OptionTypeDefault ValueDescription
leaderElectionbooltrueEnable leader election for the high-availability deployment.
verboseboolfalseEnable verbose/debug logging.
devModeboolfalseSet to true to enable development mode for the logger, which can cause panics. Do not use in production.
insecureboolfalsePermit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production.
readOnlyGeneratedResourcesboolfalseIf true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI.
relaystructConfiguration for securing relay communication between the workload agents and the management server.
relay.serverAddressstringAddress and port by which gloo-mesh-mgmt-server in the Gloo control plane can be accessed by the Gloo workload agents.
relay.authoritystringgloo-mesh-mgmt-server.gloo-meshSNI name in the authority/host header used to connect to relay forwarding server. Must match server certificate CommonName. Do not change the default value.
relay.clientTlsSecretstructCustom certs: Secret containing client TLS certs used to identify the Gloo agent to the management server. If you do not specify a clientTlssSecret, you must specify a tokenSecret and a rootTlsSecret.
relay.clientTlsSecret.namestringrelay-client-tls-secret
relay.clientTlsSecret.namespacestring
relay.rootTlsSecretstructSecret containing a root TLS cert used to verify the management server cert. The secret can also optionally specify a ’tls.key’, which is used to generate the agent client cert.
relay.rootTlsSecret.namestringrelay-root-tls-secret
relay.rootTlsSecret.namespacestring
relay.tokenSecretstructSecret containing a shared token for authenticating Gloo agents when they first communicate with the management server. A token secret is not needed with ACM certs.
relay.tokenSecret.namestringrelay-identity-token-secretName of the Kubernetes secret.
relay.tokenSecret.namespacestringNamespace of the Kubernetes secret.
relay.tokenSecret.keystringtokenKey value of the data within the Kubernetes secret.
relay.clientTlsSecretRotationGracePeriodRatiostringThe ratio of the client TLS certificate lifetime to when the management server starts the certificate rotation process.
maxGrpcMessageSizestring4294967295Maximum message size for gRPC messages sent and received by the management server.
metricsBufferSizeint50Number of metrics messages to buffer per Envoy proxy.
accessLogsBufferSizeint50Number of access logs to buffer per Envoy proxy.
istiodSidecarstructConfiguration for the istiod sidecar deployment.
istiodSidecar.createRoleBindingboolfalseCreate the cluster role binding for the istiod sidecar. Set this value to ’true’ only when using the Vault integration.
istiodSidecar.istiodServiceAccountstructObject reference for the istiod service account.
istiodSidecar.istiodServiceAccount.namestringistiod
istiodSidecar.istiodServiceAccount.namespacestringistio-system
namespacedRbac[][]struct[{“resources”:[],“namespaces”:[]}]Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource.
namespacedRbac[]structScopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource.
namespacedRbac[].resources[][]string
namespacedRbac[].resources[]string
namespacedRbac[].namespaces[][]string
namespacedRbac[].namespaces[]string
clusterstringName of the workload cluster to deploy Gloo agent in.
ext-auth-servicestructCustomizations for the ext-auth-service Helm chart.
ext-auth-service.enabledboolfalseif true, deploy the dependency service (default false)
ext-auth-service.extraTemplateAnnotationsmap[string, string]{“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"}extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’
ext-auth-service.extraTemplateAnnotations.<MAP_KEY>stringextra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’
ext-auth-service.extraTemplateAnnotations.proxy.istio.io/configstring{ “holdApplicationUntilProxyStarts”: true }extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’
rate-limiterstructCustomizations for the rate-limiter Helm chart.
rate-limiter.enabledboolfalseif true, deploy the dependency service (default false)
rate-limiter.extraTemplateAnnotationsmap[string, string]{“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"}extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’
rate-limiter.extraTemplateAnnotations.<MAP_KEY>stringextra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’
rate-limiter.extraTemplateAnnotations.proxy.istio.io/configstring{ “holdApplicationUntilProxyStarts”: true }extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’
sidecar-accelstructCustomizations for eBPF sidecar acceleration. Do not use in production.
sidecar-accel.enabledboolfalseif true, deploy the dependency service (default false)
gloo-network-agentstructCustomizations for the Gloo Network-specific agent functionality.
gloo-network-agent.enabledboolfalseif true, deploy the dependency service (default false)
managedInstallationsstructSubchart for setting up managed installations of Control Planes and Gateways in workload clusters.
managedInstallations.controlPlanestructConfiguration for the managed Istio control plane instance.
managedInstallations.controlPlane.enabledbooltrueInstall the managed Istio control plane instance in the cluster.
managedInstallations.controlPlane.installations[][]struct[{“revision”:“auto”,“clusters”:null,“istioOperatorSpec”:{}}]List of Istio control plane installations.
managedInstallations.controlPlane.installations[]structList of Istio control plane installations.
managedInstallations.controlPlane.installations[].revisionstringIstio revision for this installation, such as ‘1-17’. Label workload resources with ‘istio.io/rev=$REVISION’ to use this installation. Defaults to ‘AUTO’, which installs the default supported version of Gloo Istio.
managedInstallations.controlPlane.installations[].clusters[][]ptrClusters to install the Istio control planes in.
managedInstallations.controlPlane.installations[].clusters[]structClusters to install the Istio control planes in.
managedInstallations.controlPlane.installations[].clusters[].namestringName of the cluster to install Istio into. Must match the registered cluster name.
managedInstallations.controlPlane.installations[].clusters[].defaultRevisionboolWhen set to true, the installation for this revision is applied as the active Istio installation in the cluster. Resources with the ‘istio-injection=true’ label entry use this revision. You might change this setting for Istio installations during a canary upgrade. For more info, see the upgrade docs.
managedInstallations.controlPlane.installations[].clusters[].trustDomainstringTrust domain value for this cluster’s Istio installation mesh config. Defaults to the cluster’s name.
managedInstallations.controlPlane.installations[].istioOperatorSpecstructIstioOperator specification for the control plane. For more info, see the IstioOperatorSpec reference.
managedInstallations.northSouthGateways[][]struct[{“name”:“istio-ingressgateway”,“enabled”:true,“installations”:[{“gatewayRevision”:“auto”,“clusters”:null,“istioOperatorSpec”:{}}]}]Configuration for the managed north-south (ingress) gateway. Requires a Gloo Gateway license.
managedInstallations.northSouthGateways[]structConfiguration for the managed north-south (ingress) gateway. Requires a Gloo Gateway license.
managedInstallations.northSouthGateways[].namestringName of the gateway. Must be unique.
managedInstallations.northSouthGateways[].enabledboolInstall the gateway in the cluster.
managedInstallations.northSouthGateways[].installations[][]structList of Istio gateway installations. For more info, see the GatewayInstallation reference.
managedInstallations.northSouthGateways[].installations[]structList of Istio gateway installations. For more info, see the GatewayInstallation reference.
managedInstallations.northSouthGateways[].installations[].controlPlaneRevisionstringOptional: The revision of an Istio control plane in the cluster that this gateway should also use. If a control plane installation of this revision is not found, no gateway is created.
managedInstallations.northSouthGateways[].installations[].gatewayRevisionstringIstio revision for this installation, such as ‘1-17’. Defaults to ‘AUTO’, which installs the default supported version of Gloo Istio.
managedInstallations.northSouthGateways[].installations[].clusters[][]ptrClusters to install the gateway in.
managedInstallations.northSouthGateways[].installations[].clusters[]structClusters to install the gateway in.
managedInstallations.northSouthGateways[].installations[].clusters[].namestringName of the cluster to install the gateway into. Must match the registered cluster name.
managedInstallations.northSouthGateways[].installations[].clusters[].activeGatewayboolWhen set to true, the installation for this revision is applied as the active gateway through which primary service traffic is routed in the cluster. If the istioOperatorSpec defines a service, this field switches the service selectors to the revision specified in the gatewayRevsion. You might change this setting for gateway installations during a canary upgrade. For more info, see the upgrade docs.
managedInstallations.northSouthGateways[].installations[].clusters[].trustDomainstringTrust domain value for this cluster’s Istio installation mesh config. Defaults to the cluster’s name.
managedInstallations.northSouthGateways[].installations[].istioOperatorSpecstructIstioOperator specification for the gateway. For more info, see the IstioOperatorSpec reference.
managedInstallations.eastWestGateways[][]structnullConfiguration for the managed east-west gateway.
managedInstallations.eastWestGateways[]structConfiguration for the managed east-west gateway.
managedInstallations.eastWestGateways[].namestringName of the gateway. Must be unique.
managedInstallations.eastWestGateways[].enabledboolInstall the gateway in the cluster.
managedInstallations.eastWestGateways[].installations[][]structList of Istio gateway installations. For more info, see the GatewayInstallation reference.
managedInstallations.eastWestGateways[].installations[]structList of Istio gateway installations. For more info, see the GatewayInstallation reference.
managedInstallations.eastWestGateways[].installations[].controlPlaneRevisionstringOptional: The revision of an Istio control plane in the cluster that this gateway should also use. If a control plane installation of this revision is not found, no gateway is created.
managedInstallations.eastWestGateways[].installations[].gatewayRevisionstringIstio revision for this installation, such as ‘1-17’. Defaults to ‘AUTO’, which installs the default supported version of Gloo Istio.
managedInstallations.eastWestGateways[].installations[].clusters[][]ptrClusters to install the gateway in.
managedInstallations.eastWestGateways[].installations[].clusters[]structClusters to install the gateway in.
managedInstallations.eastWestGateways[].installations[].clusters[].namestringName of the cluster to install the gateway into. Must match the registered cluster name.
managedInstallations.eastWestGateways[].installations[].clusters[].activeGatewayboolWhen set to true, the installation for this revision is applied as the active gateway through which primary service traffic is routed in the cluster. If the istioOperatorSpec defines a service, this field switches the service selectors to the revision specified in the gatewayRevsion. You might change this setting for gateway installations during a canary upgrade. For more info, see the upgrade docs.
managedInstallations.eastWestGateways[].installations[].clusters[].trustDomainstringTrust domain value for this cluster’s Istio installation mesh config. Defaults to the cluster’s name.
managedInstallations.eastWestGateways[].installations[].istioOperatorSpecstructIstioOperator specification for the gateway. For more info, see the IstioOperatorSpec reference.
managedInstallations.enabledboolfalseEnable managed Istio installations.
telemetryCollectorstructHelm values for configuring the Gloo Platform Telemetry Collector. See the OpenTelemetry Helm chart for the complete set of values.
telemetryCollector.nameOverridestring
telemetryCollector.fullnameOverridestringgloo-telemetry-collector
telemetryCollector.enabledboolfalse
telemetryCollector.modestringdaemonset
telemetryCollector.replicaCountint0
telemetryCollector.commandmap[string, interface]{“extraArgs”:["–config=/conf/relay.yaml"],“name”:“gloo-otel-collector”}
telemetryCollector.command.<MAP_KEY>interface
telemetryCollector.command.extraArgsinterface
telemetryCollector.command.nameinterface
telemetryCollector.imagestruct
telemetryCollector.image.pullPolicystringIfNotPresent
telemetryCollector.image.repositorystringgcr.io/gloo-mesh/gloo-otel-collector
telemetryCollector.image.tagstring
telemetryCollector.extraVolumes[][]map[{“name”:“root-ca”,“secret”:{“defaultMode”:420,“secretName”:“relay-root-tls-secret”}},{“configMap”:{“items”:[{“key”:“relay”,“path”:“relay.yaml”}],“name”:“gloo-telemetry-collector-config”},“name”:“telemetry-configmap”}]
telemetryCollector.extraVolumes[]map[string, interface]
telemetryCollector.extraVolumes[].<MAP_KEY>interface
telemetryCollector.extraVolumeMounts[][]map[{“mountPath”:"/etc/otel-certs",“name”:“root-ca”,“readOnly”:true},{“mountPath”:"/conf",“name”:“telemetry-configmap”}]
telemetryCollector.extraVolumeMounts[]map[string, interface]
telemetryCollector.extraVolumeMounts[].<MAP_KEY>interface
telemetryCollector.resourcesmap[string, interface]{“requests”:{“cpu”:“100m”,“memory”:“300Mi”}}
telemetryCollector.resources.<MAP_KEY>interface
telemetryCollector.resources.requestsinterface
telemetryCollector.extraEnvs[][]map[{“name”:“KUBE_NODE_NAME”,“valueFrom”:{“fieldRef”:{“fieldPath”:“spec.nodeName”}}},{“name”:“KUBE_POD_NAME”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.name”}}}]
telemetryCollector.extraEnvs[]map[string, interface]
telemetryCollector.extraEnvs[].<MAP_KEY>interface
telemetryCollector.presetsmap[string, interface]{“clusterMetrics”:{“enabled”:false},“hostMetrics”:{“enabled”:false},“kubeletMetrics”:{“enabled”:false},“kubernetesAttributes”:{“enabled”:false},“logsCollection”:{“enabled”:false,“includeCollectorLogs”:false}}
telemetryCollector.presets.<MAP_KEY>interface
telemetryCollector.presets.clusterMetricsinterface
telemetryCollector.presets.hostMetricsinterface
telemetryCollector.presets.kubeletMetricsinterface
telemetryCollector.presets.kubernetesAttributesinterface
telemetryCollector.presets.logsCollectioninterface
telemetryCollector.configMapmap[string, interface]{“create”:false}
telemetryCollector.configMap.<MAP_KEY>interface
telemetryCollector.configMap.createinterface
telemetryCollector.clusterRolemap[string, interface]{“create”:true,“rules”:[{“apiGroups”:[""],“resources”:[“nodes”,“nodes/proxy”,“nodes/metrics”,“services”,“endpoints”,“pods”,“ingresses”,“configmaps”],“verbs”:[“get”,“list”,“watch”]},{“apiGroups”:[“extensions”,“networking.k8s.io”],“resources”:[“ingresses/status”,“ingresses”],“verbs”:[“get”,“list”,“watch”]},{“nonResourceURLs”:["/metrics"],“verbs”:[“get”]}]}
telemetryCollector.clusterRole.<MAP_KEY>interface
telemetryCollector.clusterRole.createinterface
telemetryCollector.clusterRole.rulesinterface
telemetryCollector.servicemap[string, interface]null
telemetryCollector.service.<MAP_KEY>interface
telemetryCollector.podAnnotationsmap[string, interface]null
telemetryCollector.podAnnotations.<MAP_KEY>interface
telemetryCollector.portsmap[string, interface]{“jaeger-compact”:{“hostPort”:0},“jaeger-grpc”:{“hostPort”:0},“jaeger-thrift”:{“hostPort”:0},“otlp”:{“hostPort”:0},“otlp-http”:{“hostPort”:0},“zipkin”:{“hostPort”:0}}
telemetryCollector.ports.<MAP_KEY>interface
telemetryCollector.ports.jaeger-compactinterface
telemetryCollector.ports.jaeger-grpcinterface
telemetryCollector.ports.jaeger-thriftinterface
telemetryCollector.ports.otlpinterface
telemetryCollector.ports.otlp-httpinterface
telemetryCollector.ports.zipkininterface
telemetryCollector.tolerations[][]interface[{“effect”:“NoSchedule”,“operator”:“Exists”},{“key”:“CriticalAddonsOnly”,“operator”:“Exists”},{“effect”:“NoExecute”,“operator”:“Exists”},{“effect”:“NoExecute”,“key”:“node.kubernetes.io/not-ready”,“operator”:“Exists”},{“effect”:“NoExecute”,“key”:“node.kubernetes.io/unreachable”,“operator”:“Exists”},{“effect”:“NoSchedule”,“key”:“node.kubernetes.io/disk-pressure”,“operator”:“Exists”},{“effect”:“NoSchedule”,“key”:“node.kubernetes.io/memory-pressure”,“operator”:“Exists”},{“effect”:“NoSchedule”,“key”:“node.kubernetes.io/pid-pressure”,“operator”:“Exists”},{“effect”:“NoSchedule”,“key”:“node.kubernetes.io/unschedulable”,“operator”:“Exists”}]
telemetryCollector.tolerations[]interface
telemetryCollectorCustomizationstructHelm values for customizing the Gloo Platform Telemetry Collector.
telemetryCollectorCustomization.serverNamestringgloo-telemetry-gateway.gloo-meshSNI and certificate subject alternative name used in the collector certificate.
telemetryCollectorCustomization.extraReceiversmap[string, interface]nullConfiguration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data.
telemetryCollectorCustomization.extraReceivers.<MAP_KEY>interfaceConfiguration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data.
telemetryCollectorCustomization.extraProcessorsmap[string, interface]{“batch”:{“send_batch_max_size”:3000,“send_batch_size”:2000,“timeout”:“600ms”},“memory_limiter”:{“check_interval”:“1s”,“limit_percentage”:85,“spike_limit_percentage”:10}}Configuration for extra processors to drop and generate new data. Processors can transform the data before it is forwarded to another processor and an exporter.
telemetryCollectorCustomization.extraProcessors.<MAP_KEY>interfaceConfiguration for extra processors to drop and generate new data. Processors can transform the data before it is forwarded to another processor and an exporter.
telemetryCollectorCustomization.extraProcessors.batchinterfaceConfiguration for extra processors to drop and generate new data. Processors can transform the data before it is forwarded to another processor and an exporter.
telemetryCollectorCustomization.extraProcessors.memory_limiterinterfaceConfiguration for extra processors to drop and generate new data. Processors can transform the data before it is forwarded to another processor and an exporter.
telemetryCollectorCustomization.extraExportersmap[string, interface]nullConfiguration for extra exporters, such as to forward your data to a third-party provider. Exporters forward the data they get to a destination on the local or remote network.
telemetryCollectorCustomization.extraExporters.<MAP_KEY>interfaceConfiguration for extra exporters, such as to forward your data to a third-party provider. Exporters forward the data they get to a destination on the local or remote network.
telemetryCollectorCustomization.extraPipelinesmap[string, interface]nullSpecify any added receivers, processors, or exporters in an extra pipeline.
telemetryCollectorCustomization.extraPipelines.<MAP_KEY>interfaceSpecify any added receivers, processors, or exporters in an extra pipeline.
telemetryCollectorCustomization.telemetrymap[string, interface]{“metrics”:{“address”:“0.0.0.0:8888”}}Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryCollectorCustomization.telemetry.<MAP_KEY>interfaceConfigure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryCollectorCustomization.telemetry.metricsinterfaceConfigure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryCollectorCustomization.disableDefaultPipelineboolfalseDisables the default pipeline. Useful if you want to create a custom pipeline using ’extraPipelines’ and to disable the default pipeline.
legacyMetricsPipelinestructConfiguration for the legacy metrics pipeline, which uses Gloo agents to propagate metrics to the management server.
legacyMetricsPipeline.enabledbooltrueSet to false to disable the legacy telemetry pipeline.
glooMeshAgentstructConfiguration for the glooMeshAgent deployment.
glooMeshAgentstruct
glooMeshAgent.imagestructContainer image.
glooMeshAgent.image.tagstringVersion tag for the container image.
glooMeshAgent.image.repositorystringgloo-mesh-agentImage name (repository).
glooMeshAgent.image.registrystringgcr.io/gloo-meshImage registry.
glooMeshAgent.image.pullPolicystringIfNotPresentImage pull policy.
glooMeshAgent.image.pullSecretstringImage pull secret.
glooMeshAgent.env[]slice[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}}]Environment variables for the container. For more info, see the Kubernetes documentation.
glooMeshAgent.extraEnvsstructExtra environment variables for the container
glooMeshAgent.resourcesstruct{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}Container resource requirements. For more info, see the Kubernetes documentation.
glooMeshAgent.securityContextstructContainer security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMeshAgent.sidecarsmap[string, struct]{}Optional configuration for the deployed containers.
glooMeshAgent.sidecars.<MAP_KEY>structOptional configuration for the deployed containers.
glooMeshAgent.sidecars.<MAP_KEY>.imagestructContainer image.
glooMeshAgent.sidecars.<MAP_KEY>.image.tagstringVersion tag for the container image.
glooMeshAgent.sidecars.<MAP_KEY>.image.repositorystringImage name (repository).
glooMeshAgent.sidecars.<MAP_KEY>.image.registrystringImage registry.
glooMeshAgent.sidecars.<MAP_KEY>.image.pullPolicystringImage pull policy.
glooMeshAgent.sidecars.<MAP_KEY>.image.pullSecretstringImage pull secret.
glooMeshAgent.sidecars.<MAP_KEY>.env[]sliceEnvironment variables for the container. For more info, see the Kubernetes documentation.
glooMeshAgent.sidecars.<MAP_KEY>.extraEnvsstructExtra environment variables for the container
glooMeshAgent.sidecars.<MAP_KEY>.resourcesstructContainer resource requirements. For more info, see the Kubernetes documentation.
glooMeshAgent.sidecars.<MAP_KEY>.securityContextstructContainer security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMeshAgent.floatingUserIdboolfalseAllow the pod to be assigned a dynamic user ID. Required for OpenShift installations.
glooMeshAgent.runAsUseruint3210101Static user ID to run the containers as. Unused if floatingUserId is ’true’.
glooMeshAgent.serviceTypestringClusterIPKubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.
glooMeshAgent.portsmap[string, uint32]{“grpc”:9977,“healthcheck”:8090,“http”:9988,“stats”:9091}Service ports as a map from port name to port number.
glooMeshAgent.ports.<MAP_KEY>uint32Service ports as a map from port name to port number.
glooMeshAgent.ports.grpcuint329977Service ports as a map from port name to port number.
glooMeshAgent.ports.healthcheckuint328090Service ports as a map from port name to port number.
glooMeshAgent.ports.httpuint329988Service ports as a map from port name to port number.
glooMeshAgent.ports.statsuint329091Service ports as a map from port name to port number.
glooMeshAgent.deploymentOverridesstructArbitrary overrides for the component’s deployment template
glooMeshAgent.serviceOverridesstructArbitrary overrides for the component’s service template.
glooMeshAgent.enabledbooltrueEnable creation of the deployment/service.
glooMeshPortalServerstructConfiguration for the glooMeshPortalServer deployment.
glooMeshPortalServerstruct
glooMeshPortalServer.verboseboolfalseEnable verbose/debug logging.
glooMeshPortalServerstruct
glooMeshPortalServer.devModeboolfalseSet to true to enable development mode for the logger, which can cause panics. Do not use in production.
glooMeshPortalServer.enabledboolfalseDeploy the Portal server for Gloo Platform Portal to the cluster.
glooMeshPortalServer.apiKeyStoragestructConfigure backend storage for API keys.
glooMeshPortalServer.apiKeyStorage.typestringredisBackend storage for API keys. Currently, redis is supported.
glooMeshPortalServer.apiKeyStorage.configPathstring/etc/redis/config.yamlPath for API key storage config file
glooMeshPortalServer.apiKeyStorage.secretKeystringchange thisThe string value that you want to use to hash API keys before they are stored in the backing database.
glooMeshPortalServerstructConfiguration for the glooMeshPortalServer deployment.
glooMeshPortalServerstruct
glooMeshPortalServer.imagestructContainer image.
glooMeshPortalServer.image.tagstringVersion tag for the container image.
glooMeshPortalServer.image.repositorystringgloo-mesh-portal-serverImage name (repository).
glooMeshPortalServer.image.registrystringgcr.io/gloo-meshImage registry.
glooMeshPortalServer.image.pullPolicystringIfNotPresentImage pull policy.
glooMeshPortalServer.image.pullSecretstringImage pull secret.
glooMeshPortalServer.env[]slice[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“APIKEY_STORAGE_SECRET_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“portal-storage-secret-key”,“key”:“key”}}}]Environment variables for the container. For more info, see the Kubernetes documentation.
glooMeshPortalServer.extraEnvsstructExtra environment variables for the container
glooMeshPortalServer.resourcesstruct{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}Container resource requirements. For more info, see the Kubernetes documentation.
glooMeshPortalServer.securityContextstructContainer security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMeshPortalServer.sidecarsmap[string, struct]{}Optional configuration for the deployed containers.
glooMeshPortalServer.sidecars.<MAP_KEY>structOptional configuration for the deployed containers.
glooMeshPortalServer.sidecars.<MAP_KEY>.imagestructContainer image.
glooMeshPortalServer.sidecars.<MAP_KEY>.image.tagstringVersion tag for the container image.
glooMeshPortalServer.sidecars.<MAP_KEY>.image.repositorystringImage name (repository).
glooMeshPortalServer.sidecars.<MAP_KEY>.image.registrystringImage registry.
glooMeshPortalServer.sidecars.<MAP_KEY>.image.pullPolicystringImage pull policy.
glooMeshPortalServer.sidecars.<MAP_KEY>.image.pullSecretstringImage pull secret.
glooMeshPortalServer.sidecars.<MAP_KEY>.env[]sliceEnvironment variables for the container. For more info, see the Kubernetes documentation.
glooMeshPortalServer.sidecars.<MAP_KEY>.extraEnvsstructExtra environment variables for the container
glooMeshPortalServer.sidecars.<MAP_KEY>.resourcesstructContainer resource requirements. For more info, see the Kubernetes documentation.
glooMeshPortalServer.sidecars.<MAP_KEY>.securityContextstructContainer security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMeshPortalServer.floatingUserIdboolfalseAllow the pod to be assigned a dynamic user ID. Required for OpenShift installations.
glooMeshPortalServer.runAsUseruint3210101Static user ID to run the containers as. Unused if floatingUserId is ’true’.
glooMeshPortalServer.serviceTypestringClusterIPKubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.
glooMeshPortalServer.portsmap[string, uint32]{“http”:8080}Service ports as a map from port name to port number.
glooMeshPortalServer.ports.<MAP_KEY>uint32Service ports as a map from port name to port number.
glooMeshPortalServer.ports.httpuint328080Service ports as a map from port name to port number.
glooMeshPortalServer.deploymentOverridesstructArbitrary overrides for the component’s deployment template
glooMeshPortalServer.serviceOverridesstructArbitrary overrides for the component’s service template.
glooMeshPortalServer.enabledbooltrueEnable creation of the deployment/service.