Gloo Platform

Review Helm values for the Gloo Platform Helm chart.

Option	Type	Description	Default Value
clickhouse	struct	Configuration for the Clickhouse deployment, which stores logs from OTel collectors. See the Bitnami Clickhouse Helm chart for the complete set of values.
clickhouse.auth	struct	Authentication configuration
clickhouse.auth.existingSecret	string	Name of existing secret to use for authentication	clickhouse-auth
clickhouse.auth.existingSecretKey	string	Key in existing secret to use for authentication	password
clickhouse.enabled	bool	Set to false to disable the clickhouse dependency.	false
clickhouse.fullnameOverride	string	Override the full name, used for the service and the statefulset	clickhouse
clickhouse.keeper	struct	Keeper configuration
clickhouse.keeper.enabled	bool	Set to false to disable the zookeeper dependency.	false
clickhouse.replicaCount	int	Number of replicas	1
clickhouse.shards	int	Number of shards to create	1
clickhouse.zookeeper	struct	Zookeeper configuration
clickhouse.zookeeper.enabled	bool	Set to false to disable the zookeeper dependency.	false
common	struct
common	struct	Common values shared across components. When applicable, these can be overridden in specific components.
common.addonNamespace	string	Namespace to install add-on components into, such as the Gloo external auth and rate limiting services. Only set this value if you install Gloo and its addons in a single release.
common.adminNamespace	string	Namespace to install control plane components into. The admin namespace also contains global configuration, such as Workspace, global overrides WorkspaceSettings, and KubernetesCluster resources.
common.cluster	string	Name of the cluster. Be sure to modify this value to match your cluster’s name.
common.clusterDomain	string	The local cluster domain suffix this cluster is configured with. Defaults to ‘cluster.local’.
common.devMode	bool	Set to true to enable development mode for the logger, which can cause panics. Do not use in production.	false
common.insecure	bool	Permit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production.	false
common.leaderElection	bool	Enable leader election for the high-availability deployment.	true
common.prometheusBearerTokenFile	string	The path to the file that contains the bearer token that is used by the Gloo UI to authenticate to the Prometheus server. To connect the Gloo UI to the built-in Prometheus server in OpenShift, use /var/run/secrets/kubernetes.io/serviceaccount/token. Otherwise, set this field only when you use a custom HTTPS Prometheus server.
common.prometheusCAFile	string	The path to the file that contains the public CA certificate that is used by the Gloo UI to verify the Prometheus server’s certificate. To connect the Gloo UI to the built-in Prometheus server in OpenShift, use /var/run/secrets/kubernetes.io/serviceaccount/ca.crt. Otherwise, set this field only when you use a custom HTTPS Prometheus server.
common.prometheusClientCertSecretName	string	(deprecated) The name of the secret that contains the Prometheus client TLS certificates used to identify the UI client to the Prometheus server. The secret must be in the same namespace as the gloo-mesh-ui pod. Set this field only when you use a custom HTTPS Prometheus server.
common.prometheusSkipTLSVerify	bool	Set this field to true to disable verification of the Prometheus server TLS certificate. Set this field only when you use a custom HTTPS Prometheus server.	false
common.prometheusUrl	string	The address for the Prometheus server. If you want to connect the Gloo UI to the built-in Prometheus server in OpenShift, use https://thanos-querier.openshift-monitoring.svc:9091.	http://prometheus-server
common.readOnlyGeneratedResources	bool	If true, the deployment only reads Istio resource outputs that are created by Gloo, and filters out Istio resource fields that Gloo cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI.	false
common.verbose	bool	Enable verbose/debug logging.	false
demo	struct	Demo-specific features that improve quick setups. Do not use in production.
demo.manageAddonNamespace	bool	Automatically create the add-on namespace set in ‘common.addonNamespace’.	false
experimental	struct	Deprecated: Use ‘featureGates’ fields instead.
experimental.ambientEnabled	bool	Allow Gloo Mesh to create Istio Ambient Mesh resources.	false
experimental.asyncStatusWrites	bool	Enable asynchronous writing of statuses to Kubernetes objects.	false
extAuthService	struct
extAuthService	struct	Configuration for the Gloo external authentication service.
extAuthService.enabled	bool	Enable the Gloo external authentication service.	false
extAuthService.extAuth	struct	Configuration for the extauth service.
extAuthService.extAuth.apiKeyStorage	struct	Configuration for the deployed extauth service.
extAuthService.extAuth.apiKeyStorage.config	map[string, interface]	The ApiKeyStorage configuration. To configure access to Redis use the RedisOptions. Currently, only redis is supported.	null
extAuthService.extAuth.apiKeyStorage.config.<MAP_KEY>	interface	The ApiKeyStorage configuration. To configure access to Redis use the RedisOptions. Currently, only redis is supported.
extAuthService.extAuth.apiKeyStorage.enabled	bool	Enable API key storage.	false
extAuthService.extAuth.apiKeyStorage.name	string	The permanent storage to be used. Currently, only redis is supported.
extAuthService.extAuth.apiKeyStorage.redis	struct	Configuration for using a Redis instance for authentication.
extAuthService.extAuth.apiKeyStorage.redis.auth	struct	Values for the authentication details.
extAuthService.extAuth.apiKeyStorage.redis.auth.enabled	bool	Connect to the Redis instance with a password	false
extAuthService.extAuth.apiKeyStorage.redis.auth.passwordKey	string	The secret key containing the password to use for authentication
extAuthService.extAuth.apiKeyStorage.redis.auth.secretName	string	Name of the k8s secret that contains the password
extAuthService.extAuth.apiKeyStorage.redis.auth.usernameKey	string	The secret key containing the username to use for authentication
extAuthService.extAuth.apiKeyStorage.redis.certs	struct	Configuration for TLS verification when connecting to the Redis instance
extAuthService.extAuth.apiKeyStorage.redis.certs.caCertKey	string	The secret key containing the ca cert
extAuthService.extAuth.apiKeyStorage.redis.certs.enabled	bool	Enable a secure network connection to the Redis instance via TLS	false
extAuthService.extAuth.apiKeyStorage.redis.certs.secretName	string	Name of the k8s secret that contains the certs
extAuthService.extAuth.apiKeyStorage.secretKey	string	The secret key to hash the API key with.
extAuthService.extAuth.floatingUserID	bool	Set to true to use a floating user ID.	false
extAuthService.extAuth.headersToRedact[]	[]string	Headers that will be redacted in the server logs.	[“authorization”]
extAuthService.extAuth.healthCheckFailTimeout	int	When receiving a termination signal, the pod waits this amount of seconds for a request that it can use to notify Envoy that it should fail the health check for this endpoint. If no request is received within this interval, the server will shutdown gracefully. The interval should be greater than the active health check interval configured in Envoy for this service.	15
extAuthService.extAuth.healthCheckHttpPath	string	Path for Envoy health checks.	/healthcheck
extAuthService.extAuth.healthLivenessCheckHttpPath	string	Path for liveness health checks.	/livenesscheck
extAuthService.extAuth.image	struct	Values for the extauth image.
extAuthService.extAuth.image.pullPolicy	string	Image pull policy.	IfNotPresent
extAuthService.extAuth.image.registry	string	Image registry.	gcr.io/gloo-mesh
extAuthService.extAuth.image.repository	string	Image name (repository).	ext-auth-service
extAuthService.extAuth.image.tag	string	Version tag for the container.	0.58.3
extAuthService.extAuth.leaderElectionEnabled	bool	Enable leader election for ext-auth-service.	false
extAuthService.extAuth.logLevel	string	Severity level to collect logs for.	INFO
extAuthService.extAuth.namespacedRbac[]	[]struct	Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource.	[{“resources”:[],“namespaces”:[]}]
extAuthService.extAuth.namespacedRbac[].namespaces[]	[]string
extAuthService.extAuth.namespacedRbac[].resources[]	[]string
extAuthService.extAuth.opaServer	struct	Configuration for the optional OPA server sidecar.
extAuthService.extAuth.opaServer.additionalOpaEnv	map[string, string]	Additional OPA environment variables	{}
extAuthService.extAuth.opaServer.additionalOpaEnv.<MAP_KEY>	string	Additional OPA environment variables
extAuthService.extAuth.opaServer.configYaml	string	OPA configuration yaml file
extAuthService.extAuth.opaServer.enabled	bool	Enable the OPA server.	false
extAuthService.extAuth.opaServer.image	struct	Values for the sidecar OPA Server image.
extAuthService.extAuth.opaServer.image.pullPolicy	string	Image pull policy.	IfNotPresent
extAuthService.extAuth.opaServer.image.registry	string	Image registry.	gcr.io/gloo-mesh
extAuthService.extAuth.opaServer.image.repository	string	Image name (repository).	opa
extAuthService.extAuth.opaServer.image.tag	string	Version tag for the container.	0.64.1
extAuthService.extAuth.opaServer.livenessProbe	struct
extAuthService.extAuth.opaServer.livenessProbe	struct	Configure the liveness probe for the OPA server. The health checks for the OPA Server can be configured to include or exclude specific components. The current configuration validates that the OPA Server can pull bundles during startup and that the plugins are healthy. For more information, refer to the OPA Health Check API documentation
extAuthService.extAuth.opaServer.livenessProbe.exec	struct
extAuthService.extAuth.opaServer.livenessProbe.exec.command[]	[]string
extAuthService.extAuth.opaServer.livenessProbe.failureThreshold	int32		0
extAuthService.extAuth.opaServer.livenessProbe.grpc	struct
extAuthService.extAuth.opaServer.livenessProbe.grpc.port	int32
extAuthService.extAuth.opaServer.livenessProbe.grpc.service	string
extAuthService.extAuth.opaServer.livenessProbe.httpGet	struct
extAuthService.extAuth.opaServer.livenessProbe.httpGet.host	string
extAuthService.extAuth.opaServer.livenessProbe.httpGet.httpHeaders[]	[]struct		null
extAuthService.extAuth.opaServer.livenessProbe.httpGet.httpHeaders[].name	string
extAuthService.extAuth.opaServer.livenessProbe.httpGet.httpHeaders[].value	string
extAuthService.extAuth.opaServer.livenessProbe.httpGet.path	string		/health?plugins
extAuthService.extAuth.opaServer.livenessProbe.httpGet.port	int32		8181
extAuthService.extAuth.opaServer.livenessProbe.httpGet.port	int64		0
extAuthService.extAuth.opaServer.livenessProbe.httpGet.port	string
extAuthService.extAuth.opaServer.livenessProbe.httpGet.port	struct
extAuthService.extAuth.opaServer.livenessProbe.httpGet.scheme	string		HTTP
extAuthService.extAuth.opaServer.livenessProbe.initialDelaySeconds	int32		5
extAuthService.extAuth.opaServer.livenessProbe.periodSeconds	int32		5
extAuthService.extAuth.opaServer.livenessProbe.successThreshold	int32		0
extAuthService.extAuth.opaServer.livenessProbe.tcpSocket	struct
extAuthService.extAuth.opaServer.livenessProbe.tcpSocket.host	string
extAuthService.extAuth.opaServer.livenessProbe.tcpSocket.port	int32
extAuthService.extAuth.opaServer.livenessProbe.tcpSocket.port	int64
extAuthService.extAuth.opaServer.livenessProbe.tcpSocket.port	string
extAuthService.extAuth.opaServer.livenessProbe.tcpSocket.port	struct
extAuthService.extAuth.opaServer.livenessProbe.terminationGracePeriodSeconds	int64
extAuthService.extAuth.opaServer.livenessProbe.timeoutSeconds	int32		0
extAuthService.extAuth.opaServer.readinessProbe	struct
extAuthService.extAuth.opaServer.readinessProbe	struct	Configure the readiness probe for the OPA server. The health checks for the OPA Server can be configured to include or exclude specific components. The current configuration validates that the OPA Server can pull bundles during startup and that the plugins are healthy. For more information, refer to the OPA Health Check API documentation
extAuthService.extAuth.opaServer.readinessProbe.exec	struct
extAuthService.extAuth.opaServer.readinessProbe.exec.command[]	[]string
extAuthService.extAuth.opaServer.readinessProbe.failureThreshold	int32		0
extAuthService.extAuth.opaServer.readinessProbe.grpc	struct
extAuthService.extAuth.opaServer.readinessProbe.grpc.port	int32
extAuthService.extAuth.opaServer.readinessProbe.grpc.service	string
extAuthService.extAuth.opaServer.readinessProbe.httpGet	struct
extAuthService.extAuth.opaServer.readinessProbe.httpGet.host	string
extAuthService.extAuth.opaServer.readinessProbe.httpGet.httpHeaders[]	[]struct		null
extAuthService.extAuth.opaServer.readinessProbe.httpGet.httpHeaders[].name	string
extAuthService.extAuth.opaServer.readinessProbe.httpGet.httpHeaders[].value	string
extAuthService.extAuth.opaServer.readinessProbe.httpGet.path	string		/health?plugins
extAuthService.extAuth.opaServer.readinessProbe.httpGet.port	int32		8181
extAuthService.extAuth.opaServer.readinessProbe.httpGet.port	int64		0
extAuthService.extAuth.opaServer.readinessProbe.httpGet.port	string
extAuthService.extAuth.opaServer.readinessProbe.httpGet.port	struct
extAuthService.extAuth.opaServer.readinessProbe.httpGet.scheme	string		HTTP
extAuthService.extAuth.opaServer.readinessProbe.initialDelaySeconds	int32		5
extAuthService.extAuth.opaServer.readinessProbe.periodSeconds	int32		5
extAuthService.extAuth.opaServer.readinessProbe.successThreshold	int32		0
extAuthService.extAuth.opaServer.readinessProbe.tcpSocket	struct
extAuthService.extAuth.opaServer.readinessProbe.tcpSocket.host	string
extAuthService.extAuth.opaServer.readinessProbe.tcpSocket.port	int32
extAuthService.extAuth.opaServer.readinessProbe.tcpSocket.port	int64
extAuthService.extAuth.opaServer.readinessProbe.tcpSocket.port	string
extAuthService.extAuth.opaServer.readinessProbe.tcpSocket.port	struct
extAuthService.extAuth.opaServer.readinessProbe.terminationGracePeriodSeconds	int64
extAuthService.extAuth.opaServer.readinessProbe.timeoutSeconds	int32		0
extAuthService.extAuth.otelCollectorZipkinEndpoint	string	Provide to the OpenTelemetry collector zipkin endpoint in your cluster to enable trace generation.
extAuthService.extAuth.pluginDirectory	string	Directory in which the server expects Go plugin .so files.	/auth-plugins/
extAuthService.extAuth.replicas	int	Number of replicas to create	1
extAuthService.extAuth.resources	struct	Values for the container resource requests.
extAuthService.extAuth.resources.requests	struct	Minimum amount of compute resources required. For more info, see the Kubernetes documentation.
extAuthService.extAuth.resources.requests.cpu	string	Amount of CPU resource.	125m
extAuthService.extAuth.resources.requests.memory	string	Amount of memory resource.	256Mi
extAuthService.extAuth.runAsUser	int	User ID for the containers to run as.	10101
extAuthService.extAuth.service	struct	Configuration for the deployed extauth service.
extAuthService.extAuth.service.annotations	map[string, string]	Kubernetes service annotations.	{}
extAuthService.extAuth.service.annotations.<MAP_KEY>	string	Kubernetes service annotations.
extAuthService.extAuth.service.debugNodePort	int	Only relevant if the service is of type NodePort.	32001
extAuthService.extAuth.service.debugPort	int	Port on the extauth server to pull logs from.	9091
extAuthService.extAuth.service.grpcNodePort	int	Only relevant if the service is of type NodePort.	32000
extAuthService.extAuth.service.grpcPort	int	Port the extauth server listens on for gRPC requests.	8083
extAuthService.extAuth.service.healthNodePort	int	Only relevant if the service is of type NodePort.	32002
extAuthService.extAuth.service.healthPort	int	Port the extauth server listens on for health checks.	8082
extAuthService.extAuth.service.type	string	Kubernetes service type.	ClusterIP
extAuthService.extAuth.signingKey	string	Provide the server’s secret signing key. If empty, a random key is generated.
extAuthService.extAuth.signingKeyFile	struct	Mount the secret as a file rather than pass the signing key as a environment variable. To ensure maximum security by default, the file is limited to 0440 permissions and the fsGroup matches the runAsGroup.
extAuthService.extAuth.signingKeyFile.enabled	bool	Mount the secret as a file.	false
extAuthService.extAuth.signingKeyFile.fileMode	int	File permission.	288
extAuthService.extAuth.signingKeyFile.fsGroup	int	Group ID for volume ownership.	10101
extAuthService.extAuth.signingKeyFile.groupSettingEnabled	bool	Set to true to use a volume group.	true
extAuthService.extAuth.signingKeyFile.runAsGroup	int	Group ID for the container to run as.	10101
extAuthService.extAuth.signingKeyFile.runAsUser	int	User ID for the container to run as.	10101
extAuthService.extAuth.userIdHeader	string	User ID header.
extAuthService.extAuth.watchNamespace	string	Namespaces to watch in your cluster. If omitted or empty, all namespaces are watched.
extAuthService.extraLabels	map[string, string]	Extra key-value pairs to add to the labels data of the extauth deployment.	null
extAuthService.extraLabels.<MAP_KEY>	string	Extra key-value pairs to add to the labels data of the extauth deployment.
extAuthService.extraTemplateAnnotations	map[string, string]	Extra annotations to add to the extauth service pods.	{“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"}
extAuthService.extraTemplateAnnotations.<MAP_KEY>	string	Extra annotations to add to the extauth service pods.
extAuthService.extraTemplateAnnotations.proxy.istio.io/config	string	Extra annotations to add to the extauth service pods.	{ “holdApplicationUntilProxyStarts”: true }
extAuthService.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
extAuthService.imagePullSecrets[].name	string
featureGates	map[string, bool]	Feature gates for Gloo products. Each feature can be enabled or disabled using a boolean value. For a list of supported features, see https://docs.solo.io/gloo-mesh-enterprise/main/reference/version/feature_gates/	{}
featureGates.<MAP_KEY>	bool	Feature gates for Gloo products. Each feature can be enabled or disabled using a boolean value. For a list of supported features, see https://docs.solo.io/gloo-mesh-enterprise/main/reference/version/feature_gates/
glooAgent	struct
glooAgent	struct	Configuration for the Gloo agent.
glooAgent	struct	Configuration for the glooAgent deployment.
glooAgent.accessLogsBufferSize	int	Number of access logs to buffer per Envoy proxy.	50
glooAgent.deploymentOverrides	struct	Arbitrary overrides for the component’s deployment template.
glooAgent.devMode	bool	Set to true to enable development mode for the logger, which can cause panics. Do not use in production.	false
glooAgent.enabled	bool	Configuration for the Gloo agent.	false
glooAgent.enabled	bool	Deploy a Gloo agent to the cluster.	false
glooAgent.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}},{“name”:“GOMAXPROCS”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.cpu”,“divisor”:“1”}}},{“name”:“XDG_CONFIG_HOME”,“value”:"/tmp/istio-charts"}]
glooAgent.extraEnvs	struct	Extra environment variables for the container
glooAgent.floatingUserId	bool	Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations.	false
glooAgent.image	struct	Container image.
glooAgent.image.pullPolicy	string	Image pull policy.	IfNotPresent
glooAgent.image.pullSecret	string	Image pull secret.
glooAgent.image.registry	string	Image registry.	gcr.io/gloo-mesh
glooAgent.image.repository	string	Image name (repository).	gloo-mesh-agent
glooAgent.image.tag	string	Version tag for the container image.
glooAgent.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
glooAgent.imagePullSecrets[].name	string
glooAgent.insecure	bool	Permit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production.	false
glooAgent.istiodSidecar	struct	Configuration for the istiod sidecar deployment.
glooAgent.istiodSidecar.createRoleBinding	bool	Create the cluster role binding for the istiod sidecar. Set this value to ’true’ only when using the Vault integration.	false
glooAgent.istiodSidecar.istiodServiceAccount	struct	Object reference for the istiod service account.
glooAgent.istiodSidecar.istiodServiceAccount.name	string		istiod
glooAgent.istiodSidecar.istiodServiceAccount.namespace	string		istio-system
glooAgent.leaderElection	bool	Enable leader election for the high-availability deployment.	false
glooAgent.maxGrpcMessageSize	string	Maximum message size for gRPC messages sent and received by the management server.	4294967295
glooAgent.metricsBufferSize	int	Number of metrics messages to buffer per Envoy proxy.	50
glooAgent.namespacedRbac[]	[]struct	Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource.	[{“resources”:[],“namespaces”:[]}]
glooAgent.namespacedRbac[].namespaces[]	[]string
glooAgent.namespacedRbac[].resources[]	[]string
glooAgent.podSecurityContext	struct	Pod-level security context. For more info, see the Kubernetes documentation.
glooAgent.ports	map[string, uint32]	Service ports as a map from port name to port number.	{“grpc”:9977,“grpc-internaladmin”:31337,“healthcheck”:8091,“http”:9988,“stats”:9093}
glooAgent.ports.<MAP_KEY>	uint32	Service ports as a map from port name to port number.
glooAgent.ports.grpc	uint32	Service ports as a map from port name to port number.	9977
glooAgent.ports.grpc-internaladmin	uint32	Service ports as a map from port name to port number.	31337
glooAgent.ports.healthcheck	uint32	Service ports as a map from port name to port number.	8091
glooAgent.ports.http	uint32	Service ports as a map from port name to port number.	9988
glooAgent.ports.stats	uint32	Service ports as a map from port name to port number.	9093
glooAgent.readOnlyGeneratedResources	bool	If true, the deployment only reads Istio resource outputs that are created by Gloo, and filters out Istio resource fields that Gloo cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI.	false
glooAgent.relay	struct	Configuration for securing relay communication between the workload agents and the management server.
glooAgent.relay.authority	string	SNI name in the authority/host header used to connect to relay forwarding server. Must match server certificate CommonName. Do not change the default value.
glooAgent.relay.clientTlsSecret	struct	Custom certs: Secret containing client TLS certs used to identify the Gloo agent to the management server. If you do not specify a clientTlssSecret, you must specify a tokenSecret and a rootTlsSecret.
glooAgent.relay.clientTlsSecret.name	string		relay-client-tls-secret
glooAgent.relay.clientTlsSecret.namespace	string
glooAgent.relay.clientTlsSecretRotationGracePeriodRatio	string	The ratio of the client TLS certificate lifetime to when the management server starts the certificate rotation process.
glooAgent.relay.rootTlsSecret	struct	Secret containing a root TLS cert used to verify the management server cert. The secret can also optionally specify a ’tls.key’, which is used to generate the agent client cert.
glooAgent.relay.rootTlsSecret.name	string		relay-root-tls-secret
glooAgent.relay.rootTlsSecret.namespace	string
glooAgent.relay.serverAddress	string	Address and port by which gloo-mesh-mgmt-server in the Gloo control plane can be accessed by the Gloo workload agents.
glooAgent.relay.tokenSecret	struct	Secret containing a shared token for authenticating Gloo agents when they first communicate with the management server. A token secret is not needed with ACM certs.
glooAgent.relay.tokenSecret.key	string	Key value of the data within the Kubernetes secret.	token
glooAgent.relay.tokenSecret.name	string	Name of the Kubernetes secret.	relay-identity-token-secret
glooAgent.relay.tokenSecret.namespace	string	Namespace of the Kubernetes secret.
glooAgent.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}
glooAgent.runAsSidecar	bool	Run Gloo agent as a sidecar of the Gloo mesh server pod.	false
glooAgent.runAsUser	uint32	Static user ID to run the containers as. Unused if floatingUserId is ’true’.	10101
glooAgent.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooAgent.serviceOverrides	struct	Arbitrary overrides for the component’s service template.
glooAgent.serviceType	string	Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.	ClusterIP
glooAgent.sidecars	map[string, struct]	Optional configuration for the deployed containers.	{}
glooAgent.sidecars.<MAP_KEY>	struct	Optional configuration for the deployed containers.
glooAgent.sidecars.<MAP_KEY>.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.
glooAgent.sidecars.<MAP_KEY>.extraEnvs	struct	Extra environment variables for the container
glooAgent.sidecars.<MAP_KEY>.image	struct	Container image.
glooAgent.sidecars.<MAP_KEY>.image.pullPolicy	string	Image pull policy.
glooAgent.sidecars.<MAP_KEY>.image.pullSecret	string	Image pull secret.
glooAgent.sidecars.<MAP_KEY>.image.registry	string	Image registry.
glooAgent.sidecars.<MAP_KEY>.image.repository	string	Image name (repository).
glooAgent.sidecars.<MAP_KEY>.image.tag	string	Version tag for the container image.
glooAgent.sidecars.<MAP_KEY>.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.
glooAgent.sidecars.<MAP_KEY>.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooAgent.verbose	bool	Enable verbose/debug logging.	false
glooAnalyzer	struct
glooAnalyzer	struct	Configuration for the Gloo analyzer.
glooAnalyzer	struct	Configuration for the glooAnalyzer deployment.
glooAnalyzer.deploymentOverrides	struct	Arbitrary overrides for the component’s deployment template.
glooAnalyzer.enabled	bool	Enable the Gloo analyzer to gather data about your Istio environment that Gloo Mesh Core uses to return insights.	false
glooAnalyzer.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}},{“name”:“GOMAXPROCS”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.cpu”,“divisor”:“1”}}}]
glooAnalyzer.extraEnvs	struct	Extra environment variables for the container
glooAnalyzer.floatingUserId	bool	Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations.	false
glooAnalyzer.image	struct	Container image.
glooAnalyzer.image.pullPolicy	string	Image pull policy.	IfNotPresent
glooAnalyzer.image.pullSecret	string	Image pull secret.
glooAnalyzer.image.registry	string	Image registry.	gcr.io/gloo-mesh
glooAnalyzer.image.repository	string	Image name (repository).	gloo-mesh-analyzer
glooAnalyzer.image.tag	string	Version tag for the container image.
glooAnalyzer.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
glooAnalyzer.imagePullSecrets[].name	string
glooAnalyzer.interval	uint	Gloo Analyzer polling interval (in seconds)	30
glooAnalyzer.istioAdminNamespace	string	Select the admin namespace of your Istio installation. Defaults to istio-system.	istio-system
glooAnalyzer.podSecurityContext	struct	Pod-level security context. For more info, see the Kubernetes documentation.
glooAnalyzer.ports	map[string, uint32]	Service ports as a map from port name to port number.	{“stats”:9095}
glooAnalyzer.ports.<MAP_KEY>	uint32	Service ports as a map from port name to port number.
glooAnalyzer.ports.stats	uint32	Service ports as a map from port name to port number.	9095
glooAnalyzer.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}
glooAnalyzer.runAsSidecar	bool	Run the Gloo analyzer as a sidecar to the Gloo management server in single cluster or to the Gloo agent in multicluster environments.	true
glooAnalyzer.runAsUser	uint32	Static user ID to run the containers as. Unused if floatingUserId is ’true’.	10101
glooAnalyzer.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooAnalyzer.serviceOverrides	struct	Arbitrary overrides for the component’s service template.
glooAnalyzer.serviceType	string	Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.	ClusterIP
glooAnalyzer.sidecars	map[string, struct]	Optional configuration for the deployed containers.	{}
glooAnalyzer.sidecars.<MAP_KEY>	struct	Optional configuration for the deployed containers.
glooAnalyzer.sidecars.<MAP_KEY>.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.
glooAnalyzer.sidecars.<MAP_KEY>.extraEnvs	struct	Extra environment variables for the container
glooAnalyzer.sidecars.<MAP_KEY>.image	struct	Container image.
glooAnalyzer.sidecars.<MAP_KEY>.image.pullPolicy	string	Image pull policy.
glooAnalyzer.sidecars.<MAP_KEY>.image.pullSecret	string	Image pull secret.
glooAnalyzer.sidecars.<MAP_KEY>.image.registry	string	Image registry.
glooAnalyzer.sidecars.<MAP_KEY>.image.repository	string	Image name (repository).
glooAnalyzer.sidecars.<MAP_KEY>.image.tag	string	Version tag for the container image.
glooAnalyzer.sidecars.<MAP_KEY>.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.
glooAnalyzer.sidecars.<MAP_KEY>.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooAnalyzer.verbose	bool	Enable verbose/debug logging.	false
glooInsightsEngine	struct
glooInsightsEngine	struct	Configuration for Gloo Core Insights.
glooInsightsEngine	struct	Configuration for the glooInsightsEngine deployment.
glooInsightsEngine.concurrency	uint	amount of concurrency to use for gloo core insights engine operations	50
glooInsightsEngine.deploymentOverrides	struct	Arbitrary overrides for the component’s deployment template.
glooInsightsEngine.devMode	bool	Set to true to enable development mode for the logger, which can cause panics. Do not use in production.	false
glooInsightsEngine.enabled	bool	enables gloo core insights engine	false
glooInsightsEngine.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“POD_UID”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.uid”}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}},{“name”:“GOMAXPROCS”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.cpu”,“divisor”:“1”}}},{“name”:“LICENSE_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“gloo-mesh-enterprise-license”,“key”:“key”,“optional”:true}}}]
glooInsightsEngine.extraEnvs	struct	Extra environment variables for the container
glooInsightsEngine.floatingUserId	bool	Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations.	false
glooInsightsEngine.gcInterval	uint	Insights Engine garbage collection interval (in seconds)	5
glooInsightsEngine.image	struct	Container image.
glooInsightsEngine.image.pullPolicy	string	Image pull policy.	IfNotPresent
glooInsightsEngine.image.pullSecret	string	Image pull secret.
glooInsightsEngine.image.registry	string	Image registry.	gcr.io/gloo-mesh
glooInsightsEngine.image.repository	string	Image name (repository).	gloo-mesh-insights
glooInsightsEngine.image.tag	string	Version tag for the container image.
glooInsightsEngine.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
glooInsightsEngine.imagePullSecrets[].name	string
glooInsightsEngine.leaderElection	bool	Enable leader election for the high-availability deployment.	false
glooInsightsEngine.podSecurityContext	struct	Pod-level security context. For more info, see the Kubernetes documentation.
glooInsightsEngine.ports	map[string, uint32]	Service ports as a map from port name to port number.	{“stats”:9094}
glooInsightsEngine.ports.<MAP_KEY>	uint32	Service ports as a map from port name to port number.
glooInsightsEngine.ports.stats	uint32	Service ports as a map from port name to port number.	9094
glooInsightsEngine.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
glooInsightsEngine.runAsSidecar	bool	run as a sidecar of the Gloo mesh server pod.	true
glooInsightsEngine.runAsUser	uint32	Static user ID to run the containers as. Unused if floatingUserId is ’true’.	10101
glooInsightsEngine.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooInsightsEngine.serviceOverrides	struct	Arbitrary overrides for the component’s service template.
glooInsightsEngine.serviceType	string	Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.	ClusterIP
glooInsightsEngine.sidecars	map[string, struct]	Optional configuration for the deployed containers.	{}
glooInsightsEngine.sidecars.<MAP_KEY>	struct	Optional configuration for the deployed containers.
glooInsightsEngine.sidecars.<MAP_KEY>.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.
glooInsightsEngine.sidecars.<MAP_KEY>.extraEnvs	struct	Extra environment variables for the container
glooInsightsEngine.sidecars.<MAP_KEY>.image	struct	Container image.
glooInsightsEngine.sidecars.<MAP_KEY>.image.pullPolicy	string	Image pull policy.
glooInsightsEngine.sidecars.<MAP_KEY>.image.pullSecret	string	Image pull secret.
glooInsightsEngine.sidecars.<MAP_KEY>.image.registry	string	Image registry.
glooInsightsEngine.sidecars.<MAP_KEY>.image.repository	string	Image name (repository).
glooInsightsEngine.sidecars.<MAP_KEY>.image.tag	string	Version tag for the container image.
glooInsightsEngine.sidecars.<MAP_KEY>.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.
glooInsightsEngine.sidecars.<MAP_KEY>.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooInsightsEngine.verbose	bool	Enable verbose/debug logging.	false
glooMgmtServer	struct
glooMgmtServer	struct	Configuration for the Gloo management server.
glooMgmtServer	struct	Configuration for the glooMgmtServer deployment.
glooMgmtServer.agents[]	[]struct	List of agent clusters to register with management cluster.	null
glooMgmtServer.agents[].domain	string
glooMgmtServer.agents[].name	string
glooMgmtServer.cloudResourcesDiscovery	struct	Configuration for automatic discovery of CloudResources.
glooMgmtServer.cloudResourcesDiscovery.enabled	bool	Enable automated discovery of CloudResources, such as AWS Lambda functions, based on CloudProvider configuration.	true
glooMgmtServer.cloudResourcesDiscovery.pollingInterval	uint16	Polling interval (in seconds) for calling AWS when attempting to discover CloudResources.	10
glooMgmtServer.concurrency	uint16	Concurrency to use for translation operations.	10
glooMgmtServer.createGlobalWorkspace	bool	Single-cluster setups only: Create a global workspace that selects all namespaces, and create default workspace settings.	false
glooMgmtServer.deploymentOverrides	struct	Arbitrary overrides for the component’s deployment template.
glooMgmtServer.devMode	bool	Set to true to enable development mode for the logger, which can cause panics. Do not use in production.	false
glooMgmtServer.enableClusterLoadBalancing	bool	Experimental: Enable cluster load balancing. The management server replicas attempt to auto-balance the number of registered workload clusters, based on the number of replicas and the number of total clusters. For example, the server might disconnect a workload cluster if the number of connected clusters is greater than the allotted number.	false
glooMgmtServer.enabled	bool	Deploy the gloo-mesh-mgmt-server.	false
glooMgmtServer.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“POD_UID”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.uid”}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}},{“name”:“GOMAXPROCS”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.cpu”,“divisor”:“1”}}},{“name”:“LICENSE_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“gloo-mesh-enterprise-license”,“key”:“key”,“optional”:true}}}]
glooMgmtServer.extraEnvs	struct	Extra environment variables for the container
glooMgmtServer.floatingUserId	bool	Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations.	false
glooMgmtServer.image	struct	Container image.
glooMgmtServer.image.pullPolicy	string	Image pull policy.	IfNotPresent
glooMgmtServer.image.pullSecret	string	Image pull secret.
glooMgmtServer.image.registry	string	Image registry.	gcr.io/gloo-mesh
glooMgmtServer.image.repository	string	Image name (repository).	gloo-mesh-mgmt-server
glooMgmtServer.image.tag	string	Version tag for the container image.
glooMgmtServer.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
glooMgmtServer.imagePullSecrets[].name	string
glooMgmtServer.insecure	bool	Permit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production.	false
glooMgmtServer.leaderElection	bool	Enable leader election for the high-availability deployment.	false
glooMgmtServer.maxGrpcMessageSize	string	Maximum message size for gRPC messages sent and received by the management server.	4294967295
glooMgmtServer.namespacedRbac[]	[]struct	Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource.	[{“resources”:[],“namespaces”:[]}]
glooMgmtServer.namespacedRbac[].namespaces[]	[]string
glooMgmtServer.namespacedRbac[].resources[]	[]string
glooMgmtServer.podSecurityContext	struct	Pod-level security context. For more info, see the Kubernetes documentation.
glooMgmtServer.policyApis	struct	Configuration for Gloo-managed APIs.
glooMgmtServer.policyApis.enabled	bool	disable policy apis for gloo platform resources	true
glooMgmtServer.ports	map[string, uint32]	Service ports as a map from port name to port number.	{“grpc”:9900,“healthcheck”:8090}
glooMgmtServer.ports.<MAP_KEY>	uint32	Service ports as a map from port name to port number.
glooMgmtServer.ports.grpc	uint32	Service ports as a map from port name to port number.	9900
glooMgmtServer.ports.healthcheck	uint32	Service ports as a map from port name to port number.	8090
glooMgmtServer.readOnlyGeneratedResources	bool	If true, the deployment only reads Istio resource outputs that are created by Gloo, and filters out Istio resource fields that Gloo cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI.	false
glooMgmtServer.registerCluster	bool	Set up the management cluster with the Gloo management server and a simple workspace that selects all registered clusters and namespaces by default. This way, you can get started quickly for single cluster or testing setups. For multicluster or production setups, use your own fine-grained workspaces instead. To complete your installation, make sure to enable all other Gloo components that you want, including the Gloo agent.	false
glooMgmtServer.relay	struct	Configuration for certificates to secure server-agent relay communication. Required only for multicluster setups.
glooMgmtServer.relay.disableCa	bool	To disable relay CA functionality, set to true. Set to true only when you supply your custom client certs to the agents for relay mTLS. The gloo-mesh-mgmt-server pod will not require a token secret or the signing cert secret. The agent pod will not require the token secret, but will fail without a client cert.	false
glooMgmtServer.relay.disableCaCertGeneration	bool	Do not auto-generate self-signed CA certificates. Set to true only when you supply own.	false
glooMgmtServer.relay.disableTokenGeneration	bool	Do not create the relay token Kubernetes secret. Set to true only when you supply own.	false
glooMgmtServer.relay.pushCrds	bool	Push CRD resources to the management server.	true
glooMgmtServer.relay.pushRbac	bool	Push RBAC resources to the management server. Required for multicluster RBAC in the Gloo UI.	true
glooMgmtServer.relay.signingTlsSecret	struct	Secret containing TLS certs used to sign CSRs created by workload agents.
glooMgmtServer.relay.signingTlsSecret.name	string		relay-tls-signing-secret
glooMgmtServer.relay.signingTlsSecret.namespace	string
glooMgmtServer.relay.tlsSecret	struct	Secret containing client TLS certs used to secure the management server.
glooMgmtServer.relay.tlsSecret.name	string		relay-server-tls-secret
glooMgmtServer.relay.tlsSecret.namespace	string
glooMgmtServer.relay.tokenSecret	struct	Secret containing a shared token for authenticating Gloo agents when they first communicate with the management server.
glooMgmtServer.relay.tokenSecret.key	string	Key value of the data within the Kubernetes secret.	token
glooMgmtServer.relay.tokenSecret.name	string	Name of the Kubernetes secret.	relay-identity-token-secret
glooMgmtServer.relay.tokenSecret.namespace	string	Namespace of the Kubernetes secret.
glooMgmtServer.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“125m”,“memory”:“1Gi”}}
glooMgmtServer.runAsUser	uint32	Static user ID to run the containers as. Unused if floatingUserId is ’true’.	10101
glooMgmtServer.safeMode	bool	SafeMode will not allow translation without all cluster resources being present in the redis cache, this can prevent incomplete translations from being applied to the cluster(s).	true
glooMgmtServer.safeStartWindow	int	Safe Start Window is the time window (in seconds) after startup that the mgmt-server will wait for a remote cluster to be warmed before translation, this is the same behavior that SafeMode provides, but only for a limited time window after startup. This has no effect if SafeMode is enabled. Set to 0 to disable	180
glooMgmtServer.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMgmtServer.serviceAccount	struct	Service account configuration to use for the management server deployment.
glooMgmtServer.serviceAccount.extraAnnotations	map[string, string]	Extra annotations to add to the service account.	null
glooMgmtServer.serviceAccount.extraAnnotations.<MAP_KEY>	string	Extra annotations to add to the service account.
glooMgmtServer.serviceOverrides	struct	Arbitrary overrides for the component’s service template.
glooMgmtServer.serviceType	string	Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.	LoadBalancer
glooMgmtServer.sidecars	map[string, struct]	Optional configuration for the deployed containers.	{}
glooMgmtServer.sidecars.<MAP_KEY>	struct	Optional configuration for the deployed containers.
glooMgmtServer.sidecars.<MAP_KEY>.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.
glooMgmtServer.sidecars.<MAP_KEY>.extraEnvs	struct	Extra environment variables for the container
glooMgmtServer.sidecars.<MAP_KEY>.image	struct	Container image.
glooMgmtServer.sidecars.<MAP_KEY>.image.pullPolicy	string	Image pull policy.
glooMgmtServer.sidecars.<MAP_KEY>.image.pullSecret	string	Image pull secret.
glooMgmtServer.sidecars.<MAP_KEY>.image.registry	string	Image registry.
glooMgmtServer.sidecars.<MAP_KEY>.image.repository	string	Image name (repository).
glooMgmtServer.sidecars.<MAP_KEY>.image.tag	string	Version tag for the container image.
glooMgmtServer.sidecars.<MAP_KEY>.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.
glooMgmtServer.sidecars.<MAP_KEY>.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMgmtServer.statsPort	uint32	Port on the management server deployment to pull stats from.	9091
glooMgmtServer.verbose	bool	Enable verbose/debug logging.	false
glooNetwork	struct	Gloo Network configuration options.
glooNetwork.agent	struct	Values for the Gloo Network Agent DaemonSet.
glooNetwork.agent.bpfRoot	string	File path where eBPF programs run.	/sys/fs/bpf
glooNetwork.agent.debug	bool	Run the Network agent in debug mode.	false
glooNetwork.agent.enabled	bool	Install the Gloo Network-specific agent which collects additional metrics when Cilium is installed.	false
glooNetwork.agent.fullname	string	Name of the Network agent deployment.	gloo-network-agent
glooNetwork.agent.image	struct	Values for the Network agent image.
glooNetwork.agent.image.hub	string	Image registry.	us-docker.pkg.dev
glooNetwork.agent.image.pullPolicy	string	Image pull policy.	Always
glooNetwork.agent.image.repository	string	Image name (repository).	gloo-mesh/gloo-network-agent-8d33bc4d8c7a/gloo-network-agent
glooNetwork.agent.image.tag	string	Version tag for the container.	0.2.3
glooNetwork.agent.resources	struct	Values for the container and init container.
glooNetwork.agent.resources.container	struct	Resource values for the container.
glooNetwork.agent.resources.container.limit	struct	Maximum amount of compute resources allowed. For more info, see the Kubernetes documentation.
glooNetwork.agent.resources.container.limit.cpu	string	Amount of CPU resource.	300m
glooNetwork.agent.resources.container.limit.memory	string	Amount of memory resource.	200Mi
glooNetwork.agent.resources.container.request	struct	Minimum amount of compute resources required. For more info, see the Kubernetes documentation.
glooNetwork.agent.resources.container.request.cpu	string	Amount of CPU resource.	100m
glooNetwork.agent.resources.container.request.memory	string	Amount of memory resource.	200Mi
glooNetwork.agent.resources.init	struct	Resource values for the init container.
glooNetwork.agent.resources.init.limit	struct	Maximum amount of compute resources allowed. For more info, see the Kubernetes documentation.
glooNetwork.agent.resources.init.limit.cpu	string	Amount of CPU resource.	300m
glooNetwork.agent.resources.init.limit.memory	string	Amount of memory resource.	50Mi
glooNetwork.agent.resources.init.request	struct	Minimum amount of compute resources required. For more info, see the Kubernetes documentation.
glooNetwork.agent.resources.init.request.cpu	string	Amount of CPU resource.	100m
glooNetwork.agent.resources.init.request.memory	string	Amount of memory resource.	50Mi
glooNetwork.agent.revisionHistoryLimit	int	Number of old ReplicaSets for the agent deployment you want to retain.	10
glooNetwork.enabled	bool	Enable translation of Gloo policies into Cilium network policies in Gloo Mesh Enterprise.	false
glooPortalServer	struct
glooPortalServer	struct	Configuration for the glooPortalServer deployment.
glooPortalServer.apiKeyStorage	struct	Configure backend storage for API keys.
glooPortalServer.apiKeyStorage.redis	struct	Configuration for using a Redis instance for authentication.
glooPortalServer.apiKeyStorage.redis.address	string	Address to use when connecting to the Redis instance. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’.
glooPortalServer.apiKeyStorage.redis.auth	struct	Optional authentication values to use when connecting to the Redis instance
glooPortalServer.apiKeyStorage.redis.auth.enabled	bool	Connect to the Redis instance with a password	false
glooPortalServer.apiKeyStorage.redis.auth.passwordKey	string	The secret key containing the password to use for authentication
glooPortalServer.apiKeyStorage.redis.auth.secretName	string	Name of the k8s secret that contains the password
glooPortalServer.apiKeyStorage.redis.auth.usernameKey	string	The secret key containing the username to use for authentication
glooPortalServer.apiKeyStorage.redis.certs	struct	Configuration for TLS verification when connecting to the Redis instance
glooPortalServer.apiKeyStorage.redis.certs.caCertKey	string	The secret key containing the ca cert
glooPortalServer.apiKeyStorage.redis.certs.enabled	bool	Enable a secure network connection to the Redis instance via TLS	false
glooPortalServer.apiKeyStorage.redis.certs.secretName	string	Name of the k8s secret that contains the certs
glooPortalServer.apiKeyStorage.redis.clustered	bool	Set to true if your Redis instance runs in clustered mode.	false
glooPortalServer.apiKeyStorage.redis.connection	struct	Optional connection parameters
glooPortalServer.apiKeyStorage.redis.connection.connMaxIdleTime	string	The maximum amount of time a connection may be idle. Should be less than server’s timeout. Default is 30 minutes. -1 disables idle timeout check.	30m
glooPortalServer.apiKeyStorage.redis.connection.connMaxLifetime	string	The maximum amount of time a connection may be reused. If <= 0, connections are not closed due to a connection’s age.	0
glooPortalServer.apiKeyStorage.redis.connection.contextTimeoutEnabled	bool	ContextTimeoutEnabled controls whether the client respects context timeouts and deadlines.	false
glooPortalServer.apiKeyStorage.redis.connection.dialTimeout	string	Dial timeout for establishing new connections. Default is 5 seconds.	5s
glooPortalServer.apiKeyStorage.redis.connection.idleTimeout	string	Deprecated: in favor of ‘connMaxIdleTime’. Amount of time after which client closes idle connections. Should be less than server’s timeout. Default is 30 minutes. -1 disables idle timeout check.	30m
glooPortalServer.apiKeyStorage.redis.connection.masterName	string	The master name. Only needed for sentinel mode.
glooPortalServer.apiKeyStorage.redis.connection.maxConnAge	string	Deprecated: in favor of using ‘connMaxLifetime’. Connection age at which client retires (closes) the connection. Default is to not close aged connections.	0
glooPortalServer.apiKeyStorage.redis.connection.maxIdleConns	int	Maximum number of idle connections.	0
glooPortalServer.apiKeyStorage.redis.connection.maxRedirects	int	The maximum number of retries before giving up. Command is retried on network errors and MOVED/ASK redirects. Default is 3 retries.	3
glooPortalServer.apiKeyStorage.redis.connection.maxRetries	int	Maximum number of retries before giving up. Default is 3. -1 disables retries.	3
glooPortalServer.apiKeyStorage.redis.connection.maxRetryBackoff	string	Maximum backoff between each retry. Default is 512 milliseconds. -1 disables backoff.	512ms
glooPortalServer.apiKeyStorage.redis.connection.minIdleConns	int	Minimum number of idle connections which is useful when establishing new connection is slow.	0
glooPortalServer.apiKeyStorage.redis.connection.minRetryBackoff	string	Minimum backoff between each retry. Default is 8 milliseconds. -1 disables backoff.	8ms
glooPortalServer.apiKeyStorage.redis.connection.poolFifo	bool	Type of connection pool. true for FIFO pool. false for LIFO pool. Note that FIFO has higher overhead compared to LIFO.	false
glooPortalServer.apiKeyStorage.redis.connection.poolSize	int	Maximum number of socket connections. Default is 10 connections per every available CPU as reported by runtime.GOMAXPROCS.	0
glooPortalServer.apiKeyStorage.redis.connection.poolTimeout	string	Amount of time client waits for connection if all connections are busy before returning an error. Default is ReadTimeout + 1 second.	4s
glooPortalServer.apiKeyStorage.redis.connection.readOnly	bool	Enables read-only commands on slave nodes. Default is false.	false
glooPortalServer.apiKeyStorage.redis.connection.readTimeout	string	Timeout for socket reads. if reached, commands will fail with a timeout instead of blocking. Default is 3 seconds. -1 disables timeout. 0 uses the default value.	3s
glooPortalServer.apiKeyStorage.redis.connection.redisStreamSizeOverride	int	Override the default Redis stream size for the relay sync. This is the maximum number of events that can be stored in the stream. If the stream size is exceeded, the clients will reset the stream and resync which can cause performance issues. When set to 0 the stream size is number of clusters*32	0
glooPortalServer.apiKeyStorage.redis.connection.routeByLatency	bool	Allows routing read-only commands to the closest master or slave node. It automatically enables ReadOnly.	false
glooPortalServer.apiKeyStorage.redis.connection.routeRandomly	bool	Allows routing read-only commands to the random master or slave node. It automatically enables ReadOnly.	false
glooPortalServer.apiKeyStorage.redis.connection.writeTimeout	string	Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Default is ReadTimeout.	3s
glooPortalServer.apiKeyStorage.redis.db	int	DB to connect to	0
glooPortalServer.apiKeyStorage.redis.secretKey	string	External API key encryption secret
glooPortalServer.apiKeyStorage.redis.socketType	string	‘unix’, ’tcp’, or ’tls’ are supported.
glooPortalServer.apiKeyStorage.secretKey	string	The string value that you want to use to hash API keys before they are stored in the backing database.	change this
glooPortalServer.apiKeyStorage.type	string	Backend storage for API keys. Currently, redis is supported.	redis
glooPortalServer.deploymentOverrides	struct	Arbitrary overrides for the component’s deployment template.
glooPortalServer.devMode	bool	Set to true to enable development mode for the logger, which can cause panics. Do not use in production.	false
glooPortalServer.enabled	bool	Deploy the Portal server for Gloo Platform Portal to the cluster.	false
glooPortalServer.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“APIKEY_STORAGE_SECRET_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“portal-storage-secret-key”,“key”:“key”}}}]
glooPortalServer.extraEnvs	struct	Extra environment variables for the container
glooPortalServer.floatingUserId	bool	Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations.	false
glooPortalServer.image	struct	Container image.
glooPortalServer.image.pullPolicy	string	Image pull policy.	IfNotPresent
glooPortalServer.image.pullSecret	string	Image pull secret.
glooPortalServer.image.registry	string	Image registry.	gcr.io/gloo-mesh
glooPortalServer.image.repository	string	Image name (repository).	gloo-mesh-portal-server
glooPortalServer.image.tag	string	Version tag for the container image.
glooPortalServer.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
glooPortalServer.imagePullSecrets[].name	string
glooPortalServer.podSecurityContext	struct	Pod-level security context. For more info, see the Kubernetes documentation.
glooPortalServer.ports	map[string, uint32]	Service ports as a map from port name to port number.	{“http”:8080}
glooPortalServer.ports.<MAP_KEY>	uint32	Service ports as a map from port name to port number.
glooPortalServer.ports.http	uint32	Service ports as a map from port name to port number.	8080
glooPortalServer.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}
glooPortalServer.runAsUser	uint32	Static user ID to run the containers as. Unused if floatingUserId is ’true’.	10101
glooPortalServer.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooPortalServer.serviceOverrides	struct	Arbitrary overrides for the component’s service template.
glooPortalServer.serviceType	string	Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.	ClusterIP
glooPortalServer.sidecars	map[string, struct]	Optional configuration for the deployed containers.	{}
glooPortalServer.sidecars.<MAP_KEY>	struct	Optional configuration for the deployed containers.
glooPortalServer.sidecars.<MAP_KEY>.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.
glooPortalServer.sidecars.<MAP_KEY>.extraEnvs	struct	Extra environment variables for the container
glooPortalServer.sidecars.<MAP_KEY>.image	struct	Container image.
glooPortalServer.sidecars.<MAP_KEY>.image.pullPolicy	string	Image pull policy.
glooPortalServer.sidecars.<MAP_KEY>.image.pullSecret	string	Image pull secret.
glooPortalServer.sidecars.<MAP_KEY>.image.registry	string	Image registry.
glooPortalServer.sidecars.<MAP_KEY>.image.repository	string	Image name (repository).
glooPortalServer.sidecars.<MAP_KEY>.image.tag	string	Version tag for the container image.
glooPortalServer.sidecars.<MAP_KEY>.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.
glooPortalServer.sidecars.<MAP_KEY>.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooPortalServer.verbose	bool	Enable verbose/debug logging.	false
glooSpireServer	struct
glooSpireServer	struct	Configuration for the glooSpireServer deployment.
glooSpireServer.controller	struct
glooSpireServer.controller	struct	Sidecar controller configuration.
glooSpireServer.controller.leaderElection	bool	Enable leader election for the controller. Enabling this will ensure there is only one active controller.	true
glooSpireServer.controller.verbose	bool	Enable verbose/debug logging.	true
glooSpireServer.deploymentOverrides	struct	Arbitrary overrides for the component’s deployment template.
glooSpireServer.enabled	bool	Enable SPIRE server component.	false
glooSpireServer.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}]
glooSpireServer.extraEnvs	struct	Extra environment variables for the container
glooSpireServer.floatingUserId	bool	Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations.	false
glooSpireServer.image	struct	Container image.
glooSpireServer.image.pullPolicy	string	Image pull policy.	IfNotPresent
glooSpireServer.image.pullSecret	string	Image pull secret.
glooSpireServer.image.registry	string	Image registry.	gcr.io/gloo-mesh
glooSpireServer.image.repository	string	Image name (repository).	spire-server
glooSpireServer.image.tag	string	Version tag for the container image.
glooSpireServer.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
glooSpireServer.imagePullSecrets[].name	string
glooSpireServer.plugins	struct	Plugins configuration.
glooSpireServer.plugins.datastore	struct	Datastore configuration
glooSpireServer.plugins.datastore.clientCertPath	string	Path to the client certificate for the datastore connection (MySQL only).
glooSpireServer.plugins.datastore.clientKeyPath	string	Path to the client key for the datastore connection (MySQL only).
glooSpireServer.plugins.datastore.connectionString	string	Connection string for the database.	/run/spire/data/datastore.sqlite3
glooSpireServer.plugins.datastore.databaseType	string	Database type: postgres, mysql, or sqlite3.	sqlite3
glooSpireServer.plugins.datastore.disableMigration	bool	Disable automatic datastore migration. Use of this flag allows finer control over when datastore migrations occur and coordination of the migration of a datastore shared with a SPIRE Server cluster. Defaults to false.	false
glooSpireServer.plugins.datastore.enableTls	bool	Enable TLS for the datatore connection.	false
glooSpireServer.plugins.datastore.maxConnectionLifetime	string	Maximum amount of time a connection may be reused. Defaults to unlimited.
glooSpireServer.plugins.datastore.maxIdleConnections	int	Maximum number of idle connections to the datastore. Defaults to 2.	0
glooSpireServer.plugins.datastore.maxOpenConnections	int	Maximum number of open connections to the datastore. Defaults to unlimited.	0
glooSpireServer.plugins.datastore.rootCaPath	string	Path to the root CA certificate for the datastore connection (MySQL only).
glooSpireServer.plugins.nodeAttestor	struct	Node attestor configuration
glooSpireServer.plugins.nodeAttestor.aws	struct	AWS node attestor configuration.
glooSpireServer.plugins.nodeAttestor.aws.accessKeyId	string	AWS access key ID for long term credentials. Defaults to AWS_ACCESS_KEY_ID environment variable.
glooSpireServer.plugins.nodeAttestor.aws.assumeRole	string	The ARN of the role to assume when making AWS API calls.
glooSpireServer.plugins.nodeAttestor.aws.disableInstanceProfileSelectors	bool	Disables retrieving the attesting instance profile information that is used in the selectors. Useful in cases where the server cannot reach iam.amazonaws.com. Defaults to false.	false
glooSpireServer.plugins.nodeAttestor.aws.enabled	bool	Enables the AWS node attestor. Defaults to false.	false
glooSpireServer.plugins.nodeAttestor.aws.secretAccessKey	string	AWS secret access key for long term credentials. Defaults to AWS_SECRET_ACCESS_KEY environment variable.
glooSpireServer.plugins.nodeAttestor.aws.skipBlockDevice	bool	Skip anti-tampering mechanism which checks to make sure that the underlying root volume has not been detached prior to attestation. Defaults to false.	false
glooSpireServer.plugins.nodeAttestor.azure	struct	Azure node attestor configuration.
glooSpireServer.plugins.nodeAttestor.azure.enabled	bool	Enables the Azure node attestor. Defaults to false.	false
glooSpireServer.plugins.nodeAttestor.azure.tenants	map[string, struct]	Azure tenants configuration. The key is the tenant ID and the value is the configuration for that tenant.	null
glooSpireServer.plugins.nodeAttestor.azure.tenants.<MAP_KEY>	struct	Azure tenants configuration. The key is the tenant ID and the value is the configuration for that tenant.
glooSpireServer.plugins.nodeAttestor.azure.tenants.<MAP_KEY>.appId	string	Application ID of a registered application in Azure AD.
glooSpireServer.plugins.nodeAttestor.azure.tenants.<MAP_KEY>.appSecret	string	Application secret of a registered application in Azure AD.
glooSpireServer.plugins.nodeAttestor.azure.tenants.<MAP_KEY>.resourceId	string	The resource ID (or audience) for the tenant’s MSI token. Tokens for a different resource ID are rejected. Defaults to https://management.azure.com/.
glooSpireServer.plugins.nodeAttestor.azure.tenants.<MAP_KEY>.subscriptionId	string	The ID of the subscription the tenant resides in.
glooSpireServer.plugins.nodeAttestor.azure.tenants.<MAP_KEY>.useMsi	bool	Whether or not to use MSI to authenticate to Azure services for selector resolution. Defaults to false.
glooSpireServer.plugins.nodeAttestor.gcp	struct	GCP node attestor configuration.
glooSpireServer.plugins.nodeAttestor.gcp.allowedLabelKeys[]	[]string	List of instance label keys that are allowed to be used in selectors.	null
glooSpireServer.plugins.nodeAttestor.gcp.allowedMetadataKeys[]	[]string	List of instance metadata keys that are allowed to be used in selectors.	null
glooSpireServer.plugins.nodeAttestor.gcp.allowedProjectIds[]	[]string	List of Project IDs from which nodes can be attested.	null
glooSpireServer.plugins.nodeAttestor.gcp.enabled	bool	Enables the GCP node attestor. Defaults to false.	false
glooSpireServer.plugins.nodeAttestor.gcp.maxMetadataValueSize	uint16	Maximum instance metadata value size considered by the node attestor. Defaults to 128 KiB.	128
glooSpireServer.plugins.nodeAttestor.gcp.useInstanceMetadata	bool	If true, instance metadata is fetched from the Google Compute Engine API and used to augment the node selectors produced by the node attestor. Defaults to true.	true
glooSpireServer.plugins.upstreamAuthority	struct	Upstream authority configuration
glooSpireServer.plugins.upstreamAuthority.certManager	struct	Upstream authority cert-manager configuration.
glooSpireServer.plugins.upstreamAuthority.certManager.enabled	bool	Enables the cert-manager upstream authority plugin. Defaults to false.	false
glooSpireServer.plugins.upstreamAuthority.certManager.issuerGroup	string	The group of the issuer to reference in CertificateRequests. Defaults to ‘cert-manager.io’ if empty.	cert-manager.io
glooSpireServer.plugins.upstreamAuthority.certManager.issuerKind	string	The kind of the issuer to reference in CertificateRequests. Defaults to ‘Issuer’ if empty.	Issuer
glooSpireServer.plugins.upstreamAuthority.certManager.issuerName	string	The name of the issuer to reference in CertificateRequests.
glooSpireServer.plugins.upstreamAuthority.certManager.namespace	string	The namespace to create CertificateRequests for signing.
glooSpireServer.plugins.upstreamAuthority.disk	struct	Upstream authority disk configuration.
glooSpireServer.plugins.upstreamAuthority.disk.bundleFilePath	string	Path to the PEM encoded upstream authority root certificate file. If SPIRE is using self-signed CA, this can be left unset.	/run/spire/certs/root-cert.pem
glooSpireServer.plugins.upstreamAuthority.disk.certFilePath	string	Path to the PEM encoded upstream authority certificate file.	/run/spire/certs/cert-chain.pem
glooSpireServer.plugins.upstreamAuthority.disk.enabled	bool	Enables the disk upstream authority plugin. Defaults to true.	true
glooSpireServer.plugins.upstreamAuthority.disk.keyFilePath	string	Path to the PEM encoded upstream authority key file.	/run/spire/certs/ca-key.pem
glooSpireServer.podSecurityContext	struct	Pod-level security context. For more info, see the Kubernetes documentation.
glooSpireServer.ports	map[string, uint32]	Service ports as a map from port name to port number.	{“api”:8081}
glooSpireServer.ports.<MAP_KEY>	uint32	Service ports as a map from port name to port number.
glooSpireServer.ports.api	uint32	Service ports as a map from port name to port number.	8081
glooSpireServer.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}
glooSpireServer.runAsUser	uint32	Static user ID to run the containers as. Unused if floatingUserId is ’true’.	10101
glooSpireServer.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooSpireServer.server	struct	Server configuration.
glooSpireServer.server.agentTtl	string	TTL for the SPIRE agent SVIDs specified as as number and unit suffix, such as 1h for 1 hour. Defaults to 48 hours.	48h
glooSpireServer.server.caTtl	string	TTL for the SPIRE server CA specified as as number and unit suffix, such as 87600h for 87600 hours.	87600h
glooSpireServer.server.defaultX509SvidTtl	string	Default TTL for all X509 SVIDs specified as as number and unit suffix, such as 1h for 1 hour. Defaults to 48 hours.	48h
glooSpireServer.server.logLevel	string	Log level of SPIRE server.	DEBUG
glooSpireServer.server.trustDomain	string	Trust domain of SPIRE server.	cluster.local
glooSpireServer.serviceOverrides	struct	Arbitrary overrides for the component’s service template.
glooSpireServer.serviceType	string	Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.	ClusterIP
glooSpireServer.sidecars	map[string, struct]	Optional configuration for the deployed containers.	{“glooSpireController”:{“image”:{“repository”:“gloo-mesh-spire-controller”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}],“extraEnvs”:{},“resources”:{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}}}
glooSpireServer.sidecars.<MAP_KEY>	struct	Optional configuration for the deployed containers.
glooSpireServer.sidecars.<MAP_KEY>.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.
glooSpireServer.sidecars.<MAP_KEY>.extraEnvs	struct	Extra environment variables for the container
glooSpireServer.sidecars.<MAP_KEY>.image	struct	Container image.
glooSpireServer.sidecars.<MAP_KEY>.image.pullPolicy	string	Image pull policy.
glooSpireServer.sidecars.<MAP_KEY>.image.pullSecret	string	Image pull secret.
glooSpireServer.sidecars.<MAP_KEY>.image.registry	string	Image registry.
glooSpireServer.sidecars.<MAP_KEY>.image.repository	string	Image name (repository).
glooSpireServer.sidecars.<MAP_KEY>.image.tag	string	Version tag for the container image.
glooSpireServer.sidecars.<MAP_KEY>.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.
glooSpireServer.sidecars.<MAP_KEY>.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooSpireServer.sidecars.glooSpireController	struct	Optional configuration for the deployed containers.
glooSpireServer.sidecars.glooSpireController.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}]
glooSpireServer.sidecars.glooSpireController.extraEnvs	struct	Extra environment variables for the container
glooSpireServer.sidecars.glooSpireController.image	struct	Container image.
glooSpireServer.sidecars.glooSpireController.image.pullPolicy	string	Image pull policy.	IfNotPresent
glooSpireServer.sidecars.glooSpireController.image.pullSecret	string	Image pull secret.
glooSpireServer.sidecars.glooSpireController.image.registry	string	Image registry.	gcr.io/gloo-mesh
glooSpireServer.sidecars.glooSpireController.image.repository	string	Image name (repository).	gloo-mesh-spire-controller
glooSpireServer.sidecars.glooSpireController.image.tag	string	Version tag for the container image.
glooSpireServer.sidecars.glooSpireController.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}
glooSpireServer.sidecars.glooSpireController.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooUi	struct
glooUi	struct	Configuration for the glooUi deployment.
glooUi.auth	struct	Configure authentication for the UI.
glooUi.auth.backend	string	Authentication backend to use. ‘oidc’ is supported.
glooUi.auth.enabled	bool	Require authentication to access the UI.	false
glooUi.auth.oidc	struct	Settings for the OpenID Connect (OIDC) backend. The helm values here will end up in the Dashboard CR spec.authn.oidc field.
glooUi.auth.oidc.appUrl	string	URL that the UI for OIDC app is available at, from the DNS and other ingress settings that expose OIDC app UI service.
glooUi.auth.oidc.clientId	string	OIDC client ID
glooUi.auth.oidc.clientSecret	string	Plaintext OIDC client secret, which will be encoded in base64 and stored in a secret named the value of ‘clientSecretName’.
glooUi.auth.oidc.clientSecretName	string	Name for the secret that will contain the client secret. Defaults to ‘dashboard’
glooUi.auth.oidc.issuerUrl	string	Issuer URL from the OIDC provider, such as ‘https://.<provider_url>/’.
glooUi.auth.oidc.session	struct	Session storage configuration. If omitted, a cookie is used.
glooUi.auth.oidc.session.backend	string	Backend to use for auth session storage. ‘cookie’ and ‘redis’ are supported.	cookie
glooUi.auth.oidc.session.redis	struct	Redis instance configuration.
glooUi.auth.oidc.session.redis.host	string	The host at which the Redis instance is accessible. To use the default Redis deployment, specify ‘gloo-mesh-redis.gloo-mesh:6379’.	gloo-mesh-redis.gloo-mesh:6379
glooUi.auth.requestTimeout	int	Request timeout for external auth requests in seconds.	2
glooUi.basePath	string	Base path that the UI expects to be rendered on.	/
glooUi.deploymentOverrides	struct	Arbitrary overrides for the component’s deployment template.
glooUi.enabled	bool	Deploy the gloo-mesh-ui.	false
glooUi.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“LICENSE_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“gloo-mesh-enterprise-license”,“key”:“key”,“optional”:true}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}},{“name”:“GOMAXPROCS”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.cpu”,“divisor”:“1”}}}]
glooUi.extraEnvs	struct	Extra environment variables for the container
glooUi.floatingUserId	bool	Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations.	false
glooUi.image	struct	Container image.
glooUi.image.pullPolicy	string	Image pull policy.	IfNotPresent
glooUi.image.pullSecret	string	Image pull secret.
glooUi.image.registry	string	Image registry.	gcr.io/gloo-mesh
glooUi.image.repository	string	Image name (repository).	gloo-mesh-apiserver
glooUi.image.tag	string	Version tag for the container image.
glooUi.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
glooUi.imagePullSecrets[].name	string
glooUi.ipVersion	string	Configure IP version to ipv4, ipv6 or dualStack. Defaults to dualStack.	dualStack
glooUi.licenseSecretName	string	Provide license keys in a secret in the adminNamespace of the management cluster, instead of in the license key fields.
glooUi.namespacedRbac[]	[]struct	Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource.	[{“resources”:[],“namespaces”:[]}]
glooUi.namespacedRbac[].namespaces[]	[]string
glooUi.namespacedRbac[].resources[]	[]string
glooUi.podSecurityContext	struct	Pod-level security context. For more info, see the Kubernetes documentation.
glooUi.ports	map[string, uint32]	Service ports as a map from port name to port number.	{“console”:8090,“grpc”:10101,“healthcheck”:8081}
glooUi.ports.<MAP_KEY>	uint32	Service ports as a map from port name to port number.
glooUi.ports.console	uint32	Service ports as a map from port name to port number.	8090
glooUi.ports.grpc	uint32	Service ports as a map from port name to port number.	10101
glooUi.ports.healthcheck	uint32	Service ports as a map from port name to port number.	8081
glooUi.prometheusBearerTokenFile	string	The path to the file that contains the bearer token that is used by the Gloo UI to authenticate to the Prometheus server. To connect the Gloo UI to the built-in Prometheus server in OpenShift, use /var/run/secrets/kubernetes.io/serviceaccount/token. Otherwise, set this field only when you use a custom HTTPS Prometheus server.
glooUi.prometheusCAFile	string	The path to the file that contains the public CA certificate that is used by the Gloo UI to verify the Prometheus server’s certificate. To connect the Gloo UI to the built-in Prometheus server in OpenShift, use /var/run/secrets/kubernetes.io/serviceaccount/ca.crt. Otherwise, set this field only when you use a custom HTTPS Prometheus server.
glooUi.prometheusClientCertSecretName	string	(deprecated) The name of the secret that contains the Prometheus client TLS certificates used to identify the UI client to the Prometheus server. The secret must be in the same namespace as the gloo-mesh-ui pod. Set this field only when you use a custom HTTPS Prometheus server.
glooUi.prometheusSkipTLSVerify	bool	Set this field to true to disable verification of the Prometheus server TLS certificate. Set this field only when you use a custom HTTPS Prometheus server.	false
glooUi.prometheusUrl	string	The address for the Prometheus server. If you want to connect the Gloo UI to the built-in Prometheus server in OpenShift, use https://thanos-querier.openshift-monitoring.svc:9091.
glooUi.readOnlyGeneratedResources	bool	If true, the deployment only reads Istio resource outputs that are created by Gloo, and filters out Istio resource fields that Gloo cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI.	false
glooUi.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
glooUi.runAsUser	uint32	Static user ID to run the containers as. Unused if floatingUserId is ’true’.	10101
glooUi.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooUi.serviceOverrides	struct	Arbitrary overrides for the component’s service template.
glooUi.serviceType	string	Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.	ClusterIP
glooUi.settingsName	string	Name of the UI settings object to use.	settings
glooUi.sidecars	map[string, struct]	Optional configuration for the deployed containers.	{“console”:{“image”:{“repository”:“gloo-mesh-ui”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:null,“extraEnvs”:{},“resources”:{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}},“envoy”:{“image”:{“repository”:“gloo-mesh-envoy”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“ENVOY_UID”,“value”:“0”},{“name”:“POD_ID”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.name”}}}],“extraEnvs”:{},“resources”:{“requests”:{“cpu”:“100m”,“memory”:“256Mi”}}}}
glooUi.sidecars.<MAP_KEY>	struct	Optional configuration for the deployed containers.
glooUi.sidecars.<MAP_KEY>.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.
glooUi.sidecars.<MAP_KEY>.extraEnvs	struct	Extra environment variables for the container
glooUi.sidecars.<MAP_KEY>.image	struct	Container image.
glooUi.sidecars.<MAP_KEY>.image.pullPolicy	string	Image pull policy.
glooUi.sidecars.<MAP_KEY>.image.pullSecret	string	Image pull secret.
glooUi.sidecars.<MAP_KEY>.image.registry	string	Image registry.
glooUi.sidecars.<MAP_KEY>.image.repository	string	Image name (repository).
glooUi.sidecars.<MAP_KEY>.image.tag	string	Version tag for the container image.
glooUi.sidecars.<MAP_KEY>.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.
glooUi.sidecars.<MAP_KEY>.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooUi.sidecars.console	struct	Optional configuration for the deployed containers.
glooUi.sidecars.console.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	null
glooUi.sidecars.console.extraEnvs	struct	Extra environment variables for the container
glooUi.sidecars.console.image	struct	Container image.
glooUi.sidecars.console.image.pullPolicy	string	Image pull policy.	IfNotPresent
glooUi.sidecars.console.image.pullSecret	string	Image pull secret.
glooUi.sidecars.console.image.registry	string	Image registry.	gcr.io/gloo-mesh
glooUi.sidecars.console.image.repository	string	Image name (repository).	gloo-mesh-ui
glooUi.sidecars.console.image.tag	string	Version tag for the container image.
glooUi.sidecars.console.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
glooUi.sidecars.console.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooUi.sidecars.envoy	struct	Optional configuration for the deployed containers.
glooUi.sidecars.envoy.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“ENVOY_UID”,“value”:“0”},{“name”:“POD_ID”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.name”}}}]
glooUi.sidecars.envoy.extraEnvs	struct	Extra environment variables for the container
glooUi.sidecars.envoy.image	struct	Container image.
glooUi.sidecars.envoy.image.pullPolicy	string	Image pull policy.	IfNotPresent
glooUi.sidecars.envoy.image.pullSecret	string	Image pull secret.
glooUi.sidecars.envoy.image.registry	string	Image registry.	gcr.io/gloo-mesh
glooUi.sidecars.envoy.image.repository	string	Image name (repository).	gloo-mesh-envoy
glooUi.sidecars.envoy.image.tag	string	Version tag for the container image.
glooUi.sidecars.envoy.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“100m”,“memory”:“256Mi”}}
glooUi.sidecars.envoy.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooUi.tls	struct	Enable TLS termination on UI.
glooUi.tls.certDir	string	Mount directory which stores the TLS files. Defaults to ‘/etc/tls-certs’.	/etc/tls-certs
glooUi.tls.certificate	string	Name of the certificate. Defaults to ’tls.crt’.	tls.crt
glooUi.tls.enabled	bool	Enable TLS termination	false
glooUi.tls.privateKey	string	Name of the private key. Defaults to ’tls.key’.	tls.key
glooUi.tls.secretName	string	Name of the secret which holds the TLS certificate and key
glooUi.tracing	struct	Configure the tracing page for the UI if the default jaeger tracing UI is not being used.
glooUi.tracing.basePath	string	Base path the tracing UI expects to be rendered on.
glooUi.tracing.endpoint	string	Endpoint of the tracing UI that will be embedded on the tracing page.
glooUi.tracing.port	int32	Port of the tracing UI that will be embedded on the tracing page.	0
glooUi.verbose	bool	Enable verbose/debug logging.	false
istioInstallations	struct	Configuration for deploying managed Istio control plane and gateway installations by using the Istio lifecycle manager.
istioInstallations.controlPlane	struct	Configuration for the managed Istio control plane instance.
istioInstallations.controlPlane.enabled	bool	Install the managed Istio control plane instance in the cluster.	true
istioInstallations.controlPlane.installations[]	[]struct	List of Istio control plane installations.	[{“revision”:“auto”,“clusters”:null,“istioOperatorSpec”:{}}]
istioInstallations.controlPlane.installations[].clusters[]	[]ptr	Clusters to install the Istio control planes in.
istioInstallations.controlPlane.installations[].clusters[].defaultRevision	bool	When set to true, the installation for this revision is applied as the active Istio installation in the cluster. Resources with the ‘istio-injection=true’ label entry use this revision. You might change this setting for Istio installations during a canary upgrade. For more info, see the upgrade docs.
istioInstallations.controlPlane.installations[].clusters[].name	string	Name of the cluster to install Istio into. Must match the registered cluster name.
istioInstallations.controlPlane.installations[].clusters[].trustDomain	string	Trust domain value for this cluster’s Istio installation mesh config. Defaults to the cluster’s name.
istioInstallations.controlPlane.installations[].istioOperatorSpec	struct	IstioOperator specification for the control plane. For more info, see the IstioOperatorSpec reference.
istioInstallations.controlPlane.installations[].revision	string	Istio revision for this installation, such as ‘1-20’. Label workload resources with ‘istio.io/rev=$REVISION’ to use this installation. Defaults to ‘AUTO’, which installs the default supported version of the Solo distribution of Istio.
istioInstallations.eastWestGateways[]	[]struct	Configuration for the managed east-west gateway.	null
istioInstallations.eastWestGateways[].enabled	bool	Install the gateway in the cluster.
istioInstallations.eastWestGateways[].installations[]	[]struct	List of Istio gateway installations. For more info, see the GatewayInstallation reference.
istioInstallations.eastWestGateways[].installations[].clusters[]	[]ptr	Clusters to install the gateway in.
istioInstallations.eastWestGateways[].installations[].clusters[].activeGateway	bool	When set to true, the installation for this revision is applied as the active gateway through which primary service traffic is routed in the cluster. If the istioOperatorSpec defines a service, this field switches the service selectors to the revision specified in the gatewayRevsion. You might change this setting for gateway installations during a canary upgrade. For more info, see the upgrade docs.
istioInstallations.eastWestGateways[].installations[].clusters[].name	string	Name of the cluster to install the gateway into. Must match the registered cluster name.
istioInstallations.eastWestGateways[].installations[].clusters[].trustDomain	string	Trust domain value for this cluster’s Istio installation mesh config. Defaults to the cluster’s name.
istioInstallations.eastWestGateways[].installations[].controlPlaneRevision	string	Optional: The revision of an Istio control plane in the cluster that this gateway should also use. If a control plane installation of this revision is not found, no gateway is created.
istioInstallations.eastWestGateways[].installations[].gatewayRevision	string	Istio revision for this installation, such as ‘1-20’. Defaults to ‘AUTO’, which installs the default supported version of the Solo distribution of Istio.
istioInstallations.eastWestGateways[].installations[].istioOperatorSpec	struct	IstioOperator specification for the gateway. For more info, see the IstioOperatorSpec reference.
istioInstallations.eastWestGateways[].name	string	Name of the gateway. Must be unique.
istioInstallations.enabled	bool	Enable managed Istio installations.	false
istioInstallations.northSouthGateways[]	[]struct	Configuration for the managed north-south (ingress) gateway. Requires a Gloo Gateway license.	[{“name”:“istio-ingressgateway”,“enabled”:true,“installations”:[{“gatewayRevision”:“auto”,“clusters”:null,“istioOperatorSpec”:{}}]}]
istioInstallations.northSouthGateways[].enabled	bool	Install the gateway in the cluster.
istioInstallations.northSouthGateways[].installations[]	[]struct	List of Istio gateway installations. For more info, see the GatewayInstallation reference.
istioInstallations.northSouthGateways[].installations[].clusters[]	[]ptr	Clusters to install the gateway in.
istioInstallations.northSouthGateways[].installations[].clusters[].activeGateway	bool	When set to true, the installation for this revision is applied as the active gateway through which primary service traffic is routed in the cluster. If the istioOperatorSpec defines a service, this field switches the service selectors to the revision specified in the gatewayRevsion. You might change this setting for gateway installations during a canary upgrade. For more info, see the upgrade docs.
istioInstallations.northSouthGateways[].installations[].clusters[].name	string	Name of the cluster to install the gateway into. Must match the registered cluster name.
istioInstallations.northSouthGateways[].installations[].clusters[].trustDomain	string	Trust domain value for this cluster’s Istio installation mesh config. Defaults to the cluster’s name.
istioInstallations.northSouthGateways[].installations[].controlPlaneRevision	string	Optional: The revision of an Istio control plane in the cluster that this gateway should also use. If a control plane installation of this revision is not found, no gateway is created.
istioInstallations.northSouthGateways[].installations[].gatewayRevision	string	Istio revision for this installation, such as ‘1-20’. Defaults to ‘AUTO’, which installs the default supported version of the Solo distribution of Istio.
istioInstallations.northSouthGateways[].installations[].istioOperatorSpec	struct	IstioOperator specification for the gateway. For more info, see the IstioOperatorSpec reference.
istioInstallations.northSouthGateways[].name	string	Name of the gateway. Must be unique.
jaeger	struct	Configuration for the Gloo Jaeger instance. See the Jaeger Helm chart for the complete set of values.
jaeger.agent	map[string, interface]		{“enabled”:false}
jaeger.agent.<MAP_KEY>	interface
jaeger.agent.enabled	interface
jaeger.allInOne	map[string, interface]		{“args”:["–query.base-path=/tracing-ui"],“enabled”:true,“extraEnv”:[{“name”:“MEMORY_MAX_TRACES”,“value”:“3000”}]}
jaeger.allInOne.<MAP_KEY>	interface
jaeger.allInOne.args	interface
jaeger.allInOne.enabled	interface
jaeger.allInOne.extraEnv	interface
jaeger.collector	map[string, interface]		{“enabled”:false}
jaeger.collector.<MAP_KEY>	interface
jaeger.collector.enabled	interface
jaeger.enabled	bool	Enable installation of Jaeger sub-chart. For demo purposes only.	false
jaeger.fullnameOverride	string		gloo-jaeger
jaeger.provisionDataStore	map[string, interface]		{“cassandra”:false,“elasticsearch”:false,“kafka”:false}
jaeger.provisionDataStore.<MAP_KEY>	interface
jaeger.provisionDataStore.cassandra	interface
jaeger.provisionDataStore.elasticsearch	interface
jaeger.provisionDataStore.kafka	interface
jaeger.query	map[string, interface]		{“enabled”:false}
jaeger.query.<MAP_KEY>	interface
jaeger.query.enabled	interface
jaeger.storage	map[string, interface]		{“type”:“memory”}
jaeger.storage.<MAP_KEY>	interface
jaeger.storage.type	interface
licensing	struct	Gloo product licenses.
licensing.glooGatewayLicenseKey	string	Gloo Gateway license key.
licensing.glooMeshCoreLicenseKey	string	Gloo Mesh Core license key.
licensing.glooMeshLicenseKey	string	Gloo Mesh Enterprise license key.
licensing.glooNetworkLicenseKey	string	Gloo Network license key.
licensing.glooTrialLicenseKey	string	Gloo trial license key, for a trial installation of all products.
licensing.licenseKey	string	Deprecated: Legacy Gloo Mesh Enterprise license key. Use individual product license fields, the trial license field, or a license secret instead.
licensing.licenseSecretName	string	Provide license keys in a secret in the adminNamespace of the management cluster, instead of in the license key fields.	license-keys
postgresql	struct	Configuration for PostgreSQL. See the Bitnami Postgresql Helm chart for the complete set of values
postgresql.enabled	bool	Whether to enabled PostgreSQL dependency	false
postgresql.fullnameOverride	string	Override the full name of PostgreSQL components	postgresql
prometheus	map	Helm values for configuring Prometheus. See the Prometheus Helm chart for the complete set of values.
rateLimiter	struct
rateLimiter	struct	Configuration for the Gloo rate limiting service.
rateLimiter.enabled	bool	Enable the Gloo rate limiting service.	false
rateLimiter.extraLabels	map[string, string]	Extra key-value pairs to add to the labels data of the rate limiter deployment.	null
rateLimiter.extraLabels.<MAP_KEY>	string	Extra key-value pairs to add to the labels data of the rate limiter deployment.
rateLimiter.extraTemplateAnnotations	map[string, string]	Extra annotations to add to the rate limiter service pods.	{“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"}
rateLimiter.extraTemplateAnnotations.<MAP_KEY>	string	Extra annotations to add to the rate limiter service pods.
rateLimiter.extraTemplateAnnotations.proxy.istio.io/config	string	Extra annotations to add to the rate limiter service pods.	{ “holdApplicationUntilProxyStarts”: true }
rateLimiter.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
rateLimiter.imagePullSecrets[].name	string
rateLimiter.rateLimiter	struct	Configuration for the rate limiter.
rateLimiter.rateLimiter.image	struct	Values for the rate limiter image.
rateLimiter.rateLimiter.image.pullPolicy	string	Image pull policy.	IfNotPresent
rateLimiter.rateLimiter.image.registry	string	Image registry.	gcr.io/gloo-mesh
rateLimiter.rateLimiter.image.repository	string	Image name (repository).	rate-limiter
rateLimiter.rateLimiter.image.tag	string	Version tag for the container.	0.12.2
rateLimiter.rateLimiter.installClusterRoles	bool	If true, use ClusterRoles. If false, use Roles.	true
rateLimiter.rateLimiter.logLevel	string	Severity level to collect logs for.	INFO
rateLimiter.rateLimiter.ports	struct	Ports for the rate limiter service.
rateLimiter.rateLimiter.ports.debug	uint32	Port on the rate limiter to pull logs from.	9091
rateLimiter.rateLimiter.ports.grpc	uint32	Port the rate limiter listens on for gRPC requests.	8083
rateLimiter.rateLimiter.ports.ready	uint32	Port the rate limiter listens on for readiness checks.	8084
rateLimiter.rateLimiter.readyPath	string	Path for readiness checks.	/ready
rateLimiter.rateLimiter.resources	struct	Values for the container resource requests.
rateLimiter.rateLimiter.resources.requests	struct	Minimum amount of compute resources required. For more info, see the Kubernetes documentation.
rateLimiter.rateLimiter.resources.requests.cpu	string	Amount of CPU resource.	125m
rateLimiter.rateLimiter.resources.requests.memory	string	Amount of memory resource.	256Mi
rateLimiter.rateLimiter.service	struct	Configuration for the deployed rate limiter service.
rateLimiter.rateLimiter.service.annotations	map[string, string]	Kubernetes service annotations.	{}
rateLimiter.rateLimiter.service.annotations.<MAP_KEY>	string	Kubernetes service annotations.
rateLimiter.rateLimiter.watchNamespace	string	Namespaces to watch in your cluster. If omitted or empty, all namespaces are watched.
rateLimiter.redis	struct	Configuration for using a Redis instance for authentication.
rateLimiter.redis.auth	struct	Values for the authentication details.
rateLimiter.redis.auth.enabled	bool	Use the default Redis instance for authentication.	false
rateLimiter.redis.auth.passwordKey	string	Key that contains the password.	redis-password
rateLimiter.redis.auth.secretName	string	Name of the secret that contains the username and password.	redis-secrets
rateLimiter.redis.auth.usernameKey	string	Key that contains the username. If Redis doesn’t have an explicit username, specify ‘default’.	redis-username
rateLimiter.redis.certs	struct	Provide a CA cert for the rate limiter and Redis instance (if enabled) to use.
rateLimiter.redis.certs.caCert	string	File name that contains the CA cert.	redis.crt
rateLimiter.redis.certs.enabled	bool	Enable the rate limiter and Redis instance (if enabled) to use the CA cert you provide.	false
rateLimiter.redis.certs.mountPoint	string	Mount path for the certs.	/etc/tls
rateLimiter.redis.certs.secretName	string	Name of the secret for the CA cert.	redis-certs-keys
rateLimiter.redis.certs.signingKey	string	File name that contains the signing key. Only relevant for the Redis instance.	redis.key
rateLimiter.redis.clustered	bool	Set to true if your Redis instance runs in clustered mode.	false
rateLimiter.redis.enabled	bool	Install the default Redis instance.	true
rateLimiter.redis.floatingUserID	bool	Set to true to use a floating user ID.	false
rateLimiter.redis.hostname	string	Hostname clients use to connect to the Redis instance.	redis
rateLimiter.redis.image	struct	Values for the Redis image.
rateLimiter.redis.image.pullPolicy	string	Image pull policy.	IfNotPresent
rateLimiter.redis.image.registry	string	Image registry.	gcr.io/gloo-mesh
rateLimiter.redis.image.repository	string	Image name (repository).	redis
rateLimiter.redis.image.tag	string	Version tag for the container.	7.2.4-alpine
rateLimiter.redis.runAsUser	int	User ID to run Redis as.	999
rateLimiter.redis.service	struct	Values for the Redis service.
rateLimiter.redis.service.db	int	Select the Redis logical database having the specified zero-based numeric index.	0
rateLimiter.redis.service.name	string	Name for the Redis service.	redis
rateLimiter.redis.service.port	int	Port for the Redis service.	6379
rateLimiter.redis.service.socket	string	‘unix’, ’tcp’, or ’tls’ are supported.	tcp
redis	struct	Redis configuration options.
redis.address	string	Address to use when connecting to the Redis instance. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’.
redis.auth	struct	Optional authentication values to use when connecting to the Redis instance
redis.auth.enabled	bool	Connect to the Redis instance with a password	false
redis.auth.passwordKey	string	The secret key containing the password to use for authentication	password
redis.auth.secretName	string	Name of the k8s secret that contains the password	redis-auth-secrets
redis.auth.usernameKey	string	The secret key containing the username to use for authentication	username
redis.certs	struct	Configuration for TLS verification when connecting to the Redis instance
redis.certs.caCertKey	string	The secret key containing the ca cert
redis.certs.enabled	bool	Enable a secure network connection to the Redis instance via TLS	false
redis.certs.secretName	string	Name of the k8s secret that contains the certs	redis-certs
redis.clustered	bool	Set to true if your Redis instance runs in clustered mode.	false
redis.connection	struct	Optional connection parameters
redis.connection.connMaxIdleTime	string	The maximum amount of time a connection may be idle. Should be less than server’s timeout. Default is 30 minutes. -1 disables idle timeout check.	5m0s
redis.connection.connMaxLifetime	string	The maximum amount of time a connection may be reused. If <= 0, connections are not closed due to a connection’s age.	0
redis.connection.contextTimeoutEnabled	bool	ContextTimeoutEnabled controls whether the client respects context timeouts and deadlines.	false
redis.connection.dialTimeout	string	Dial timeout for establishing new connections. Default is 5 seconds.	5s
redis.connection.idleTimeout	string	Deprecated: in favor of ‘connMaxIdleTime’. Amount of time after which client closes idle connections. Should be less than server’s timeout. Default is 30 minutes. -1 disables idle timeout check.	5m0s
redis.connection.masterName	string	The master name. Only needed for sentinel mode.
redis.connection.maxConnAge	string	Deprecated: in favor of using ‘connMaxLifetime’. Connection age at which client retires (closes) the connection. Default is to not close aged connections.	0
redis.connection.maxIdleConns	int	Maximum number of idle connections.	0
redis.connection.maxRedirects	int	The maximum number of retries before giving up. Command is retried on network errors and MOVED/ASK redirects. Default is 3 retries.	3
redis.connection.maxRetries	int	Maximum number of retries before giving up. Default is 3. -1 disables retries.	3
redis.connection.maxRetryBackoff	string	Maximum backoff between each retry. Default is 512 milliseconds. -1 disables backoff.	512ms
redis.connection.minIdleConns	int	Minimum number of idle connections which is useful when establishing new connection is slow.	0
redis.connection.minRetryBackoff	string	Minimum backoff between each retry. Default is 8 milliseconds. -1 disables backoff.	8ms
redis.connection.poolFifo	bool	Type of connection pool. true for FIFO pool. false for LIFO pool. Note that FIFO has higher overhead compared to LIFO.	false
redis.connection.poolSize	int	Maximum number of socket connections. Default is 10 connections per every available CPU as reported by runtime.GOMAXPROCS.	0
redis.connection.poolTimeout	string	Amount of time client waits for connection if all connections are busy before returning an error. Default is ReadTimeout + 1 second.	0
redis.connection.readOnly	bool	Enables read-only commands on slave nodes. Default is false.	false
redis.connection.readTimeout	string	Timeout for socket reads. if reached, commands will fail with a timeout instead of blocking. Default is 3 seconds. -1 disables timeout. 0 uses the default value.	3s
redis.connection.redisStreamSizeOverride	int	Override the default Redis stream size for the relay sync. This is the maximum number of events that can be stored in the stream. If the stream size is exceeded, the clients will reset the stream and resync which can cause performance issues. When set to 0 the stream size is number of clusters*32	0
redis.connection.routeByLatency	bool	Allows routing read-only commands to the closest master or slave node. It automatically enables ReadOnly.	false
redis.connection.routeRandomly	bool	Allows routing read-only commands to the random master or slave node. It automatically enables ReadOnly.	false
redis.connection.writeTimeout	string	Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Default is ReadTimeout.	3s
redis.db	int	DB to connect to	0
redis.deployment	struct
redis.deployment	struct	Configuration for the deployment deployment.
redis.deployment.addr	string	Deprecated: Use ‘redis.address’ instead.
redis.deployment.deploymentOverrides	struct	Arbitrary overrides for the component’s deployment template.
redis.deployment.enabled	bool	Deploy the default Redis instance.	true
redis.deployment.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“MASTER”,“value”:“true”}]
redis.deployment.extraEnvs	struct	Extra environment variables for the container
redis.deployment.floatingUserId	bool	Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations.	false
redis.deployment.image	struct	Container image.
redis.deployment.image.pullPolicy	string	Image pull policy.	IfNotPresent
redis.deployment.image.pullSecret	string	Image pull secret.
redis.deployment.image.registry	string	Image registry.	gcr.io/gloo-mesh
redis.deployment.image.repository	string	Image name (repository).	redis
redis.deployment.image.tag	string	Version tag for the container image.
redis.deployment.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
redis.deployment.imagePullSecrets[].name	string
redis.deployment.ioThreads	int	The number of I/O threads to use. Use this setting to allocate threads dedicated to performing I/O tasks to maximize overall Redis performance. The minimum valid value for this setting is 1. When you change this setting, make sure to also change the CPU requests and CPU limits for the Redis pod to one CPU core per I/O thread. See https://github.com/redis/redis/blob/7.2/redis.conf for more details.	1
redis.deployment.persistence	struct	Configure the built-in Redis to store data in a Kubernetes persistent volume so that data persists across restarts. You can use either Redis Database (RDB) or Append Only File (AOF) persistence modes.
redis.deployment.persistence.aof	struct	Configure Redis with Append Only File (AOF) persistence mode. AOF logs every write operation for a more complete recovery option, but has trade-offs in resource usage which can impact performance vs. RDB. For more info, see the Redis docs.
redis.deployment.persistence.aof.appendfsync	string	Configure how often data is saved from the in-memory database to the disk. Options are ’everysec’, ‘always’, or ’no’.	everysec
redis.deployment.persistence.aof.enabled	bool	Set to true to use Append Only File (AOF) persistence mode.	false
redis.deployment.persistence.enabled	bool	Set to true so that the built-in Redis stores data in a Kubernetes persistent volume (PV). Then, you must configure either AOF or RDB persistence mode.	false
redis.deployment.persistence.persistentVolume	struct	Configure the PersistentVolumeClaim (PVC) that Redis uses to request a PV to store its data.
redis.deployment.persistence.persistentVolume.accessModes[]	[]string	The access modes of the PVC. Possible values are ‘ReadWriteOnce’, ‘ReadOnlyMany’, ‘ReadWriteMany’, or ‘ReadWriteOncePod’. For more info, see the Kubernetes docs.	[“ReadWriteOnce”]
redis.deployment.persistence.persistentVolume.existingClaim	bool	Set to true for Redis to use an existing PVC to request a PV to store its data.	false
redis.deployment.persistence.persistentVolume.name	string	The name of the PVC for the Redis deployment to mount as a volume.	gloo-mesh-redis
redis.deployment.persistence.persistentVolume.size	string	The size of storage capacity that the PVC requests. Storage capacity requests depend on the size of your environment, but typically are 1Gi for a small, 2Gi to 5Gi for a medium, and 10Gi or larger for a large environment. For more info, see the Kubernetes docs.
redis.deployment.persistence.persistentVolume.storageClass	string	The storage class of the PVC. Use ‘-’ to disable dynamic provisioning. For more info, see the Kubernetes docs.
redis.deployment.persistence.rdb	struct	Configure Redis with Redis Database (RDB) persistence mode. RDB provides a point-in-time snapshot for a disaster recovery backup, but has trade-offs in the completeness of data vs. AOF. For more info, see the Redis docs.
redis.deployment.persistence.rdb.saveSnapshot	string	Configure how often an RDB snapshot is created. The format is ‘N M’, where N is the number of seconds and M is the minimum number of changes in the dataset. For example, enter ‘60 1000’ to take a snapshot every 60 seconds when at least 1000 keys are changed since the last snapshot.
redis.deployment.podSecurityContext	struct	Pod-level security context. For more info, see the Kubernetes documentation.
redis.deployment.ports	map[string, uint32]	Service ports as a map from port name to port number.	{“redis”:6379}
redis.deployment.ports.<MAP_KEY>	uint32	Service ports as a map from port name to port number.
redis.deployment.ports.redis	uint32	Service ports as a map from port name to port number.	6379
redis.deployment.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
redis.deployment.runAsUser	uint32	Static user ID to run the containers as. Unused if floatingUserId is ’true’.	10101
redis.deployment.runAsUser	int	User ID to run Redis as.	999
redis.deployment.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
redis.deployment.serviceOverrides	struct	Arbitrary overrides for the component’s service template.
redis.deployment.serviceType	string	Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.	ClusterIP
redis.deployment.sidecars	map[string, struct]	Optional configuration for the deployed containers.	{}
redis.deployment.sidecars.<MAP_KEY>	struct	Optional configuration for the deployed containers.
redis.deployment.sidecars.<MAP_KEY>.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.
redis.deployment.sidecars.<MAP_KEY>.extraEnvs	struct	Extra environment variables for the container
redis.deployment.sidecars.<MAP_KEY>.image	struct	Container image.
redis.deployment.sidecars.<MAP_KEY>.image.pullPolicy	string	Image pull policy.
redis.deployment.sidecars.<MAP_KEY>.image.pullSecret	string	Image pull secret.
redis.deployment.sidecars.<MAP_KEY>.image.registry	string	Image registry.
redis.deployment.sidecars.<MAP_KEY>.image.repository	string	Image name (repository).
redis.deployment.sidecars.<MAP_KEY>.image.tag	string	Version tag for the container image.
redis.deployment.sidecars.<MAP_KEY>.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.
redis.deployment.sidecars.<MAP_KEY>.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
redis.secretKey	string	External API key encryption secret
redis.socketType	string	‘unix’, ’tcp’, or ’tls’ are supported.	tcp
redisStore	struct	Configuration for dedicated redis stores for snapshots, insights, rate limiter, and ext-auth-service.
redisStore.extAuthService	struct	Configuration for ext-auth-service redis. This instance is shared with portal and will be used to store api keys.
redisStore.extAuthService.client	struct	Configuration for redis clients
redisStore.extAuthService.client.address	string	Address to use when connecting to the Redis instance. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’.
redisStore.extAuthService.client.auth	struct	Optional authentication values to use when connecting to the Redis instance
redisStore.extAuthService.client.auth.enabled	bool	Connect to the Redis instance with a password	false
redisStore.extAuthService.client.auth.passwordKey	string	The secret key containing the password to use for authentication	password
redisStore.extAuthService.client.auth.secretName	string	Name of the k8s secret that contains the password	redis-auth-secrets
redisStore.extAuthService.client.auth.usernameKey	string	The secret key containing the username to use for authentication	username
redisStore.extAuthService.client.certs	struct	Configuration for TLS verification when connecting to the Redis instance
redisStore.extAuthService.client.certs.caCertKey	string	The secret key containing the ca cert
redisStore.extAuthService.client.certs.enabled	bool	Enable a secure network connection to the Redis instance via TLS	false
redisStore.extAuthService.client.certs.secretName	string	Name of the k8s secret that contains the certs	redis-certs
redisStore.extAuthService.client.clustered	bool	Set to true if your Redis instance runs in clustered mode.	false
redisStore.extAuthService.client.connection	struct	Optional connection parameters
redisStore.extAuthService.client.connection.connMaxIdleTime	string	The maximum amount of time a connection may be idle. Should be less than server’s timeout. Default is 30 minutes. -1 disables idle timeout check.	5m0s
redisStore.extAuthService.client.connection.connMaxLifetime	string	The maximum amount of time a connection may be reused. If <= 0, connections are not closed due to a connection’s age.	0
redisStore.extAuthService.client.connection.contextTimeoutEnabled	bool	ContextTimeoutEnabled controls whether the client respects context timeouts and deadlines.	false
redisStore.extAuthService.client.connection.dialTimeout	string	Dial timeout for establishing new connections. Default is 5 seconds.	5s
redisStore.extAuthService.client.connection.idleTimeout	string	Deprecated: in favor of ‘connMaxIdleTime’. Amount of time after which client closes idle connections. Should be less than server’s timeout. Default is 30 minutes. -1 disables idle timeout check.	5m0s
redisStore.extAuthService.client.connection.masterName	string	The master name. Only needed for sentinel mode.
redisStore.extAuthService.client.connection.maxConnAge	string	Deprecated: in favor of using ‘connMaxLifetime’. Connection age at which client retires (closes) the connection. Default is to not close aged connections.	0
redisStore.extAuthService.client.connection.maxIdleConns	int	Maximum number of idle connections.	0
redisStore.extAuthService.client.connection.maxRedirects	int	The maximum number of retries before giving up. Command is retried on network errors and MOVED/ASK redirects. Default is 3 retries.	3
redisStore.extAuthService.client.connection.maxRetries	int	Maximum number of retries before giving up. Default is 3. -1 disables retries.	3
redisStore.extAuthService.client.connection.maxRetryBackoff	string	Maximum backoff between each retry. Default is 512 milliseconds. -1 disables backoff.	512ms
redisStore.extAuthService.client.connection.minIdleConns	int	Minimum number of idle connections which is useful when establishing new connection is slow.	0
redisStore.extAuthService.client.connection.minRetryBackoff	string	Minimum backoff between each retry. Default is 8 milliseconds. -1 disables backoff.	8ms
redisStore.extAuthService.client.connection.poolFifo	bool	Type of connection pool. true for FIFO pool. false for LIFO pool. Note that FIFO has higher overhead compared to LIFO.	false
redisStore.extAuthService.client.connection.poolSize	int	Maximum number of socket connections. Default is 10 connections per every available CPU as reported by runtime.GOMAXPROCS.	0
redisStore.extAuthService.client.connection.poolTimeout	string	Amount of time client waits for connection if all connections are busy before returning an error. Default is ReadTimeout + 1 second.	0
redisStore.extAuthService.client.connection.readOnly	bool	Enables read-only commands on slave nodes. Default is false.	false
redisStore.extAuthService.client.connection.readTimeout	string	Timeout for socket reads. if reached, commands will fail with a timeout instead of blocking. Default is 3 seconds. -1 disables timeout. 0 uses the default value.	3s
redisStore.extAuthService.client.connection.redisStreamSizeOverride	int	Override the default Redis stream size for the relay sync. This is the maximum number of events that can be stored in the stream. If the stream size is exceeded, the clients will reset the stream and resync which can cause performance issues. When set to 0 the stream size is number of clusters*32	0
redisStore.extAuthService.client.connection.routeByLatency	bool	Allows routing read-only commands to the closest master or slave node. It automatically enables ReadOnly.	false
redisStore.extAuthService.client.connection.routeRandomly	bool	Allows routing read-only commands to the random master or slave node. It automatically enables ReadOnly.	false
redisStore.extAuthService.client.connection.writeTimeout	string	Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Default is ReadTimeout.	3s
redisStore.extAuthService.client.db	int	DB to connect to	0
redisStore.extAuthService.client.secretKey	string	External API key encryption secret
redisStore.extAuthService.client.socketType	string	‘unix’, ’tcp’, or ’tls’ are supported.	tcp
redisStore.extAuthService.deployment	struct
redisStore.extAuthService.deployment	struct	Configuration for the deployment deployment.
redisStore.extAuthService.deployment.addr	string	Deprecated: Use ‘redis.address’ instead.
redisStore.extAuthService.deployment.deploymentOverrides	struct	Arbitrary overrides for the component’s deployment template.
redisStore.extAuthService.deployment.enabled	bool	Deploy the default Redis instance.	false
redisStore.extAuthService.deployment.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“MASTER”,“value”:“true”}]
redisStore.extAuthService.deployment.extraEnvs	struct	Extra environment variables for the container
redisStore.extAuthService.deployment.floatingUserId	bool	Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations.	false
redisStore.extAuthService.deployment.image	struct	Container image.
redisStore.extAuthService.deployment.image.pullPolicy	string	Image pull policy.	IfNotPresent
redisStore.extAuthService.deployment.image.pullSecret	string	Image pull secret.
redisStore.extAuthService.deployment.image.registry	string	Image registry.	gcr.io/gloo-mesh
redisStore.extAuthService.deployment.image.repository	string	Image name (repository).	redis
redisStore.extAuthService.deployment.image.tag	string	Version tag for the container image.
redisStore.extAuthService.deployment.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
redisStore.extAuthService.deployment.imagePullSecrets[].name	string
redisStore.extAuthService.deployment.ioThreads	int	The number of I/O threads to use. Use this setting to allocate threads dedicated to performing I/O tasks to maximize overall Redis performance. The minimum valid value for this setting is 1. When you change this setting, make sure to also change the CPU requests and CPU limits for the Redis pod to one CPU core per I/O thread. See https://github.com/redis/redis/blob/7.2/redis.conf for more details.	1
redisStore.extAuthService.deployment.persistence	struct	Configure the built-in Redis to store data in a Kubernetes persistent volume so that data persists across restarts. You can use either Redis Database (RDB) or Append Only File (AOF) persistence modes.
redisStore.extAuthService.deployment.persistence.aof	struct	Configure Redis with Append Only File (AOF) persistence mode. AOF logs every write operation for a more complete recovery option, but has trade-offs in resource usage which can impact performance vs. RDB. For more info, see the Redis docs.
redisStore.extAuthService.deployment.persistence.aof.appendfsync	string	Configure how often data is saved from the in-memory database to the disk. Options are ’everysec’, ‘always’, or ’no’.	everysec
redisStore.extAuthService.deployment.persistence.aof.enabled	bool	Set to true to use Append Only File (AOF) persistence mode.	false
redisStore.extAuthService.deployment.persistence.enabled	bool	Set to true so that the built-in Redis stores data in a Kubernetes persistent volume (PV). Then, you must configure either AOF or RDB persistence mode.	false
redisStore.extAuthService.deployment.persistence.persistentVolume	struct	Configure the PersistentVolumeClaim (PVC) that Redis uses to request a PV to store its data.
redisStore.extAuthService.deployment.persistence.persistentVolume.accessModes[]	[]string	The access modes of the PVC. Possible values are ‘ReadWriteOnce’, ‘ReadOnlyMany’, ‘ReadWriteMany’, or ‘ReadWriteOncePod’. For more info, see the Kubernetes docs.	[“ReadWriteOnce”]
redisStore.extAuthService.deployment.persistence.persistentVolume.existingClaim	bool	Set to true for Redis to use an existing PVC to request a PV to store its data.	false
redisStore.extAuthService.deployment.persistence.persistentVolume.name	string	The name of the PVC for the Redis deployment to mount as a volume.	gloo-mesh-redis
redisStore.extAuthService.deployment.persistence.persistentVolume.size	string	The size of storage capacity that the PVC requests. Storage capacity requests depend on the size of your environment, but typically are 1Gi for a small, 2Gi to 5Gi for a medium, and 10Gi or larger for a large environment. For more info, see the Kubernetes docs.
redisStore.extAuthService.deployment.persistence.persistentVolume.storageClass	string	The storage class of the PVC. Use ‘-’ to disable dynamic provisioning. For more info, see the Kubernetes docs.
redisStore.extAuthService.deployment.persistence.rdb	struct	Configure Redis with Redis Database (RDB) persistence mode. RDB provides a point-in-time snapshot for a disaster recovery backup, but has trade-offs in the completeness of data vs. AOF. For more info, see the Redis docs.
redisStore.extAuthService.deployment.persistence.rdb.saveSnapshot	string	Configure how often an RDB snapshot is created. The format is ‘N M’, where N is the number of seconds and M is the minimum number of changes in the dataset. For example, enter ‘60 1000’ to take a snapshot every 60 seconds when at least 1000 keys are changed since the last snapshot.
redisStore.extAuthService.deployment.podSecurityContext	struct	Pod-level security context. For more info, see the Kubernetes documentation.
redisStore.extAuthService.deployment.ports	map[string, uint32]	Service ports as a map from port name to port number.	{“redis”:6379}
redisStore.extAuthService.deployment.ports.<MAP_KEY>	uint32	Service ports as a map from port name to port number.
redisStore.extAuthService.deployment.ports.redis	uint32	Service ports as a map from port name to port number.	6379
redisStore.extAuthService.deployment.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
redisStore.extAuthService.deployment.runAsUser	uint32	Static user ID to run the containers as. Unused if floatingUserId is ’true’.	10101
redisStore.extAuthService.deployment.runAsUser	int	User ID to run Redis as.	999
redisStore.extAuthService.deployment.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
redisStore.extAuthService.deployment.serviceOverrides	struct	Arbitrary overrides for the component’s service template.
redisStore.extAuthService.deployment.serviceType	string	Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.	ClusterIP
redisStore.extAuthService.deployment.sidecars	map[string, struct]	Optional configuration for the deployed containers.	{}
redisStore.extAuthService.deployment.sidecars.<MAP_KEY>	struct	Optional configuration for the deployed containers.
redisStore.extAuthService.deployment.sidecars.<MAP_KEY>.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.
redisStore.extAuthService.deployment.sidecars.<MAP_KEY>.extraEnvs	struct	Extra environment variables for the container
redisStore.extAuthService.deployment.sidecars.<MAP_KEY>.image	struct	Container image.
redisStore.extAuthService.deployment.sidecars.<MAP_KEY>.image.pullPolicy	string	Image pull policy.
redisStore.extAuthService.deployment.sidecars.<MAP_KEY>.image.pullSecret	string	Image pull secret.
redisStore.extAuthService.deployment.sidecars.<MAP_KEY>.image.registry	string	Image registry.
redisStore.extAuthService.deployment.sidecars.<MAP_KEY>.image.repository	string	Image name (repository).
redisStore.extAuthService.deployment.sidecars.<MAP_KEY>.image.tag	string	Version tag for the container image.
redisStore.extAuthService.deployment.sidecars.<MAP_KEY>.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.
redisStore.extAuthService.deployment.sidecars.<MAP_KEY>.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
redisStore.insights	struct	Configuration for insights redis
redisStore.insights.client	struct	Configuration for redis clients
redisStore.insights.client.address	string	Address to use when connecting to the Redis instance. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’.
redisStore.insights.client.auth	struct	Optional authentication values to use when connecting to the Redis instance
redisStore.insights.client.auth.enabled	bool	Connect to the Redis instance with a password	false
redisStore.insights.client.auth.passwordKey	string	The secret key containing the password to use for authentication	password
redisStore.insights.client.auth.secretName	string	Name of the k8s secret that contains the password	redis-auth-secrets
redisStore.insights.client.auth.usernameKey	string	The secret key containing the username to use for authentication	username
redisStore.insights.client.certs	struct	Configuration for TLS verification when connecting to the Redis instance
redisStore.insights.client.certs.caCertKey	string	The secret key containing the ca cert
redisStore.insights.client.certs.enabled	bool	Enable a secure network connection to the Redis instance via TLS	false
redisStore.insights.client.certs.secretName	string	Name of the k8s secret that contains the certs	redis-certs
redisStore.insights.client.clustered	bool	Set to true if your Redis instance runs in clustered mode.	false
redisStore.insights.client.connection	struct	Optional connection parameters
redisStore.insights.client.connection.connMaxIdleTime	string	The maximum amount of time a connection may be idle. Should be less than server’s timeout. Default is 30 minutes. -1 disables idle timeout check.	5m0s
redisStore.insights.client.connection.connMaxLifetime	string	The maximum amount of time a connection may be reused. If <= 0, connections are not closed due to a connection’s age.	0
redisStore.insights.client.connection.contextTimeoutEnabled	bool	ContextTimeoutEnabled controls whether the client respects context timeouts and deadlines.	false
redisStore.insights.client.connection.dialTimeout	string	Dial timeout for establishing new connections. Default is 5 seconds.	5s
redisStore.insights.client.connection.idleTimeout	string	Deprecated: in favor of ‘connMaxIdleTime’. Amount of time after which client closes idle connections. Should be less than server’s timeout. Default is 30 minutes. -1 disables idle timeout check.	5m0s
redisStore.insights.client.connection.masterName	string	The master name. Only needed for sentinel mode.
redisStore.insights.client.connection.maxConnAge	string	Deprecated: in favor of using ‘connMaxLifetime’. Connection age at which client retires (closes) the connection. Default is to not close aged connections.	0
redisStore.insights.client.connection.maxIdleConns	int	Maximum number of idle connections.	0
redisStore.insights.client.connection.maxRedirects	int	The maximum number of retries before giving up. Command is retried on network errors and MOVED/ASK redirects. Default is 3 retries.	3
redisStore.insights.client.connection.maxRetries	int	Maximum number of retries before giving up. Default is 3. -1 disables retries.	3
redisStore.insights.client.connection.maxRetryBackoff	string	Maximum backoff between each retry. Default is 512 milliseconds. -1 disables backoff.	512ms
redisStore.insights.client.connection.minIdleConns	int	Minimum number of idle connections which is useful when establishing new connection is slow.	0
redisStore.insights.client.connection.minRetryBackoff	string	Minimum backoff between each retry. Default is 8 milliseconds. -1 disables backoff.	8ms
redisStore.insights.client.connection.poolFifo	bool	Type of connection pool. true for FIFO pool. false for LIFO pool. Note that FIFO has higher overhead compared to LIFO.	false
redisStore.insights.client.connection.poolSize	int	Maximum number of socket connections. Default is 10 connections per every available CPU as reported by runtime.GOMAXPROCS.	0
redisStore.insights.client.connection.poolTimeout	string	Amount of time client waits for connection if all connections are busy before returning an error. Default is ReadTimeout + 1 second.	0
redisStore.insights.client.connection.readOnly	bool	Enables read-only commands on slave nodes. Default is false.	false
redisStore.insights.client.connection.readTimeout	string	Timeout for socket reads. if reached, commands will fail with a timeout instead of blocking. Default is 3 seconds. -1 disables timeout. 0 uses the default value.	3s
redisStore.insights.client.connection.redisStreamSizeOverride	int	Override the default Redis stream size for the relay sync. This is the maximum number of events that can be stored in the stream. If the stream size is exceeded, the clients will reset the stream and resync which can cause performance issues. When set to 0 the stream size is number of clusters*32	0
redisStore.insights.client.connection.routeByLatency	bool	Allows routing read-only commands to the closest master or slave node. It automatically enables ReadOnly.	false
redisStore.insights.client.connection.routeRandomly	bool	Allows routing read-only commands to the random master or slave node. It automatically enables ReadOnly.	false
redisStore.insights.client.connection.writeTimeout	string	Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Default is ReadTimeout.	3s
redisStore.insights.client.db	int	DB to connect to	0
redisStore.insights.client.secretKey	string	External API key encryption secret
redisStore.insights.client.socketType	string	‘unix’, ’tcp’, or ’tls’ are supported.	tcp
redisStore.insights.deployment	struct
redisStore.insights.deployment	struct	Configuration for the deployment deployment.
redisStore.insights.deployment.addr	string	Deprecated: Use ‘redis.address’ instead.
redisStore.insights.deployment.deploymentOverrides	struct	Arbitrary overrides for the component’s deployment template.
redisStore.insights.deployment.enabled	bool	Deploy the default Redis instance.	false
redisStore.insights.deployment.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“MASTER”,“value”:“true”}]
redisStore.insights.deployment.extraEnvs	struct	Extra environment variables for the container
redisStore.insights.deployment.floatingUserId	bool	Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations.	false
redisStore.insights.deployment.image	struct	Container image.
redisStore.insights.deployment.image.pullPolicy	string	Image pull policy.	IfNotPresent
redisStore.insights.deployment.image.pullSecret	string	Image pull secret.
redisStore.insights.deployment.image.registry	string	Image registry.	gcr.io/gloo-mesh
redisStore.insights.deployment.image.repository	string	Image name (repository).	redis
redisStore.insights.deployment.image.tag	string	Version tag for the container image.
redisStore.insights.deployment.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
redisStore.insights.deployment.imagePullSecrets[].name	string
redisStore.insights.deployment.ioThreads	int	The number of I/O threads to use. Use this setting to allocate threads dedicated to performing I/O tasks to maximize overall Redis performance. The minimum valid value for this setting is 1. When you change this setting, make sure to also change the CPU requests and CPU limits for the Redis pod to one CPU core per I/O thread. See https://github.com/redis/redis/blob/7.2/redis.conf for more details.	1
redisStore.insights.deployment.persistence	struct	Configure the built-in Redis to store data in a Kubernetes persistent volume so that data persists across restarts. You can use either Redis Database (RDB) or Append Only File (AOF) persistence modes.
redisStore.insights.deployment.persistence.aof	struct	Configure Redis with Append Only File (AOF) persistence mode. AOF logs every write operation for a more complete recovery option, but has trade-offs in resource usage which can impact performance vs. RDB. For more info, see the Redis docs.
redisStore.insights.deployment.persistence.aof.appendfsync	string	Configure how often data is saved from the in-memory database to the disk. Options are ’everysec’, ‘always’, or ’no’.	everysec
redisStore.insights.deployment.persistence.aof.enabled	bool	Set to true to use Append Only File (AOF) persistence mode.	false
redisStore.insights.deployment.persistence.enabled	bool	Set to true so that the built-in Redis stores data in a Kubernetes persistent volume (PV). Then, you must configure either AOF or RDB persistence mode.	false
redisStore.insights.deployment.persistence.persistentVolume	struct	Configure the PersistentVolumeClaim (PVC) that Redis uses to request a PV to store its data.
redisStore.insights.deployment.persistence.persistentVolume.accessModes[]	[]string	The access modes of the PVC. Possible values are ‘ReadWriteOnce’, ‘ReadOnlyMany’, ‘ReadWriteMany’, or ‘ReadWriteOncePod’. For more info, see the Kubernetes docs.	[“ReadWriteOnce”]
redisStore.insights.deployment.persistence.persistentVolume.existingClaim	bool	Set to true for Redis to use an existing PVC to request a PV to store its data.	false
redisStore.insights.deployment.persistence.persistentVolume.name	string	The name of the PVC for the Redis deployment to mount as a volume.	gloo-mesh-redis
redisStore.insights.deployment.persistence.persistentVolume.size	string	The size of storage capacity that the PVC requests. Storage capacity requests depend on the size of your environment, but typically are 1Gi for a small, 2Gi to 5Gi for a medium, and 10Gi or larger for a large environment. For more info, see the Kubernetes docs.
redisStore.insights.deployment.persistence.persistentVolume.storageClass	string	The storage class of the PVC. Use ‘-’ to disable dynamic provisioning. For more info, see the Kubernetes docs.
redisStore.insights.deployment.persistence.rdb	struct	Configure Redis with Redis Database (RDB) persistence mode. RDB provides a point-in-time snapshot for a disaster recovery backup, but has trade-offs in the completeness of data vs. AOF. For more info, see the Redis docs.
redisStore.insights.deployment.persistence.rdb.saveSnapshot	string	Configure how often an RDB snapshot is created. The format is ‘N M’, where N is the number of seconds and M is the minimum number of changes in the dataset. For example, enter ‘60 1000’ to take a snapshot every 60 seconds when at least 1000 keys are changed since the last snapshot.
redisStore.insights.deployment.podSecurityContext	struct	Pod-level security context. For more info, see the Kubernetes documentation.
redisStore.insights.deployment.ports	map[string, uint32]	Service ports as a map from port name to port number.	{“redis”:6379}
redisStore.insights.deployment.ports.<MAP_KEY>	uint32	Service ports as a map from port name to port number.
redisStore.insights.deployment.ports.redis	uint32	Service ports as a map from port name to port number.	6379
redisStore.insights.deployment.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
redisStore.insights.deployment.runAsUser	uint32	Static user ID to run the containers as. Unused if floatingUserId is ’true’.	10101
redisStore.insights.deployment.runAsUser	int	User ID to run Redis as.	999
redisStore.insights.deployment.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
redisStore.insights.deployment.serviceOverrides	struct	Arbitrary overrides for the component’s service template.
redisStore.insights.deployment.serviceType	string	Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.	ClusterIP
redisStore.insights.deployment.sidecars	map[string, struct]	Optional configuration for the deployed containers.	{}
redisStore.insights.deployment.sidecars.<MAP_KEY>	struct	Optional configuration for the deployed containers.
redisStore.insights.deployment.sidecars.<MAP_KEY>.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.
redisStore.insights.deployment.sidecars.<MAP_KEY>.extraEnvs	struct	Extra environment variables for the container
redisStore.insights.deployment.sidecars.<MAP_KEY>.image	struct	Container image.
redisStore.insights.deployment.sidecars.<MAP_KEY>.image.pullPolicy	string	Image pull policy.
redisStore.insights.deployment.sidecars.<MAP_KEY>.image.pullSecret	string	Image pull secret.
redisStore.insights.deployment.sidecars.<MAP_KEY>.image.registry	string	Image registry.
redisStore.insights.deployment.sidecars.<MAP_KEY>.image.repository	string	Image name (repository).
redisStore.insights.deployment.sidecars.<MAP_KEY>.image.tag	string	Version tag for the container image.
redisStore.insights.deployment.sidecars.<MAP_KEY>.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.
redisStore.insights.deployment.sidecars.<MAP_KEY>.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
redisStore.rateLimiter	struct	Configuration for rate-limiter redis
redisStore.rateLimiter.client	struct	Configuration for redis clients
redisStore.rateLimiter.client.address	string	Address to use when connecting to the Redis instance. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’.
redisStore.rateLimiter.client.auth	struct	Optional authentication values to use when connecting to the Redis instance
redisStore.rateLimiter.client.auth.enabled	bool	Connect to the Redis instance with a password	false
redisStore.rateLimiter.client.auth.passwordKey	string	The secret key containing the password to use for authentication	password
redisStore.rateLimiter.client.auth.secretName	string	Name of the k8s secret that contains the password	redis-auth-secrets
redisStore.rateLimiter.client.auth.usernameKey	string	The secret key containing the username to use for authentication	username
redisStore.rateLimiter.client.certs	struct	Configuration for TLS verification when connecting to the Redis instance
redisStore.rateLimiter.client.certs.caCertKey	string	The secret key containing the ca cert
redisStore.rateLimiter.client.certs.enabled	bool	Enable a secure network connection to the Redis instance via TLS	false
redisStore.rateLimiter.client.certs.secretName	string	Name of the k8s secret that contains the certs	redis-certs
redisStore.rateLimiter.client.clustered	bool	Set to true if your Redis instance runs in clustered mode.	false
redisStore.rateLimiter.client.connection	struct	Optional connection parameters
redisStore.rateLimiter.client.connection.connMaxIdleTime	string	The maximum amount of time a connection may be idle. Should be less than server’s timeout. Default is 30 minutes. -1 disables idle timeout check.	5m0s
redisStore.rateLimiter.client.connection.connMaxLifetime	string	The maximum amount of time a connection may be reused. If <= 0, connections are not closed due to a connection’s age.	0
redisStore.rateLimiter.client.connection.contextTimeoutEnabled	bool	ContextTimeoutEnabled controls whether the client respects context timeouts and deadlines.	false
redisStore.rateLimiter.client.connection.dialTimeout	string	Dial timeout for establishing new connections. Default is 5 seconds.	5s
redisStore.rateLimiter.client.connection.idleTimeout	string	Deprecated: in favor of ‘connMaxIdleTime’. Amount of time after which client closes idle connections. Should be less than server’s timeout. Default is 30 minutes. -1 disables idle timeout check.	5m0s
redisStore.rateLimiter.client.connection.masterName	string	The master name. Only needed for sentinel mode.
redisStore.rateLimiter.client.connection.maxConnAge	string	Deprecated: in favor of using ‘connMaxLifetime’. Connection age at which client retires (closes) the connection. Default is to not close aged connections.	0
redisStore.rateLimiter.client.connection.maxIdleConns	int	Maximum number of idle connections.	0
redisStore.rateLimiter.client.connection.maxRedirects	int	The maximum number of retries before giving up. Command is retried on network errors and MOVED/ASK redirects. Default is 3 retries.	3
redisStore.rateLimiter.client.connection.maxRetries	int	Maximum number of retries before giving up. Default is 3. -1 disables retries.	3
redisStore.rateLimiter.client.connection.maxRetryBackoff	string	Maximum backoff between each retry. Default is 512 milliseconds. -1 disables backoff.	512ms
redisStore.rateLimiter.client.connection.minIdleConns	int	Minimum number of idle connections which is useful when establishing new connection is slow.	0
redisStore.rateLimiter.client.connection.minRetryBackoff	string	Minimum backoff between each retry. Default is 8 milliseconds. -1 disables backoff.	8ms
redisStore.rateLimiter.client.connection.poolFifo	bool	Type of connection pool. true for FIFO pool. false for LIFO pool. Note that FIFO has higher overhead compared to LIFO.	false
redisStore.rateLimiter.client.connection.poolSize	int	Maximum number of socket connections. Default is 10 connections per every available CPU as reported by runtime.GOMAXPROCS.	0
redisStore.rateLimiter.client.connection.poolTimeout	string	Amount of time client waits for connection if all connections are busy before returning an error. Default is ReadTimeout + 1 second.	0
redisStore.rateLimiter.client.connection.readOnly	bool	Enables read-only commands on slave nodes. Default is false.	false
redisStore.rateLimiter.client.connection.readTimeout	string	Timeout for socket reads. if reached, commands will fail with a timeout instead of blocking. Default is 3 seconds. -1 disables timeout. 0 uses the default value.	3s
redisStore.rateLimiter.client.connection.redisStreamSizeOverride	int	Override the default Redis stream size for the relay sync. This is the maximum number of events that can be stored in the stream. If the stream size is exceeded, the clients will reset the stream and resync which can cause performance issues. When set to 0 the stream size is number of clusters*32	0
redisStore.rateLimiter.client.connection.routeByLatency	bool	Allows routing read-only commands to the closest master or slave node. It automatically enables ReadOnly.	false
redisStore.rateLimiter.client.connection.routeRandomly	bool	Allows routing read-only commands to the random master or slave node. It automatically enables ReadOnly.	false
redisStore.rateLimiter.client.connection.writeTimeout	string	Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Default is ReadTimeout.	3s
redisStore.rateLimiter.client.db	int	DB to connect to	0
redisStore.rateLimiter.client.secretKey	string	External API key encryption secret
redisStore.rateLimiter.client.socketType	string	‘unix’, ’tcp’, or ’tls’ are supported.	tcp
redisStore.rateLimiter.deployment	struct
redisStore.rateLimiter.deployment	struct	Configuration for the deployment deployment.
redisStore.rateLimiter.deployment.addr	string	Deprecated: Use ‘redis.address’ instead.
redisStore.rateLimiter.deployment.deploymentOverrides	struct	Arbitrary overrides for the component’s deployment template.
redisStore.rateLimiter.deployment.enabled	bool	Deploy the default Redis instance.	false
redisStore.rateLimiter.deployment.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“MASTER”,“value”:“true”}]
redisStore.rateLimiter.deployment.extraEnvs	struct	Extra environment variables for the container
redisStore.rateLimiter.deployment.floatingUserId	bool	Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations.	false
redisStore.rateLimiter.deployment.image	struct	Container image.
redisStore.rateLimiter.deployment.image.pullPolicy	string	Image pull policy.	IfNotPresent
redisStore.rateLimiter.deployment.image.pullSecret	string	Image pull secret.
redisStore.rateLimiter.deployment.image.registry	string	Image registry.	gcr.io/gloo-mesh
redisStore.rateLimiter.deployment.image.repository	string	Image name (repository).	redis
redisStore.rateLimiter.deployment.image.tag	string	Version tag for the container image.
redisStore.rateLimiter.deployment.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
redisStore.rateLimiter.deployment.imagePullSecrets[].name	string
redisStore.rateLimiter.deployment.ioThreads	int	The number of I/O threads to use. Use this setting to allocate threads dedicated to performing I/O tasks to maximize overall Redis performance. The minimum valid value for this setting is 1. When you change this setting, make sure to also change the CPU requests and CPU limits for the Redis pod to one CPU core per I/O thread. See https://github.com/redis/redis/blob/7.2/redis.conf for more details.	1
redisStore.rateLimiter.deployment.persistence	struct	Configure the built-in Redis to store data in a Kubernetes persistent volume so that data persists across restarts. You can use either Redis Database (RDB) or Append Only File (AOF) persistence modes.
redisStore.rateLimiter.deployment.persistence.aof	struct	Configure Redis with Append Only File (AOF) persistence mode. AOF logs every write operation for a more complete recovery option, but has trade-offs in resource usage which can impact performance vs. RDB. For more info, see the Redis docs.
redisStore.rateLimiter.deployment.persistence.aof.appendfsync	string	Configure how often data is saved from the in-memory database to the disk. Options are ’everysec’, ‘always’, or ’no’.	everysec
redisStore.rateLimiter.deployment.persistence.aof.enabled	bool	Set to true to use Append Only File (AOF) persistence mode.	false
redisStore.rateLimiter.deployment.persistence.enabled	bool	Set to true so that the built-in Redis stores data in a Kubernetes persistent volume (PV). Then, you must configure either AOF or RDB persistence mode.	false
redisStore.rateLimiter.deployment.persistence.persistentVolume	struct	Configure the PersistentVolumeClaim (PVC) that Redis uses to request a PV to store its data.
redisStore.rateLimiter.deployment.persistence.persistentVolume.accessModes[]	[]string	The access modes of the PVC. Possible values are ‘ReadWriteOnce’, ‘ReadOnlyMany’, ‘ReadWriteMany’, or ‘ReadWriteOncePod’. For more info, see the Kubernetes docs.	[“ReadWriteOnce”]
redisStore.rateLimiter.deployment.persistence.persistentVolume.existingClaim	bool	Set to true for Redis to use an existing PVC to request a PV to store its data.	false
redisStore.rateLimiter.deployment.persistence.persistentVolume.name	string	The name of the PVC for the Redis deployment to mount as a volume.	gloo-mesh-redis
redisStore.rateLimiter.deployment.persistence.persistentVolume.size	string	The size of storage capacity that the PVC requests. Storage capacity requests depend on the size of your environment, but typically are 1Gi for a small, 2Gi to 5Gi for a medium, and 10Gi or larger for a large environment. For more info, see the Kubernetes docs.
redisStore.rateLimiter.deployment.persistence.persistentVolume.storageClass	string	The storage class of the PVC. Use ‘-’ to disable dynamic provisioning. For more info, see the Kubernetes docs.
redisStore.rateLimiter.deployment.persistence.rdb	struct	Configure Redis with Redis Database (RDB) persistence mode. RDB provides a point-in-time snapshot for a disaster recovery backup, but has trade-offs in the completeness of data vs. AOF. For more info, see the Redis docs.
redisStore.rateLimiter.deployment.persistence.rdb.saveSnapshot	string	Configure how often an RDB snapshot is created. The format is ‘N M’, where N is the number of seconds and M is the minimum number of changes in the dataset. For example, enter ‘60 1000’ to take a snapshot every 60 seconds when at least 1000 keys are changed since the last snapshot.
redisStore.rateLimiter.deployment.podSecurityContext	struct	Pod-level security context. For more info, see the Kubernetes documentation.
redisStore.rateLimiter.deployment.ports	map[string, uint32]	Service ports as a map from port name to port number.	{“redis”:6379}
redisStore.rateLimiter.deployment.ports.<MAP_KEY>	uint32	Service ports as a map from port name to port number.
redisStore.rateLimiter.deployment.ports.redis	uint32	Service ports as a map from port name to port number.	6379
redisStore.rateLimiter.deployment.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
redisStore.rateLimiter.deployment.runAsUser	uint32	Static user ID to run the containers as. Unused if floatingUserId is ’true’.	10101
redisStore.rateLimiter.deployment.runAsUser	int	User ID to run Redis as.	999
redisStore.rateLimiter.deployment.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
redisStore.rateLimiter.deployment.serviceOverrides	struct	Arbitrary overrides for the component’s service template.
redisStore.rateLimiter.deployment.serviceType	string	Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.	ClusterIP
redisStore.rateLimiter.deployment.sidecars	map[string, struct]	Optional configuration for the deployed containers.	{}
redisStore.rateLimiter.deployment.sidecars.<MAP_KEY>	struct	Optional configuration for the deployed containers.
redisStore.rateLimiter.deployment.sidecars.<MAP_KEY>.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.
redisStore.rateLimiter.deployment.sidecars.<MAP_KEY>.extraEnvs	struct	Extra environment variables for the container
redisStore.rateLimiter.deployment.sidecars.<MAP_KEY>.image	struct	Container image.
redisStore.rateLimiter.deployment.sidecars.<MAP_KEY>.image.pullPolicy	string	Image pull policy.
redisStore.rateLimiter.deployment.sidecars.<MAP_KEY>.image.pullSecret	string	Image pull secret.
redisStore.rateLimiter.deployment.sidecars.<MAP_KEY>.image.registry	string	Image registry.
redisStore.rateLimiter.deployment.sidecars.<MAP_KEY>.image.repository	string	Image name (repository).
redisStore.rateLimiter.deployment.sidecars.<MAP_KEY>.image.tag	string	Version tag for the container image.
redisStore.rateLimiter.deployment.sidecars.<MAP_KEY>.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.
redisStore.rateLimiter.deployment.sidecars.<MAP_KEY>.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
redisStore.snapshot	struct	Configuration for snapshot redis
redisStore.snapshot.client	struct	Configuration for redis clients
redisStore.snapshot.client.address	string	Address to use when connecting to the Redis instance. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’.
redisStore.snapshot.client.auth	struct	Optional authentication values to use when connecting to the Redis instance
redisStore.snapshot.client.auth.enabled	bool	Connect to the Redis instance with a password	false
redisStore.snapshot.client.auth.passwordKey	string	The secret key containing the password to use for authentication	password
redisStore.snapshot.client.auth.secretName	string	Name of the k8s secret that contains the password	redis-auth-secrets
redisStore.snapshot.client.auth.usernameKey	string	The secret key containing the username to use for authentication	username
redisStore.snapshot.client.certs	struct	Configuration for TLS verification when connecting to the Redis instance
redisStore.snapshot.client.certs.caCertKey	string	The secret key containing the ca cert
redisStore.snapshot.client.certs.enabled	bool	Enable a secure network connection to the Redis instance via TLS	false
redisStore.snapshot.client.certs.secretName	string	Name of the k8s secret that contains the certs	redis-certs
redisStore.snapshot.client.clustered	bool	Set to true if your Redis instance runs in clustered mode.	false
redisStore.snapshot.client.connection	struct	Optional connection parameters
redisStore.snapshot.client.connection.connMaxIdleTime	string	The maximum amount of time a connection may be idle. Should be less than server’s timeout. Default is 30 minutes. -1 disables idle timeout check.	5m0s
redisStore.snapshot.client.connection.connMaxLifetime	string	The maximum amount of time a connection may be reused. If <= 0, connections are not closed due to a connection’s age.	0
redisStore.snapshot.client.connection.contextTimeoutEnabled	bool	ContextTimeoutEnabled controls whether the client respects context timeouts and deadlines.	false
redisStore.snapshot.client.connection.dialTimeout	string	Dial timeout for establishing new connections. Default is 5 seconds.	5s
redisStore.snapshot.client.connection.idleTimeout	string	Deprecated: in favor of ‘connMaxIdleTime’. Amount of time after which client closes idle connections. Should be less than server’s timeout. Default is 30 minutes. -1 disables idle timeout check.	5m0s
redisStore.snapshot.client.connection.masterName	string	The master name. Only needed for sentinel mode.
redisStore.snapshot.client.connection.maxConnAge	string	Deprecated: in favor of using ‘connMaxLifetime’. Connection age at which client retires (closes) the connection. Default is to not close aged connections.	0
redisStore.snapshot.client.connection.maxIdleConns	int	Maximum number of idle connections.	0
redisStore.snapshot.client.connection.maxRedirects	int	The maximum number of retries before giving up. Command is retried on network errors and MOVED/ASK redirects. Default is 3 retries.	3
redisStore.snapshot.client.connection.maxRetries	int	Maximum number of retries before giving up. Default is 3. -1 disables retries.	3
redisStore.snapshot.client.connection.maxRetryBackoff	string	Maximum backoff between each retry. Default is 512 milliseconds. -1 disables backoff.	512ms
redisStore.snapshot.client.connection.minIdleConns	int	Minimum number of idle connections which is useful when establishing new connection is slow.	0
redisStore.snapshot.client.connection.minRetryBackoff	string	Minimum backoff between each retry. Default is 8 milliseconds. -1 disables backoff.	8ms
redisStore.snapshot.client.connection.poolFifo	bool	Type of connection pool. true for FIFO pool. false for LIFO pool. Note that FIFO has higher overhead compared to LIFO.	false
redisStore.snapshot.client.connection.poolSize	int	Maximum number of socket connections. Default is 10 connections per every available CPU as reported by runtime.GOMAXPROCS.	0
redisStore.snapshot.client.connection.poolTimeout	string	Amount of time client waits for connection if all connections are busy before returning an error. Default is ReadTimeout + 1 second.	0
redisStore.snapshot.client.connection.readOnly	bool	Enables read-only commands on slave nodes. Default is false.	false
redisStore.snapshot.client.connection.readTimeout	string	Timeout for socket reads. if reached, commands will fail with a timeout instead of blocking. Default is 3 seconds. -1 disables timeout. 0 uses the default value.	3s
redisStore.snapshot.client.connection.redisStreamSizeOverride	int	Override the default Redis stream size for the relay sync. This is the maximum number of events that can be stored in the stream. If the stream size is exceeded, the clients will reset the stream and resync which can cause performance issues. When set to 0 the stream size is number of clusters*32	0
redisStore.snapshot.client.connection.routeByLatency	bool	Allows routing read-only commands to the closest master or slave node. It automatically enables ReadOnly.	false
redisStore.snapshot.client.connection.routeRandomly	bool	Allows routing read-only commands to the random master or slave node. It automatically enables ReadOnly.	false
redisStore.snapshot.client.connection.writeTimeout	string	Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Default is ReadTimeout.	3s
redisStore.snapshot.client.db	int	DB to connect to	0
redisStore.snapshot.client.secretKey	string	External API key encryption secret
redisStore.snapshot.client.socketType	string	‘unix’, ’tcp’, or ’tls’ are supported.	tcp
redisStore.snapshot.deployment	struct
redisStore.snapshot.deployment	struct	Configuration for the deployment deployment.
redisStore.snapshot.deployment.addr	string	Deprecated: Use ‘redis.address’ instead.
redisStore.snapshot.deployment.deploymentOverrides	struct	Arbitrary overrides for the component’s deployment template.
redisStore.snapshot.deployment.enabled	bool	Deploy the default Redis instance.	false
redisStore.snapshot.deployment.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.	[{“name”:“MASTER”,“value”:“true”}]
redisStore.snapshot.deployment.extraEnvs	struct	Extra environment variables for the container
redisStore.snapshot.deployment.floatingUserId	bool	Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations.	false
redisStore.snapshot.deployment.image	struct	Container image.
redisStore.snapshot.deployment.image.pullPolicy	string	Image pull policy.	IfNotPresent
redisStore.snapshot.deployment.image.pullSecret	string	Image pull secret.
redisStore.snapshot.deployment.image.registry	string	Image registry.	gcr.io/gloo-mesh
redisStore.snapshot.deployment.image.repository	string	Image name (repository).	redis
redisStore.snapshot.deployment.image.tag	string	Version tag for the container image.
redisStore.snapshot.deployment.imagePullSecrets[]	[]struct	A list of image pull secrets in the same namespace that store the credentials that are used to access a private container image registry. The image registry stores the container image that you want to use for this component.	[]
redisStore.snapshot.deployment.imagePullSecrets[].name	string
redisStore.snapshot.deployment.ioThreads	int	The number of I/O threads to use. Use this setting to allocate threads dedicated to performing I/O tasks to maximize overall Redis performance. The minimum valid value for this setting is 1. When you change this setting, make sure to also change the CPU requests and CPU limits for the Redis pod to one CPU core per I/O thread. See https://github.com/redis/redis/blob/7.2/redis.conf for more details.	1
redisStore.snapshot.deployment.persistence	struct	Configure the built-in Redis to store data in a Kubernetes persistent volume so that data persists across restarts. You can use either Redis Database (RDB) or Append Only File (AOF) persistence modes.
redisStore.snapshot.deployment.persistence.aof	struct	Configure Redis with Append Only File (AOF) persistence mode. AOF logs every write operation for a more complete recovery option, but has trade-offs in resource usage which can impact performance vs. RDB. For more info, see the Redis docs.
redisStore.snapshot.deployment.persistence.aof.appendfsync	string	Configure how often data is saved from the in-memory database to the disk. Options are ’everysec’, ‘always’, or ’no’.	everysec
redisStore.snapshot.deployment.persistence.aof.enabled	bool	Set to true to use Append Only File (AOF) persistence mode.	false
redisStore.snapshot.deployment.persistence.enabled	bool	Set to true so that the built-in Redis stores data in a Kubernetes persistent volume (PV). Then, you must configure either AOF or RDB persistence mode.	false
redisStore.snapshot.deployment.persistence.persistentVolume	struct	Configure the PersistentVolumeClaim (PVC) that Redis uses to request a PV to store its data.
redisStore.snapshot.deployment.persistence.persistentVolume.accessModes[]	[]string	The access modes of the PVC. Possible values are ‘ReadWriteOnce’, ‘ReadOnlyMany’, ‘ReadWriteMany’, or ‘ReadWriteOncePod’. For more info, see the Kubernetes docs.	[“ReadWriteOnce”]
redisStore.snapshot.deployment.persistence.persistentVolume.existingClaim	bool	Set to true for Redis to use an existing PVC to request a PV to store its data.	false
redisStore.snapshot.deployment.persistence.persistentVolume.name	string	The name of the PVC for the Redis deployment to mount as a volume.	gloo-mesh-redis
redisStore.snapshot.deployment.persistence.persistentVolume.size	string	The size of storage capacity that the PVC requests. Storage capacity requests depend on the size of your environment, but typically are 1Gi for a small, 2Gi to 5Gi for a medium, and 10Gi or larger for a large environment. For more info, see the Kubernetes docs.
redisStore.snapshot.deployment.persistence.persistentVolume.storageClass	string	The storage class of the PVC. Use ‘-’ to disable dynamic provisioning. For more info, see the Kubernetes docs.
redisStore.snapshot.deployment.persistence.rdb	struct	Configure Redis with Redis Database (RDB) persistence mode. RDB provides a point-in-time snapshot for a disaster recovery backup, but has trade-offs in the completeness of data vs. AOF. For more info, see the Redis docs.
redisStore.snapshot.deployment.persistence.rdb.saveSnapshot	string	Configure how often an RDB snapshot is created. The format is ‘N M’, where N is the number of seconds and M is the minimum number of changes in the dataset. For example, enter ‘60 1000’ to take a snapshot every 60 seconds when at least 1000 keys are changed since the last snapshot.
redisStore.snapshot.deployment.podSecurityContext	struct	Pod-level security context. For more info, see the Kubernetes documentation.
redisStore.snapshot.deployment.ports	map[string, uint32]	Service ports as a map from port name to port number.	{“redis”:6379}
redisStore.snapshot.deployment.ports.<MAP_KEY>	uint32	Service ports as a map from port name to port number.
redisStore.snapshot.deployment.ports.redis	uint32	Service ports as a map from port name to port number.	6379
redisStore.snapshot.deployment.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.	{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
redisStore.snapshot.deployment.runAsUser	uint32	Static user ID to run the containers as. Unused if floatingUserId is ’true’.	10101
redisStore.snapshot.deployment.runAsUser	int	User ID to run Redis as.	999
redisStore.snapshot.deployment.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
redisStore.snapshot.deployment.serviceOverrides	struct	Arbitrary overrides for the component’s service template.
redisStore.snapshot.deployment.serviceType	string	Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.	ClusterIP
redisStore.snapshot.deployment.sidecars	map[string, struct]	Optional configuration for the deployed containers.	{}
redisStore.snapshot.deployment.sidecars.<MAP_KEY>	struct	Optional configuration for the deployed containers.
redisStore.snapshot.deployment.sidecars.<MAP_KEY>.env[]	slice	Environment variables for the container. For more info, see the Kubernetes documentation.
redisStore.snapshot.deployment.sidecars.<MAP_KEY>.extraEnvs	struct	Extra environment variables for the container
redisStore.snapshot.deployment.sidecars.<MAP_KEY>.image	struct	Container image.
redisStore.snapshot.deployment.sidecars.<MAP_KEY>.image.pullPolicy	string	Image pull policy.
redisStore.snapshot.deployment.sidecars.<MAP_KEY>.image.pullSecret	string	Image pull secret.
redisStore.snapshot.deployment.sidecars.<MAP_KEY>.image.registry	string	Image registry.
redisStore.snapshot.deployment.sidecars.<MAP_KEY>.image.repository	string	Image name (repository).
redisStore.snapshot.deployment.sidecars.<MAP_KEY>.image.tag	string	Version tag for the container image.
redisStore.snapshot.deployment.sidecars.<MAP_KEY>.resources	struct	Container resource requirements. For more info, see the Kubernetes documentation.
redisStore.snapshot.deployment.sidecars.<MAP_KEY>.securityContext	struct	Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
telemetryCollector	struct	Configuration for Gloo telemetry collector agents. See the OpenTelemetry Helm chart for the complete set of values.
telemetryCollectorCustomization	struct	Optional customization for Gloo telemetry collector agents.
telemetryCollectorCustomization.compatibleService	bool	OTel Collector service excluding the field internalTrafficPolicy, compatible with k8s < 1.26	false
telemetryCollectorCustomization.disableDefaultPipeline	bool	Deprecated in favor of the pipelines field, which allows selectively enabling or customizing pipelines. Disables the default metrics/ui pipeline.	false
telemetryCollectorCustomization.enableCloudMetadataProcessing	bool	Enable scraping of network information from the compute instance that the collector agent runs on.	false
telemetryCollectorCustomization.extraExporters	struct	Configuration for extra exporters, such as to forward your data to a third-party provider. Exporters can forward the data to a destination on the local or remote network.
telemetryCollectorCustomization.extraExporters.clickhouse	map[string, interface]	An exporter to forward data to Clickhouse.	{“database”:“default”,“endpoint”:“tcp://clickhouse.gloo-mesh.svc:9000?dial_timeout=10s\u0026compress=lz4”,“logs_table_name”:“gloo_api_logs”,“password”:“default”,“retry_on_failure”:{“enabled”:true,“initial_interval”:“1s”,“max_elapsed_time”:“5m”,“max_interval”:“30s”},“timeout”:“5s”,“ttl_days”:3,“username”:“default”}
telemetryCollectorCustomization.extraExporters.clickhouse.<MAP_KEY>	interface	An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.database	interface	An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.endpoint	interface	An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.logs_table_name	interface	An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.password	interface	An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.retry_on_failure	interface	An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.timeout	interface	An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.ttl_days	interface	An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.username	interface	An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.prometheus	map[string, interface]	An exporter to forward data to Prometheus.	{“endpoint”:“0.0.0.0:9091”}
telemetryCollectorCustomization.extraExporters.prometheus.<MAP_KEY>	interface	An exporter to forward data to Prometheus.
telemetryCollectorCustomization.extraExporters.prometheus.endpoint	interface	An exporter to forward data to Prometheus.
telemetryCollectorCustomization.extraExporters.redisstream/basic	map[string, interface]	An exporter to forward data to single-entry Redis streams.	{“expire”:“30m”,“max_entries”:“1”,“stream_attributes”:{“resource_attributes”:[“cluster_name”,“source”]}}
telemetryCollectorCustomization.extraExporters.redisstream/basic.<MAP_KEY>	interface	An exporter to forward data to single-entry Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/basic.expire	interface	An exporter to forward data to single-entry Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/basic.max_entries	interface	An exporter to forward data to single-entry Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/basic.stream_attributes	interface	An exporter to forward data to single-entry Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/hubble	map[string, interface]	An exporter to forward hubble logs.	{“expire”:“30m”,“max_entries”:“1”,“stream”:“hubble”,“stream_attributes”:{“resource_attributes”:[“cluster_name”,“source”]}}
telemetryCollectorCustomization.extraExporters.redisstream/hubble.<MAP_KEY>	interface	An exporter to forward hubble logs.
telemetryCollectorCustomization.extraExporters.redisstream/hubble.expire	interface	An exporter to forward hubble logs.
telemetryCollectorCustomization.extraExporters.redisstream/hubble.max_entries	interface	An exporter to forward hubble logs.
telemetryCollectorCustomization.extraExporters.redisstream/hubble.stream	interface	An exporter to forward hubble logs.
telemetryCollectorCustomization.extraExporters.redisstream/hubble.stream_attributes	interface	An exporter to forward hubble logs.
telemetryCollectorCustomization.extraExporters.redisstream/ui	map[string, interface]	An exporter to forward ui data to Redis streams.	{“expire”:“30m”,“stream”:“ui”,“stream_attributes”:{“resource_attributes”:[“cluster_name”,“source”,“component”,“k8s.pod.name”,“k8s.container.name”]}}
telemetryCollectorCustomization.extraExporters.redisstream/ui.<MAP_KEY>	interface	An exporter to forward ui data to Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/ui.expire	interface	An exporter to forward ui data to Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/ui.stream	interface	An exporter to forward ui data to Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/ui.stream_attributes	interface	An exporter to forward ui data to Redis streams.
telemetryCollectorCustomization.extraExtensions	map[string, interface]	Configuration for extensions to the collector. Extensions are used to add additional functionality to the collector.	null
telemetryCollectorCustomization.extraExtensions.<MAP_KEY>	interface	Configuration for extensions to the collector. Extensions are used to add additional functionality to the collector.
telemetryCollectorCustomization.extraPipelines	map[string, interface]	Specify any added receivers, processors, or exporters in an extra pipeline.	null
telemetryCollectorCustomization.extraPipelines.<MAP_KEY>	interface	Specify any added receivers, processors, or exporters in an extra pipeline.
telemetryCollectorCustomization.extraProcessors	struct	Configuration for extra processors to drop and generate new data. Processors transform data before it is forwarded to downstream processors and/or exporters. For more information, see the OTel documentation.
telemetryCollectorCustomization.extraProcessors.batch	map[string, interface]	The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.	{“send_batch_max_size”:3000,“send_batch_size”:2000,“timeout”:“600ms”}
telemetryCollectorCustomization.extraProcessors.batch.<MAP_KEY>	interface	The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryCollectorCustomization.extraProcessors.batch.send_batch_max_size	interface	The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryCollectorCustomization.extraProcessors.batch.send_batch_size	interface	The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryCollectorCustomization.extraProcessors.batch.timeout	interface	The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryCollectorCustomization.extraProcessors.batch/logs	struct	The batch log processor accepts logs and places them into batches. For more information, see Batch Processor.
telemetryCollectorCustomization.extraProcessors.batch/logs.metadata_cardinality_limit	int	the maximum number of batcher instances that will be created through a distinct combination of MetadataKeys.	0
telemetryCollectorCustomization.extraProcessors.batch/logs.metadata_keys[]	[]string	List of clients. Metadata keys that will be used to form distinct batchers. If this setting is empty a single batcher instance will be used. When a batcher instance is full, it will be sent and a new batcher instance will be created.	[]
telemetryCollectorCustomization.extraProcessors.batch/logs.send_batch_max_size	int	The maximum size of a batch. If the batch size is larger than this value, the batch is sent.	0
telemetryCollectorCustomization.extraProcessors.batch/logs.send_batch_size	int	The maximum number of traces or metrics to include in a batch.	100
telemetryCollectorCustomization.extraProcessors.batch/logs.timeout	string	The maximum amount of time to wait for a batch to be filled before sending it anyway.	5s
telemetryCollectorCustomization.extraProcessors.memory_limiter	map[string, interface]	The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.	{“check_interval”:“1s”,“limit_percentage”:85,“spike_limit_percentage”:10}
telemetryCollectorCustomization.extraProcessors.memory_limiter.<MAP_KEY>	interface	The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryCollectorCustomization.extraProcessors.memory_limiter.check_interval	interface	The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryCollectorCustomization.extraProcessors.memory_limiter.limit_percentage	interface	The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryCollectorCustomization.extraProcessors.memory_limiter.spike_limit_percentage	interface	The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryCollectorCustomization.extraReceivers	struct	Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data.
telemetryCollectorCustomization.extraReceivers.filelog/access_logs	map[string, interface]	This file log receives tails and parses kubernetes access logs of istio-proxy containers. For more information, see File Log Receiver.	{“include”:["/var/log/pods//istio-proxy/.log"],“include_file_name”:false,“include_file_path”:true,“operators”:[{“expr”:“body matches "^[^{}]*$"”,“type”:“filter”},{“id”:“get-format”,“routes”:[{“expr”:“body matches "^\\{"”,“output”:“parser-docker”},{“expr”:“body matches "^[^ Z]+ "”,“output”:“parser-crio”},{“expr”:“body matches "^[^ Z]+Z"”,“output”:“parser-containerd”}],“type”:“router”},{“id”:“parser-crio”,“output”:“extract_metadata_from_filepath”,“regex”:"^(?P\u003ctime\u003e[^ Z]+) (?P\u003cstream\u003estdout
telemetryCollectorCustomization.extraReceivers.filelog/access_logs.<MAP_KEY>	interface	This file log receives tails and parses kubernetes access logs of istio-proxy containers. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/access_logs.include	interface	This file log receives tails and parses kubernetes access logs of istio-proxy containers. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/access_logs.include_file_name	interface	This file log receives tails and parses kubernetes access logs of istio-proxy containers. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/access_logs.include_file_path	interface	This file log receives tails and parses kubernetes access logs of istio-proxy containers. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/access_logs.operators	interface	This file log receives tails and parses kubernetes access logs of istio-proxy containers. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/cilium	map[string, interface]	This file log receives tails and parses cilium component logs. For more information, see File Log Receiver.	{“include”:["/var/log/pods/_cilium-//.log"],“include_file_name”:false,“include_file_path”:true,“operators”:[{“cache”:{“size”:128},“id”:“extract_metadata_from_filepath”,“parse_from”:“attributes["log.file.path"]”,“regex”:"(?:(.\/pods\/)(?P\u003cnamespace\u003e[^]+)*(?P\u003cpod_name\u003e[^_]+)(?:[^\/]+\/)(?P\u003ccontainer_name\u003e[^\/]+)\/)",“type”:“regex_parser”},{“from”:“attributes.namespace”,“to”:“resource["k8s.namespace.name"]”,“type”:“move”},{“from”:“attributes.pod_name”,“to”:“resource["k8s.pod.name"]”,“type”:“move”},{“from”:“attributes.container_name”,“to”:“resource["k8s.container.name"]”,“type”:“move”},{“cache”:{“size”:128},“id”:“extract_component_from_pod_name”,“parse_from”:“resource["k8s.pod.name"]”,“regex”:"^(?P\u003ccomponent_name\u003ecilium(?:-operator)?)",“type”:“regex_parser”},{“from”:“attributes.component_name”,“to”:“resource["component"]”,“type”:“move”}]}
telemetryCollectorCustomization.extraReceivers.filelog/cilium.<MAP_KEY>	interface	This file log receives tails and parses cilium component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/cilium.include	interface	This file log receives tails and parses cilium component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/cilium.include_file_name	interface	This file log receives tails and parses cilium component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/cilium.include_file_path	interface	This file log receives tails and parses cilium component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/cilium.operators	interface	This file log receives tails and parses cilium component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/gloo_components	map[string, interface]	This file log receives tails and parses gloo component logs. For more information, see File Log Receiver.	{“include”:["/var/log/pods/_gloo-//.log"],“include_file_name”:false,“include_file_path”:true,“operators”:[{“cache”:{“size”:128},“id”:“extract_metadata_from_filepath”,“parse_from”:“attributes["log.file.path"]”,“regex”:"^.\/(?P\u003cnamespace\u003e[^]+)(?P\u003cpod_name\u003e[^]+)*(?P\u003cuid\u003e[a-f0-9\-]{36})\/(?P\u003ccontainer_name\u003e[^\._]+)\/(?P\u003crestart_count\u003e\d+)\.log$",“type”:“regex_parser”},{“from”:“attributes.namespace”,“to”:“resource["k8s.namespace.name"]”,“type”:“move”},{“from”:“attributes.pod_name”,“to”:“resource["k8s.pod.name"]”,“type”:“move”},{“from”:“attributes.container_name”,“to”:“resource["k8s.container.name"]”,“type”:“move”},{“field”:“resource["component"]”,“if”:“resource["k8s.pod.name"] contains "gloo-mesh-agent"”,“type”:“add”,“value”:“gloo-mesh-agent”},{“field”:“resource["component"]”,“if”:“resource["k8s.pod.name"] contains "gloo-mesh-mgmt-server"”,“type”:“add”,“value”:“gloo-mesh-mgmt-server”},{“field”:“resource["component"]”,“if”:“resource["k8s.pod.name"] contains "gloo-mesh-ui"”,“type”:“add”,“value”:“gloo-mesh-ui”},{“field”:“resource["component"]”,“if”:“resource["k8s.pod.name"] contains "gloo-mesh-redis"”,“type”:“add”,“value”:“gloo-mesh-redis”},{“field”:“resource["component"]”,“if”:“resource["k8s.pod.name"] contains "gloo-redis-snapshot"”,“type”:“add”,“value”:“gloo-redis-snapshot”},{“field”:“resource["component"]”,“if”:“resource["k8s.pod.name"] contains "gloo-redis-insights"”,“type”:“add”,“value”:“gloo-redis-insights”},{“field”:“resource["component"]”,“if”:“resource["k8s.pod.name"] contains "gloo-telemetry-collector-agent"”,“type”:“add”,“value”:“gloo-telemetry-collector-agent”},{“field”:“resource["component"]”,“if”:“resource["k8s.pod.name"] contains "gloo-telemetry-gateway"”,“type”:“add”,“value”:“gloo-telemetry-gateway”},{“field”:“resource["component"]”,“if”:“resource["k8s.pod.name"] contains "gloo-insights-engine"”,“type”:“add”,“value”:“gloo-insights-engine”}]}
telemetryCollectorCustomization.extraReceivers.filelog/gloo_components.<MAP_KEY>	interface	This file log receives tails and parses gloo component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/gloo_components.include	interface	This file log receives tails and parses gloo component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/gloo_components.include_file_name	interface	This file log receives tails and parses gloo component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/gloo_components.include_file_path	interface	This file log receives tails and parses gloo component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/gloo_components.operators	interface	This file log receives tails and parses gloo component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/istiod	map[string, interface]	This file log receives tails and parses istiod logs. For more information, see File Log Receiver.	{“include”:["/var/log/pods/_istiod-//.log"],“include_file_name”:false,“include_file_path”:true,“operators”:[{“cache”:{“size”:128},“id”:“extract_metadata_from_filepath”,“parse_from”:“attributes["log.file.path"]”,“regex”:"^.\/(?P\u003cnamespace\u003e[^]+)(?P\u003cpod_name\u003e[^]+)(?P\u003cuid\u003e[a-f0-9\-]{36})\/(?P\u003ccontainer_name\u003e[^\._]+)\/(?P\u003crestart_count\u003e\d+)\.log$",“type”:“regex_parser”},{“from”:“attributes.namespace”,“to”:“resource["k8s.namespace.name"]”,“type”:“move”},{“from”:“attributes.pod_name”,“to”:“resource["k8s.pod.name"]”,“type”:“move”},{“from”:“attributes.container_name”,“to”:“resource["k8s.container.name"]”,“type”:“move”},{“cache”:{“size”:128},“id”:“extract_component_from_pod_name”,“parse_from”:“resource["k8s.pod.name"]”,“regex”:"^(?P\u003ccomponent_name\u003e.)-[0-9a-zA-Z]{1,10}-[0-9a-zA-Z]*$",“type”:“regex_parser”},{“from”:“attributes.component_name”,“to”:“resource["component"]”,“type”:“move”}]}
telemetryCollectorCustomization.extraReceivers.filelog/istiod.<MAP_KEY>	interface	This file log receives tails and parses istiod logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/istiod.include	interface	This file log receives tails and parses istiod logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/istiod.include_file_name	interface	This file log receives tails and parses istiod logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/istiod.include_file_path	interface	This file log receives tails and parses istiod logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/istiod.operators	interface	This file log receives tails and parses istiod logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.pipelines	struct	Selectively enable, disable, or customize any of the default pipelines.
telemetryCollectorCustomization.pipelines.logs/analyzer	struct	Used to receive istio analyzer logs for Gloo Mesh Core Observability.
telemetryCollectorCustomization.pipelines.logs/analyzer.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	true
telemetryCollectorCustomization.pipelines.logs/analyzer.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.logs/analyzer.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“otlp”]
telemetryCollectorCustomization.pipelines.logs/analyzer.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	[“redisstream/basic”]
telemetryCollectorCustomization.pipelines.logs/analyzer.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“resource/cluster_context”,“batch/logs”]
telemetryCollectorCustomization.pipelines.logs/analyzer.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“otlp”]
telemetryCollectorCustomization.pipelines.logs/cilium_flows	struct	Configure the collection of cilium flows.
telemetryCollectorCustomization.pipelines.logs/cilium_flows.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	false
telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“otlp”]
telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	[“redisstream/hubble”]
telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“resource/hubble_source_context”,“resource/cluster_context”,“batch/logs”]
telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“hubble”]
telemetryCollectorCustomization.pipelines.logs/portal	struct	A pre-defined pipeline that collects Istio access logs for Gloo Portal.
telemetryCollectorCustomization.pipelines.logs/portal.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	false
telemetryCollectorCustomization.pipelines.logs/portal.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.logs/portal.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“otlp”]
telemetryCollectorCustomization.pipelines.logs/portal.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	[“clickhouse”]
telemetryCollectorCustomization.pipelines.logs/portal.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“resource/portal_source_context”,“batch/logs”]
telemetryCollectorCustomization.pipelines.logs/portal.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“filelog/access_logs”]
telemetryCollectorCustomization.pipelines.logs/ui	struct	Used to receive component logs for Gloo Mesh Core Observability.
telemetryCollectorCustomization.pipelines.logs/ui.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	true
telemetryCollectorCustomization.pipelines.logs/ui.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.logs/ui.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“otlp”]
telemetryCollectorCustomization.pipelines.logs/ui.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	[“redisstream/ui”]
telemetryCollectorCustomization.pipelines.logs/ui.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“resource/cluster_context”,“resource/ui_source_context”,“batch/logs”]
telemetryCollectorCustomization.pipelines.logs/ui.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“filelog/gloo_components”,“filelog/istiod”,“filelog/cilium”]
telemetryCollectorCustomization.pipelines.metrics/cilium	struct	The metrics pipeline collects extra cilium metrics and is exportable for use in custom pipelines such as Grafana.
telemetryCollectorCustomization.pipelines.metrics/cilium.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	false
telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“otlp”]
telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	[“prometheus”]
telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“memory_limiter”,“transform/keep_hubble_labels”,“transform/keep_cilium_labels”,“transform/keep_ebpf_solo_io_labels”,“batch”]
telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“prometheus”]
telemetryCollectorCustomization.pipelines.metrics/otlp_relay	struct	A pre-defined pipeline that allows otlp telemetry from other collectors to be relayed to the otel gateway. This pipeline is disabled by default
telemetryCollectorCustomization.pipelines.metrics/otlp_relay.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	false
telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“otlp”]
telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	[“prometheus”]
telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline.processors[]	[]string	List of processors to use in the pipeline.	null
telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“otlp”]
telemetryCollectorCustomization.pipelines.metrics/ui	struct	The metrics/ui pipeline collects the metrics that are required for the Gloo UI graph. This pipeline is enabled by default.
telemetryCollectorCustomization.pipelines.metrics/ui.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	true
telemetryCollectorCustomization.pipelines.metrics/ui.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.metrics/ui.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“otlp”]
telemetryCollectorCustomization.pipelines.metrics/ui.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	[“prometheus”]
telemetryCollectorCustomization.pipelines.metrics/ui.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“memory_limiter”,“filter/min”,“transform/keep_istio_labels”,“transform/keep_otelcol_labels”,“gloo_metrics_processor”,“batch”]
telemetryCollectorCustomization.pipelines.metrics/ui.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“prometheus”]
telemetryCollectorCustomization.pipelines.traces/istio	struct	A pre-defined pipeline that collects traces to observe and monitor requests.
telemetryCollectorCustomization.pipelines.traces/istio.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	false
telemetryCollectorCustomization.pipelines.traces/istio.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.traces/istio.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“otlp”]
telemetryCollectorCustomization.pipelines.traces/istio.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	[“otlp/jaeger”]
telemetryCollectorCustomization.pipelines.traces/istio.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“batch”]
telemetryCollectorCustomization.pipelines.traces/istio.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“jaeger”,“opencensus”,“otlp”,“zipkin”]
telemetryCollectorCustomization.pipelines.traces/jaeger	struct	A pre-defined pipeline that collects traces to observe and monitor traffic requests, and makes them available to the built-in Jaeger tracing platform demo.
telemetryCollectorCustomization.pipelines.traces/jaeger.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	false
telemetryCollectorCustomization.pipelines.traces/jaeger.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.traces/jaeger.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	null
telemetryCollectorCustomization.pipelines.traces/jaeger.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	[“otlp/jaeger”]
telemetryCollectorCustomization.pipelines.traces/jaeger.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“batch”]
telemetryCollectorCustomization.pipelines.traces/jaeger.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“otlp”]
telemetryCollectorCustomization.serverName	string	SNI and certificate subject alternative name used in the collector certificate.	gloo-telemetry-gateway.gloo-mesh
telemetryCollectorCustomization.skipVerify	bool	Skip the verification of Gloo management server certificate.	false
telemetryCollectorCustomization.telemetry	map[string, interface]	Configure the service telemetry (logs and metrics) as described in the otel-collector docs.	{“logs”:{“encoding”:“json”},“metrics”:{“address”:“0.0.0.0:8888”}}
telemetryCollectorCustomization.telemetry.<MAP_KEY>	interface	Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryCollectorCustomization.telemetry.logs	interface	Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryCollectorCustomization.telemetry.metrics	interface	Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryGateway	struct	Configuration for the Gloo telemetry gateway. See the OpenTelemetry Helm chart for the complete set of values.
telemetryGatewayCustomization	struct	Optional customization for the Gloo telemetry gateway.
telemetryGatewayCustomization.compatibleService	bool	OTel Collector service excluding the field internalTrafficPolicy, compatible with k8s < 1.26	false
telemetryGatewayCustomization.disableCertGeneration	bool	Disable cert generation for the Gloo telemetry gateway.	false
telemetryGatewayCustomization.disableDefaultPipeline	bool	Deprecated in favor of the pipelines field, which allows selectively enabling or customizing pipelines. Disables the default metrics/prometheus pipeline.	false
telemetryGatewayCustomization.extraExporters	struct	Configuration for extra exporters, such as to forward your data to a third-party provider. Exporters can forward the data to a destination on the local or remote network.
telemetryGatewayCustomization.extraExporters.clickhouse	map[string, interface]	An exporter to forward data to Clickhouse.	{“database”:“default”,“endpoint”:“tcp://clickhouse.gloo-mesh.svc:9000?dial_timeout=10s\u0026compress=lz4”,“logs_table_name”:“gloo_api_logs”,“password”:“default”,“retry_on_failure”:{“enabled”:true,“initial_interval”:“1s”,“max_elapsed_time”:“5m”,“max_interval”:“30s”},“timeout”:“5s”,“ttl_days”:3,“username”:“default”}
telemetryGatewayCustomization.extraExporters.clickhouse.<MAP_KEY>	interface	An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.database	interface	An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.endpoint	interface	An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.logs_table_name	interface	An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.password	interface	An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.retry_on_failure	interface	An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.timeout	interface	An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.ttl_days	interface	An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.username	interface	An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.prometheus	map[string, interface]	An exporter to forward data to Prometheus.	{“endpoint”:“0.0.0.0:9091”}
telemetryGatewayCustomization.extraExporters.prometheus.<MAP_KEY>	interface	An exporter to forward data to Prometheus.
telemetryGatewayCustomization.extraExporters.prometheus.endpoint	interface	An exporter to forward data to Prometheus.
telemetryGatewayCustomization.extraExporters.redisstream/basic	map[string, interface]	An exporter to forward data to single-entry Redis streams.	{“expire”:“30m”,“max_entries”:“1”,“stream_attributes”:{“resource_attributes”:[“cluster_name”,“source”]}}
telemetryGatewayCustomization.extraExporters.redisstream/basic.<MAP_KEY>	interface	An exporter to forward data to single-entry Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/basic.expire	interface	An exporter to forward data to single-entry Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/basic.max_entries	interface	An exporter to forward data to single-entry Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/basic.stream_attributes	interface	An exporter to forward data to single-entry Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/hubble	map[string, interface]	An exporter to forward hubble logs.	{“expire”:“30m”,“max_entries”:“1”,“stream”:“hubble”,“stream_attributes”:{“resource_attributes”:[“cluster_name”,“source”]}}
telemetryGatewayCustomization.extraExporters.redisstream/hubble.<MAP_KEY>	interface	An exporter to forward hubble logs.
telemetryGatewayCustomization.extraExporters.redisstream/hubble.expire	interface	An exporter to forward hubble logs.
telemetryGatewayCustomization.extraExporters.redisstream/hubble.max_entries	interface	An exporter to forward hubble logs.
telemetryGatewayCustomization.extraExporters.redisstream/hubble.stream	interface	An exporter to forward hubble logs.
telemetryGatewayCustomization.extraExporters.redisstream/hubble.stream_attributes	interface	An exporter to forward hubble logs.
telemetryGatewayCustomization.extraExporters.redisstream/ui	map[string, interface]	An exporter to forward ui data to Redis streams.	{“expire”:“30m”,“stream”:“ui”,“stream_attributes”:{“resource_attributes”:[“cluster_name”,“source”,“component”,“k8s.pod.name”,“k8s.container.name”]}}
telemetryGatewayCustomization.extraExporters.redisstream/ui.<MAP_KEY>	interface	An exporter to forward ui data to Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/ui.expire	interface	An exporter to forward ui data to Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/ui.stream	interface	An exporter to forward ui data to Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/ui.stream_attributes	interface	An exporter to forward ui data to Redis streams.
telemetryGatewayCustomization.extraExtensions	map[string, interface]	Configuration for extensions to the Gateway. Extensions are used to add additional functionality to the Gateway.	null
telemetryGatewayCustomization.extraExtensions.<MAP_KEY>	interface	Configuration for extensions to the Gateway. Extensions are used to add additional functionality to the Gateway.
telemetryGatewayCustomization.extraPipelines	map[string, interface]	Specify any added receivers, processors, or exporters in an extra pipeline.	null
telemetryGatewayCustomization.extraPipelines.<MAP_KEY>	interface	Specify any added receivers, processors, or exporters in an extra pipeline.
telemetryGatewayCustomization.extraProcessors	struct	Configuration for extra processors to drop and generate new data. Processors transform data before it is forwarded to downstream processors and/or exporters. For more information, see the OTel documentation.
telemetryGatewayCustomization.extraProcessors.batch	map[string, interface]	The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.	{“send_batch_max_size”:3000,“send_batch_size”:2000,“timeout”:“600ms”}
telemetryGatewayCustomization.extraProcessors.batch.<MAP_KEY>	interface	The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch.send_batch_max_size	interface	The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch.send_batch_size	interface	The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch.timeout	interface	The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch/logs	struct	The batch log processor accepts logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch/logs.metadata_cardinality_limit	int	the maximum number of batcher instances that will be created through a distinct combination of MetadataKeys.	0
telemetryGatewayCustomization.extraProcessors.batch/logs.metadata_keys[]	[]string	List of clients. Metadata keys that will be used to form distinct batchers. If this setting is empty a single batcher instance will be used. When a batcher instance is full, it will be sent and a new batcher instance will be created.	[]
telemetryGatewayCustomization.extraProcessors.batch/logs.send_batch_max_size	int	The maximum size of a batch. If the batch size is larger than this value, the batch is sent.	0
telemetryGatewayCustomization.extraProcessors.batch/logs.send_batch_size	int	The maximum number of traces or metrics to include in a batch.	100
telemetryGatewayCustomization.extraProcessors.batch/logs.timeout	string	The maximum amount of time to wait for a batch to be filled before sending it anyway.	5s
telemetryGatewayCustomization.extraProcessors.memory_limiter	map[string, interface]	The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.	{“check_interval”:“1s”,“limit_percentage”:85,“spike_limit_percentage”:10}
telemetryGatewayCustomization.extraProcessors.memory_limiter.<MAP_KEY>	interface	The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryGatewayCustomization.extraProcessors.memory_limiter.check_interval	interface	The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryGatewayCustomization.extraProcessors.memory_limiter.limit_percentage	interface	The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryGatewayCustomization.extraProcessors.memory_limiter.spike_limit_percentage	interface	The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryGatewayCustomization.extraReceivers	map[string, interface]	Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data.	null
telemetryGatewayCustomization.extraReceivers.<MAP_KEY>	interface	Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data.
telemetryGatewayCustomization.pipelines	struct	Selectively enable, disable, or customize any of the default pipelines.
telemetryGatewayCustomization.pipelines.logs/clickhouse	struct	A pre-defined pipeline that forwards Istio access logs that the collector agents receive to Clickhouse.
telemetryGatewayCustomization.pipelines.logs/clickhouse.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	false
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“clickhouse”]
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	null
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“filter/include_portal_source”,“batch/logs”]
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“otlp”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic	struct	Configure the exporting of logs into single-entry redis streams.
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	true
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“redisstream/basic”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	null
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“filter/include_basic_source”,“batch/logs”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“otlp”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_cilium_flows	struct	Configure the exporting of cilium flows into redis streams for the UI.
telemetryGatewayCustomization.pipelines.logs/redis_stream_cilium_flows.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	true
telemetryGatewayCustomization.pipelines.logs/redis_stream_cilium_flows.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.logs/redis_stream_cilium_flows.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“redisstream/hubble”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_cilium_flows.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	null
telemetryGatewayCustomization.pipelines.logs/redis_stream_cilium_flows.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“filter/include_hubble_source”,“batch/logs”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_cilium_flows.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“otlp”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui	struct	Configure the exporting of logs into redis streams for the UI.
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	true
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“redisstream/ui”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	null
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“filter/include_ui_source”,“batch/logs”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“otlp”]
telemetryGatewayCustomization.pipelines.metrics/prometheus	struct	A pre-defined pipeline that collects metrics from various sources, such as the Gloo management server, Istio, Cilium, and the Gloo OTel pipeline, and makes this data available to the built-in Prometheus server.
telemetryGatewayCustomization.pipelines.metrics/prometheus.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	true
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“prometheus”]
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	null
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“memory_limiter”,“batch”]
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“otlp”]
telemetryGatewayCustomization.pipelines.traces/jaeger	struct	A pre-defined pipeline that collects traces to observe and monitor traffic requests, and makes them available to the built-in Jaeger tracing platform demo.
telemetryGatewayCustomization.pipelines.traces/jaeger.enabled	bool	Determines whether the Gloo OTel pipeline is enabled or disabled.	false
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline	struct	The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline.exporters[]	[]string	List of exporters when installed in workload cluster.	[“otlp/jaeger”]
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline.managementPlaneExporters[]	[]string	List of exporters used when installed in management plane.	null
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline.processors[]	[]string	List of processors to use in the pipeline.	[“batch”]
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline.receivers[]	[]string	List of receivers to use in the pipeline.	[“otlp”]
telemetryGatewayCustomization.reloadTlsCertificate	string	Interval of time between reloading the TLS certificate of the telemetry gateway.
telemetryGatewayCustomization.serverName	string	SNI and certificate subject alternative name used in the telemetry gateway certificate.	gloo-telemetry-gateway.gloo-mesh
telemetryGatewayCustomization.telemetry	map[string, interface]	Configure the service telemetry (logs and metrics) as described in the otel-collector docs.	{“logs”:{“encoding”:“json”},“metrics”:{“address”:“0.0.0.0:8888”}}
telemetryGatewayCustomization.telemetry.<MAP_KEY>	interface	Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryGatewayCustomization.telemetry.logs	interface	Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryGatewayCustomization.telemetry.metrics	interface	Configure the service telemetry (logs and metrics) as described in the otel-collector docs.