Umbrella Charts
MATIH uses umbrella charts to deploy groups of related services as a single Helm release. The two primary umbrella charts are matih-control-plane and matih-data-plane, each declaring service charts as dependencies with condition-based enablement.
Control Plane Umbrella
# From infrastructure/helm/matih-control-plane/Chart.yaml
apiVersion: v2
name: matih-control-plane
type: application
version: 1.0.0
dependencies:
- name: iam-service
version: "1.x.x"
repository: "file://../iam-service"
condition: iam-service.enabled
- name: tenant-service
version: "1.x.x"
repository: "file://../tenant-service"
condition: tenant-service.enabled
- name: config-service
version: "1.x.x"
repository: "file://../config-service"
condition: config-service.enabled
- name: audit-service
version: "1.x.x"
repository: "file://../audit-service"
condition: audit-service.enabled
- name: notification-service
version: "1.x.x"
repository: "file://../notification-service"
condition: notification-service.enabled
# Shared infrastructure
- name: postgresql
version: "13.x.x"
repository: "https://charts.bitnami.com/bitnami"
condition: postgresql.enabled
- name: redis
version: "18.x.x"
repository: "https://charts.bitnami.com/bitnami"
condition: redis.enabledData Plane Umbrella
# From infrastructure/helm/matih-data-plane/Chart.yaml
apiVersion: v2
name: matih-data-plane
type: application
version: 1.0.0
dependencies:
- name: query-engine
condition: query-engine.enabled
- name: catalog-service
condition: catalog-service.enabled
- name: pipeline-service
condition: pipeline-service.enabled
- name: semantic-layer
condition: semantic-layer.enabled
- name: bi-service
condition: bi-service.enabled
- name: ai-service
condition: ai-service.enabled
- name: ml-service
condition: ml-service.enabled
- name: data-quality-service
condition: data-quality-service.enabled
- name: data-plane-agent
condition: data-plane-agent.enabled
- name: render-service
condition: render-service.enabled
- name: ops-agent-service
condition: ops-agent-service.enabledData Plane Deployment Profiles
The data plane umbrella supports multiple deployment profiles via values overlay files:
| Profile | File | Services Enabled |
|---|---|---|
| Minimal | values-minimal.yaml | query-engine, ai-service, catalog-service |
| Standard | values-standard.yaml | All core services |
| AI-focused | values-ai.yaml | ai-service, ml-service + infrastructure |
| Analytics | values-analytics.yaml | bi-service, query-engine, semantic-layer |
| Full | values-full.yaml | All services including ML infrastructure |
Shared Templates
Both umbrella charts include shared templates for cross-cutting concerns:
Control Plane Templates
| Template | Purpose |
|---|---|
network-policy.yaml | Default deny + internal traffic rules |
pdb.yaml | Pod Disruption Budget for all services |
db-init-configmap.yaml | Database initialization SQL scripts |
db-init-job.yaml | Pre-install Job to create databases |
platform-version-configmap.yaml | Git commit, branch, deployer metadata |
Data Plane Templates
| Template | Purpose |
|---|---|
network-policies.yaml | 10+ network policies (default deny, internal, gateway, infrastructure, data mesh) |
resource-quotas.yaml | CPU, memory, pod, and storage quotas |
limit-ranges.yaml | Default and max container resource limits |
pod-disruption-budgets.yaml | PDB for all data plane services |
db-init-configmap.yaml | Data plane database initialization |
db-init-job.yaml | Database creation job |
secrets.yaml | Secret references |
servicemonitors.yaml | Prometheus ServiceMonitor for all services |
compute-billing-config.yaml | Billing label configuration for compute workloads |
otel-compute-config.yaml | OpenTelemetry configuration for compute |
Global Values Propagation
Top-level values in the umbrella chart propagate to all subcharts via the global key:
# From matih-data-plane/values.yaml
global:
namespace: matih-data-plane
imageRegistry: matihlabsacr.azurecr.io/matih
database:
host: "postgresql.matih-data-plane.svc.cluster.local"
port: 5432
redis:
host: "redis-master.matih-data-plane.svc.cluster.local"
port: 6379
kafka:
bootstrapServers: "strimzi-kafka-kafka-bootstrap.matih-data-plane.svc.cluster.local:9093"
securityProtocol: SSLSubcharts access these via .Values.global.database.host, etc.