Skip to content
Kure Monitor

Helm Values

Reference for every Helm value in the Kure Monitor chart. For canonical defaults see helm/values.yaml and helm/README.md.

Feature toggles

Section titled “Feature toggles”

Each of the four dashboard features can be individually enabled or disabled. All four default to true. Disabling a feature hides its tab in the dashboard and, where applicable, skips deploying its dedicated workloads / RBAC / NetworkPolicies.

ParameterDescriptionDefault
features.podMonitoringEnable Pod Monitoring. When false, the agent DaemonSet and its RBAC are not deployed, and the Monitoring tab is hidden.true
features.securityScanEnable Security Scanning. When false, the security-scanner Deployment and its RBAC are not deployed, and the Security tab is hidden.true
features.diagramEnable the Topology Diagram tab. UI-only toggle — backend APIs remain available; the Diagram tab is hidden when false.true
features.aiAdviceEnable the AI Advice tab. UI-only toggle — backend /api/advice/* routes remain available; the Advice tab is hidden when false.true

Example — only run pod monitoring, skip everything else:

features:
  podMonitoring: true
  securityScan: false
  diagram: false
  aiAdvice: false

Agent

Section titled “Agent”

The agent runs as a DaemonSet (one pod per node) and watches the Kubernetes API for pod failures. Deployed only when features.podMonitoring=true.

ParameterDescriptionDefault
agent.pendingGracePeriodSeconds before pending pods are flagged120
agent.image.repositoryAgent image repositoryghcr.io/nan0c0de/kure-monitor/agent
agent.image.tagAgent image tag2.4.2
agent.resources.requests.cpuCPU request100m
agent.resources.requests.memoryMemory request128Mi
agent.resources.limits.cpuCPU limit500m
agent.resources.limits.memoryMemory limit512Mi

Security Scanner

Section titled “Security Scanner”

Deployed only when features.securityScan=true.

ParameterDescriptionDefault
securityScanner.image.tagScanner image tag2.4.2
securityScanner.resources.requests.cpuCPU request100m
securityScanner.resources.requests.memoryMemory request128Mi

Backend

Section titled “Backend”
ParameterDescriptionDefault
backend.replicaCountNumber of replicas1
backend.image.tagBackend image tag2.4.2
backend.service.typeService typeClusterIP
backend.service.portService port8000
backend.resources.requests.cpuCPU request200m
backend.resources.requests.memoryMemory request256Mi
backend.resources.limits.cpuCPU limit1000m
backend.resources.limits.memoryMemory limit1Gi

Frontend

Section titled “Frontend”
ParameterDescriptionDefault
frontend.replicaCountNumber of replicas1
frontend.image.tagFrontend image tag2.4.2
frontend.service.typeService typeClusterIP
frontend.service.portService port8080
frontend.service.nodePortNodePort (if type=NodePort)""

PostgreSQL

Section titled “PostgreSQL”
ParameterDescriptionDefault
postgresql.externalUse external PostgreSQLfalse
postgresql.hostPostgreSQL host (external only)""
postgresql.portPostgreSQL port5432
postgresql.databaseDatabase namekure
postgresql.usernameDatabase usernamekure
postgresql.passwordDatabase passwordkure-password-change-me
postgresql.persistence.enabledEnable persistent storagetrue
postgresql.persistence.sizeStorage size10Gi
postgresql.persistence.storageClassStorage class""

To use an external PostgreSQL:

Terminal window
helm install kure-monitor kure-monitor/kure \
  --namespace kure-system --create-namespace \
  --set postgresql.external=true \
  --set postgresql.host=your-postgres-host.example.com \
  --set postgresql.port=5432 \
  --set postgresql.database=kure \
  --set postgresql.username=kure \
  --set postgresql.password=your-password

Ingress

Section titled “Ingress”
ParameterDescriptionDefault
ingress.enabledEnable ingressfalse
ingress.classNameIngress class""
ingress.annotationsIngress annotations{}
ingress.hosts[0].hostHostnamekure.local
ingress.tlsTLS configuration[]

Security context

Section titled “Security context”
ParameterDescriptionDefault
securityContext.runAsNonRootRun as non-root usertrue
securityContext.runAsUserUser ID1001
securityContext.runAsGroupGroup ID1001
securityContext.allowPrivilegeEscalationAllow privilege escalationfalse
securityContext.readOnlyRootFilesystemRead-only root filesystemtrue

Prometheus

Section titled “Prometheus”
ParameterDescriptionDefault
prometheus.enabledEnable Prometheus network policyfalse
prometheus.namespaceNamespace where Prometheus runsmonitoring
prometheus.serviceMonitor.enabledCreate ServiceMonitor (requires Operator)false

Enable Prometheus integration:

prometheus:
  enabled: true
  namespace: monitoring
  serviceMonitor:
    enabled: true
Section titled “Auth-related values”
ParameterDescriptionDefault
security.encryptionKeyFernet key for API-key encryption (auto-generated if empty). Unrelated to dashboard auth.""

There is no auth.apiKey value in 2.3+. The legacy single-key model was removed — see the migration guide and Authentication.