Helm Chart Reference
Overview
The claude-in-a-box Helm chart deploys a StatefulSet running Claude Code with 32+ SRE/DevOps tools into any Kubernetes cluster. It manages RBAC permissions, network policies, persistent storage, and health probes.
| Chart Name | claude-in-a-box |
| Version | 0.1.0 |
| App Version | dev |
| Type | application |
| API Version | v2 (Helm 3 required) |
Security Profiles
The chart supports three security profiles, selected via values overlay files. The default profile is readonly -- safe for production use.
| Feature | Readonly (default) | Operator | Airgapped |
|---|---|---|---|
| RBAC Level | get, list, watch | + delete pods, create exec, update deployments | get, list, watch (readonly) |
| NetworkPolicy Egress | DNS + HTTPS + K8s API | DNS + HTTPS + K8s API | DNS + K8s API only (no HTTPS) |
| Registry Source | Public (DockerHub/GHCR) | Public (DockerHub/GHCR) | Private registry |
| Use Case | Safe cluster inspection | Active debugging / incident response | Air-gapped / restricted environments |
| Values File | values.yaml (default) | values-operator.yaml | values-airgapped.yaml |
Values Reference
Complete reference for all configurable values. Descriptions are sourced from the -- comment annotations in values.yaml.
| Key | Type | Default | Description |
|---|---|---|---|
| replicaCount | int | 1 | Number of replicas (StatefulSet) |
| image.repository | string | claude-in-a-box | Container image repository |
| image.pullPolicy | string | IfNotPresent | Image pull policy |
| image.tag | string | "dev" | Image tag (overrides appVersion) |
| imagePullSecrets | list | [] | Image pull secrets for private registries |
| nameOverride | string | "" | Override the release name |
| fullnameOverride | string | "claude-agent" | Force resource names regardless of release name |
| serviceAccount.create | bool | true | Create a ServiceAccount |
| serviceAccount.name | string | "" | ServiceAccount name (auto-generated if empty) |
| serviceAccount.automountServiceAccountToken | bool | true | Automount API credentials |
| claudeMode | string | "interactive" | Claude Code operating mode (interactive, remote-control, headless) |
| operator.enabled | bool | false | Enable operator ClusterRole and ClusterRoleBinding |
| networkPolicy.enabled | bool | true | Create NetworkPolicy resource |
| networkPolicy.egress.dns.enabled | bool | true | Allow DNS egress (UDP/TCP 53) |
| networkPolicy.egress.https.enabled | bool | true | Allow HTTPS egress (TCP 443) |
| networkPolicy.egress.https.cidr | string | "0.0.0.0/0" | CIDR for HTTPS egress (Anthropic API) |
| networkPolicy.egress.k8sApi.enabled | bool | true | Allow K8s API server egress (TCP 6443) |
| networkPolicy.egress.k8sApi.cidr | string | "0.0.0.0/0" | CIDR for K8s API server |
| podSecurityContext.runAsUser | int | 10000 | User ID for container process |
| podSecurityContext.runAsGroup | int | 10000 | Group ID for container process |
| podSecurityContext.fsGroup | int | 10000 | Filesystem group for volume mounts |
| podSecurityContext.fsGroupChangePolicy | string | OnRootMismatch | When to apply fsGroup ownership |
| podSecurityContext.runAsNonRoot | bool | true | Reject containers running as root |
| resources.requests.memory | string | "512Mi" | Memory request for scheduling |
| resources.requests.cpu | string | "250m" | CPU request for scheduling |
| resources.limits.memory | string | "2Gi" | Memory limit (caps burst) |
| resources.limits.cpu | string | "2000m" | CPU limit (caps burst) |
| persistence.size | string | "1Gi" | Storage size for PVC |
| persistence.storageClassName | string | "" | Storage class (empty = cluster default) |
| persistence.accessMode | string | ReadWriteOnce | Access mode for PVC |
| livenessProbe.exec.command | list | ["/usr/local/bin/healthcheck.sh"] | Liveness probe command (pgrep -f claude) |
| livenessProbe.initialDelaySeconds | int | 10 | Delay before first liveness check |
| livenessProbe.periodSeconds | int | 30 | Interval between liveness checks |
| livenessProbe.timeoutSeconds | int | 5 | Timeout for liveness check |
| readinessProbe.exec.command | list | ["/usr/local/bin/readiness.sh"] | Readiness probe command (claude auth status) |
| readinessProbe.initialDelaySeconds | int | 10 | Delay before first readiness check |
| readinessProbe.periodSeconds | int | 30 | Interval between readiness checks |
| readinessProbe.timeoutSeconds | int | 10 | Timeout for readiness check |
| terminationGracePeriodSeconds | int | 60 | Grace period for pod shutdown |
RBAC Architecture
The chart creates a ServiceAccount with reader-tier RBAC by default. Operator-tier permissions are opt-in via operator.enabled: true.
RBAC Architecture
ServiceAccount with two-tier ClusterRole bindings. Operator role is conditional (dashed when disabled).
Network Policy
The chart creates a default-deny-all NetworkPolicy with selective egress rules. All ingress is blocked. Egress is allowed only to DNS, HTTPS (Anthropic API), and the Kubernetes API server. A CNI that enforces NetworkPolicy (like Calico) is required -- the default KIND CNI (kindnet) silently ignores these rules.
Network Policy
Default-deny with selective egress. Ingress is fully blocked.
Template Files
The chart includes the following template files in helm/claude-in-a-box/templates/:
| File | Kind | Description |
|---|---|---|
| statefulset.yaml | StatefulSet | Main workload with PVC template, probes, and security context |
| service.yaml | Service | ClusterIP service for internal pod access |
| serviceaccount.yaml | ServiceAccount | Pod identity with API token automount |
| networkpolicy.yaml | NetworkPolicy | Default-deny with selective egress rules |
| clusterrole-reader.yaml | ClusterRole | Read-only RBAC (get/list/watch across resource types) |
| clusterrole-operator.yaml | ClusterRole | Elevated RBAC for debugging (conditional on operator.enabled) |
| clusterrolebinding-reader.yaml | ClusterRoleBinding | Binds reader ClusterRole to ServiceAccount |
| clusterrolebinding-operator.yaml | ClusterRoleBinding | Binds operator ClusterRole to ServiceAccount (conditional) |
| _helpers.tpl | Template helpers | Reusable named templates for labels, names, and selectors |
| NOTES.txt | Post-install notes | Usage instructions displayed after helm install |
Installation Examples
Default (Readonly Profile)
Operator Profile
Adds pod delete, exec, and deployment update permissions for active debugging.
Airgapped Profile
Blocks external HTTPS egress and uses a private registry. For air-gapped or restricted environments.