Modifying Helm chart values

Gloo Mesh Enterprise uses Helm chart values for settings that control features such as relay certificates, rate limiting, or external authentication.

As you use Gloo Mesh, you might need to modify the Helm chart values to enable or disable these settings for the features that you want to use. Upgrading the Helm chart settings typically does not restart the enterprise-networking or enterprise-agent pods in your clusters. However, to verify any prerequisite steps or impact, consult the guides for the feature that you want to enable before changing the Helm chart values.

About Gloo Mesh Helm chart components

The following table provides an overview of the Gloo Mesh Helm chart components. You might want to modify some of these charts’ values for your Gloo Mesh setup.

Component Prefix Description
Gloo Mesh UI gloo-mesh-ui The Gloo Mesh Enterprise UI, which includes the Dashboard and Redis subcomponents.
Dashboard gloo-mesh-ui.dashboard A subchart of the Gloo Mesh UI to render the dashboard that you can launch with the meshctl dashboard command.
Redis gloo-mesh-ui.redis-dashboard An optional subchart of the Gloo Mesh UI to store the ID tokens to use to log in to the dashboard.
Enterprise networking enterprise-networking The management plane of Gloo Mesh Enterprise, deployed on the management cluster.
Enterprise agent N/A The agent of Gloo Mesh Enterprise, deployed on each remote cluster.
RBAC webhook rbac-webook The Kubernetes webhook that enforces Gloo Mesh Enterprise's role-based API.

Before you begin

  1. Review the Helm value reference documentation for a description of the Helm chart settings that you can modify.

  2. Save the environment variables that you need.

    # Save the kubeconfig contexts for your clusters. Run kubectl config get-contexts, look for your cluster in the CLUSTER column, and get the context name in the NAME column.
    export MGMT_CONTEXT=<management_cluster_config>
    export REMOTE_CONTEXT=<remote_cluster_config>
    
    # Set the Gloo Mesh Enterprise version. The latest version is used as an example. You can find other versions in the Changelog documentation.
    export GLOO_MESH_VERSION=1.2.8
    
    # Add your Gloo Mesh Enterprise license that you got from your Solo account representative.
    export GLOO_MESH_LICENSE_KEY=<license_key>
    

Installing or upgrading modified Helm values

Install or upgrade the Gloo Mesh Enterprise Helm chart with helm install or helm upgrade CLI commands by using a configuration file such as values.yaml or the --set option. You can download the bundled Gloo Mesh Enterprise charts from https://storage.googleapis.com/gloo-mesh-enterprise/.

  1. Target your cluster.

kubectl config use-context ${MGMT_CONTEXT}

kubectl config use-context ${REMOTE_CONTEXT}
  1. Add and update the Helm chart repos. Add or update the gloo-mesh-enterprise repo for the management cluster and enterprise-agent for the remote clusters.

helm repo add gloo-mesh-enterprise https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-enterprise

helm repo add enterprise-agent https://storage.googleapis.com/gloo-mesh-enterprise/enterprise-agent

helm repo update
  1. Optional: View the latest chart versions.

    helm search repo
    
  2. Optional: If you already installed the Helm chart, view the current Helm values of the installed chart.


helm show values gloo-mesh-enterprise/gloo-mesh-enterprise

helm show values gloo-mesh-enterprise/enterprise-agent
  1. If you did not already install the Helm chart, create the gloo-mesh namespace.

    kubectl create ns gloo-mesh
    
  2. Continue to the next sections to install or upgrade Helm chart values, depending on which method you want to use.

Modifying values with –set

Specify the Helm value that you want to modify in the --set command. Remember to include the prefix for the component that you want to modify. For a description of the Helm chart settings that you can modify, review the Helm value reference documentation.


helm install gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise \
--namespace gloo-mesh \
--kube-context ${MGMT_CONTEXT} \
--set licenseKey=${GLOO_MESH_LICENSE_KEY} \
--set rbac-webhook.enabled=true
--set enterprise-networking.enterpriseNetworking.floatingUserId=true \
--set gloo-mesh-ui.dashboard.floatingUserId.floatingUserId=true \
--set gloo-mesh-ui.redis-dashboard.redisDashboard.floatingUserId=true

helm upgrade gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise \
--namespace gloo-mesh \
--kube-context ${MGMT_CONTEXT} \
--set licenseKey=${GLOO_MESH_LICENSE_KEY} \
--set rbac-webhook.enabled=true
--set enterprise-networking.enterpriseNetworking.floatingUserId=true \
--set gloo-mesh-ui.dashboard.floatingUserId.floatingUserId=true \
--set gloo-mesh-ui.redis-dashboard.redisDashboard.floatingUserId=true

helm install enterprise-agent enterprise-agent/enterprise-agent \
  --namespace gloo-mesh \
  --kube-context=${REMOTE_CONTEXT} \
  --version ${ENTERPRISE_NETWORKING_VERSION}

helm upgrade enterprise-agent enterprise-agent/enterprise-agent \
  --namespace gloo-mesh \
  --kube-context=${REMOTE_CONTEXT} \
  --version ${ENTERPRISE_NETWORKING_VERSION}

Modifying values with a configuration file

  1. Create a configuration file with a name such as values.yaml, and include the Helm values that you want to modify, such as the following example. The example modifies the settings of the enterprise-networking and dashboard components so that you can provide your own relay certificates. The example also shows how you might use the deploymentOverrides and serviceOverrides to modify the default deployment of the enterprise-networking with your own Kubernetes resources, like a config map or service account.

For a description of each Helm chart setting that you can modify, review the Helm value referencedocumentation.

enterprise-networking:
  global:
      insecure: false
  cluster: mgmt-cluster-name
  relayTlsSecret:
      name: enterprise-networking-server-certs
      namespace: gloo-mesh
  selfSigned: false
  disableRelayCa: true
  deploymentOverrides:
  spec:
    template:
      spec:
        volumeMounts:
          - name: envoy-config
            configMap:
              name: my-custom-envoy-config
  serviceOverrides:
    spec:
      serviceAccountName: other-service-account
dashboard:
  global:
      insecure: false
  1. Optional: Review your changes in the context of the entire template for the Helm chart that you plan to install, such as gloo-mesh-enterprise/gloo-mesh-enterprise for the management cluster. The output includes the YAML manifests for all the resources that Gloo Mesh Enterprise installs in your cluster with the Helm chart, including the changes that you just made.

    helm template gloo-mesh-enterprise https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-enterprise/gloo-mesh-enterprise-$GLOO_MESH_VERSION.tgz --namespace gloo-mesh --values values.yaml --set licenseKey=$GLOO_MESH_LICENSE_KEY
    
  2. Install or upgrade the Helm chart with your updated Helm values.


helm install gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise \
--namespace gloo-mesh \
--kube-context ${MGMT_CONTEXT} \
--set licenseKey=${GLOO_MESH_LICENSE_KEY}  \
--values values.yaml

helm upgrade gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise \
--namespace gloo-mesh \
--kube-context ${MGMT_CONTEXT} \
--set licenseKey=${GLOO_MESH_LICENSE_KEY} \
--values values.yaml

helm install enterprise-agent enterprise-agent/enterprise-agent \
--namespace gloo-mesh \
--kube-context=${REMOTE_CONTEXT} \
--values values.yaml

helm upgrade enterprise-agent enterprise-agent/enterprise-agent \
--namespace gloo-mesh \
--kube-context=${REMOTE_CONTEXT} \
--values values.yaml