Skip to main content

Helm Values

This document describes the configuration options available for the Speedscale Operator Helm chart. The Speedscale Operator is a Kubernetes operator that watches for deployments and can inject proxies to capture traffic or set up isolation test environments.

Table of Contents

Prerequisites

  • Kubernetes 1.17+
  • Helm 3+
  • Appropriate network and firewall configuration for Speedscale cloud and webhook traffic

Quick Start

# Add the Speedscale Helm repository
helm repo add speedscale https://speedscale.github.io/operator-helm/
helm repo update

# Install the chart with required values
helm install speedscale-operator speedscale/speedscale-operator \
  -n speedscale \
  --create-namespace \
  --set apiKey=<YOUR-SPEEDSCALE-API-KEY> \
  --set clusterName=<YOUR-CLUSTER-NAME>

Configuration Reference

Authentication

ParameterTypeDefaultDescription
apiKeystring""Required. API key to connect to Speedscale cloud. Email support@speedscale.com if you need a key.
apiKeySecretstring""Alternative to apiKey. Reference a Kubernetes secret containing the API key. The secret must have the format:
yaml<br/>type: Opaque<br/>data:<br/> SPEEDSCALE_API_KEY: <base64-encoded-key><br/> SPEEDSCALE_APP_URL: <base64-encoded-app-url><br/>

Core Settings

ParameterTypeDefaultDescription
appUrlstring"app.speedscale.com"Speedscale domain to use for the service.
clusterNamestring"my-cluster"Required. The name of your Kubernetes cluster. Used for identification in the Speedscale dashboard.
logLevelstring"info"Log level for Speedscale components. Valid values: debug, info, warn, error.
namespaceSelectorlist[]List of namespace names to be watched by the Speedscale Operator. If empty, all namespaces are watched.
dashboardAccessbooltrueInstructs the operator to deploy resources necessary to interact with your cluster from the Speedscale dashboard.
filterRulestring"standard"Filter rule to apply to the Speedscale Forwarder.

Image Configuration

ParameterTypeDefaultDescription
image.registrystring"gcr.io/speedscale"Container registry for Speedscale components.
image.tagstring"v2.3.709"Image tag for Speedscale components.
image.pullPolicystring"Always"Image pull policy. Valid values: Always, IfNotPresent, Never.

Resource Management

ParameterTypeDefaultDescription
operator.resources.limits.cpustring"500m"CPU limit for the operator pod.
operator.resources.limits.memorystring"512Mi"Memory limit for the operator pod.
operator.resources.requests.cpustring"100m"CPU request for the operator pod.
operator.resources.requests.memorystring"128Mi"Memory request for the operator pod.
operator.test_prep_timeoutstring"10m"Timeout for waiting for the System Under Test (SUT) to become ready.
operator.control_plane_timeoutstring"5m"Timeout for deploying and upgrading control plane components.

Network Configuration

ParameterTypeDefaultDescription
hostNetworkboolfalseIf true, the operator pod and webhooks will run on the host network. Only needed if the control plane cannot connect directly to pods (e.g., when using Calico as EKS's default networking).
http_proxystring""HTTP proxy URL for outbound connections. Translates to HTTP_PROXY environment variable.
https_proxystring""HTTPS proxy URL for outbound connections. Translates to HTTPS_PROXY environment variable.
no_proxystring""Comma-separated list of hosts that should not use the proxy. Translates to NO_PROXY environment variable.

Security Settings

ParameterTypeDefaultDescription
privilegedSidecarsboolfalseControls whether sidecar init containers should run with privileged mode enabled.
createJKSbooltrueControls a pre-install job that creates a JKS with standard certificates and the Speedscale certificate. This job requires a root container user. Disable if security policies forbid runAsNonRoot: true.
disableSidecarSmartReverseDNSboolfalseControls whether the sidecar should disable the smart DNS lookup feature (requires NET_ADMIN capability).

Advanced Configuration

ParameterTypeDefaultDescription
deployDemostring"java"Deploy a demo app at startup. Valid values: "java" or "" (empty string to disable).
globalAnnotationsobject{}Set of annotations to be applied to all Speedscale-related deployments, services, jobs, pods, etc.
globalLabelsobject{}Set of labels to be applied to all Speedscale-related deployments, services, jobs, pods, etc.
affinityobject{}Full affinity object for pod scheduling. See Kubernetes affinity documentation.
tolerationslist[]List of tolerations for pod scheduling. See Kubernetes tolerations documentation.
nodeSelectorobject{}Node selector object for pod scheduling. See Kubernetes node selector documentation.

Data Loss Prevention (DLP)

ParameterTypeDefaultDescription
dlp.enabledboolfalseInstructs the operator to enable data loss prevention features.
dlp.configstring"standard"Configuration for data loss prevention.

Sidecar Configuration

ParameterTypeDefaultDescription
sidecar.resources.limits.cpustring"500m"CPU limit for sidecar containers.
sidecar.resources.limits.memorystring"512Mi"Memory limit for sidecar containers.
sidecar.resources.limits.ephemeral-storagestring"100Mi"Ephemeral storage limit for sidecar containers.
sidecar.resources.requests.cpustring"10m"CPU request for sidecar containers.
sidecar.resources.requests.memorystring"32Mi"Memory request for sidecar containers.
sidecar.resources.requests.ephemeral-storagestring"100Mi"Ephemeral storage request for sidecar containers.
sidecar.ignore_src_hostsstring""Comma-separated list of source hosts to ignore.
sidecar.ignore_src_ipsstring""Comma-separated list of source IP addresses to ignore.
sidecar.ignore_dst_hostsstring""Comma-separated list of destination hosts to ignore.
sidecar.ignore_dst_ipsstring""Comma-separated list of destination IP addresses to ignore.
sidecar.insert_init_firstboolfalseWhether to insert the init container first in the pod.
sidecar.tls_outboolfalseWhether to enable TLS outbound traffic interception.
sidecar.reinitialize_iptablesboolfalseWhether to reinitialize iptables rules.

Forwarder Configuration

ParameterTypeDefaultDescription
forwarder.resources.limits.cpustring"500m"CPU limit for forwarder containers.
forwarder.resources.limits.memorystring"500M"Memory limit for forwarder containers.
forwarder.resources.requests.cpustring"300m"CPU request for forwarder containers.
forwarder.resources.requests.memorystring"250M"Memory request for forwarder containers.

Examples

Basic Installation

# values-basic.yaml
apiKey: "your-api-key-here"
clusterName: "production-cluster"
logLevel: "info"
helm install speedscale-operator speedscale/speedscale-operator \
  -n speedscale \
  --create-namespace \
  -f values-basic.yaml

Production Configuration

# values-production.yaml
apiKey: "your-api-key-here"
clusterName: "production-cluster"
logLevel: "warn"
namespaceSelector:
  - "app-namespace"
  - "api-namespace"

# Resource limits
operator:
  resources:
    limits:
      cpu: "1000m"
      memory: "1Gi"
    requests:
      cpu: "200m"
      memory: "256Mi"

# Security settings
privilegedSidecars: false
createJKS: true
disableSidecarSmartReverseDNS: false

# Network settings
hostNetwork: false
dashboardAccess: true

# Global annotations and labels
globalAnnotations:
  environment: "production"
  team: "platform"
globalLabels:
  app.kubernetes.io/part-of: "speedscale"
  app.kubernetes.io/component: "operator"

Development Configuration

# values-development.yaml
apiKey: "your-api-key-here"
clusterName: "dev-cluster"
logLevel: "debug"
deployDemo: "java"

# Resource limits (lower for development)
operator:
  resources:
    limits:
      cpu: "250m"
      memory: "256Mi"
    requests:
      cpu: "50m"
      memory: "64Mi"

# Enable demo app
deployDemo: "java"

# Global labels
globalLabels:
  environment: "development"
  team: "dev"

Custom Sidecar Configuration

# values-sidecar.yaml
apiKey: "your-api-key-here"
clusterName: "my-cluster"

# Custom sidecar settings
sidecar:
  resources:
    limits:
      cpu: "750m"
      memory: "1Gi"
      ephemeral-storage: "200Mi"
    requests:
      cpu: "50m"
      memory: "128Mi"
      ephemeral-storage: "100Mi"
  ignore_src_hosts: "internal-service.example.com,metrics.example.com"
  ignore_dst_hosts: "external-api.example.com"
  ignore_src_ips: "10.0.0.1,10.0.0.2"
  ignore_dst_ips: "8.8.8.8,1.1.1.1"
  insert_init_first: true
  tls_out: true
  reinitialize_iptables: false

Troubleshooting

Common Issues

Pre-install Job Failure

If the pre-install job fails during installation, you'll see:

Error: INSTALLATION FAILED: failed pre-install: job failed: BackoffLimitExceeded

Solution:

  1. Inspect the logs:

    kubectl -n speedscale logs job/speedscale-operator-pre-install

  2. Uninstall and retry:

    helm -n speedscale uninstall speedscale-operator
    kubectl -n speedscale delete job speedscale-operator-pre-install
    helm install speedscale-operator speedscale/speedscale-operator \
      -n speedscale \
      --create-namespace \
      --set apiKey=<YOUR-API-KEY> \
      --set clusterName=<YOUR-CLUSTER-NAME>

API Key Issues

  • Ensure your API key is valid and active
  • Check that the clusterName is unique across your Speedscale account
  • Verify network connectivity to app.speedscale.com

Resource Constraints

If pods are failing to start due to resource constraints:

  1. Check available resources on your nodes
  2. Adjust resource requests/limits in the values
  3. Consider scaling your cluster

Network Issues

If using Calico networking on EKS:

hostNetwork: true

Upgrading

After upgrading the chart, restart workloads to pick up the latest sidecar:

kubectl -n <namespace> rollout restart deployment

Note: CRDs are not updated by default. Update them manually if needed.

Support