| global |
struct |
{“insecure”:false} |
global chart values which can be set from parent charts |
| global.insecure |
bool |
false |
Set to true to enable insecure communication between Gloo Mesh components |
| defaultMetricsPort |
uint32 |
9091 |
The port on which to serve internal Prometheus metrics for the Gloo Mesh application. Set to 0 to disable. |
| relay |
struct |
{“cluster”:"",“serverAddress”:"",“authority”:“enterprise-networking.gloo-mesh”,“insecure”:false,“clientCertSecret”:{“name”:“relay-client-tls-secret”},“rootTlsSecret”:{“name”:“relay-root-tls-secret”},“tokenSecret”:{“name”:“relay-identity-token-secret”,“namespace”:"",“key”:“token”},“maxGrpcMessageSize”:“4294967295”} |
options for connecting relay |
| relay.cluster |
string |
|
cluster identifier for the relay agent |
| relay.serverAddress |
string |
|
address of the relay server |
| relay.authority |
string |
enterprise-networking.gloo-mesh |
set the authority/host header to this value when dialing the Relay gRPC Server |
| relay.insecure |
bool |
false |
communicate with relay server over plain HTTP |
| relay.clientCertSecret |
struct |
{“name”:“relay-client-tls-secret”} |
Reference to a Secret containing the Client TLS Certificates used to identify the Relay Agent to the Server. If the secret does not exist, a Token and Root cert secret are required. |
| relay.clientCertSecret.name |
string |
relay-client-tls-secret |
|
| relay.clientCertSecret.namespace |
string |
|
|
| relay.rootTlsSecret |
struct |
{“name”:“relay-root-tls-secret”} |
Reference to a Secret containing a Root TLS Certificates used to verify the Relay Server Certificate. The secret can also optionally specify a ‘tls.key’ which will be used to generate the Agent Client Certificate. |
| relay.rootTlsSecret.name |
string |
relay-root-tls-secret |
|
| relay.rootTlsSecret.namespace |
string |
|
|
| relay.tokenSecret |
struct |
{“name”:“relay-identity-token-secret”,“namespace”:"",“key”:“token”} |
Reference to a Secret containing a shared Token for authenticating to the Relay Server |
| relay.tokenSecret.name |
string |
relay-identity-token-secret |
Name of the Kubernetes Secret |
| relay.tokenSecret.namespace |
string |
|
Namespace of the Kubernetes Secret |
| relay.tokenSecret.key |
string |
token |
Key value of the data within the Kubernetes Secret |
| relay.maxGrpcMessageSize |
string |
4294967295 |
Specify to set a custom maximum message size for grpc messages sent to the Relay server |
| settingsRef |
struct |
{“name”:“settings”,“namespace”:“gloo-mesh”} |
ref to the settings object that will be received from the networking server. |
| settingsRef.name |
string |
settings |
|
| settingsRef.namespace |
string |
gloo-mesh |
|
| istiodSidecar |
struct |
{“createRoleBinding”:false,“istiodServiceAccount”:{“name”:“istiod-service-account”,“namespace”:“istio-system”}} |
settings pertaining to the istiod sidecar deployment |
| istiodSidecar.createRoleBinding |
bool |
false |
create cluster role binding needed by istiod sidecar |
| istiodSidecar.istiodServiceAccount |
struct |
{“name”:“istiod-service-account”,“namespace”:“istio-system”} |
object reference to istiod service account |
| istiodSidecar.istiodServiceAccount.name |
string |
istiod-service-account |
|
| istiodSidecar.istiodServiceAccount.namespace |
string |
istio-system |
|
| verbose |
bool |
false |
enables verbose/debug logging |
| ext-auth-service |
struct |
{“enabled”:false,“extraTemplateAnnotations”:{“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"}} |
customizations to the ext-auth-service helm chart |
| ext-auth-service.enabled |
bool |
false |
if true, deploy ExtAuth service (default false) |
| ext-auth-service.extraTemplateAnnotations |
map[string, string] |
|
extra annotations to add to the extauth service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| ext-auth-service.extraTemplateAnnotations.<MAP_KEY> |
string |
|
extra annotations to add to the extauth service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| ext-auth-service.extraTemplateAnnotations.proxy.istio.io/config |
string |
{ “holdApplicationUntilProxyStarts”: true } |
extra annotations to add to the extauth service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| rate-limiter |
struct |
{“enabled”:false,“extraTemplateAnnotations”:{“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"}} |
customizations to the rate-limiter helm chart |
| rate-limiter.enabled |
bool |
false |
if true, deploy rate limit service (default false) |
| rate-limiter.extraTemplateAnnotations |
map[string, string] |
|
extra annotations to add to the ratelimit service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| rate-limiter.extraTemplateAnnotations.<MAP_KEY> |
string |
|
extra annotations to add to the ratelimit service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| rate-limiter.extraTemplateAnnotations.proxy.istio.io/config |
string |
{ “holdApplicationUntilProxyStarts”: true } |
extra annotations to add to the ratelimit service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| enterpriseAgent |
struct |
{“image”:{“repository”:“enterprise-agent”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}],“resources”:{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}},“sidecars”:{},“floatingUserId”:false,“runAsUser”:10101,“serviceType”:“ClusterIP”,“ports”:{“grpc”:9977,“http”:9988},“enabled”:true} |
Configuration for the enterpriseAgent deployment. |
| enterpriseAgent |
struct |
{“image”:{“repository”:“enterprise-agent”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}],“resources”:{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}} |
|
| enterpriseAgent.image |
struct |
{“repository”:“enterprise-agent”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”} |
Specify the container image |
| enterpriseAgent.image.tag |
string |
|
Tag for the container. |
| enterpriseAgent.image.repository |
string |
enterprise-agent |
Image name (repository). |
| enterpriseAgent.image.registry |
string |
gcr.io/gloo-mesh |
Image registry. |
| enterpriseAgent.image.pullPolicy |
string |
IfNotPresent |
Image pull policy. |
| enterpriseAgent.image.pullSecret |
string |
|
Image pull secret. |
| enterpriseAgent.Env[] |
slice |
[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}] |
Specify environment variables for the container. See the Kubernetes documentation for specification details. |
| enterpriseAgent.resources |
struct |
{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}} |
Specify container resource requirements. See the Kubernetes documentation for specification details. |
| enterpriseAgent.resources.limits |
map[string, struct] |
|
|
| enterpriseAgent.resources.limits.<MAP_KEY> |
struct |
|
|
| enterpriseAgent.resources.limits.<MAP_KEY> |
string |
|
|
| enterpriseAgent.resources.requests |
map[string, struct] |
|
|
| enterpriseAgent.resources.requests.<MAP_KEY> |
struct |
|
|
| enterpriseAgent.resources.requests.<MAP_KEY> |
string |
|
|
| enterpriseAgent.resources.requests.cpu |
struct |
"50m” |
|
| enterpriseAgent.resources.requests.cpu |
string |
DecimalSI |
|
| enterpriseAgent.resources.requests.memory |
struct |
"128Mi” |
|
| enterpriseAgent.resources.requests.memory |
string |
BinarySI |
|
| enterpriseAgent.sidecars |
map[string, struct] |
|
Configuration for the deployed containers. |
| enterpriseAgent.sidecars.<MAP_KEY> |
struct |
|
Configuration for the deployed containers. |
| enterpriseAgent.sidecars.<MAP_KEY>.image |
struct |
|
Specify the container image |
| enterpriseAgent.sidecars.<MAP_KEY>.image.tag |
string |
|
Tag for the container. |
| enterpriseAgent.sidecars.<MAP_KEY>.image.repository |
string |
|
Image name (repository). |
| enterpriseAgent.sidecars.<MAP_KEY>.image.registry |
string |
|
Image registry. |
| enterpriseAgent.sidecars.<MAP_KEY>.image.pullPolicy |
string |
|
Image pull policy. |
| enterpriseAgent.sidecars.<MAP_KEY>.image.pullSecret |
string |
|
Image pull secret. |
| enterpriseAgent.sidecars.<MAP_KEY>.Env[] |
slice |
|
Specify environment variables for the container. See the Kubernetes documentation for specification details. |
| enterpriseAgent.sidecars.<MAP_KEY>.resources |
struct |
|
Specify container resource requirements. See the Kubernetes documentation for specification details. |
| enterpriseAgent.sidecars.<MAP_KEY>.resources.limits |
map[string, struct] |
|
|
| enterpriseAgent.sidecars.<MAP_KEY>.resources.limits.<MAP_KEY> |
struct |
|
|
| enterpriseAgent.sidecars.<MAP_KEY>.resources.limits.<MAP_KEY> |
string |
|
|
| enterpriseAgent.sidecars.<MAP_KEY>.resources.requests |
map[string, struct] |
|
|
| enterpriseAgent.sidecars.<MAP_KEY>.resources.requests.<MAP_KEY> |
struct |
|
|
| enterpriseAgent.sidecars.<MAP_KEY>.resources.requests.<MAP_KEY> |
string |
|
|
| enterpriseAgent.floatingUserId |
bool |
false |
Allow the pod to be assigned a dynamic user ID. |
| enterpriseAgent.runAsUser |
uint32 |
10101 |
Static user ID to run the containers as. Unused if floatingUserId is ‘true’. |
| enterpriseAgent.serviceType |
string |
ClusterIP |
Specify the service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. |
| enterpriseAgent.ports |
map[string, uint32] |
|
Specify service ports as a map from port name to port number. |
| enterpriseAgent.ports.<MAP_KEY> |
uint32 |
|
Specify service ports as a map from port name to port number. |
| enterpriseAgent.ports.grpc |
uint32 |
9977 |
Specify service ports as a map from port name to port number. |
| enterpriseAgent.ports.http |
uint32 |
9988 |
Specify service ports as a map from port name to port number. |
| enterpriseAgent.DeploymentOverrides |
invalid |
|
Provide arbitrary overrides for the component's deployment template |
| enterpriseAgent.ServiceOverrides |
invalid |
|
Provide arbitrary overrides for the component's service template. |
| enterpriseAgent.enabled |
bool |
true |
Enables or disables creation of the operator deployment/service |
