The operator is configured through command-line flags, which map directly to Helm values when deploying via Helm. All features are opt-in except the core reconciliation controllers.
Feature matrix Feature Default Flag Description ApplicationPersona controller Enabled Always on Validates deployments against persona constraints ClusterPersona controller Enabled Always on Discovers cluster state and resource capacity ArgoCD watcher Enabled --enable-argocdWatches ArgoCD Applications for sync status Validating webhook Disabled --enable-webhookIntercepts Deployment create/update Prometheus integration Disabled --prometheus-urlQueries Prometheus for resource baselines WebSocket server Disabled --enable-websocketReal-time CLI communication Leader election Disabled (flag default; enabled in Helm chart) --leader-electHA mode for multi-replica deployments Secure metrics Enabled --metrics-secureHTTPS metrics endpoint with RBAC
Command-line flags Core Flag Type Default Description --metrics-bind-addressstring 0Metrics endpoint bind address. Use :8443 for HTTPS or :8080 for HTTP. Set to 0 to disable. --health-probe-bind-addressstring :8081Health and readiness probe bind address --leader-electbool falseEnable leader election for HA deployments --enable-http2bool falseEnable HTTP/2 for metrics and webhook servers
Webhook Flag Type Default Description --enable-webhookbool falseEnable the validating admission webhook --webhook-modestring advisoryadvisory (warn only) or enforcing (reject on errors)--webhook-cert-pathstring ""Directory containing webhook TLS certificate --webhook-cert-namestring tls.crtWebhook certificate filename --webhook-cert-keystring tls.keyWebhook private key filename
Metrics Flag Type Default Description --metrics-securebool trueServe metrics over HTTPS with RBAC --metrics-cert-pathstring ""Directory containing metrics TLS certificate --metrics-cert-namestring tls.crtMetrics certificate filename --metrics-cert-keystring tls.keyMetrics private key filename
Integrations Flag Type Default Description --enable-argocdbool trueEnable ArgoCD Application watching --prometheus-urlstring ""Prometheus server URL for baseline learning --enable-websocketbool falseEnable WebSocket server for CLI --websocket-addrstring :9090WebSocket server listen address
The ArgoCD watcher only activates if both --enable-argocd=true and the ArgoCD Application CRD (argoproj.io/v1alpha1) is detected in the cluster. If the CRD is missing, the watcher silently skips registration.
Example: Full-featured deployment ./bin/manager \ --metrics-bind-address :8443 \ --health-probe-bind-address :8081 \ --leader-elect \ --enable-webhook \ --webhook-mode enforcing \ --enable-argocd \ --prometheus-url http://prometheus-server.monitoring:9090 \ --enable-websocket \ --websocket-addr :9090
Helm values Complete Helm values.yaml reference
Installation Install methods and verification
