Reference

Environment variables and Helm values — every knob you can turn.

Environment variables

Variable	Default	Purpose
`JWT_SECRET_KEY`	—	Required, ≥32 chars. Sign auth tokens.
`SEED_ADMIN_USERNAME`	`admin`	First-run admin user.
`SEED_ADMIN_PASSWORD`	—	Required for first start.
`KERNEL_MODE`	`shared`	`shared` / `docker_per_user` / `k8s_per_user`
`KERNEL_POD_IMAGE`	`ghcr.io/sparklabx/kernel:latest`	Image used by per-user pods.
`KERNEL_POD_CPU_REQUEST`	`500m`	CPU request per kernel pod.
`KERNEL_POD_MEMORY_LIMIT`	`4Gi`	Memory limit per kernel pod.
`MINIO_ENDPOINT`	—	S3-compatible endpoint URL.
`DATABASE_URL`	—	Postgres connection string.
`CORS_ORIGINS`	`http://localhost:3000`	Allowed origins. `*` for dev only.
`ALLOWED_EMAIL_DOMAINS`	(empty)	OAuth email allow-list.

Full list in backend/internal/config/config.go.

Helm values

image:
  backend:  { repository: ghcr.io/sparklabx/backend,  tag: latest, pullPolicy: Always }
  frontend: { repository: ghcr.io/sparklabx/frontend, tag: latest, pullPolicy: Always }
  kernel:   { repository: ghcr.io/sparklabx/kernel,   tag: latest, pullPolicy: IfNotPresent }

kernel:
  idleMinutes: 30
  maxTotal: 50
  resources:
    requests: { cpu: 500m, memory: 1Gi }
    limits:   { cpu: 2000m, memory: 4Gi }

postgres:
  enabled: true                    # set false + fill external.* to use external DB
  external: { host: "", port: 5432 }
  persistence: { enabled: true, size: 10Gi }

minio:
  enabled: true
  external: { endpoint: "" }
  bucket: workspace
  persistence: { enabled: true, size: 50Gi }

ingress:
  enabled: true
  host: notebook.example.com
  tls: { enabled: true, issuer: letsencrypt-prod }

Full reference: chart/values.yaml.