Helm Reference
All of Conncentric is deployed through a single Helm chart at deployment/charts/conncentric.
Installation
helm install conncentric ./deployment/charts/conncentric \
-n conncentric \
--create-namespace \
-f my-values.yaml
Global Values
| Key | Default | Description |
|---|---|---|
global.imageRegistry | "" | Override the image registry for all components |
global.imagePullSecrets | [] | Pull secrets for private registries |
Database
Database configuration is shared across all components. Both the Orchestrator and Adapter read from the same database.* keys.
| Key | Default | Description |
|---|---|---|
database.host | "" | PostgreSQL hostname |
database.port | 5432 | PostgreSQL port |
database.name | conncentric | Database name |
database.auth.username | "" | Database username |
database.auth.password | "" | Database password (use existingSecret in production) |
database.auth.existingSecret | "" | Name of a Kubernetes Secret holding credentials. When set, the chart reads username and password keys from this secret instead of using inline values. |
Orchestrator
| Key | Default | Description |
|---|---|---|
orchestrator.image.tag | latest | Image version |
orchestrator.replicaCount | 2 | Number of Orchestrator instances |
orchestrator.resources.requests.cpu | 1000m | CPU request |
orchestrator.resources.requests.memory | 1Gi | Memory request |
orchestrator.resources.limits.cpu | 2000m | CPU limit |
orchestrator.resources.limits.memory | 2Gi | Memory limit |
Adapter
| Key | Default | Description |
|---|---|---|
adapter.image.tag | latest | Image version |
adapter.replicaCount | 4 | Number of adapter pods |
adapter.resources.requests.cpu | 1000m | CPU request |
adapter.resources.requests.memory | 1Gi | Memory request |
adapter.resources.limits.cpu | 2000m | CPU limit |
adapter.resources.limits.memory | 2Gi | Memory limit |
Portal
| Key | Default | Description |
|---|---|---|
portal.image.tag | latest | Image version |
portal.replicaCount | 1 | Number of Portal pods |
portal.auth.provider | external | Authentication mode (use external for OIDC SSO) |
portal.auth.authority | "" | OIDC issuer URL (e.g., https://your-tenant.auth0.com/) |
portal.auth.clientId | "" | OAuth2 client ID |
portal.auth.scope | openid profile email | OAuth2 scopes |
portal.auth.audience | "" | OAuth2 audience (required by Auth0) |
Installer
| Key | Default | Description |
|---|---|---|
installer.enabled | false | Enable the post-install/upgrade installer job |
installer.image.repository | conncentric/essentials-distribution | Distribution image containing the base bundle |
installer.image.tag | latest | Distribution image version |
installer.customBundleUrls | [] | List of URLs to custom .zip bundles applied sequentially after the base essentials (Pass 2+). Each URL is downloaded and applied in order. Leave empty to skip. See Custom Bundles & Extensibility. |
installer.env | {} | Environment variables substituted into bundle manifests at apply time (e.g., KAFKA_BOOTSTRAP_SERVERS, FIX_HOST) |
Ingress
| Key | Default | Description |
|---|---|---|
ingress.enabled | true | Create an Ingress resource |
ingress.className | traefik | Ingress controller class |
ingress.host | "" | Hostname for the Portal |
ingress.tls.enabled | false | Enable HTTPS |
ingress.tls.secretName | "" | TLS certificate secret name |
Example Production Values File
global:
imagePullSecrets:
- name: registry-credentials
database:
host: "postgres.prod.svc.cluster.local"
port: 5432
name: "conncentric"
auth:
existingSecret: "conncentric-db-credentials"
orchestrator:
replicaCount: 2
image:
tag: "1.4.0"
adapter:
replicaCount: 4
image:
tag: "1.4.0"
portal:
image:
tag: "1.4.0"
auth:
provider: "external"
authority: "https://your-tenant.okta.com/oauth2/default"
clientId: "your-client-id"
scope: "openid profile email offline_access"
ingress:
enabled: true
className: "nginx"
host: "conncentric.example.com"
tls:
enabled: true
secretName: "conncentric-tls"