Agent configuration
This topic describes the additional parameters available for configuring the StormForge Agent, as well as shared top-level parameters that apply to all StormForge components. For parameters that apply to the StormForge Applier, see the Applier configuration topic.
Agent parameters:
- Third-party secret management
- Installing on Red Hat OpenShift
- Namespace allowList and denyList
- Additional volumes and volume mounts
- Pod priority and scheduling
- GKE Autopilot
- Cluster labels and provider
- Network policies
Third-party secret management
Controls whether the StormForge Agent creates and manages its authorization secret.
| Helm parameter | Default value |
|---|---|
createAuthSecret |
true |
Description
Set to false to manage the Agent authorization secret with a third-party credential manager. For details and the Agent secret format, see Manage secrets with a third-party credential manager.
Valid values
true(default)false
Installing on Red Hat OpenShift
Required only when installing on Red Hat OpenShift.
| Helm parameter | Default value |
|---|---|
openshift |
false |
Description
Set to true when installing StormForge on Red Hat OpenShift Container Platform version 4.x and later. For detailed steps, see Install on Red Hat OpenShift Container Platform.
Valid values
truefalse
Namespace allowList and denyList
Comma-separated list of namespaces that constrains metrics collection to workloads in specific namespaces.
| Helm parameter | Default value |
|---|---|
agent.allowNamespaces |
None |
agent.denyNamespaces |
None |
Description
Set only one of these values, not both. If both lists are provided, agent.denyNamespaces is ignored.
- To allow metrics collection on specific namespaces, use
agent.allowNamespaces. - To deny metrics collection on specific namespaces, use
agent.denyNamespaces.
Valid values
An array containing any string or regex expressions ([]*regexp.Regexp) to match against namespace names.
Examples:
agent:
denyNamespaces:
- ".*-system"
or
agent:
denyNamespaces: null
allowNamespaces:
- "monitoring"
- "frontend"
- ".ecommerce-*"
To explicitly unset either of these values, use null.
agent:
denyNamespaces: null
Additional volumes and volume mounts
These parameters enable additional persistent pod storage and data sharing.
| Helm parameter | Default value |
|---|---|
additionalVolumes |
None |
additionalVolumeMounts |
None |
Description
Volumes defined in additionalVolumes are added to every StormForge pod, and mounts defined in additionalVolumeMounts are added to every container. More information about configuring volume storage for Pods can be found in the Kubernetes documentation.
One possible use case for these parameters is mounting custom CA bundles as part of using a transparent proxy.
Valid values
The additionalVolumes Helm parameter is an array of core/v1 Volumes.
The additionalVolumeMounts Helm parameter is an array of core/v1 VolumeMounts.
Example:
You can copy the following excerpt into a Helm values file. The example shows replacing the default CA certificate in /etc/ssl/certs with an internal corporate CA bundle.
---
# Configures additional volumes to add to all pods
additionalVolumes:
- name: corporate-root-ca
configMap:
name: corporate-root-ca
items:
- key: ca.crt
path: ca.crt
# Configures additional volumeMounts to add to all containers
additionalVolumeMounts:
- name: corporate-root-ca
mountPath: /etc/ssl/certs
Related information:
- Volumes (Kubernetes official documentation)
Pod priority and scheduling
Enables scheduling and priority configurations on StormForge pods.
| Helm parameter | Default value | Scope |
|---|---|---|
priorityClassName |
"" |
Top-level |
agent.priorityClassName |
"" |
Agent only (override) |
nodeSelector |
{} |
Top-level |
tolerations |
[] |
Top-level |
affinity |
{} |
Top-level |
Description
The top-level priorityClassName, nodeSelector, tolerations, and affinity values apply to all StormForge components. To override scheduling for the Agent only, set the corresponding agent.* value. A non-empty per-component value replaces the top-level default.
agent.priorityClassName assigns an existing Pod PriorityClass to the stormforge-agent pod.
Valid values
A string that matches the .metadata.name of a PriorityClass defined in your cluster.
Example
To apply a priority class to all StormForge components:
priorityClassName: "high-priority"
To override for the Agent only:
agent:
priorityClassName: "high-priority"
For nodeSelector, tolerations, and affinity format, see the Kubernetes documentation on assigning pods to nodes.
GKE Autopilot
Required only when deploying on GKE Autopilot.
| Helm parameter | Default value |
|---|---|
gkeAutopilot |
false |
Description
Set to true when installing StormForge on a Google Kubernetes Engine Autopilot cluster.
Valid values
truefalse
Cluster labels and provider
Optional metadata that associates additional context with the cluster.
| Helm parameter | Default value |
|---|---|
clusterLabels |
{} |
clusterProvider |
"" |
Description
clusterLabels specifies key-value labels associated with the cluster in StormForge.
clusterProvider specifies the cloud provider (for example, aws, gcp, azure, vsphere). If not set, the provider is auto-detected from node providerID fields.
Example
clusterLabels:
env: production
team: platform
clusterProvider: "aws"
Network policies
Optional Kubernetes NetworkPolicy resources for StormForge components.
| Helm parameter | Default value |
|---|---|
networkPolicies.create |
false |
networkPolicies.additionalIngressRules |
[] |
networkPolicies.additionalEgressRules |
[] |
Description
Set networkPolicies.create: true to create NetworkPolicy resources restricting traffic to StormForge components. Use additionalIngressRules and additionalEgressRules to extend the default policies.
Valid values
networkPolicies.create:trueorfalseadditionalIngressRules/additionalEgressRules: arrays of Kubernetes NetworkPolicy ingress/egress rule objects
Related topics
- StormForge Agent description
- Kubernetes official documentation: