Documentation

kagent#

A Helm chart for kagent, built with Google ADK

Requirements#

Repository	Name	Version
file://../agents/argo-rollouts	argo-rollouts-agent
file://../agents/cilium-debug	cilium-debug-agent
file://../agents/cilium-manager	cilium-manager-agent
file://../agents/cilium-policy	cilium-policy-agent
file://../agents/helm	helm-agent
file://../agents/istio	istio-agent
file://../agents/k8s	k8s-agent
file://../agents/kgateway	kgateway-agent
file://../agents/observability	observability-agent
file://../agents/promql	promql-agent
file://../tools/grafana-mcp	grafana-mcp
file://../tools/querydoc	querydoc
https://oauth2-proxy.github.io/manifests	oauth2-proxy	~7.0.0
oci://ghcr.io/kagent-dev/kmcp/helm	kmcp	`${KMCP_VERSION}`
oci://ghcr.io/kagent-dev/tools/helm	kagent-tools	0.1.3

Values#

Key	Type	Default	Description
agents.argo-rollouts-agent.enabled	bool	`true`
agents.argo-rollouts-agent.resources.limits.cpu	string	`"1000m"`
agents.argo-rollouts-agent.resources.limits.memory	string	`"1Gi"`
agents.argo-rollouts-agent.resources.requests.cpu	string	`"100m"`
agents.argo-rollouts-agent.resources.requests.memory	string	`"256Mi"`
agents.cilium-debug-agent.enabled	bool	`true`
agents.cilium-debug-agent.resources.limits.cpu	string	`"1000m"`
agents.cilium-debug-agent.resources.limits.memory	string	`"1Gi"`
agents.cilium-debug-agent.resources.requests.cpu	string	`"100m"`
agents.cilium-debug-agent.resources.requests.memory	string	`"256Mi"`
agents.cilium-manager-agent.enabled	bool	`true`
agents.cilium-manager-agent.resources.limits.cpu	string	`"1000m"`
agents.cilium-manager-agent.resources.limits.memory	string	`"1Gi"`
agents.cilium-manager-agent.resources.requests.cpu	string	`"100m"`
agents.cilium-manager-agent.resources.requests.memory	string	`"256Mi"`
agents.cilium-policy-agent.enabled	bool	`true`
agents.cilium-policy-agent.resources.limits.cpu	string	`"1000m"`
agents.cilium-policy-agent.resources.limits.memory	string	`"1Gi"`
agents.cilium-policy-agent.resources.requests.cpu	string	`"100m"`
agents.cilium-policy-agent.resources.requests.memory	string	`"256Mi"`
agents.helm-agent.enabled	bool	`true`
agents.helm-agent.resources.limits.cpu	string	`"1000m"`
agents.helm-agent.resources.limits.memory	string	`"1Gi"`
agents.helm-agent.resources.requests.cpu	string	`"100m"`
agents.helm-agent.resources.requests.memory	string	`"256Mi"`
agents.istio-agent.enabled	bool	`true`
agents.istio-agent.resources.limits.cpu	string	`"1000m"`
agents.istio-agent.resources.limits.memory	string	`"1Gi"`
agents.istio-agent.resources.requests.cpu	string	`"100m"`
agents.istio-agent.resources.requests.memory	string	`"256Mi"`
agents.k8s-agent.enabled	bool	`true`
agents.k8s-agent.resources.limits.cpu	string	`"1000m"`
agents.k8s-agent.resources.limits.memory	string	`"1Gi"`
agents.k8s-agent.resources.requests.cpu	string	`"100m"`
agents.k8s-agent.resources.requests.memory	string	`"256Mi"`
agents.kgateway-agent.enabled	bool	`true`
agents.kgateway-agent.resources.limits.cpu	string	`"1000m"`
agents.kgateway-agent.resources.limits.memory	string	`"1Gi"`
agents.kgateway-agent.resources.requests.cpu	string	`"100m"`
agents.kgateway-agent.resources.requests.memory	string	`"256Mi"`
agents.observability-agent.enabled	bool	`true`
agents.observability-agent.resources.limits.cpu	string	`"1000m"`
agents.observability-agent.resources.limits.memory	string	`"1Gi"`
agents.observability-agent.resources.requests.cpu	string	`"100m"`
agents.observability-agent.resources.requests.memory	string	`"256Mi"`
agents.promql-agent.enabled	bool	`true`
agents.promql-agent.resources.limits.cpu	string	`"1000m"`
agents.promql-agent.resources.limits.memory	string	`"1Gi"`
agents.promql-agent.resources.requests.cpu	string	`"100m"`
agents.promql-agent.resources.requests.memory	string	`"256Mi"`
controller.a2aBaseUrl	string	`http://<fullname>-controller.<namespace>.svc.cluster.local:<port>`	The base URL of the A2A Server endpoint, as advertised to clients.
controller.agentDeployment	object	`{"host":"","podLabels":{},"serviceAccountName":""}`	Global deployment defaults applied to all agent pods. Per-agent settings in the Agent CRD take precedence over these defaults.
controller.agentDeployment.host	string	"" (controller falls back to "0.0.0.0"; "::" when ipv6.enabled)	Default host address for agent pods to bind to. Leave empty to use the controller's default fallback of "0.0.0.0". Automatically set to "::" when ipv6.enabled is true. Can be explicitly overridden here regardless of the ipv6 flag.
controller.agentDeployment.podLabels	object	(no extra labels)	Default labels applied to all agent pod templates. Per-agent labels in the Agent CRD take precedence over these defaults.
controller.agentDeployment.serviceAccountName	string	"" (auto-create per-agent ServiceAccount)	Default ServiceAccount name for agent pods. When set, agent pods that don't specify an explicit serviceAccountName will use this ServiceAccount instead of creating a per-agent one. Useful for Workload Identity (GCP, AWS IRSA, Azure Workload Identity). Precedence: agent-level serviceAccountName > this default > auto-created SA.
controller.agentImage.pullPolicy	string	`""`
controller.agentImage.registry	string	`""`
controller.agentImage.repository	string	`"kagent-dev/kagent/app"`
controller.agentImage.tag	string	`""`
controller.auth.mode	string	`"unsecure"`
controller.auth.userIdClaim	string	`""`
controller.env	list	`[]`
controller.envFrom	list	`[]`
controller.image.pullPolicy	string	`""`
controller.image.registry	string	`""`
controller.image.repository	string	`"kagent-dev/kagent/controller"`
controller.image.tag	string	`""`
controller.loglevel	string	`"info"`
controller.nodeSelector	object	`{}`	Node labels to match for `Pod` scheduling.
controller.podAnnotations	object	`{}`
controller.replicas	int	`1`
controller.resources.limits.cpu	int	`2`
controller.resources.limits.memory	string	`"512Mi"`
controller.resources.requests.cpu	string	`"100m"`
controller.resources.requests.memory	string	`"128Mi"`
controller.service.ports.port	int	`8083`
controller.service.ports.targetPort	int	`8083`
controller.service.type	string	`"ClusterIP"`
controller.skillsInitImage	object	`{"pullPolicy":"","registry":"","repository":"kagent-dev/kagent/skills-init","tag":""}`	The image used by the skills-init container to clone skills from Git and pull OCI skill images.
controller.streaming.initialBufSize	string	`"4Ki"`
controller.streaming.maxBufSize	string	`"1Mi"`
controller.streaming.timeout	string	`"600s"`
controller.tolerations	list	`[]`	Node taints which will be tolerated for `Pod` scheduling.
controller.volumeMounts	list	`[]`
controller.volumes	list	`[]`
controller.watchNamespaces	list	[] (watches all available namespaces)	Namespaces the controller should watch. If empty, the controller will watch ALL available namespaces.
database.postgres.bundled	object	{"enabled":true,"image":{"name":"postgres","pullPolicy":"IfNotPresent","registry":"docker.io","repository":"library","tag":"18.3-alpine"},"podSecurityContext":{"fsGroup":999,"runAsGroup":999,"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"RuntimeDefault"}},"resources":{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"256Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"seccompProfile":{"type":"RuntimeDefault"}},"storage":"500Mi","storageClassName":""}	Bundled PostgreSQL instance — for development and evaluation only. Not suitable for production. Deployed when enabled is true and url/urlFile are not set.
database.postgres.bundled.enabled	bool	`true`	Set to false to disable the bundled database and provide your own via url or urlFile.
database.postgres.bundled.image.name	string	`"postgres"`	Bundled PostgreSQL image name
database.postgres.bundled.image.pullPolicy	string	`"IfNotPresent"`	Bundled PostgreSQL image pull policy
database.postgres.bundled.image.registry	string	`"docker.io"`	Bundled PostgreSQL image registry
database.postgres.bundled.image.repository	string	`"library"`	Bundled PostgreSQL image repository (org/namespace)
database.postgres.bundled.image.tag	string	`"18.3-alpine"`	Bundled PostgreSQL image tag
database.postgres.bundled.podSecurityContext	object	`{"fsGroup":999,"runAsGroup":999,"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"RuntimeDefault"}}`	Pod-level security context for the bundled PostgreSQL deployment.
database.postgres.bundled.resources	object	`{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"256Mi"}}`	Resource requests/limits for the demo PostgreSQL container
database.postgres.bundled.securityContext	object	`{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"seccompProfile":{"type":"RuntimeDefault"}}`	Container-level security context for the bundled PostgreSQL container.
database.postgres.bundled.storage	string	`"500Mi"`	PersistentVolumeClaim size for demo PostgreSQL data
database.postgres.bundled.storageClassName	string	`""`	StorageClass for the PostgreSQL PVC. Defaults to the cluster default when empty.
database.postgres.url	string	`""`	External PostgreSQL connection string. Is always used if set regardless of the `.bundled.enabled` field.
database.postgres.urlFile	string	`""`	Path to a file containing the database URL. Takes precedence over url when set. Is always used if set regardless of the `.bundled.enabled` field.
database.postgres.vectorEnabled	bool	`false`	Enable the pgvector migration Required to use features that depend on database vector capability. (e.g. long-term memory) Set to true when using an external PostgreSQL that has the pgvector extension installed.
fullnameOverride	string	`""`
grafana-mcp.grafana.serviceAccountToken	string	`""`
grafana-mcp.grafana.url	string	`"grafana.kagent:3000/api"`
grafana-mcp.resources.limits.cpu	string	`"500m"`
grafana-mcp.resources.limits.memory	string	`"512Mi"`
grafana-mcp.resources.requests.cpu	string	`"100m"`
grafana-mcp.resources.requests.memory	string	`"128Mi"`
imagePullPolicy	string	`"IfNotPresent"`
imagePullSecrets	list	`[]`
ipv6	object	false	Enable IPv6/dual-stack support. When true, configures all components for dual-stack (IPv4+IPv6) networking: - nginx listens on both IPv4 and IPv6 (adds `listen [::]:8080`) - Next.js binds to `::` instead of `0.0.0.0` - Agent pods bind to `::` for dual-stack reachability Leave disabled on clusters where IPv6 is disabled at the kernel level.
kagent-tools.enabled	bool	`true`
kagent-tools.nameOverride	string	`"tools"`
kagent-tools.replicaCount	int	`1`
kagent-tools.resources.limits.cpu	string	`"1000m"`
kagent-tools.resources.limits.memory	string	`"1Gi"`
kagent-tools.resources.requests.cpu	string	`"100m"`
kagent-tools.resources.requests.memory	string	`"256Mi"`
kagent-tools.tools.loglevel	string	`"debug"`
kagent-tools.tools.metrics.port	int	`8085`
kmcp.enabled	bool	`true`
kmcp.fullnameOverride	string	`""`
kmcp.nameOverride	string	`"kmcp"`
kmcp.namespaceOverride	string	`""`
labels	object	`{}`	Additional labels to add to all Kubernetes resources
nameOverride	string	`""`
namespaceOverride	string	`.Release.Namespace`	Override the namespace
nodeSelector	object	`{}`	Node labels to match for `Pod` scheduling.
oauth2-proxy.config.clientID	string	`""`
oauth2-proxy.config.clientSecret	string	`""`
oauth2-proxy.config.cookieSecret	string	`""`
oauth2-proxy.config.existingSecret	string	`""`
oauth2-proxy.enabled	bool	`false`
oauth2-proxy.extraArgs.approval-prompt	string	`"auto"`
oauth2-proxy.extraArgs.cookie-samesite	string	`"lax"`
oauth2-proxy.extraArgs.cookie-secure	bool	`true`
oauth2-proxy.extraArgs.custom-templates-dir	string	`"/templates"`
oauth2-proxy.extraArgs.email-domain	string	`"*"`
oauth2-proxy.extraArgs.oidc-issuer-url	string	`"$(OIDC_ISSUER_URL)"`
oauth2-proxy.extraArgs.pass-authorization-header	bool	`true`
oauth2-proxy.extraArgs.provider	string	`"oidc"`
oauth2-proxy.extraArgs.redirect-url	string	`"$(OIDC_REDIRECT_URL)"`
oauth2-proxy.extraArgs.scope	string	`"openid profile email groups"`
oauth2-proxy.extraArgs.set-authorization-header	bool	`true`
oauth2-proxy.extraArgs.skip-auth-regex	string	`"^/(login	_next/static
oauth2-proxy.extraArgs.skip-auth-route	string	`"^/(health	login)$"`
oauth2-proxy.extraArgs.skip-jwt-bearer-tokens	bool	`true`
oauth2-proxy.extraArgs.upstream	string	`"$(UPSTREAM_URL)"`
oauth2-proxy.extraEnv[0].name	string	`"OIDC_ISSUER_URL"`
oauth2-proxy.extraEnv[0].value	string	`""`
oauth2-proxy.extraEnv[1].name	string	`"OIDC_REDIRECT_URL"`
oauth2-proxy.extraEnv[1].value	string	`""`
oauth2-proxy.extraEnv[2].name	string	`"UPSTREAM_URL"`
oauth2-proxy.extraEnv[2].value	string	`"http://kagent-ui:8080"`
oauth2-proxy.extraVolumeMounts[0].mountPath	string	`"/templates"`
oauth2-proxy.extraVolumeMounts[0].name	string	`"custom-templates"`
oauth2-proxy.extraVolumeMounts[0].readOnly	bool	`true`
oauth2-proxy.extraVolumes[0].configMap.name	string	`"kagent-oauth2-proxy-templates"`
oauth2-proxy.extraVolumes[0].name	string	`"custom-templates"`
oauth2-proxy.redis.enabled	bool	`false`
oauth2-proxy.service.portNumber	int	`4180`
oauth2-proxy.service.type	string	`"ClusterIP"`
oauth2-proxy.sessionStorage.type	string	`"cookie"`
otel.logging.enabled	bool	`false`
otel.logging.exporter.otlp.endpoint	string	`""`
otel.logging.exporter.otlp.insecure	bool	`true`
otel.logging.exporter.otlp.timeout	int	`15000`
otel.tracing.enabled	bool	`false`
otel.tracing.exporter.otlp.endpoint	string	`""`
otel.tracing.exporter.otlp.insecure	bool	`true`
otel.tracing.exporter.otlp.protocol	string	`"grpc"`
otel.tracing.exporter.otlp.timeout	int	`15000`
podAnnotations	object	`{}`
podSecurityContext	object	`{"runAsNonRoot":true}`	Security context for all pods
providers.anthropic.apiKeySecretKey	string	`"ANTHROPIC_API_KEY"`
providers.anthropic.apiKeySecretRef	string	`"kagent-anthropic"`
providers.anthropic.model	string	`"claude-haiku-4-5"`
providers.anthropic.provider	string	`"Anthropic"`
providers.azureOpenAI.apiKeySecretKey	string	`"AZUREOPENAI_API_KEY"`
providers.azureOpenAI.apiKeySecretRef	string	`"kagent-azure-openai"`
providers.azureOpenAI.config.apiVersion	string	`"2023-05-15"`
providers.azureOpenAI.config.azureAdToken	string	`""`
providers.azureOpenAI.config.azureDeployment	string	`""`
providers.azureOpenAI.config.azureEndpoint	string	`""`
providers.azureOpenAI.model	string	`"gpt-4.1-mini"`
providers.azureOpenAI.provider	string	`"AzureOpenAI"`
providers.default	string	`"openAI"`
providers.gemini.apiKeySecretKey	string	`"GOOGLE_API_KEY"`
providers.gemini.apiKeySecretRef	string	`"kagent-gemini"`
providers.gemini.model	string	`"gemini-2.0-flash-lite"`
providers.gemini.provider	string	`"Gemini"`
providers.ollama.config.host	string	`"host.docker.internal:11434"`
providers.ollama.config.options.num_ctx	string	`"64000"`
providers.ollama.model	string	`"llama3.2"`
providers.ollama.provider	string	`"Ollama"`
providers.openAI.apiKeySecretKey	string	`"OPENAI_API_KEY"`
providers.openAI.apiKeySecretRef	string	`"kagent-openai"`
providers.openAI.model	string	`"gpt-4.1-mini"`
providers.openAI.provider	string	`"OpenAI"`
proxy.url	string	`""`
querydoc.image.pullPolicy	string	`"IfNotPresent"`
querydoc.image.registry	string	`"ghcr.io"`
querydoc.image.repository	string	`"kagent-dev/doc2vec/mcp"`
querydoc.image.tag	string	`"1.1.14"`
querydoc.openai.apiKey	string	`""`
querydoc.replicas	int	`1`
querydoc.resources.limits.cpu	string	`"500m"`
querydoc.resources.limits.memory	string	`"512Mi"`
querydoc.resources.requests.cpu	string	`"100m"`
querydoc.resources.requests.memory	string	`"128Mi"`
rbac.namespaces	list	`[]`	Namespaces in which to create Role and RoleBinding resources. If empty (default), the chart creates cluster-scoped ClusterRole and ClusterRoleBinding resources and the controller watches all namespaces. If set, the chart creates a Role + RoleBinding per listed namespace and the controller's WATCH_NAMESPACES is derived from this list (unless controller.watchNamespaces is set explicitly, which always takes precedence).
registry	string	`"cr.kagent.dev"`
securityContext	object	`{"readOnlyRootFilesystem":true}`	Security context for all containers
tag	string	`""`
tolerations	list	`[]`	Node taints which will be tolerated for `Pod` scheduling.
tools.grafana-mcp.enabled	bool	`true`
tools.querydoc.enabled	bool	`true`
ui.auth.ssoRedirectPath	string	`"/oauth2/start"`
ui.env	object	`{}`
ui.image.pullPolicy	string	`""`
ui.image.registry	string	`""`
ui.image.repository	string	`"kagent-dev/kagent/ui"`
ui.image.tag	string	`""`
ui.nodeSelector	object	`{}`	Node labels to match for `Pod` scheduling.
ui.podAnnotations	object	`{}`
ui.podSecurityContext	object	(uses global podSecurityContext)	Pod-level security context for the UI pod. Overrides the global podSecurityContext.
ui.readinessProbe	object	httpGet /health on port http, periodSeconds=30	Custom readiness probe for the UI container. Override to adjust thresholds, use exec-based probes, or change the health path.
ui.replicas	int	`1`
ui.resources.limits.cpu	string	`"1000m"`
ui.resources.limits.memory	string	`"1Gi"`
ui.resources.requests.cpu	string	`"100m"`
ui.resources.requests.memory	string	`"256Mi"`
ui.securityContext	object	(uses global securityContext)	Container-level security context for the UI container. Overrides the global securityContext.
ui.service.annotations	object	`{}`
ui.service.ports.port	int	`8080`
ui.service.ports.targetPort	int	`8080`
ui.service.type	string	`"ClusterIP"`
ui.startupProbe	object	httpGet /health on port http, periodSeconds=1, initialDelaySeconds=1	Custom startup probe for the UI container. Override to adjust thresholds, use exec-based probes, or change the health path.
ui.tolerations	list	`[]`	Node taints which will be tolerated for `Pod` scheduling.
ui.volumes	object	`{"nextjsCache":"100Mi","tmp":"50Mi"}`	EmptyDir volume sizes for Next.js UI workload (typically used when enabling readOnlyRootFilesystem)
ui.volumes.nextjsCache	string	`"100Mi"`	Size limit for Next.js build cache (.next/cache). Default 100Mi is sufficient for typical Next.js apps with moderate caching needs.
ui.volumes.tmp	string	`"50Mi"`	Size limit for temporary files (/tmp). Default 50Mi provides ample space for Next.js runtime temporary data.

Kagent Lab: Discover kagent and kmcp

Free, on‑demand lab: build custom AI agents with kagent and integrate tools via kmcp on Kubernetes.

Start the Lab