Project YAML Configuration

The onehouse-values.yaml file is the primary configuration for the Quanton Operator. It is downloaded from the Onehouse console and passed to Helm at install time.

Install command

helm upgrade --install quanton-operator oci://registry-1.docker.io/onehouseai/quanton-operator \
    --namespace quanton-operator \
    --create-namespace \
    --set "quantonOperator.jobNamespaces={default}" \
    -f onehouse-values.yaml

Onehouse configuration

These values are pre-populated by Onehouse. Do not modify them unless instructed by Onehouse support.

Parameter	Description
`onehouseConfig.projectId`	Organization project ID
`onehouseConfig.linkId`	Cluster link ID
`onehouseConfig.endpoint`	Control plane gRPC endpoint (`gwc.onehouse.ai:443`)
`onehouseConfig.metricsEndpoint`	Metrics forwarding endpoint (`metrics.onehouse.ai:443`)
`onehouseConfig.mtls.clientCert`	Client certificate (PEM) for mTLS
`onehouseConfig.mtls.clientKey`	Client private key (PEM) for mTLS
`onehouseConfig.imagePullSecrets.accessToken`	Docker registry token for pulling Quanton images
`onehouseConfig.quantonSparkImage`	Quanton Spark runtime image
`onehouseConfig.authToken`	JWT token for control plane authentication

Operator configuration

These values control operator behavior and can be customized.

Parameter	Description	Default
`quantonOperator.jobNamespaces`	Namespaces where Spark jobs are permitted	`["default"]`
`quantonOperator.replicas`	Number of operator replicas	`1`
`quantonOperator.resources.requests.cpu`	CPU request	`100m`
`quantonOperator.resources.requests.memory`	Memory request	`256Mi`
`quantonOperator.resources.limits.cpu`	CPU limit	`500m`
`quantonOperator.resources.limits.memory`	Memory limit	`512Mi`
`quantonOperator.annotations`	Annotations applied to Spark pods	`{}`
`quantonOperator.nodeSelector`	Node selector for Spark pods	`{}`

Job namespaces

The jobNamespaces parameter controls which Kubernetes namespaces Spark jobs can run in.

Namespace-restricted mode (recommended): Specify explicit namespaces. The operator scopes RBAC and secrets to these namespaces only.

quantonOperator:
  jobNamespaces:
    - data-jobs
    - analytics

These namespaces must exist before installing. Create them first:

kubectl create namespace data-jobs
kubectl create namespace analytics

All-namespaces mode: Set to an empty list. The operator watches all namespaces.

quantonOperator:
  jobNamespaces: []

Masking sensitive Spark parameters

The operator forwards Spark configuration to the Onehouse control plane for observability. Keys containing secret, password, token, or access.key are masked automatically. Add additional keys to mask:

quantonOperator:
  additionalSparkParamsToMask:
    - "spark.hadoop.fs.s3a.session.token"
    - "spark.my.custom.credential"

Full example

onehouseConfig:
  projectId: "your-project-id"
  linkId: "your-link-id"
  endpoint: "gwc.onehouse.ai:443"
  metricsEndpoint: "metrics.onehouse.ai:443"
  mtls:
    clientCert: |
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----
    clientKey: |
      -----BEGIN PRIVATE KEY-----
      ...
      -----END PRIVATE KEY-----
  imagePullSecrets:
    accessToken: "your-docker-access-token"
  quantonSparkImage: "dist.onehouse.ai/onehouseai/quanton-spark:release-v1.29.0-al2023"
  authToken: "your-jwt-token"

quantonOperator:
  jobNamespaces:
    - data-jobs
  replicas: 1
  resources:
    requests:
      cpu: 100m
      memory: 256Mi
    limits:
      cpu: 500m
      memory: 512Mi
  annotations:
    team: "data-engineering"
  nodeSelector:
    workload: "batch"

Install command​

Onehouse configuration​

Operator configuration​

Job namespaces​

Masking sensitive Spark parameters​

Full example​