Materialize Operator Configuration

You can configure the Materialize operator chart. For example:

• RBAC

  The chart creates a ClusterRole and ClusterRoleBinding by default.

• Network Policies

  Network policies can be enabled by setting networkPolicies.enabled=true. By default, the chart uses native Kubernetes network policies. For additional network policy configuration options, see networkPolicies parameters.

• Observability

  To enable observability features, set observability.enabled=true. This will create the necessary resources for monitoring the operator. For additional observability configuraiton options, see observability parameters.

Configure the Materialize operator chart

To configure the Materialize operator chart, you can:

• Recommended: Modify the provided values.yaml file (or create your own YAML file) that specifies the configuration values and then install the chart with the -f flag:

  helm install my-materialize-operator -f /path/to/values.yaml /path/to/materialize/helm-charts/operator
  

• Specify each parameter using the --set key=value[,key=value] argument to helm install. For example:

  helm install my-materialize-operator \
    --set operator.image.tag=v0.130.0 \
    /path/to/materialize/helm-charts/operator
  

Parameter	Default
clusterd.nodeSelector	{}
environmentd.nodeSelector	{}
networkPolicies.egress	{"cidrs":["0.0.0.0/0"],"enabled":false}
networkPolicies.enabled	false
networkPolicies.ingress	{"cidrs":["0.0.0.0/0"],"enabled":false}
networkPolicies.internal	{"enabled":false}
observability.enabled	true
observability.podMetrics.enabled	false
observability.prometheus.scrapeAnnotations.enabled	true
operator.args.enableInternalStatementLogging	true
operator.args.startupLogFilter	INFO,mz_orchestratord=TRACE
operator.cloudProvider.providers.aws.accountID
operator.cloudProvider.providers.aws.enabled	false
operator.cloudProvider.providers.aws.iam.roles.connection
operator.cloudProvider.providers.aws.iam.roles.environment
operator.cloudProvider.providers.gcp	{"enabled":false}
operator.cloudProvider.region	kind
operator.cloudProvider.type	local
operator.clusters.defaultSizes.analytics	25cc
operator.clusters.defaultSizes.catalogServer	50cc
operator.clusters.defaultSizes.default	25cc
operator.clusters.defaultSizes.probe	mz_probe
operator.clusters.defaultSizes.support	25cc
operator.clusters.defaultSizes.system	25cc
operator.features.authentication	false
operator.features.consoleImageTagMapOverride	{}
operator.features.createBalancers	true
operator.features.createConsole	true
operator.image.pullPolicy	IfNotPresent
operator.image.repository	materialize/orchestratord
operator.image.tag	v25.1
operator.nodeSelector	{}
operator.resources.limits	{"memory":"512Mi"}
operator.resources.requests	{"cpu":"100m","memory":"512Mi"}
operator.secretsController	kubernetes
rbac.create	true
schedulerName
serviceAccount.create	true
serviceAccount.name	orchestratord
storage.storageClass.allowVolumeExpansion	false
storage.storageClass.create	false
storage.storageClass.name
storage.storageClass.parameters	{"fsType":"ext4","storage":"lvm","volgroup":"instance-store-vg"}
storage.storageClass.provisioner
storage.storageClass.reclaimPolicy	Delete
storage.storageClass.volumeBindingMode	WaitForFirstConsumer
telemetry.enabled	true
telemetry.segmentApiKey	hMWi3sZ17KFMjn2sPWo9UJGpOQqiba4A
telemetry.segmentClientSide	true
tls.defaultCertificateSpecs	{}

Parameters

clusterd parameters

clusterd.nodeSelector

Default: {}

Node selector to use for clusterd pods spawned by the operator

environmentd parameters

environmentd.nodeSelector

Default: {}

Node selector to use for environmentd pods spawned by the operator

networkPolicies parameters

networkPolicies.egress

Default: {“cidrs”:[“0.0.0.0/0”],“enabled”:false}

egress from Materialize pods to sources and sinks

networkPolicies.enabled

Default: false

Whether to enable network policies for securing communication between pods

networkPolicies.ingress

Default: {“cidrs”:[“0.0.0.0/0”],“enabled”:false}

Ingress to the SQL and HTTP interfaces on environmentd or balancerd

networkPolicies.internal

Default: {“enabled”:false}

Internal communication between Materialize pods

observability parameters

observability.enabled

Default: true

Whether to enable observability features

observability.podMetrics.enabled

Default: false

Whether to enable the pod metrics scraper which populates the Environment Overview Monitoring tab in the web console (requires metrics-server to be installed)

observability.prometheus.scrapeAnnotations.enabled

Default: true

Whether to annotate pods with common keys used for prometheus scraping.

operator parameters

operator.args.enableInternalStatementLogging

Default: true

operator.args.startupLogFilter

Default: INFO,mz_orchestratord=TRACE

Log filtering settings for startup logs

operator.cloudProvider.providers.aws.accountID

Default:

When using AWS, accountID is required

operator.cloudProvider.providers.aws.enabled

Default: false

operator.cloudProvider.providers.aws.iam.roles.connection

Default:

ARN for CREATE CONNECTION feature

operator.cloudProvider.providers.aws.iam.roles.environment

Default:

ARN of the IAM role for environmentd

operator.cloudProvider.providers.gcp

Default: {“enabled”:false}

GCP Configuration (placeholder for future use)

operator.cloudProvider.region

Default: kind

Common cloud provider settings

operator.cloudProvider.type

Default: local

Specifies cloud provider. Valid values are ‘aws’, ‘gcp’, ‘azure’, ‘generic’, or ’local’.

operator.clusters.defaultSizes.analytics

Default: 25cc

operator.clusters.defaultSizes.catalogServer

Default: 50cc

operator.clusters.defaultSizes.default

Default: 25cc

operator.clusters.defaultSizes.probe

Default: mz_probe

operator.clusters.defaultSizes.support

Default: 25cc

operator.clusters.defaultSizes.system

Default: 25cc

operator.features.authentication

Default: false

Whether to enable environmentd rbac checks. Not yet supported in the helm chart

operator.features.consoleImageTagMapOverride

Default: {}

Override the mapping of environmentd versions to console versions

operator.features.createBalancers

Default: true

Flag to indicate whether to create balancerd pods for the environments

operator.features.createConsole

Default: true

Flag to indicate whether to create console pods for the environments

operator.image.pullPolicy

Default: IfNotPresent

Policy for pulling the image: “IfNotPresent” avoids unnecessary re-pulling of images

operator.image.repository

Default: materialize/orchestratord

The Docker repository for the operator image

operator.image.tag

Default: v25.1

The tag/version of the operator image to be used

operator.nodeSelector

Default: {}

operator.resources.limits

Default: {“memory”:“512Mi”}

Resource limits for the operator’s CPU and memory

operator.resources.requests

Default: {“cpu”:“100m”,“memory”:“512Mi”}

Resources requested by the operator for CPU and memory

operator.secretsController

Default: kubernetes

Which secrets controller to use for storing secrets. Valid values are ‘kubernetes’ and ‘aws-secrets-manager’. Setting ‘aws-secrets-manager’ requires a configured AWS cloud provider and IAM role for the environment with Secrets Manager permissions.

rbac parameters

rbac.create

Default: true

Whether to create necessary RBAC roles and bindings

schedulerName parameters

schedulerName

Default:

Optionally use a non-default kubernetes scheduler.

serviceAccount parameters

serviceAccount.create

Default: true

Whether to create a new service account for the operator

serviceAccount.name

Default: orchestratord

The name of the service account to be created

storage parameters

storage.storageClass.allowVolumeExpansion

Default: false

storage.storageClass.create

Default: false

Set to false to use an existing StorageClass instead.

storage.storageClass.name

Default:

Name of the StorageClass to create/use: eg “openebs-lvm-instance-store-ext4”

storage.storageClass.parameters

Default: {“fsType”:“ext4”,“storage”:“lvm”,“volgroup”:“instance-store-vg”}

Parameters for the CSI driver

storage.storageClass.provisioner

Default:

CSI driver to use, eg “local.csi.openebs.io”

storage.storageClass.reclaimPolicy

Default: Delete

storage.storageClass.volumeBindingMode

Default: WaitForFirstConsumer

telemetry parameters

telemetry.enabled

Default: true

telemetry.segmentApiKey

Default: hMWi3sZ17KFMjn2sPWo9UJGpOQqiba4A

telemetry.segmentClientSide

Default: true

tls parameters

tls.defaultCertificateSpecs

Default: {}

See also

• Troubleshooting
• Installation
• Operational guidelines