Glass Instrumentation Configuration Reference

This page provides a complete reference for all configuration parameters available in the Glass Instrumentation Helm chart.

Shared Configuration

Many parameters use shared patterns documented in Common Configuration, including image configuration, resource requirements, and security contexts.

Cluster Identity

Cluster identification and labeling for SPOG organization.

Parameter	Default	Description
`clusterId`		Unique cluster identifier for SPOG. Used to identify this cluster in the SPOG control plane. Must follow Kubernetes naming conventions (lowercase alphanumeric characters or '-'). Can be empty string (optional). Example: `prod-eu-west-1`
`labels`	`{}`	Cluster labels for organization and filtering. Values can be a single string or an array of strings for multi-valued labels. Example: `environment: production region: eu-west-1 team: - platform - security`

Reserved Label Keys

The following keywords are reserved and should not be used as label keys: and, or, not, in, like, contains, group, by, cluster_id. These conflict with the GlassQL filter query syntax.

Labels defined here are used throughout SPOG for:

Filtering clusters in dashboards and the UI using GlassQL syntax
Access control through label-based authorization policies

Global Settings

Global configuration values that apply to all services in the chart.

Parameter	Default	Description
`global.image.registry`		Override container registry for all images (e.g., 'myregistry.local:8085') Example: `myregistry.local:8085`
`global.image.repository`		Override repository path for all images (e.g., 'myproject') Example: `myproject`
`global.image.pullPolicy`	`IfNotPresent`	Set image pull policy for all containers Options: `Always`, `IfNotPresent`, `Never`
`global.imagePullSecrets`	`{}`	Define inline registry credentials for pulling private images (accepts arbitrary keys with object values) Example: `myIPSSecret: email: admin@registry.example.com password: regPassword registry: registry.example.com:5000 username: regUsername`
`global.imagePullSecretsList`	`[]`	Reference existing Kubernetes image pull secrets by name Example: `- global-imagepullsecrets-1 - global-imagepullsecrets-2`
`global.openshift.enabled`	`false`	Enable OpenShift compatibility mode

Default Pod Configuration

Security, scheduling, and availability settings inherited by all services. The defaults implement Pod Security Standards (Restricted profile) for secure, production-ready deployments.

Parameter	Default	Description
`containerSecurityContext`	`allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault`	Default container security context for all services. Defaults implement Pod Security Standards (Restricted profile).
`podSecurityContext`	`fsGroup: 10001 fsGroupChangePolicy: OnRootMismatch runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 seccompProfile: type: RuntimeDefault`	Default pod security context for all services. Runs as non-root user 10001 with seccomp enabled.
`podAnnotations`	`{}`	Default pod annotations for all services. Useful for Prometheus scrape config or policy enforcement. (accepts arbitrary string key-value pairs) Example: `prometheus.io/port: '8080' prometheus.io/scrape: 'true'`
`podLabels`	`{}`	Default pod labels for all services. Added to all pods in addition to standard labels. (accepts arbitrary string key-value pairs)
`nodeSelector`	`{}`	Default node selector for all services. Schedule pods only on nodes with matching labels. (accepts arbitrary string key-value pairs) Example: `workload-type: spog`
`tolerations`	`[]`	Default tolerations for all services. Allow pods to schedule on nodes with matching taints. Example: `- effect: NoSchedule key: dedicated operator: Equal value: spog`
`affinity`	`{}`	Default affinity rules for all services. For simple anti-affinity, use antiAffinityPreset instead.
`antiAffinityPreset`	`preferred`	Pod anti-affinity preset to distribute pods across nodes. 'preferred' allows co-location if needed; 'required' enforces different nodes. ('soft'/'hard' are aliases for backward compatibility.) Options: `soft`, `hard`, `preferred`, `required`
`podDisruptionBudget`	`minAvailable: 1`	Default pod disruption budget for all services. Controls voluntary pod evictions during maintenance.

Individual services can override these settings. Use nodeSelector and tolerations for dedicated node pools, and antiAffinityPreset: required for strict high-availability requirements.

Product Configuration

Identifies this deployment within the SPOG ecosystem.

Parameter	Default	Description
`powerdns.product`	`glass-instrumentation`	Product identifier used for resource naming and Kubernetes labeling Example: `glass-instrumentation`

Instrumentation Services

Services deployed per CloudControl cluster that provide monitoring, logging, and management capabilities. Each service follows the serviceConfig pattern with common properties for replicas, logging, resources, and scheduling.

Parameter	Default	Description
`discovery`	`affinity: {} enabled: true logFormat: json logLevel: info nodeSelector: {} podAnnotations: {} podLabels: {} replicas: 1 resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 128Mi serviceAccount: annotations: {} create: true name: glass-discovery tolerations: []`	Discovery service configuration - handles service discovery and cluster announcement
`dynamicSnapshots`	`affinity: {} enabled: true logFormat: json logLevel: info nodeSelector: {} podAnnotations: {} podLabels: {} replicas: 1 resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 128Mi serviceAccount: annotations: {} create: true name: glass-dynamic-snapshots tolerations: []`	Dynamic Snapshots service configuration - provides real-time state snapshots
`logStreamer`	`affinity: {} enabled: true logFormat: json logLevel: info nodeSelector: {} podAnnotations: {} podLabels: {} replicas: 1 resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 128Mi serviceAccount: annotations: {} create: true name: glass-log-streamer tolerations: []`	Log Streamer service configuration - aggregates logs from pods
`k8sManager`	`affinity: {} enabled: true logFormat: json logLevel: info nodeSelector: {} podAnnotations: {} podLabels: {} replicas: 1 resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 128Mi serviceAccount: annotations: {} create: true name: glass-k8s-manager tolerations: []`	Kubernetes Manager service configuration - monitors Kubernetes resources
`ccApiAdapter`	`affinity: {} enabled: true headers: X-API-Key: secretKeyRef: key: token_full name: cc-api logFormat: json logLevel: info nodeSelector: {} podAnnotations: {} podLabels: {} replicas: 1 resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 128Mi serviceAccount: annotations: {} create: true name: glass-cc-api-adapter tolerations: []`	CloudControl API Adapter service configuration - bridges CloudControl API. Supports custom HTTP headers for authentication.
`dnsCheck`	`affinity: {} concurrentQueries: 10 dnsRetries: 3 dnsTimeout: 5s enabled: true logFormat: json logLevel: info logTimeWindow: 1m nodeSelector: {} podAnnotations: {} podLabels: {} replicas: 1 resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 128Mi serviceAccount: annotations: {} create: true name: glass-dns-check tolerations: []`	DNS Check service configuration - validates and executes DNS queries. Additional settings: • `dnsTimeout`: Query timeout (default: `5s`) • `dnsRetries`: Retry attempts on failure (default: `3`) • `concurrentQueries`: Max parallel queries (default: `10`) • `logTimeWindow`: Log aggregation window (default: `1m`)

Container Images

Container image configuration for all services. Set top-level defaults for registry, project, and pullPolicy, or override per-service using the imageConfig structure.

Parameter Default Description

images

ccApiAdapter:
  name: rest-api-adapter
  pullPolicy: IfNotPresent
  registry: registry.open-xchange.com
  repository: glass
  tag: latest
discovery:
  name: disco
  pullPolicy: IfNotPresent
  registry: registry.open-xchange.com
  repository: glass
  tag: latest
dnsCheck:
  name: dns-check
  pullPolicy: IfNotPresent
  registry: registry.open-xchange.com
  repository: glass
  tag: latest
dynamicSnapshots:
  name: dynamic-snapshots
  pullPolicy: IfNotPresent
  registry: registry.open-xchange.com
  repository: glass
  tag: latest
k8sManager:
  name: k8s-manager
  pullPolicy: IfNotPresent
  registry: registry.open-xchange.com
  repository: glass
  tag: latest
logStreamer:
  name: log-streamer
  pullPolicy: IfNotPresent
  registry: registry.open-xchange.com
  repository: glass
  tag: latest

Container image configuration for all Glass Instrumentation services

Observability

Prometheus metrics and OpenTelemetry logging configuration for monitoring instrumentation services.

Parameter	Default	Description
`prometheus.operator.available`	`false`	Set to true if Prometheus Operator is available to create PodMonitor objects
`prometheus.operator.scrape.interval`	`10s`	Scrape interval for Prometheus metrics collection (duration format: e.g., '10s', '1m', '30s') Example: `10s`
`prometheus.annotations`	`true`	Set to true to add Prometheus scrape annotations on pods (for Prometheus deployments without Prometheus Operator)
`otelLogging.enabled`	`false`	Enable OTEL log forwarding to an OTLP collector
`otelLogging.endpoint`		OTLP collector endpoint (e.g., 'otel-collector:4318' for HTTP or 'otel-collector:4317' for gRPC) Example: `otel-collector:4318`
`otelLogging.protocol`	`grpc`	OTLP protocol to use for log export Options: `grpc`, `http`
`otelLogging.timeout`	`10s`	Export timeout duration (e.g., '10s', '30s', '1m') Example: `10s`