Configuration Reference¶
SLOpilot is configured through Helm values. Pass custom values using --values my-overrides.yaml when running the installer, or use helm upgrade directly after installation.
# During installation
./slopilot-install.sh --values my-overrides.yaml ...
# After installation
helm upgrade slopilot-rightsizing \
oci://ghcr.io/valuematic/charts/slopilot-rightsizing \
-n slopilot \
--values my-overrides.yaml
Ingress¶
By default, SLOpilot is only reachable via kubectl port-forward or a NodePort/LoadBalancer Service. To expose it through an Ingress, enable it and configure the host:
ingress:
enabled: true
className: nginx # or traefik, alb, etc.
hosts:
- host: slopilot.example.com
paths:
- path: /
pathType: Prefix
For TLS, add a tls block referencing an existing kubernetes.io/tls Secret in the same namespace. See the controller-specific examples below.
When SLOpilot is behind an ingress controller, configure trusted_proxy_cidrs so that forwarded client IPs are respected:
Resources¶
Default resource requests and limits for the SLOpilot pod:
| CPU | Memory | |
|---|---|---|
| Requests | 100m | 256Mi |
| Limits | 500m | 512Mi |
For clusters with more than 200 monitored workloads, consider increasing these values.
Prometheus¶
SLOpilot deploys its own Prometheus instance by default. It is pre-configured with metric filtering, retention, and storage guardrails — no tuning is required.
If your cluster's default StorageClass does not support the default PVC size, you can override it:
Tip
Both the application and Prometheus PVCs are annotated with helm.sh/resource-policy: keep and survive helm uninstall. Your data is preserved across reinstalls.
Network Policy¶
A NetworkPolicy is created by default. It restricts traffic to the minimum required:
- Ingress: HTTP on port 8080 from all sources
- Egress (DNS): UDP/TCP port 53 to all namespaces
- Egress (Prometheus): ports 80 and 9090 within the same namespace
- Egress (Kubernetes API): TCP ports 443 and 6443
- Egress (License server): TCP port 443
Disable it with networkPolicy.enabled: false if your cluster does not use NetworkPolicies or you manage them externally.
Scheduling¶
Place SLOpilot on specific nodes using standard Kubernetes scheduling fields:
nodeSelector:
workload-type: platform
tolerations:
- key: platform
operator: Equal
value: "true"
effect: NoSchedule
affinity and topologySpreadConstraints are also supported.
Ingress Examples¶
ingress:
enabled: true
className: alb
annotations:
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:...
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
hosts:
- host: slopilot.example.com
paths:
- path: /
pathType: Prefix
Complete Custom Values Example¶
The following my-overrides.yaml combines ingress, trusted proxies, increased resources, and node scheduling:
# my-overrides.yaml
# Expose via NGINX ingress with TLS
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: slopilot.example.com
paths:
- path: /
pathType: Prefix
tls:
secretName: slopilot-tls
# Trust the in-cluster ingress controller's forwarded headers
security:
trusted_proxy_cidrs:
- "10.0.0.0/8"
# Increase application resource limits for large clusters
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
# Schedule on dedicated infrastructure nodes
nodeSelector:
workload-type: platform
tolerations:
- key: platform
operator: Equal
value: "true"
effect: NoSchedule
Apply it during installation: