Gloo Mesh Agent

Option Type Default Value Description
insecure bool false Set to true to enable insecure communication between Gloo Mesh components
devMode bool false Set to true to enable dev mode for the logger.
verbose bool false If true, enables verbose/debug logging.
leaderElection bool true If true, leader election will be enabled
cluster string the cluster in which the agent will be deployed
relay struct {“serverAddress”:"",“authority”:“gloo-mesh-mgmt-server.gloo-mesh”,“clientTlsSecret”:{“name”:“relay-client-tls-secret”},“rootTlsSecret”:{“name”:“relay-root-tls-secret”},“tokenSecret”:{“name”:“relay-identity-token-secret”,“namespace”:"",“key”:“token”}} options for configuring relay on the agent
relay.serverAddress string address of the relay server
relay.authority string gloo-mesh-mgmt-server.gloo-mesh set the authority/host header to this value when dialing the Relay gRPC Server
relay.clientTlsSecret struct {“name”:“relay-client-tls-secret”} Reference to a Secret containing the Client TLS Certificates used to identify the Relay Agent to the Server. If the secret does not exist, a Token and Root cert secret are required.
relay.clientTlsSecret.name string relay-client-tls-secret
relay.clientTlsSecret.namespace string
relay.rootTlsSecret struct {“name”:“relay-root-tls-secret”} Reference to a Secret containing a Root TLS Certificates used to verify the Relay Server Certificate. The secret can also optionally specify a ‘tls.key’ which will be used to generate the Agent Client Certificate.
relay.rootTlsSecret.name string relay-root-tls-secret
relay.rootTlsSecret.namespace string
relay.tokenSecret struct {“name”:“relay-identity-token-secret”,“namespace”:"",“key”:“token”} Reference to a Secret containing a shared Token for authenticating to the Relay Server
relay.tokenSecret.name string relay-identity-token-secret Name of the Kubernetes Secret
relay.tokenSecret.namespace string Namespace of the Kubernetes Secret
relay.tokenSecret.key string token Key value of the data within the Kubernetes Secret
maxGrpcMessageSize string 4294967295 Specify to set a custom maximum message size for grpc messages sent and received by the Relay server
metricsBufferSize int 50 the number of metrics messages to buffer per envoy proxy
accessLogsBufferSize int 50 the number of access logs to buffer per envoy proxy
istiodSidecar struct {“createRoleBinding”:false,“istiodServiceAccount”:{“name”:“istiod”,“namespace”:“istio-system”}} settings pertaining to the istiod sidecar deployment
istiodSidecar.createRoleBinding bool false create cluster role binding needed by istiod sidecar
istiodSidecar.istiodServiceAccount struct {“name”:“istiod”,“namespace”:“istio-system”} object reference to istiod service account
istiodSidecar.istiodServiceAccount.name string istiod
istiodSidecar.istiodServiceAccount.namespace string istio-system
ext-auth-service struct {“enabled”:false,“extraTemplateAnnotations”:{“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"}} customizations to the ext-auth-service helm chart
ext-auth-service.enabled bool false if true, deploy the dependency service (default false)
ext-auth-service.extraTemplateAnnotations map[string, string] {“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"} extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’
ext-auth-service.extraTemplateAnnotations.<MAP_KEY> string extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’
ext-auth-service.extraTemplateAnnotations.proxy.istio.io/config string { “holdApplicationUntilProxyStarts”: true } extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’
rate-limiter struct {“enabled”:false,“extraTemplateAnnotations”:{“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"}} customizations to the rate-limiter helm chart
rate-limiter.enabled bool false if true, deploy the dependency service (default false)
rate-limiter.extraTemplateAnnotations map[string, string] {“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"} extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’
rate-limiter.extraTemplateAnnotations.<MAP_KEY> string extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’
rate-limiter.extraTemplateAnnotations.proxy.istio.io/config string { “holdApplicationUntilProxyStarts”: true } extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’
sidecar-accel struct {“enabled”:false} customizations to the sidecar-accel helm chart
sidecar-accel.enabled bool false if true, deploy the dependency service (default false)
gloo-network-agent struct {“enabled”:false} customizations to the gloo-network-agent helm chart
gloo-network-agent.enabled bool false if true, deploy the dependency service (default false)
managedInstallations struct {“images”:{“hub”:“us-docker.pkg.dev/gloo-mesh/istio-a9797008feb0”,“tag”:“1.13.5”},“controlPlane”:{“enabled”:true,“overrides”:{}},“northSouthGateways”:[{“name”:“north-south-gateway”,“enabled”:true,“overrides”:{}}],“eastWestGateways”:null,“cluster”:"",“revision”:“gm”,“defaultRevision”:“gm”,“enabled”:false} Subchart for setting up managed installations of Control Planes and Gateways in workload clusters.
managedInstallations.images struct {“hub”:“us-docker.pkg.dev/gloo-mesh/istio-a9797008feb0”,“tag”:“1.13.5”} options for the installed container images
managedInstallations.images.hub string us-docker.pkg.dev/gloo-mesh/istio-a9797008feb0 istio image repository
managedInstallations.images.tag string 1.13.5 istio image tag
managedInstallations.controlPlane struct {“enabled”:true,“overrides”:{}} installing a control plane instance to the cluster
managedInstallations.controlPlane.enabled bool true indicates whether or not to install the control plane
managedInstallations.controlPlane.Overrides struct {} a set of overrides which will be merged into the final Istio Operator Spec used to install this control plane (https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/) to be used to install the control plane.
managedInstallations.northSouthGateways[] []struct [{“name”:“north-south-gateway”,“enabled”:true,“overrides”:{}}] installing north-south gateways to the cluster
managedInstallations.northSouthGateways[] struct installing north-south gateways to the cluster
managedInstallations.northSouthGateways[].name string Name of the Gateway. Must be unique.
managedInstallations.northSouthGateways[].enabled bool Enable installation of the control plane.
managedInstallations.northSouthGateways[].Overrides struct A set of overrides which will be merged into the final Istio Operator Spec used to install this gateway (https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/) to be used to install the control plane.
managedInstallations.eastWestGateways[] []struct null installing east-West gateways to the cluster
managedInstallations.eastWestGateways[] struct installing east-West gateways to the cluster
managedInstallations.eastWestGateways[].name string Name of the Gateway. Must be unique.
managedInstallations.eastWestGateways[].enabled bool Enable installation of the control plane.
managedInstallations.eastWestGateways[].Overrides struct A set of overrides which will be merged into the final Istio Operator Spec used to install this gateway (https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/) to be used to install the control plane.
managedInstallations.cluster string the cluster in which the agent will be deployed
managedInstallations.revision string gm the name of the istio revision that will be deployed
managedInstallations.defaultRevision string gm the istio revision that will be the default for the cluster and make use of the ‘istio-injection’ label
managedInstallations.enabled bool false whether to install the managed installation
glooMeshAgent struct {“image”:{“repository”:“gloo-mesh-agent”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}],“resources”:{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}},“sidecars”:{},“floatingUserId”:false,“runAsUser”:10101,“serviceType”:“ClusterIP”,“ports”:{“grpc”:9977,“http”:9988,“stats”:9091},“enabled”:true} Configuration for the glooMeshAgent deployment.
glooMeshAgent struct {“image”:{“repository”:“gloo-mesh-agent”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}],“resources”:{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}}
glooMeshAgent.image struct {“repository”:“gloo-mesh-agent”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”} Specify the container image
glooMeshAgent.image.tag string Tag for the container.
glooMeshAgent.image.repository string gloo-mesh-agent Image name (repository).
glooMeshAgent.image.registry string gcr.io/gloo-mesh Image registry.
glooMeshAgent.image.pullPolicy string IfNotPresent Image pull policy.
glooMeshAgent.image.pullSecret string Image pull secret.
glooMeshAgent.Env[] slice [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}] Specify environment variables for the container. See the Kubernetes documentation for specification details.
glooMeshAgent.resources struct {“requests”:{“cpu”:“50m”,“memory”:“128Mi”}} Specify container resource requirements. See the Kubernetes documentation for specification details.
glooMeshAgent.resources.limits map[string, struct] null
glooMeshAgent.resources.limits.<MAP_KEY> struct
glooMeshAgent.resources.limits.<MAP_KEY> string
glooMeshAgent.resources.requests map[string, struct] {“cpu”:“50m”,“memory”:“128Mi”}
glooMeshAgent.resources.requests.<MAP_KEY> struct
glooMeshAgent.resources.requests.<MAP_KEY> string
glooMeshAgent.resources.requests.cpu struct "50m”
glooMeshAgent.resources.requests.cpu string DecimalSI
glooMeshAgent.resources.requests.memory struct "128Mi”
glooMeshAgent.resources.requests.memory string BinarySI
glooMeshAgent.securityContext struct Specify container security context. Set to ‘false’ to omit the security context entirely. See the Kubernetes documentation for specification details.
glooMeshAgent.securityContext.capabilities struct
glooMeshAgent.securityContext.capabilities.add[] []string
glooMeshAgent.securityContext.capabilities.add[] string
glooMeshAgent.securityContext.capabilities.drop[] []string
glooMeshAgent.securityContext.capabilities.drop[] string
glooMeshAgent.securityContext.privileged bool
glooMeshAgent.securityContext.seLinuxOptions struct
glooMeshAgent.securityContext.seLinuxOptions.user string
glooMeshAgent.securityContext.seLinuxOptions.role string
glooMeshAgent.securityContext.seLinuxOptions.type string
glooMeshAgent.securityContext.seLinuxOptions.level string
glooMeshAgent.securityContext.windowsOptions struct
glooMeshAgent.securityContext.windowsOptions.gmsaCredentialSpecName string
glooMeshAgent.securityContext.windowsOptions.gmsaCredentialSpec string
glooMeshAgent.securityContext.windowsOptions.runAsUserName string
glooMeshAgent.securityContext.windowsOptions.hostProcess bool
glooMeshAgent.securityContext.runAsUser int64
glooMeshAgent.securityContext.runAsGroup int64
glooMeshAgent.securityContext.runAsNonRoot bool
glooMeshAgent.securityContext.readOnlyRootFilesystem bool
glooMeshAgent.securityContext.allowPrivilegeEscalation bool
glooMeshAgent.securityContext.procMount string
glooMeshAgent.securityContext.seccompProfile struct
glooMeshAgent.securityContext.seccompProfile.type string
glooMeshAgent.securityContext.seccompProfile.localhostProfile string
glooMeshAgent.sidecars map[string, struct] {} Configuration for the deployed containers.
glooMeshAgent.sidecars.<MAP_KEY> struct Configuration for the deployed containers.
glooMeshAgent.sidecars.<MAP_KEY>.image struct Specify the container image
glooMeshAgent.sidecars.<MAP_KEY>.image.tag string Tag for the container.
glooMeshAgent.sidecars.<MAP_KEY>.image.repository string Image name (repository).
glooMeshAgent.sidecars.<MAP_KEY>.image.registry string Image registry.
glooMeshAgent.sidecars.<MAP_KEY>.image.pullPolicy string Image pull policy.
glooMeshAgent.sidecars.<MAP_KEY>.image.pullSecret string Image pull secret.
glooMeshAgent.sidecars.<MAP_KEY>.Env[] slice Specify environment variables for the container. See the Kubernetes documentation for specification details.
glooMeshAgent.sidecars.<MAP_KEY>.resources struct Specify container resource requirements. See the Kubernetes documentation for specification details.
glooMeshAgent.sidecars.<MAP_KEY>.resources.limits map[string, struct]
glooMeshAgent.sidecars.<MAP_KEY>.resources.limits.<MAP_KEY> struct
glooMeshAgent.sidecars.<MAP_KEY>.resources.limits.<MAP_KEY> string
glooMeshAgent.sidecars.<MAP_KEY>.resources.requests map[string, struct]
glooMeshAgent.sidecars.<MAP_KEY>.resources.requests.<MAP_KEY> struct
glooMeshAgent.sidecars.<MAP_KEY>.resources.requests.<MAP_KEY> string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext struct Specify container security context. Set to ‘false’ to omit the security context entirely. See the Kubernetes documentation for specification details.
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.capabilities struct
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.capabilities.add[] []string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.capabilities.add[] string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.capabilities.drop[] []string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.capabilities.drop[] string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.privileged bool
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.seLinuxOptions struct
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.seLinuxOptions.user string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.seLinuxOptions.role string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.seLinuxOptions.type string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.seLinuxOptions.level string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.windowsOptions struct
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.windowsOptions.gmsaCredentialSpecName string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.windowsOptions.gmsaCredentialSpec string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.windowsOptions.runAsUserName string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.windowsOptions.hostProcess bool
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.runAsUser int64
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.runAsGroup int64
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.runAsNonRoot bool
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.readOnlyRootFilesystem bool
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.allowPrivilegeEscalation bool
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.procMount string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.seccompProfile struct
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.seccompProfile.type string
glooMeshAgent.sidecars.<MAP_KEY>.securityContext.seccompProfile.localhostProfile string
glooMeshAgent.floatingUserId bool false Allow the pod to be assigned a dynamic user ID.
glooMeshAgent.runAsUser uint32 10101 Static user ID to run the containers as. Unused if floatingUserId is ‘true’.
glooMeshAgent.serviceType string ClusterIP Specify the service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”.
glooMeshAgent.ports map[string, uint32] {“grpc”:9977,“http”:9988,“stats”:9091} Specify service ports as a map from port name to port number.
glooMeshAgent.ports.<MAP_KEY> uint32 Specify service ports as a map from port name to port number.
glooMeshAgent.ports.grpc uint32 9977 Specify service ports as a map from port name to port number.
glooMeshAgent.ports.http uint32 9988 Specify service ports as a map from port name to port number.
glooMeshAgent.ports.stats uint32 9091 Specify service ports as a map from port name to port number.
glooMeshAgent.DeploymentOverrides invalid Provide arbitrary overrides for the component's deployment template
glooMeshAgent.ServiceOverrides invalid Provide arbitrary overrides for the component's service template.
glooMeshAgent.enabled bool true Enables or disables creation of the operator deployment/service