On this page
Legacy: Managed Istio gateway and control plane installations
Review Helm values for the Managed Istio gateway and control plane installations chart.
The gloo-mesh-enterprise, gloo-mesh-agent, gloo-mesh-managed-installations, and other included Helm charts are considered legacy as of Gloo version 2.3, and are unsupported in Gloo version 2.5 and later. If you installed Gloo Mesh Enterprise by using these legacy Helm charts, or if you used meshctl version 2.2 or earlier to install Gloo Mesh Enterprise, you must migrate your legacy installation to the new gloo-platform Helm chart.
| Option | Type | Default Value | Description |
|---|---|---|---|
| leaderElection | bool | true | Enable leader election for the high-availability deployment. |
| verbose | bool | false | Enable verbose/debug logging. |
| devMode | bool | false | Set to true to enable development mode for the logger, which can cause panics. Do not use in production. |
| insecure | bool | false | Permit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production. |
| readOnlyGeneratedResources | bool | false | If true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI. |
| relay | struct | Configuration for securing relay communication between the workload agents and the management server. | |
| relay.serverAddress | string | Address and port by which gloo-mesh-mgmt-server in the Gloo control plane can be accessed by the Gloo workload agents. | |
| relay.authority | string | gloo-mesh-mgmt-server.gloo-mesh | SNI name in the authority/host header used to connect to relay forwarding server. Must match server certificate CommonName. Do not change the default value. |
| relay.clientTlsSecret | struct | Custom certs: Secret containing client TLS certs used to identify the Gloo agent to the management server. If you do not specify a clientTlssSecret, you must specify a tokenSecret and a rootTlsSecret. | |
| relay.clientTlsSecret.name | string | relay-client-tls-secret | |
| relay.clientTlsSecret.namespace | string | ||
| relay.rootTlsSecret | struct | Secret containing a root TLS cert used to verify the management server cert. The secret can also optionally specify a ’tls.key’, which is used to generate the agent client cert. | |
| relay.rootTlsSecret.name | string | relay-root-tls-secret | |
| relay.rootTlsSecret.namespace | string | ||
| relay.tokenSecret | struct | Secret containing a shared token for authenticating Gloo agents when they first communicate with the management server. A token secret is not needed with ACM certs. | |
| relay.tokenSecret.name | string | relay-identity-token-secret | Name of the Kubernetes secret. |
| relay.tokenSecret.namespace | string | Namespace of the Kubernetes secret. | |
| relay.tokenSecret.key | string | token | Key value of the data within the Kubernetes secret. |
| relay.clientTlsSecretRotationGracePeriodRatio | string | The ratio of the client TLS certificate lifetime to when the management server starts the certificate rotation process. | |
| maxGrpcMessageSize | string | 4294967295 | Maximum message size for gRPC messages sent and received by the management server. |
| metricsBufferSize | int | 50 | Number of metrics messages to buffer per Envoy proxy. |
| accessLogsBufferSize | int | 50 | Number of access logs to buffer per Envoy proxy. |
| istiodSidecar | struct | Configuration for the istiod sidecar deployment. | |
| istiodSidecar.createRoleBinding | bool | false | Create the cluster role binding for the istiod sidecar. Set this value to ’true’ only when using the Vault integration. |
| istiodSidecar.istiodServiceAccount | struct | Object reference for the istiod service account. | |
| istiodSidecar.istiodServiceAccount.name | string | istiod | |
| istiodSidecar.istiodServiceAccount.namespace | string | istio-system | |
| namespacedRbac[] | []struct | [{“resources”:[],“namespaces”:[]}] | Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource. |
| namespacedRbac[] | struct | Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource. | |
| namespacedRbac[].resources[] | []string | ||
| namespacedRbac[].resources[] | string | ||
| namespacedRbac[].namespaces[] | []string | ||
| namespacedRbac[].namespaces[] | string | ||
| cluster | string | Name of the workload cluster to deploy Gloo agent in. | |
| ext-auth-service | struct | Customizations for the ext-auth-service Helm chart. | |
| ext-auth-service.enabled | bool | false | if true, deploy the dependency service (default false) |
| ext-auth-service.extraTemplateAnnotations | map[string, string] | {“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"} | extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| ext-auth-service.extraTemplateAnnotations.<MAP_KEY> | string | extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ | |
| ext-auth-service.extraTemplateAnnotations.proxy.istio.io/config | string | { “holdApplicationUntilProxyStarts”: true } | extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| rate-limiter | struct | Customizations for the rate-limiter Helm chart. | |
| rate-limiter.enabled | bool | false | if true, deploy the dependency service (default false) |
| rate-limiter.extraTemplateAnnotations | map[string, string] | {“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"} | extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| rate-limiter.extraTemplateAnnotations.<MAP_KEY> | string | extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ | |
| rate-limiter.extraTemplateAnnotations.proxy.istio.io/config | string | { “holdApplicationUntilProxyStarts”: true } | extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| sidecar-accel | struct | Customizations for eBPF sidecar acceleration. Do not use in production. | |
| sidecar-accel.enabled | bool | false | if true, deploy the dependency service (default false) |
| gloo-network-agent | struct | Customizations for the Gloo Network-specific agent functionality. | |
| gloo-network-agent.enabled | bool | false | if true, deploy the dependency service (default false) |
| managedInstallations | struct | Subchart for setting up managed installations of Control Planes and Gateways in workload clusters. | |
| managedInstallations.controlPlane | struct | Configuration for the managed Istio control plane instance. | |
| managedInstallations.controlPlane.enabled | bool | true | Install the managed Istio control plane instance in the cluster. |
| managedInstallations.controlPlane.installations[] | []struct | [{“revision”:“auto”,“clusters”:null,“istioOperatorSpec”:{}}] | List of Istio control plane installations. |
| managedInstallations.controlPlane.installations[] | struct | List of Istio control plane installations. | |
| managedInstallations.controlPlane.installations[].revision | string | Istio revision for this installation, such as ‘1-17’. Label workload resources with ‘istio.io/rev=$REVISION’ to use this installation. Defaults to ‘AUTO’, which installs the default supported version of Gloo Istio. | |
| managedInstallations.controlPlane.installations[].clusters[] | []ptr | Clusters to install the Istio control planes in. | |
| managedInstallations.controlPlane.installations[].clusters[] | struct | Clusters to install the Istio control planes in. | |
| managedInstallations.controlPlane.installations[].clusters[].name | string | Name of the cluster to install Istio into. Must match the registered cluster name. | |
| managedInstallations.controlPlane.installations[].clusters[].defaultRevision | bool | When set to true, the installation for this revision is applied as the active Istio installation in the cluster. Resources with the ‘istio-injection=true’ label entry use this revision. You might change this setting for Istio installations during a canary upgrade. For more info, see the upgrade docs. | |
| managedInstallations.controlPlane.installations[].clusters[].trustDomain | string | Trust domain value for this cluster’s Istio installation mesh config. Defaults to the cluster’s name. | |
| managedInstallations.controlPlane.installations[].istioOperatorSpec | struct | IstioOperator specification for the control plane. For more info, see the IstioOperatorSpec reference. | |
| managedInstallations.northSouthGateways[] | []struct | [{“name”:“istio-ingressgateway”,“enabled”:true,“installations”:[{“gatewayRevision”:“auto”,“clusters”:null,“istioOperatorSpec”:{}}]}] | Configuration for the managed north-south (ingress) gateway. Requires a Gloo Gateway license. |
| managedInstallations.northSouthGateways[] | struct | Configuration for the managed north-south (ingress) gateway. Requires a Gloo Gateway license. | |
| managedInstallations.northSouthGateways[].name | string | Name of the gateway. Must be unique. | |
| managedInstallations.northSouthGateways[].enabled | bool | Install the gateway in the cluster. | |
| managedInstallations.northSouthGateways[].installations[] | []struct | List of Istio gateway installations. For more info, see the GatewayInstallation reference. | |
| managedInstallations.northSouthGateways[].installations[] | struct | List of Istio gateway installations. For more info, see the GatewayInstallation reference. | |
| managedInstallations.northSouthGateways[].installations[].controlPlaneRevision | string | Optional: The revision of an Istio control plane in the cluster that this gateway should also use. If a control plane installation of this revision is not found, no gateway is created. | |
| managedInstallations.northSouthGateways[].installations[].gatewayRevision | string | Istio revision for this installation, such as ‘1-17’. Defaults to ‘AUTO’, which installs the default supported version of Gloo Istio. | |
| managedInstallations.northSouthGateways[].installations[].clusters[] | []ptr | Clusters to install the gateway in. | |
| managedInstallations.northSouthGateways[].installations[].clusters[] | struct | Clusters to install the gateway in. | |
| managedInstallations.northSouthGateways[].installations[].clusters[].name | string | Name of the cluster to install the gateway into. Must match the registered cluster name. | |
| managedInstallations.northSouthGateways[].installations[].clusters[].activeGateway | bool | When set to true, the installation for this revision is applied as the active gateway through which primary service traffic is routed in the cluster. If the istioOperatorSpec defines a service, this field switches the service selectors to the revision specified in the gatewayRevsion. You might change this setting for gateway installations during a canary upgrade. For more info, see the upgrade docs. | |
| managedInstallations.northSouthGateways[].installations[].clusters[].trustDomain | string | Trust domain value for this cluster’s Istio installation mesh config. Defaults to the cluster’s name. | |
| managedInstallations.northSouthGateways[].installations[].istioOperatorSpec | struct | IstioOperator specification for the gateway. For more info, see the IstioOperatorSpec reference. | |
| managedInstallations.eastWestGateways[] | []struct | null | Configuration for the managed east-west gateway. |
| managedInstallations.eastWestGateways[] | struct | Configuration for the managed east-west gateway. | |
| managedInstallations.eastWestGateways[].name | string | Name of the gateway. Must be unique. | |
| managedInstallations.eastWestGateways[].enabled | bool | Install the gateway in the cluster. | |
| managedInstallations.eastWestGateways[].installations[] | []struct | List of Istio gateway installations. For more info, see the GatewayInstallation reference. | |
| managedInstallations.eastWestGateways[].installations[] | struct | List of Istio gateway installations. For more info, see the GatewayInstallation reference. | |
| managedInstallations.eastWestGateways[].installations[].controlPlaneRevision | string | Optional: The revision of an Istio control plane in the cluster that this gateway should also use. If a control plane installation of this revision is not found, no gateway is created. | |
| managedInstallations.eastWestGateways[].installations[].gatewayRevision | string | Istio revision for this installation, such as ‘1-17’. Defaults to ‘AUTO’, which installs the default supported version of Gloo Istio. | |
| managedInstallations.eastWestGateways[].installations[].clusters[] | []ptr | Clusters to install the gateway in. | |
| managedInstallations.eastWestGateways[].installations[].clusters[] | struct | Clusters to install the gateway in. | |
| managedInstallations.eastWestGateways[].installations[].clusters[].name | string | Name of the cluster to install the gateway into. Must match the registered cluster name. | |
| managedInstallations.eastWestGateways[].installations[].clusters[].activeGateway | bool | When set to true, the installation for this revision is applied as the active gateway through which primary service traffic is routed in the cluster. If the istioOperatorSpec defines a service, this field switches the service selectors to the revision specified in the gatewayRevsion. You might change this setting for gateway installations during a canary upgrade. For more info, see the upgrade docs. | |
| managedInstallations.eastWestGateways[].installations[].clusters[].trustDomain | string | Trust domain value for this cluster’s Istio installation mesh config. Defaults to the cluster’s name. | |
| managedInstallations.eastWestGateways[].installations[].istioOperatorSpec | struct | IstioOperator specification for the gateway. For more info, see the IstioOperatorSpec reference. | |
| managedInstallations.enabled | bool | false | Enable managed Istio installations. |
| telemetryCollector | struct | Helm values for configuring the Gloo Platform Telemetry Collector. See the OpenTelemetry Helm chart for the complete set of values. | |
| telemetryCollector.nameOverride | string | ||
| telemetryCollector.fullnameOverride | string | gloo-telemetry-collector | |
| telemetryCollector.enabled | bool | false | |
| telemetryCollector.mode | string | daemonset | |
| telemetryCollector.replicaCount | int | 0 | |
| telemetryCollector.command | map[string, interface] | {“extraArgs”:["–config=/conf/relay.yaml"],“name”:“gloo-otel-collector”} | |
| telemetryCollector.command.<MAP_KEY> | interface | ||
| telemetryCollector.command.extraArgs | interface | ||
| telemetryCollector.command.name | interface | ||
| telemetryCollector.image | struct | ||
| telemetryCollector.image.pullPolicy | string | IfNotPresent | |
| telemetryCollector.image.repository | string | gcr.io/gloo-mesh/gloo-otel-collector | |
| telemetryCollector.image.tag | string | ||
| telemetryCollector.extraVolumes[] | []map | [{“name”:“root-ca”,“secret”:{“defaultMode”:420,“secretName”:“relay-root-tls-secret”}},{“configMap”:{“items”:[{“key”:“relay”,“path”:“relay.yaml”}],“name”:“gloo-telemetry-collector-config”},“name”:“telemetry-configmap”}] | |
| telemetryCollector.extraVolumes[] | map[string, interface] | ||
| telemetryCollector.extraVolumes[].<MAP_KEY> | interface | ||
| telemetryCollector.extraVolumeMounts[] | []map | [{“mountPath”:"/etc/otel-certs",“name”:“root-ca”,“readOnly”:true},{“mountPath”:"/conf",“name”:“telemetry-configmap”}] | |
| telemetryCollector.extraVolumeMounts[] | map[string, interface] | ||
| telemetryCollector.extraVolumeMounts[].<MAP_KEY> | interface | ||
| telemetryCollector.resources | map[string, interface] | {“requests”:{“cpu”:“100m”,“memory”:“300Mi”}} | |
| telemetryCollector.resources.<MAP_KEY> | interface | ||
| telemetryCollector.resources.requests | interface | ||
| telemetryCollector.extraEnvs[] | []map | [{“name”:“KUBE_NODE_NAME”,“valueFrom”:{“fieldRef”:{“fieldPath”:“spec.nodeName”}}},{“name”:“KUBE_POD_NAME”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.name”}}}] | |
| telemetryCollector.extraEnvs[] | map[string, interface] | ||
| telemetryCollector.extraEnvs[].<MAP_KEY> | interface | ||
| telemetryCollector.presets | map[string, interface] | {“clusterMetrics”:{“enabled”:false},“hostMetrics”:{“enabled”:false},“kubeletMetrics”:{“enabled”:false},“kubernetesAttributes”:{“enabled”:false},“logsCollection”:{“enabled”:false,“includeCollectorLogs”:false}} | |
| telemetryCollector.presets.<MAP_KEY> | interface | ||
| telemetryCollector.presets.clusterMetrics | interface | ||
| telemetryCollector.presets.hostMetrics | interface | ||
| telemetryCollector.presets.kubeletMetrics | interface | ||
| telemetryCollector.presets.kubernetesAttributes | interface | ||
| telemetryCollector.presets.logsCollection | interface | ||
| telemetryCollector.configMap | map[string, interface] | {“create”:false} | |
| telemetryCollector.configMap.<MAP_KEY> | interface | ||
| telemetryCollector.configMap.create | interface | ||
| telemetryCollector.clusterRole | map[string, interface] | {“create”:true,“rules”:[{“apiGroups”:[""],“resources”:[“nodes”,“nodes/proxy”,“nodes/metrics”,“services”,“endpoints”,“pods”,“ingresses”,“configmaps”],“verbs”:[“get”,“list”,“watch”]},{“apiGroups”:[“extensions”,“networking.k8s.io”],“resources”:[“ingresses/status”,“ingresses”],“verbs”:[“get”,“list”,“watch”]},{“nonResourceURLs”:["/metrics"],“verbs”:[“get”]}]} | |
| telemetryCollector.clusterRole.<MAP_KEY> | interface | ||
| telemetryCollector.clusterRole.create | interface | ||
| telemetryCollector.clusterRole.rules | interface | ||
| telemetryCollector.service | map[string, interface] | null | |
| telemetryCollector.service.<MAP_KEY> | interface | ||
| telemetryCollector.podAnnotations | map[string, interface] | null | |
| telemetryCollector.podAnnotations.<MAP_KEY> | interface | ||
| telemetryCollector.ports | map[string, interface] | {“jaeger-compact”:{“hostPort”:0},“jaeger-grpc”:{“hostPort”:0},“jaeger-thrift”:{“hostPort”:0},“otlp”:{“hostPort”:0},“otlp-http”:{“hostPort”:0},“zipkin”:{“hostPort”:0}} | |
| telemetryCollector.ports.<MAP_KEY> | interface | ||
| telemetryCollector.ports.jaeger-compact | interface | ||
| telemetryCollector.ports.jaeger-grpc | interface | ||
| telemetryCollector.ports.jaeger-thrift | interface | ||
| telemetryCollector.ports.otlp | interface | ||
| telemetryCollector.ports.otlp-http | interface | ||
| telemetryCollector.ports.zipkin | interface | ||
| telemetryCollector.tolerations[] | []interface | [{“effect”:“NoSchedule”,“operator”:“Exists”},{“key”:“CriticalAddonsOnly”,“operator”:“Exists”},{“effect”:“NoExecute”,“operator”:“Exists”},{“effect”:“NoExecute”,“key”:“node.kubernetes.io/not-ready”,“operator”:“Exists”},{“effect”:“NoExecute”,“key”:“node.kubernetes.io/unreachable”,“operator”:“Exists”},{“effect”:“NoSchedule”,“key”:“node.kubernetes.io/disk-pressure”,“operator”:“Exists”},{“effect”:“NoSchedule”,“key”:“node.kubernetes.io/memory-pressure”,“operator”:“Exists”},{“effect”:“NoSchedule”,“key”:“node.kubernetes.io/pid-pressure”,“operator”:“Exists”},{“effect”:“NoSchedule”,“key”:“node.kubernetes.io/unschedulable”,“operator”:“Exists”}] | |
| telemetryCollector.tolerations[] | interface | ||
| telemetryCollectorCustomization | struct | Helm values for customizing the Gloo Platform Telemetry Collector. | |
| telemetryCollectorCustomization.serverName | string | gloo-telemetry-gateway.gloo-mesh | SNI and certificate subject alternative name used in the collector certificate. |
| telemetryCollectorCustomization.extraReceivers | map[string, interface] | null | Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data. |
| telemetryCollectorCustomization.extraReceivers.<MAP_KEY> | interface | Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data. | |
| telemetryCollectorCustomization.extraProcessors | map[string, interface] | {“batch”:{“send_batch_max_size”:3000,“send_batch_size”:2000,“timeout”:“600ms”},“memory_limiter”:{“check_interval”:“1s”,“limit_percentage”:85,“spike_limit_percentage”:10}} | Configuration for extra processors to drop and generate new data. Processors can transform the data before it is forwarded to another processor and an exporter. |
| telemetryCollectorCustomization.extraProcessors.<MAP_KEY> | interface | Configuration for extra processors to drop and generate new data. Processors can transform the data before it is forwarded to another processor and an exporter. | |
| telemetryCollectorCustomization.extraProcessors.batch | interface | Configuration for extra processors to drop and generate new data. Processors can transform the data before it is forwarded to another processor and an exporter. | |
| telemetryCollectorCustomization.extraProcessors.memory_limiter | interface | Configuration for extra processors to drop and generate new data. Processors can transform the data before it is forwarded to another processor and an exporter. | |
| telemetryCollectorCustomization.extraExporters | map[string, interface] | null | Configuration for extra exporters, such as to forward your data to a third-party provider. Exporters forward the data they get to a destination on the local or remote network. |
| telemetryCollectorCustomization.extraExporters.<MAP_KEY> | interface | Configuration for extra exporters, such as to forward your data to a third-party provider. Exporters forward the data they get to a destination on the local or remote network. | |
| telemetryCollectorCustomization.extraPipelines | map[string, interface] | null | Specify any added receivers, processors, or exporters in an extra pipeline. |
| telemetryCollectorCustomization.extraPipelines.<MAP_KEY> | interface | Specify any added receivers, processors, or exporters in an extra pipeline. | |
| telemetryCollectorCustomization.telemetry | map[string, interface] | {“metrics”:{“address”:“0.0.0.0:8888”}} | Configure the service telemetry (logs and metrics) as described in the otel-collector docs. |
| telemetryCollectorCustomization.telemetry.<MAP_KEY> | interface | Configure the service telemetry (logs and metrics) as described in the otel-collector docs. | |
| telemetryCollectorCustomization.telemetry.metrics | interface | Configure the service telemetry (logs and metrics) as described in the otel-collector docs. | |
| telemetryCollectorCustomization.disableDefaultPipeline | bool | false | Disables the default pipeline. Useful if you want to create a custom pipeline using ’extraPipelines’ and to disable the default pipeline. |
| legacyMetricsPipeline | struct | Configuration for the legacy metrics pipeline, which uses Gloo agents to propagate metrics to the management server. | |
| legacyMetricsPipeline.enabled | bool | true | Set to false to disable the legacy telemetry pipeline. |
| glooMeshAgent | struct | Configuration for the glooMeshAgent deployment. | |
| glooMeshAgent | struct | ||
| glooMeshAgent.image | struct | Container image. | |
| glooMeshAgent.image.tag | string | Version tag for the container image. | |
| glooMeshAgent.image.repository | string | gloo-mesh-agent | Image name (repository). |
| glooMeshAgent.image.registry | string | gcr.io/gloo-mesh | Image registry. |
| glooMeshAgent.image.pullPolicy | string | IfNotPresent | Image pull policy. |
| glooMeshAgent.image.pullSecret | string | Image pull secret. | |
| glooMeshAgent.env[] | slice | [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}}] | Environment variables for the container. For more info, see the Kubernetes documentation. |
| glooMeshAgent.extraEnvs | struct | Extra environment variables for the container | |
| glooMeshAgent.resources | struct | {“requests”:{“cpu”:“50m”,“memory”:“128Mi”}} | Container resource requirements. For more info, see the Kubernetes documentation. |
| glooMeshAgent.securityContext | struct | Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. | |
| glooMeshAgent.sidecars | map[string, struct] | {} | Optional configuration for the deployed containers. |
| glooMeshAgent.sidecars.<MAP_KEY> | struct | Optional configuration for the deployed containers. | |
| glooMeshAgent.sidecars.<MAP_KEY>.image | struct | Container image. | |
| glooMeshAgent.sidecars.<MAP_KEY>.image.tag | string | Version tag for the container image. | |
| glooMeshAgent.sidecars.<MAP_KEY>.image.repository | string | Image name (repository). | |
| glooMeshAgent.sidecars.<MAP_KEY>.image.registry | string | Image registry. | |
| glooMeshAgent.sidecars.<MAP_KEY>.image.pullPolicy | string | Image pull policy. | |
| glooMeshAgent.sidecars.<MAP_KEY>.image.pullSecret | string | Image pull secret. | |
| glooMeshAgent.sidecars.<MAP_KEY>.env[] | slice | Environment variables for the container. For more info, see the Kubernetes documentation. | |
| glooMeshAgent.sidecars.<MAP_KEY>.extraEnvs | struct | Extra environment variables for the container | |
| glooMeshAgent.sidecars.<MAP_KEY>.resources | struct | Container resource requirements. For more info, see the Kubernetes documentation. | |
| glooMeshAgent.sidecars.<MAP_KEY>.securityContext | struct | Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. | |
| glooMeshAgent.floatingUserId | bool | false | Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. |
| glooMeshAgent.runAsUser | uint32 | 10101 | Static user ID to run the containers as. Unused if floatingUserId is ’true’. |
| glooMeshAgent.serviceType | string | ClusterIP | Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. |
| glooMeshAgent.ports | map[string, uint32] | {“grpc”:9977,“healthcheck”:8090,“http”:9988,“stats”:9091} | Service ports as a map from port name to port number. |
| glooMeshAgent.ports.<MAP_KEY> | uint32 | Service ports as a map from port name to port number. | |
| glooMeshAgent.ports.grpc | uint32 | 9977 | Service ports as a map from port name to port number. |
| glooMeshAgent.ports.healthcheck | uint32 | 8090 | Service ports as a map from port name to port number. |
| glooMeshAgent.ports.http | uint32 | 9988 | Service ports as a map from port name to port number. |
| glooMeshAgent.ports.stats | uint32 | 9091 | Service ports as a map from port name to port number. |
| glooMeshAgent.deploymentOverrides | struct | Arbitrary overrides for the component’s deployment template | |
| glooMeshAgent.serviceOverrides | struct | Arbitrary overrides for the component’s service template. | |
| glooMeshAgent.enabled | bool | true | Enable creation of the deployment/service. |
| glooMeshPortalServer | struct | Configuration for the glooMeshPortalServer deployment. | |
| glooMeshPortalServer | struct | ||
| glooMeshPortalServer.verbose | bool | false | Enable verbose/debug logging. |
| glooMeshPortalServer | struct | ||
| glooMeshPortalServer.devMode | bool | false | Set to true to enable development mode for the logger, which can cause panics. Do not use in production. |
| glooMeshPortalServer.enabled | bool | false | Deploy the Portal server for Gloo Platform Portal to the cluster. |
| glooMeshPortalServer.apiKeyStorage | struct | Configure backend storage for API keys. | |
| glooMeshPortalServer.apiKeyStorage.type | string | redis | Backend storage for API keys. Currently, redis is supported. |
| glooMeshPortalServer.apiKeyStorage.configPath | string | /etc/redis/config.yaml | Path for API key storage config file |
| glooMeshPortalServer.apiKeyStorage.secretKey | string | change this | The string value that you want to use to hash API keys before they are stored in the backing database. |
| glooMeshPortalServer | struct | Configuration for the glooMeshPortalServer deployment. | |
| glooMeshPortalServer | struct | ||
| glooMeshPortalServer.image | struct | Container image. | |
| glooMeshPortalServer.image.tag | string | Version tag for the container image. | |
| glooMeshPortalServer.image.repository | string | gloo-mesh-portal-server | Image name (repository). |
| glooMeshPortalServer.image.registry | string | gcr.io/gloo-mesh | Image registry. |
| glooMeshPortalServer.image.pullPolicy | string | IfNotPresent | Image pull policy. |
| glooMeshPortalServer.image.pullSecret | string | Image pull secret. | |
| glooMeshPortalServer.env[] | slice | [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“APIKEY_STORAGE_SECRET_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“portal-storage-secret-key”,“key”:“key”}}}] | Environment variables for the container. For more info, see the Kubernetes documentation. |
| glooMeshPortalServer.extraEnvs | struct | Extra environment variables for the container | |
| glooMeshPortalServer.resources | struct | {“requests”:{“cpu”:“50m”,“memory”:“128Mi”}} | Container resource requirements. For more info, see the Kubernetes documentation. |
| glooMeshPortalServer.securityContext | struct | Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. | |
| glooMeshPortalServer.sidecars | map[string, struct] | {} | Optional configuration for the deployed containers. |
| glooMeshPortalServer.sidecars.<MAP_KEY> | struct | Optional configuration for the deployed containers. | |
| glooMeshPortalServer.sidecars.<MAP_KEY>.image | struct | Container image. | |
| glooMeshPortalServer.sidecars.<MAP_KEY>.image.tag | string | Version tag for the container image. | |
| glooMeshPortalServer.sidecars.<MAP_KEY>.image.repository | string | Image name (repository). | |
| glooMeshPortalServer.sidecars.<MAP_KEY>.image.registry | string | Image registry. | |
| glooMeshPortalServer.sidecars.<MAP_KEY>.image.pullPolicy | string | Image pull policy. | |
| glooMeshPortalServer.sidecars.<MAP_KEY>.image.pullSecret | string | Image pull secret. | |
| glooMeshPortalServer.sidecars.<MAP_KEY>.env[] | slice | Environment variables for the container. For more info, see the Kubernetes documentation. | |
| glooMeshPortalServer.sidecars.<MAP_KEY>.extraEnvs | struct | Extra environment variables for the container | |
| glooMeshPortalServer.sidecars.<MAP_KEY>.resources | struct | Container resource requirements. For more info, see the Kubernetes documentation. | |
| glooMeshPortalServer.sidecars.<MAP_KEY>.securityContext | struct | Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. | |
| glooMeshPortalServer.floatingUserId | bool | false | Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. |
| glooMeshPortalServer.runAsUser | uint32 | 10101 | Static user ID to run the containers as. Unused if floatingUserId is ’true’. |
| glooMeshPortalServer.serviceType | string | ClusterIP | Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. |
| glooMeshPortalServer.ports | map[string, uint32] | {“http”:8080} | Service ports as a map from port name to port number. |
| glooMeshPortalServer.ports.<MAP_KEY> | uint32 | Service ports as a map from port name to port number. | |
| glooMeshPortalServer.ports.http | uint32 | 8080 | Service ports as a map from port name to port number. |
| glooMeshPortalServer.deploymentOverrides | struct | Arbitrary overrides for the component’s deployment template | |
| glooMeshPortalServer.serviceOverrides | struct | Arbitrary overrides for the component’s service template. | |
| glooMeshPortalServer.enabled | bool | true | Enable creation of the deployment/service. |