Sambastack.yaml Reference

On-prem
Hosted

gateway:
  replicas: 3
  auth:
    enabled: true
    secretName: <oidc-auth secret name>
  ingress:
    hosts:
      - host: <api url>
        tlsSecretName: <k8s api secret name>
    annotations:
      nginx.ingress.kubernetes.io/backend-protocol: HTTP
      nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
      nginx.ingress.kubernetes.io/proxy-read-timeout: '600'
      nginx.ingress.kubernetes.io/proxy-body-size: 25m
      nginx.ingress.kubernetes.io/enable-cors: 'true'
      nginx.ingress.kubernetes.io/configuration-snippet: |
        proxy_set_header Authorization $http_authorization;
        limit_req zone=240_req_min_header burst=360 nodelay;
        limit_req_status 429;

cloud-ui:
  ingress:
    hosts:
      - host: <ui url>
        tlsSecretName: <k8s api secret name>
    annotations:
      nginx.ingress.kubernetes.io/backend-protocol: HTTP
      nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
      nginx.ingress.kubernetes.io/proxy-body-size: 21m
      nginx.ingress.kubernetes.io/configuration-snippet: |
        proxy_set_header Authorization $http_authorization;
        limit_req zone=120_req_min_ip burst=240 nodelay;
        limit_req_status 429;

db-admin:
  admins:
  - temp-admin@cluster.local
  - example@example.com                # Email of lasting admin account

auth-and-billing:
  pgSecretName: pg-credentials         # Only needed with a custom external postgres DB

cloudnative-pg:
  enabled: false                       # Only needed with a custom external postgres DB

bundles:
  bundleSpecs:
    - name: gpt-oss-120b-8-32-64-128k
  bundleDeploymentSpecs:
    - name: gpt-oss-120b-8-32-64-128k
      groups:
        - name: default
          minReplicas: 1
          qosList:
            - web
            - free

serviceTiers:
  <Tier1>:                              # Custom service tier name
    - models:
        - gpt-oss-120b-8-32-64-128k
      queueDepth: 25                    # Queries to queue before returning busy
      qos: "free"                       # Usually matches service tier name
      rates:
        - allowedRequests: 50
          periodSeconds: 60
  <Tier2>:                              # Tier that inherits from another
    inherits: <Tier1>
    overrides:
      - models:
          - gpt-oss-120b-8-32-64-128k
        queueDepth: 25
        qos: "free"
        rates:
          - allowedRequests: 100
            periodSeconds: 60

This reference uses gpt-oss-120b-8-32-64-128k as the example model bundle. You can use any model bundle(s) you like in practice.

apiVersion: v1
kind: ConfigMap
metadata:
  annotations:
    serial: "1"
  name: sambastack
  labels:
    sambastack-installer: "true"
data:
  sambastack.yaml: |
    version: <latest sambastack version>

# API Configuration
    gateway:
      ingress:
        hosts:
          - host: api.example.com
            tlsSecretName: <name-for-tls>

# UI Configuration    
    cloud-ui:
      ingress:
        hosts:
        - host: ui.example.com
          tlsSecretName: <name-for-tls>

# Auth and Billing Configuration
    auth-and-billing:
      pgSecretName: pg-credentials        # Kubernetes secret with PostgreSQL credentials
    
# Database Configuration  
    cloudnative-pg:
      enabled: false                      # Disable in-cluster PostgreSQL
    
# Model Bundle(s) Configuration    
    bundles:
      bundleSpecs:
      - name: gpt-oss-120b-8-32-64-128k     
      bundleDeploymentSpecs:
      - name: gpt-oss-120b-8-32-64-128k
        groups:             
        - name: "default"
          minReplicas: 1
          qosList: 
          - "web"
          - "free"%

Contact your SambaStack representative for the latest SambaStack version.

Configuration Parameters

gateway

Parameter	Type	Description
`gateway.replicas`	integer	API gateway replica count for high availability
`gateway.auth.enabled`	boolean	Enable built-in OIDC integration
`gateway.auth.secretName`	string	Name of Kubernetes Secret containing OIDC credentials. Leave empty for default auth mode
`gateway.ingress.hosts[].host`	string	Your API FQDN (e.g., `api.example.com`)
`gateway.ingress.hosts[].tlsSecretName`	string	Kubernetes TLS secret name for the API host

cloud-ui (Web UI)

Parameter	Type	Description
`cloud-ui.replicas`	integer	UI replica count for high availability
`cloud-ui.ingress.hosts[].host`	string	Your UI FQDN (e.g., `ui.example.com`)
`cloud-ui.ingress.hosts[].tlsSecretName`	string	Kubernetes TLS secret name for the UI host

db-admin

Parameter	Type	Description
`db-admin.admins`	list	Email addresses of users who can access the Admin UI

auth-and-billing

Parameter	Type	Description
`auth-and-billing.replicas`	integer	Core control-plane service scaling
`auth-and-billing.pgSecretName`	string	Name of Kubernetes Secret containing external PostgreSQL connection details (`DB_HOST`, `DB_DATABASE`, `DB_USER`, `DB_PASSWD`) as base64-encoded data fields. Required when using external PostgreSQL

cloudnative-pg

Parameter	Type	Description
`cloudnative-pg.enabled`	boolean	`true` = deploy in-cluster PostgreSQL; `false` = use external PostgreSQL via `auth-and-billing.pgSecretName`

bundles

Parameter	Type	Description
`bundles.bundleSpecs[]`	list	Declares bundles (model assets) by name
`bundles.bundleDeploymentSpecs[]`	list	Deploys the declared bundles
`bundleDeploymentSpecs[].name`	string	Must match a declared `bundleSpecs.name`
`bundleDeploymentSpecs[].groups[].name`	string	Routing/capacity group name
`bundleDeploymentSpecs[].groups[].minReplicas`	integer	Minimum engines for the group
`bundleDeploymentSpecs[].groups[].qosList[]`	list	QoS tags (e.g., `web`, `free`, `pro`)

Getting Started

Service Administration

Hardware Administration

Reference Architecture

Resources

Configuration Parameters

gateway

cloud-ui (Web UI)

db-admin

auth-and-billing

cloudnative-pg

bundles

Getting Started

Service Administration

Hardware Administration

Reference Architecture

Resources

​Configuration Parameters

​gateway

​cloud-ui (Web UI)

​db-admin

​auth-and-billing

​cloudnative-pg

​bundles

Configuration Parameters

gateway

cloud-ui (Web UI)

db-admin

auth-and-billing

cloudnative-pg

bundles