Applier configuration

Configure the StormForge Applier component

This topic describes the additional parameters available for configuring the StormForge Applier. For parameters that apply to the StormForge Agent, see the Agent configuration topic.

Applier settings:

Continuous reconciliation

Controls resource patching behavior based on CI/CD and cluster activity. Auto-deploy must be enabled.

Parameter Default value
applier.reconciliation.mode EventBased
applier.reconciliation.conflictingManagers None

Description

The StormForge Applier can be configured to continuously reconcile drift, ensuring that the latest recommended settings are always maintained on a workload.

The Applier logs whenever it reconciles a workload’s resource settings to the recommended values.

Valid values

  • EventBased (default): Workload requests and limits are updated only by relevant StormForge events that trigger an update: auto deployment of a new recommendation, clicking Apply Now in the UI, or running stormforge apply. Subsequent updates to requests and limits by GitOps tools will override the recommended settings.

  • Continuous: Recommended requests and limits values are maintained and not overwritten during CI/CD or deployment activity on the cluster, except when changes are made by the declared applier.reconciliation.conflictingManagers.

    • applier.reconciliation.conflictingManagers: Optional, honored only when applier.reconciliation.mode=Continuous. Declares which field managers conflict with the Applier. The Applier will not reconcile the desired state for fields owned by conflicting managers. Use this if you cannot configure your existing field manager to accept or ignore changes from StormForge.

Additional RBAC permissions

Grants additional RBAC permissions to the Applier.

Description

To optimize resources that are not standard Kubernetes workload types, the Applier needs additional RBAC permissions on the API group and resources.

Example

Add the API groups and their resources to your values file as shown below.

applier:
  rbac:
    additionalRules: |-
      - apiGroups:
        - "YOUR_API_GROUP"
        resources:
        - "YOUR_RESOURCES"
        verbs:
        - get
        - list
        - watch
        - patch
        - update

Applier alerts

Optionally send notifications to external endpoints when the Applier applies recommendations.

Parameter Default value
applier.alerts.endpoints None

Description

When applier.alerts.endpoints is configured with one or more entries, the Applier sends an HTTP request to each endpoint whenever it applies a recommendation. Useful for audit logging, Slack notifications, or triggering downstream workflows.

If your endpoint requires credentials via a file, mount the file using the top-level additionalVolumes and additionalVolumeMounts parameters.

Example

applier:
  alerts:
    endpoints:
      - name: my-webhook
        url: https://hooks.example.com/stormforge
        method: POST
        contentType: application/json
        authorization:
          type: Bearer
          credentialsFile: /tmp/credentials

For full configuration details, see the Configure applier alerts guide.

Auto-deploy exempt namespaces

Namespaces that inherit the cluster-default schedule but not the auto-deploy setting.

Parameter Default value
clusterDefaultsAutoDeployExemptNamespaces ["^kube-system$", "^openshift.*"]

Description

By default, namespaces matching ^kube-system$ or ^openshift.* inherit the cluster-default recommendation schedule, but their auto-deploy setting remains "Disabled" regardless of the cluster-default auto-deploy value. Add entries to this list to protect additional namespaces from automatic deployment when auto-deploy is enabled at the cluster level. Namespace and workload annotations can still override this and enable auto-deploy for individual namespaces or workloads.

Example

clusterDefaultsAutoDeployExemptNamespaces:
  - "^kube-system$"
  - "^openshift.*"
  - "^my-critical-namespace$"

Suspend the Applier

Temporarily pauses Applier activity without uninstalling.

Parameter Default value
applier.suspend ""

Description

Use applier.suspend during maintenance windows or change freezes to temporarily stop the Applier from processing new recommendations. The value is read at startup — changes require a Pod restart.

Valid values

  • Unset (default): normal operation.
  • NewRecommendations: change freeze — the Applier ignores new recommendations. The webhook continues to inject previously applied values into new pods, and continuous reconciliation (if enabled) continues to enforce them.
  • All: fully disengaged — the Applier ignores new recommendations and the webhook stops injecting applied values.

Example

applier:
  suspend: "NewRecommendations"

Pod priority and scheduling

Enables scheduling and priority configurations on StormForge Applier pods.

Helm parameter Default value Scope
priorityClassName "" Top-level
applier.priorityClassName "" Applier only (override)

Description

The top-level priorityClassName applies to all StormForge components. Set applier.priorityClassName to override it for the Applier only. A non-empty per-component value replaces the top-level default.

applier.priorityClassName assigns an existing Pod PriorityClass to the stormforge-applier pod.

Valid values

A string that matches the .metadata.name of a PriorityClass defined in your cluster.

Example

To apply a priority class to all StormForge components:

priorityClassName: "high-priority"

To override for the Applier only:

applier:
  priorityClassName: "high-priority"
Last modified June 16, 2026