Router listen multiaddr.
architectRouterPortint8080Router port.
architectRouterGenericXDPbooltrueUse generic XDP (for drivers without native XDP).
architectRouterIngressIfacestringeth0Interface the router attaches to.
architectRouterPassthroughPortsstring""Ports that bypass the router.
architectRouterResourcesmap250m/256Mi req, 1/512Mi limRouter resource requests and limits.
architectRouterShimPortint8081Router-shim port.
architectRouterShimResourcesmap100m/128Mi req, 500m/256Mi limRouter-shim resource requests and limits.
architectRouterShimTimeoutduration10sRouter-shim request timeout.
architectRouterImagestringghcr.io/loopholelabs/architect-router:latestRouter image override.
architectRouterShimImagestringghcr.io/loopholelabs/architect-router-shim:latestRouter-shim image override.
architectShadowServiceEnabledboolfalseEnable shadow Services for live network migration.
architectShadowServicePortMinint30000Low end of the shadow-service port range.
architectShadowServicePortMaxint32767High end of the shadow-service port range.
architectShadowServiceRouterPodLabelSelectorstringapp.kubernetes.io/name=architect-routerSelector for router pods.

Dev-only

ValueTypeDefaultDescription
devArchitectdShimsFromSourceboolfalseBuild CRIU/runc/shim from source in the daemon. For Architect development only.