Configure the OpenLIT Operator deployment using Helm chart values. This page covers all operator-level settings including images, resources, security, and infrastructure configuration.

Core Configuration

Global Settings

ParameterDescriptionDefaultExample
global.namespaceOperator namespace override"" (uses release namespace)openlit-system
global.commonLabelsLabels added to all resources{}{team: "platform"}
global.commonAnnotationsAnnotations added to all resources{}{version: "v1.0.0"}

Operator Image

ParameterDescriptionDefaultExample
image.repositoryOperator image repositoryghcr.io/openlit/openlit-operatormy-registry.com/openlit-operator
image.tagOperator image tag"" (uses Chart.AppVersion)v1.0.0
image.pullPolicyImage pull policyIfNotPresentAlways
image.pullSecretsImage pull secrets[][{name: "regcred"}]

Provider Images

Configure the instrumentation provider init container images:
ParameterDescriptionDefaultExample
providerImages.openlit.repositoryOpenLIT provider imageghcr.io/openlit/openlit-ai-instrumentationmy-registry.com/openlit-provider
providerImages.openlit.tagOpenLIT provider tag"" (inherits operator tag)v1.2.0
providerImages.openllmetry.repositoryOpenLLMetry provider imageghcr.io/openlit/openllmetry-ai-instrumentationCustom registry
providerImages.openllmetry.tagOpenLLMetry provider tag"" (inherits operator tag)v1.1.0
providerImages.openinference.repositoryOpenInference provider imageghcr.io/openlit/openinference-ai-instrumentationCustom registry
providerImages.openinference.tagOpenInference provider tag"" (inherits operator tag)v0.5.0

Deployment Configuration

Resource Management

ParameterDescriptionDefaultExample
resources.requests.cpuCPU request100m200m
resources.requests.memoryMemory request128Mi256Mi
resources.limits.cpuCPU limit500m1000m
resources.limits.memoryMemory limit512Mi1Gi

Deployment Settings

ParameterDescriptionDefaultExample
deployment.replicasNumber of operator replicas13
deployment.strategy.typeDeployment strategyRollingUpdateRecreate
deployment.podAnnotationsPod annotations{}{version: "v1.0.0"}
deployment.podLabelsPod labels{}{component: "operator"}
deployment.nodeSelectorNode selector{}{role: "system"}
deployment.tolerationsPod tolerationsControl plane tolerationsCustom tolerations
deployment.affinityPod affinity rules{}Anti-affinity config
deployment.priorityClassNamePriority class""system-cluster-critical

Webhook Configuration

Webhook Service

ParameterDescriptionDefaultExample
webhook.service.nameWebhook service name"" (auto-generated)openlit-webhook
webhook.service.typeService typeClusterIPLoadBalancer
webhook.service.portService port4438443
webhook.service.targetPortTarget port94438443
webhook.service.annotationsService annotations{}Load balancer config

Webhook Server

ParameterDescriptionDefaultExample
webhook.server.portWebhook server port94438443
webhook.server.pathWebhook path"/mutate""/webhook"
webhook.server.certDirCertificate directory"/tmp/k8s-webhook-server/serving-certs""/certs"

Webhook Behavior

ParameterDescriptionDefaultExample
webhook.failurePolicyFailure policyIgnoreFail
webhook.reinvocationPolicyReinvocation policyNeverIfNeeded
webhook.configNameWebhook configuration name"" (auto-generated)openlit-webhook

Security Configuration

Service Account

ParameterDescriptionDefaultExample
serviceAccount.createCreate service accounttruefalse
serviceAccount.nameService account name"" (auto-generated)custom-sa
serviceAccount.annotationsSA annotations{}OIDC annotations

RBAC

ParameterDescriptionDefaultExample
rbac.createCreate RBAC resourcestruefalse
rbac.clusterRoleNameCluster role name"" (auto-generated)openlit-operator
rbac.clusterRoleBindingNameCluster role binding name"" (auto-generated)openlit-operator

Security Context

ParameterDescriptionDefaultExample
deployment.podSecurityContext.runAsNonRootRun as non-rootfalsetrue
deployment.podSecurityContext.runAsUserUser ID065534
deployment.podSecurityContext.fsGroupFilesystem group065534
deployment.securityContext.allowPrivilegeEscalationAllow privilege escalationfalsetrue
deployment.securityContext.readOnlyRootFilesystemRead-only root filesystemfalsetrue
deployment.securityContext.runAsNonRootContainer runs as non-rootfalsetrue

TLS Configuration

ParameterDescriptionDefaultExample
tls.validityDaysCertificate validity in days365730
tls.refreshDaysCertificate refresh threshold in days3060
tls.secretNameTLS secret name"" (auto-generated)webhook-tls

Observability Configuration

ParameterDescriptionDefaultExample
observability.logLevelLog levelinfodebug
observability.selfMonitoringEnabledEnable self-monitoring with OpenTelemetryfalsetrue
observability.otel.endpointOTLP endpoint for operator telemetry""http://openlit:4318
observability.otel.headersOTLP headers""Authorization=Bearer token
observability.otel.logsEndpointOTLP logs endpoint""http://openlit:4318/v1/logs
observability.otel.metricsEndpointOTLP metrics endpoint""http://openlit:4318/v1/metrics

Health Checks

ParameterDescriptionDefaultExample
healthcheck.portHealth check port80819090
healthcheck.livenessProbe.initialDelaySecondsLiveness probe initial delay1530
healthcheck.livenessProbe.periodSecondsLiveness probe period2030
healthcheck.readinessProbe.initialDelaySecondsReadiness probe initial delay510
healthcheck.readinessProbe.periodSecondsReadiness probe period1015

Instrumentation Defaults

ParameterDescriptionDefaultExample
instrumentation.defaultProviderDefault instrumentation provideropenlitopeninference
instrumentation.defaultVersionDefault provider versionlatestv1.0.0
instrumentation.defaultImagePullPolicyDefault image pull policy for init containersIfNotPresentAlways
operator.defaultInitImageOverride default init image""my-registry.com/custom:v1.0

Multi-Operator Support

ParameterDescriptionDefaultExample
multiOperator.watchNamespaceWatch specific namespace only"" (all namespaces)production

Custom Resource Definition

ParameterDescriptionDefaultExample
crd.installInstall CRDstruefalse
crd.annotationsCRD annotations{}{version: "v1.0.0"}
schema.validationEnable schema validationtruefalse

Additional Configuration

Environment Variables

ParameterDescriptionDefaultExample
env.extraAdditional environment variables[]Custom env vars

Additional Volumes

ParameterDescriptionDefaultExample
volumes.extraAdditional volumes[]ConfigMap volumes
volumeMounts.extraAdditional volume mounts[]Custom mount paths