Legacy: Gloo Mesh Enterprise

Option Type Description Default Value
adminNamespace string Namespace to install control plane components into. The admin namespace also contains global configuration, such as Workspace, global overrides WorkspaceSettings, and KubernetesCluster resources.
clickhouse struct Configuration for the Clickhouse storage, used to demo API Analytics. See the Bitnami Clickhouse Helm chart for the complete set of values
clickhouse.auth struct Authentication configuration
clickhouse.auth.existingSecret string Name of existing secret to use for authentication clickhouse-auth
clickhouse.auth.existingSecretKey string Key in existing secret to use for authentication password
clickhouse.enabled bool Set to false to disable the clickhouse dependency. false
clickhouse.fullnameOverride string Override the full name, used for the service and the statefulset clickhouse
clickhouse.keeper struct Keeper configuration
clickhouse.keeper.enabled bool Set to false to disable the zookeeper dependency. false
clickhouse.replicaCount int Number of replicas 1
clickhouse.shards int Number of shards to create 1
clickhouse.zookeeper struct Zookeeper configuration
clickhouse.zookeeper.enabled bool Set to false to disable the zookeeper dependency. false
devMode bool Set to true to enable development mode for the logger, which can cause panics. Do not use in production. false
experimental struct Experimental features for Gloo Platform. Disabled by default. Do not use in production.
experimental.ambientEnabled bool Allow Gloo Mesh to create Istio Ambient Mesh resources. false
experimental.asyncStatusWrites bool Enable asynchronous writing of statuses to Kubernetes objects. false
global struct Global values shared by the Gloo Mesh Enterprise chart and its subcharts.
global.cluster string Name of the management cluster. Be sure to modify this value to match your cluster's name. mgmt-cluster
glooGatewayLicenseKey string Gloo Gateway license key.
glooMeshLicenseKey string Gloo Mesh Enterprise license key.
glooMeshMgmtServer struct
glooMeshMgmtServer struct Configuration for the glooMeshMgmtServer deployment.
glooMeshMgmtServer.cloudResourcesDiscovery struct Configuration for automatic discovery of CloudResources.
glooMeshMgmtServer.cloudResourcesDiscovery.enabled bool Enable automated discovery of CloudResources, such as AWS Lambda functions, based on CloudProvider configuration. true
glooMeshMgmtServer.cloudResourcesDiscovery.pollingInterval uint16 Polling interval (in seconds) for calling AWS when attempting to discover CloudResources. 10
glooMeshMgmtServer.concurrency uint16 Concurrency to use for translation operations. 10
glooMeshMgmtServer.deploymentOverrides struct Arbitrary overrides for the component's deployment template.
glooMeshMgmtServer.devMode bool Set to true to enable development mode for the logger, which can cause panics. Do not use in production. false
glooMeshMgmtServer.enableClusterLoadBalancing bool Experimental: Enable cluster load balancing. The management server replicas attempt to auto-balance the number of registered workload clusters, based on the number of replicas and the number of total clusters. For example, the server might disconnect a workload cluster if the number of connected clusters is greater than the allotted number. false
glooMeshMgmtServer.enabled bool Deploy the gloo-mesh-mgmt-server. true
glooMeshMgmtServer.enabled bool Enable creation of the deployment/service. true
glooMeshMgmtServer.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“POD_UID”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.uid”}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}},{“name”:“LICENSE_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“gloo-mesh-enterprise-license”,“key”:“key”,“optional”:true}}},{“name”:“REDIS_USERNAME”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“username”,“optional”:true}}},{“name”:“REDIS_PASSWORD”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“password”,“optional”:true}}}]
glooMeshMgmtServer.extraEnvs struct Extra environment variables for the container
glooMeshMgmtServer.floatingUserId bool Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. false
glooMeshMgmtServer.image struct Container image.
glooMeshMgmtServer.image.pullPolicy string Image pull policy. IfNotPresent
glooMeshMgmtServer.image.pullSecret string Image pull secret.
glooMeshMgmtServer.image.registry string Image registry. gcr.io/gloo-mesh
glooMeshMgmtServer.image.repository string Image name (repository). gloo-mesh-mgmt-server
glooMeshMgmtServer.image.tag string Version tag for the container image.
glooMeshMgmtServer.insecure bool Permit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production. false
glooMeshMgmtServer.leaderElection bool Enable leader election for the high-availability deployment. false
glooMeshMgmtServer.maxGrpcMessageSize string Maximum message size for gRPC messages sent and received by the management server. 4294967295
glooMeshMgmtServer.namespacedRbac[] []struct Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource. [{“resources”:[],“namespaces”:[]}]
glooMeshMgmtServer.namespacedRbac[].namespaces[] []string
glooMeshMgmtServer.namespacedRbac[].resources[] []string
glooMeshMgmtServer.ports map[string, uint32] Service ports as a map from port name to port number. {“grpc”:9900,“healthcheck”:8090}
glooMeshMgmtServer.ports.<MAP_KEY> uint32 Service ports as a map from port name to port number.
glooMeshMgmtServer.ports.grpc uint32 Service ports as a map from port name to port number. 9900
glooMeshMgmtServer.ports.healthcheck uint32 Service ports as a map from port name to port number. 8090
glooMeshMgmtServer.readOnlyGeneratedResources bool If true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI. false
glooMeshMgmtServer.relay struct Configuration for certificates to secure server-agent relay communication. Required only for multicluster setups.
glooMeshMgmtServer.relay.disableCa bool To disable relay CA functionality, set to true. Set to true only when you supply your custom client certs to the agents for relay mTLS. The gloo-mesh-mgmt-server pod will not require a token secret or the signing cert secret. The agent pod will not require the token secret, but will fail without a client cert. false
glooMeshMgmtServer.relay.disableCaCertGeneration bool Do not auto-generate self-signed CA certificates. Set to true only when you supply own. false
glooMeshMgmtServer.relay.disableTokenGeneration bool Do not create the relay token Kubernetes secret. Set to true only when you supply own. false
glooMeshMgmtServer.relay.pushRbac bool Push RBAC resources to the management server. Required for multicluster RBAC in the Gloo UI. true
glooMeshMgmtServer.relay.signingTlsSecret struct Secret containing TLS certs used to sign CSRs created by workload agents.
glooMeshMgmtServer.relay.signingTlsSecret.name string relay-tls-signing-secret
glooMeshMgmtServer.relay.signingTlsSecret.namespace string
glooMeshMgmtServer.relay.tlsSecret struct Secret containing client TLS certs used to secure the management server.
glooMeshMgmtServer.relay.tlsSecret.name string relay-server-tls-secret
glooMeshMgmtServer.relay.tlsSecret.namespace string
glooMeshMgmtServer.relay.tokenSecret struct Secret containing a shared token for authenticating Gloo agents when they first communicate with the management server.
glooMeshMgmtServer.relay.tokenSecret.key string Key value of the data within the Kubernetes secret. token
glooMeshMgmtServer.relay.tokenSecret.name string Name of the Kubernetes secret. relay-identity-token-secret
glooMeshMgmtServer.relay.tokenSecret.namespace string Namespace of the Kubernetes secret.
glooMeshMgmtServer.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“125m”,“memory”:“1Gi”}}
glooMeshMgmtServer.runAsUser uint32 Static user ID to run the containers as. Unused if floatingUserId is ‘true’. 10101
glooMeshMgmtServer.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMeshMgmtServer.serviceAccount struct Service account configuration to use for the management server deployment.
glooMeshMgmtServer.serviceAccount.extraAnnotations map[string, string] Extra annotations to add to the service account. null
glooMeshMgmtServer.serviceAccount.extraAnnotations.<MAP_KEY> string Extra annotations to add to the service account.
glooMeshMgmtServer.serviceOverrides struct Arbitrary overrides for the component's service template.
glooMeshMgmtServer.serviceType string Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. LoadBalancer
glooMeshMgmtServer.sidecars map[string, struct] Optional configuration for the deployed containers. {}
glooMeshMgmtServer.sidecars.<MAP_KEY> struct Optional configuration for the deployed containers.
glooMeshMgmtServer.sidecars.<MAP_KEY>.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation.
glooMeshMgmtServer.sidecars.<MAP_KEY>.extraEnvs struct Extra environment variables for the container
glooMeshMgmtServer.sidecars.<MAP_KEY>.image struct Container image.
glooMeshMgmtServer.sidecars.<MAP_KEY>.image.pullPolicy string Image pull policy.
glooMeshMgmtServer.sidecars.<MAP_KEY>.image.pullSecret string Image pull secret.
glooMeshMgmtServer.sidecars.<MAP_KEY>.image.registry string Image registry.
glooMeshMgmtServer.sidecars.<MAP_KEY>.image.repository string Image name (repository).
glooMeshMgmtServer.sidecars.<MAP_KEY>.image.tag string Version tag for the container image.
glooMeshMgmtServer.sidecars.<MAP_KEY>.resources struct Container resource requirements. For more info, see the Kubernetes documentation.
glooMeshMgmtServer.sidecars.<MAP_KEY>.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMeshMgmtServer.statsPort uint32 Port on the management server deployment to pull stats from. 9091
glooMeshMgmtServer.verbose bool Enable verbose/debug logging. false
glooMeshRedis struct
glooMeshRedis struct Configuration for the glooMeshRedis deployment.
glooMeshRedis.addr string Deprecated: Use ‘redis.address’ instead.
glooMeshRedis.deploymentOverrides struct Arbitrary overrides for the component's deployment template.
glooMeshRedis.enabled bool Deploy the default Redis instance. true
glooMeshRedis.enabled bool Enable creation of the deployment/service. true
glooMeshRedis.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“MASTER”,“value”:“true”}]
glooMeshRedis.extraEnvs struct Extra environment variables for the container
glooMeshRedis.floatingUserId bool Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. false
glooMeshRedis.floatingUserId bool Set to true to use a floating user ID. false
glooMeshRedis.image struct Container image.
glooMeshRedis.image.pullPolicy string Image pull policy. IfNotPresent
glooMeshRedis.image.pullSecret string Image pull secret.
glooMeshRedis.image.registry string Image registry. docker.io
glooMeshRedis.image.repository string Image name (repository). redis
glooMeshRedis.image.tag string Version tag for the container image.
glooMeshRedis.ports map[string, uint32] Service ports as a map from port name to port number. {“redis”:6379}
glooMeshRedis.ports.<MAP_KEY> uint32 Service ports as a map from port name to port number.
glooMeshRedis.ports.redis uint32 Service ports as a map from port name to port number. 6379
glooMeshRedis.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
glooMeshRedis.runAsUser uint32 Static user ID to run the containers as. Unused if floatingUserId is ‘true’. 10101
glooMeshRedis.runAsUser int User ID to run Redis as. 999
glooMeshRedis.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. {“capabilities”:{“drop”:[“ALL”]},“runAsUser”:999,“runAsNonRoot”:true,“readOnlyRootFilesystem”:true,“allowPrivilegeEscalation”:false}
glooMeshRedis.serviceOverrides struct Arbitrary overrides for the component's service template.
glooMeshRedis.serviceType string Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. ClusterIP
glooMeshRedis.sidecars map[string, struct] Optional configuration for the deployed containers. {}
glooMeshRedis.sidecars.<MAP_KEY> struct Optional configuration for the deployed containers.
glooMeshRedis.sidecars.<MAP_KEY>.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation.
glooMeshRedis.sidecars.<MAP_KEY>.extraEnvs struct Extra environment variables for the container
glooMeshRedis.sidecars.<MAP_KEY>.image struct Container image.
glooMeshRedis.sidecars.<MAP_KEY>.image.pullPolicy string Image pull policy.
glooMeshRedis.sidecars.<MAP_KEY>.image.pullSecret string Image pull secret.
glooMeshRedis.sidecars.<MAP_KEY>.image.registry string Image registry.
glooMeshRedis.sidecars.<MAP_KEY>.image.repository string Image name (repository).
glooMeshRedis.sidecars.<MAP_KEY>.image.tag string Version tag for the container image.
glooMeshRedis.sidecars.<MAP_KEY>.resources struct Container resource requirements. For more info, see the Kubernetes documentation.
glooMeshRedis.sidecars.<MAP_KEY>.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMeshUi struct
glooMeshUi struct Configuration for the glooMeshUi deployment.
glooMeshUi.auth struct Configure authentication for the UI.
glooMeshUi.auth.backend string Authentication backend to use. ‘oidc’ is supported.
glooMeshUi.auth.enabled bool Require authentication to access the UI. false
glooMeshUi.auth.oidc struct Settings for the OpenID Connect (OIDC) backend.
glooMeshUi.auth.oidc.appUrl string URL that the UI for OIDC app is available at, from the DNS and other ingress settings that expose OIDC app UI service.
glooMeshUi.auth.oidc.clientId string OIDC client ID
glooMeshUi.auth.oidc.clientSecret string Plaintext OIDC client secret, which will be encoded in base64 and stored in a secret named the value of ‘clientSecretName’.
glooMeshUi.auth.oidc.clientSecretName string Name for the secret that will contain the client secret.
glooMeshUi.auth.oidc.issuerUrl string Issuer URL from the OIDC provider, such as ‘https://.<provider_url>/'.
glooMeshUi.auth.oidc.session struct Session storage configuration. If omitted, a cookie is used.
glooMeshUi.auth.oidc.session.backend string Backend to use for auth session storage. ‘cookie’ and ‘redis’ are supported.
glooMeshUi.auth.oidc.session.redis struct Redis instance configuration.
glooMeshUi.auth.oidc.session.redis.host string Host at which the Redis instance is accessible. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’.
glooMeshUi.deploymentOverrides struct Arbitrary overrides for the component's deployment template.
glooMeshUi.enabled bool Deploy the gloo-mesh-ui. true
glooMeshUi.enabled bool Enable creation of the deployment/service. true
glooMeshUi.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“LICENSE_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“gloo-mesh-enterprise-license”,“key”:“key”,“optional”:true}}},{“name”:“REDIS_USERNAME”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“username”,“optional”:true}}},{“name”:“REDIS_PASSWORD”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“password”,“optional”:true}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}}]
glooMeshUi.extraEnvs struct Extra environment variables for the container
glooMeshUi.floatingUserId bool Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. false
glooMeshUi.image struct Container image.
glooMeshUi.image.pullPolicy string Image pull policy. IfNotPresent
glooMeshUi.image.pullSecret string Image pull secret.
glooMeshUi.image.registry string Image registry. gcr.io/gloo-mesh
glooMeshUi.image.repository string Image name (repository). gloo-mesh-apiserver
glooMeshUi.image.tag string Version tag for the container image.
glooMeshUi.ipVersion string Configure IP version to ipv4, ipv6 or dualStack. Defaults to dualStack. dualStack
glooMeshUi.licenseSecretName string Provide license keys in a secret in the adminNamespace of the management cluster, instead of in the license key fields.
glooMeshUi.namespacedRbac[] []struct Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource. [{“resources”:[],“namespaces”:[]}]
glooMeshUi.namespacedRbac[].namespaces[] []string
glooMeshUi.namespacedRbac[].resources[] []string
glooMeshUi.ports map[string, uint32] Service ports as a map from port name to port number. {“console”:8090,“grpc”:10101,“healthcheck”:8081}
glooMeshUi.ports.<MAP_KEY> uint32 Service ports as a map from port name to port number.
glooMeshUi.ports.console uint32 Service ports as a map from port name to port number. 8090
glooMeshUi.ports.grpc uint32 Service ports as a map from port name to port number. 10101
glooMeshUi.ports.healthcheck uint32 Service ports as a map from port name to port number. 8081
glooMeshUi.prometheusUrl string Prometheus server address.
glooMeshUi.readOnlyGeneratedResources bool If true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI. false
glooMeshUi.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
glooMeshUi.runAsUser uint32 Static user ID to run the containers as. Unused if floatingUserId is ‘true’. 10101
glooMeshUi.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMeshUi.serviceOverrides struct Arbitrary overrides for the component's service template.
glooMeshUi.serviceType string Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. ClusterIP
glooMeshUi.settingsName string Name of the UI settings object to use. settings
glooMeshUi.sidecars map[string, struct] Optional configuration for the deployed containers. {“console”:{“image”:{“repository”:“gloo-mesh-ui”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:null,“extraEnvs”:{},“resources”:{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}},“envoy”:{“image”:{“repository”:“gloo-mesh-envoy”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“ENVOY_UID”,“value”:“0”}],“extraEnvs”:{},“resources”:{“requests”:{“cpu”:“500m”,“memory”:“256Mi”}}}}
glooMeshUi.sidecars.<MAP_KEY> struct Optional configuration for the deployed containers.
glooMeshUi.sidecars.<MAP_KEY>.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation.
glooMeshUi.sidecars.<MAP_KEY>.extraEnvs struct Extra environment variables for the container
glooMeshUi.sidecars.<MAP_KEY>.image struct Container image.
glooMeshUi.sidecars.<MAP_KEY>.image.pullPolicy string Image pull policy.
glooMeshUi.sidecars.<MAP_KEY>.image.pullSecret string Image pull secret.
glooMeshUi.sidecars.<MAP_KEY>.image.registry string Image registry.
glooMeshUi.sidecars.<MAP_KEY>.image.repository string Image name (repository).
glooMeshUi.sidecars.<MAP_KEY>.image.tag string Version tag for the container image.
glooMeshUi.sidecars.<MAP_KEY>.resources struct Container resource requirements. For more info, see the Kubernetes documentation.
glooMeshUi.sidecars.<MAP_KEY>.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMeshUi.sidecars.console struct Optional configuration for the deployed containers.
glooMeshUi.sidecars.console.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. null
glooMeshUi.sidecars.console.extraEnvs struct Extra environment variables for the container
glooMeshUi.sidecars.console.image struct Container image.
glooMeshUi.sidecars.console.image.pullPolicy string Image pull policy. IfNotPresent
glooMeshUi.sidecars.console.image.pullSecret string Image pull secret.
glooMeshUi.sidecars.console.image.registry string Image registry. gcr.io/gloo-mesh
glooMeshUi.sidecars.console.image.repository string Image name (repository). gloo-mesh-ui
glooMeshUi.sidecars.console.image.tag string Version tag for the container image.
glooMeshUi.sidecars.console.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
glooMeshUi.sidecars.console.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMeshUi.sidecars.envoy struct Optional configuration for the deployed containers.
glooMeshUi.sidecars.envoy.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“ENVOY_UID”,“value”:“0”}]
glooMeshUi.sidecars.envoy.extraEnvs struct Extra environment variables for the container
glooMeshUi.sidecars.envoy.image struct Container image.
glooMeshUi.sidecars.envoy.image.pullPolicy string Image pull policy. IfNotPresent
glooMeshUi.sidecars.envoy.image.pullSecret string Image pull secret.
glooMeshUi.sidecars.envoy.image.registry string Image registry. gcr.io/gloo-mesh
glooMeshUi.sidecars.envoy.image.repository string Image name (repository). gloo-mesh-envoy
glooMeshUi.sidecars.envoy.image.tag string Version tag for the container image.
glooMeshUi.sidecars.envoy.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“500m”,“memory”:“256Mi”}}
glooMeshUi.sidecars.envoy.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMeshUi.tracing struct Configure the tracing page for the UI. Tracing page is disabled if not configured.
glooMeshUi.tracing.basePath string Base path the tracing UI expects to be rendered on.
glooMeshUi.tracing.endpoint string Endpoint of the tracing UI that will be embedded on the tracing page.
glooMeshUi.tracing.port int32 Port of the tracing UI that will be embedded on the tracing page. 0
glooMeshUi.verbose bool Enable verbose/debug logging. false
glooNetwork struct Gloo Network configuration options.
glooNetwork.enabled bool Enable translation of network policies to enforce access policies and service isolation. false
glooNetworkLicenseKey string Gloo Network license key.
glooTrialLicenseKey string Gloo trial license key, for a trial installation of all products.
insecure bool Permit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production. false
leaderElection bool Enable leader election for the high-availability deployment. true
legacyMetricsPipeline struct Configuration for the legacy metrics pipeline, which is unsupported in Gloo Platform version 2.4 and later.
legacyMetricsPipeline.enabled bool Set to false to disable the legacy telemetry pipeline. true
licenseKey string Deprecated: Legacy Gloo Mesh Enterprise license key. Use individual product license fields, the trial license field, or a license secret instead.
licenseSecretName string Provide license keys in a secret in the adminNamespace of the management cluster, instead of in the license key fields. license-keys
mgmtClusterName string DEPRECATED: Use global.cluster.
prometheus map Helm values for configuring Prometheus. See the Prometheus Helm chart for the complete set of values.
prometheusUrl string Prometheus server address. http://prometheus-server
readOnlyGeneratedResources bool If true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI. false
redis struct Redis configuration options.
redis.address string Address to use when connecting to the Redis instance. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’. gloo-mesh-redis.gloo-mesh:6379
redis.auth struct Optional authentication values to use when connecting to the Redis instance
redis.auth.enabled bool Connect to the Redis instance with a password false
redis.auth.passwordKey string The secret key containing the password to use for authentication password
redis.auth.secretName string Name of the k8s secret that contains the password redis-auth-secrets
redis.auth.usernameKey string The secret key containing the username to use for authentication username
redis.certs struct Configuration for TLS verification when connecting to the Redis instance
redis.certs.caCertKey string The secret key containing the ca cert
redis.certs.enabled bool Enable a secure network connection to the Redis instance via TLS false
redis.certs.secretName string Name of the k8s secret that contains the certs redis-certs
redis.connection struct Optional connection parameters
redis.connection.connMaxIdleTime string The maximum amount of time a connection may be idle. Should be less than server's timeout. Default is 30 minutes. -1 disables idle timeout check. 5m0s
redis.connection.connMaxLifetime string The maximum amount of time a connection may be reused. If <= 0, connections are not closed due to a connection's age. 0
redis.connection.contextTimeoutEnabled bool ContextTimeoutEnabled controls whether the client respects context timeouts and deadlines. false
redis.connection.dialTimeout string Dial timeout for establishing new connections. Default is 5 seconds. 5s
redis.connection.idleTimeout string Deprecated: in favor of ‘connMaxIdleTime’. Amount of time after which client closes idle connections. Should be less than server's timeout. Default is 30 minutes. -1 disables idle timeout check. 5m0s
redis.connection.masterName string The master name. Only needed for sentinel mode.
redis.connection.maxConnAge string Deprecated: in favor of using ‘connMaxLifetime’. Connection age at which client retires (closes) the connection. Default is to not close aged connections. 0
redis.connection.maxIdleConns int Maximum number of idle connections. 0
redis.connection.maxRedirects int The maximum number of retries before giving up. Command is retried on network errors and MOVED/ASK redirects. Default is 3 retries. 3
redis.connection.maxRetries int Maximum number of retries before giving up. Default is 3. -1 disables retries. 3
redis.connection.maxRetryBackoff string Maximum backoff between each retry. Default is 512 milliseconds. -1 disables backoff. 512ms
redis.connection.minIdleConns int Minimum number of idle connections which is useful when establishing new connection is slow. 0
redis.connection.minRetryBackoff string Minimum backoff between each retry. Default is 8 milliseconds. -1 disables backoff. 8ms
redis.connection.poolFifo bool Type of connection pool. true for FIFO pool. false for LIFO pool. Note that FIFO has higher overhead compared to LIFO. false
redis.connection.poolSize int Maximum number of socket connections. Default is 10 connections per every available CPU as reported by runtime.GOMAXPROCS. 0
redis.connection.poolTimeout string Amount of time client waits for connection if all connections are busy before returning an error. Default is ReadTimeout + 1 second.
redis.connection.readOnly bool Enables read-only commands on slave nodes. Default is false. false
redis.connection.readTimeout string Timeout for socket reads. if reached, commands will fail with a timeout instead of blocking. Default is 3 seconds. -1 disables timeout. 0 uses the default value. 3s
redis.connection.routeByLatency bool Allows routing read-only commands to the closest master or slave node. It automatically enables ReadOnly. false
redis.connection.routeRandomly bool Allows routing read-only commands to the random master or slave node. It automatically enables ReadOnly. false
redis.connection.writeTimeout string Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Default is ReadTimeout. 3s
redis.db int DB to connect to 0
registerMgmtPlane struct Set up the management cluster with the Gloo management server, register a Gloo agent, and create a simple workspace that selects all registered clusters and namespaces by default. This way, you can get started quickly for single cluster or testing setups. For multicluster or production setups, use your own fine-grained workspaces instead.
registerMgmtPlane.GlooAgentValues struct See the gloo-mesh-agent helm chart docs for more
registerMgmtPlane.enabled bool enable installation of the agent when installing the management server false
telemetryGateway struct Configuration for the Gloo Platform Telemetry Gateway. See the OpenTelemetry Helm chart for the complete set of values.
telemetryGateway.clusterRole map[string, interface] {“create”:true,“rules”:[{“apiGroups”:[""],“resources”:[“nodes”,“nodes/proxy”,“nodes/metrics”,“services”,“endpoints”,“pods”,“ingresses”,“configmaps”],“verbs”:[“get”,“list”,“watch”]},{“apiGroups”:[“extensions”,“networking.k8s.io”],“resources”:[“ingresses/status”,“ingresses”],“verbs”:[“get”,“list”,“watch”]},{“nonResourceURLs”:["/metrics”],“verbs”:[“get”]}]}
telemetryGateway.clusterRole.<MAP_KEY> interface
telemetryGateway.clusterRole.create interface
telemetryGateway.clusterRole.rules interface
telemetryGateway.command map[string, interface] {“extraArgs”:["–config=/conf/relay.yaml”],“name”:“gloo-otel-collector”}
telemetryGateway.command.<MAP_KEY> interface
telemetryGateway.command.extraArgs interface
telemetryGateway.command.name interface
telemetryGateway.config map[string, interface] null
telemetryGateway.config.<MAP_KEY> interface
telemetryGateway.configMap map[string, interface] {“create”:false}
telemetryGateway.configMap.<MAP_KEY> interface
telemetryGateway.configMap.create interface
telemetryGateway.enabled bool false
telemetryGateway.extraEnvs[] []map null
telemetryGateway.extraVolumeMounts[] []map [{“mountPath”:"/etc/otel-certs”,“name”:“tls-keys”,“readOnly”:true},{“mountPath”:"/conf”,“name”:“telemetry-configmap”}]
telemetryGateway.extraVolumes[] []map [{“name”:“tls-keys”,“secret”:{“defaultMode”:420,“secretName”:“gloo-telemetry-gateway-tls-secret”}},{“configMap”:{“items”:[{“key”:“relay”,“path”:“relay.yaml”}],“name”:“gloo-telemetry-gateway-config”},“name”:“telemetry-configmap”}]
telemetryGateway.fullnameOverride string gloo-telemetry-gateway
telemetryGateway.image struct
telemetryGateway.image.pullPolicy string IfNotPresent
telemetryGateway.image.repository string gcr.io/gloo-mesh/gloo-otel-collector
telemetryGateway.image.tag string
telemetryGateway.mode string deployment
telemetryGateway.nameOverride string
telemetryGateway.namespaceOverride string
telemetryGateway.podAnnotations map[string, interface] {“prometheus.io/path”:"/metrics”,“prometheus.io/port”:“9091”,“prometheus.io/scrape”:“true”}
telemetryGateway.podAnnotations.<MAP_KEY> interface
telemetryGateway.podAnnotations.prometheus.io/path interface
telemetryGateway.podAnnotations.prometheus.io/port interface
telemetryGateway.podAnnotations.prometheus.io/scrape interface
telemetryGateway.ports map[string, interface] {“jaeger-compact”:{“enabled”:false},“jaeger-grpc”:{“enabled”:false},“jaeger-thrift”:{“enabled”:false},“otlp”:{“containerPort”:4317,“enabled”:true,“hostPort”:0,“protocol”:“TCP”,“servicePort”:4317},“otlp-http”:{“enabled”:false},“zipkin”:{“enabled”:false}}
telemetryGateway.ports.<MAP_KEY> interface
telemetryGateway.ports.jaeger-compact interface
telemetryGateway.ports.jaeger-grpc interface
telemetryGateway.ports.jaeger-thrift interface
telemetryGateway.ports.otlp interface
telemetryGateway.ports.otlp-http interface
telemetryGateway.ports.zipkin interface
telemetryGateway.presets map[string, interface] {“clusterMetrics”:{“enabled”:false},“hostMetrics”:{“enabled”:false},“kubeletMetrics”:{“enabled”:false},“kubernetesAttributes”:{“enabled”:false},“logsCollection”:{“enabled”:false,“includeCollectorLogs”:false}}
telemetryGateway.presets.<MAP_KEY> interface
telemetryGateway.presets.clusterMetrics interface
telemetryGateway.presets.hostMetrics interface
telemetryGateway.presets.kubeletMetrics interface
telemetryGateway.presets.kubernetesAttributes interface
telemetryGateway.presets.logsCollection interface
telemetryGateway.replicaCount int 1
telemetryGateway.resources map[string, interface] {“requests”:{“cpu”:“200m”,“memory”:“300Mi”}}
telemetryGateway.resources.<MAP_KEY> interface
telemetryGateway.resources.requests interface
telemetryGateway.service map[string, interface] {“type”:“LoadBalancer”}
telemetryGateway.service.<MAP_KEY> interface
telemetryGateway.service.type interface
telemetryGateway.tolerations[] []interface null
telemetryGatewayCustomization struct Customization for the Gloo Platform Telemetry Gateway.
telemetryGatewayCustomization.compatibleService bool OTel Collector service excluding the field internalTrafficPolicy, compatible with k8s < 1.26 false
telemetryGatewayCustomization.disableCertGeneration bool Disable cert generation for the Gloo Platform Telemetry Gateway. false
telemetryGatewayCustomization.disableDefaultPipeline bool Deprecated in favor of the pipelines field, which allows selectively enabling or customizing pipelines. Disables the default metrics/prometheus pipeline. false
telemetryGatewayCustomization.extraExporters struct Configuration for extra exporters, such as to forward your data to a third-party provider. Exporters can forward the data to a destination on the local or remote network.
telemetryGatewayCustomization.extraExporters.clickhouse map[string, interface] An exporter to forward data to Clickhouse. {“database”:“default”,“endpoint”:“tcp://clickhouse.gloo-mesh.svc:9000?dial_timeout=10s\u0026compress=lz4”,“logs_table_name”:“gloo_api_logs”,“password”:“default”,“retry_on_failure”:{“enabled”:true,“initial_interval”:“1s”,“max_elapsed_time”:“5m”,“max_interval”:“30s”},“timeout”:“5s”,“ttl_days”:3,“username”:“default”}
telemetryGatewayCustomization.extraExporters.clickhouse.<MAP_KEY> interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.database interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.endpoint interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.logs_table_name interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.password interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.retry_on_failure interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.timeout interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.ttl_days interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.username interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraPipelines map[string, interface] Specify any added receivers, processors, or exporters in an extra pipeline. null
telemetryGatewayCustomization.extraPipelines.<MAP_KEY> interface Specify any added receivers, processors, or exporters in an extra pipeline.
telemetryGatewayCustomization.extraProcessors struct Configuration for extra processors to drop and generate new data. Processors transform data before it is forwarded to downstream processors and/or exporters. For more information, see the OTel documentation.
telemetryGatewayCustomization.extraProcessors.batch map[string, interface] The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor. {“send_batch_max_size”:3000,“send_batch_size”:2000,“timeout”:“600ms”}
telemetryGatewayCustomization.extraProcessors.batch.<MAP_KEY> interface The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch.send_batch_max_size interface The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch.send_batch_size interface The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch.timeout interface The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch/logs struct The batch log processor accepts logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch/logs.metadata_cardinality_limit int the maximum number of batcher instances that will be created through a distinct combination of MetadataKeys. 0
telemetryGatewayCustomization.extraProcessors.batch/logs.metadata_keys[] []string List of clients. Metadata keys that will be used to form distinct batchers. If this setting is empty a single batcher instance will be used. When a batcher instance is full, it will be sent and a new batcher instance will be created. []
telemetryGatewayCustomization.extraProcessors.batch/logs.send_batch_max_size int The maximum size of a batch. If the batch size is larger than this value, the batch is sent. 100
telemetryGatewayCustomization.extraProcessors.batch/logs.send_batch_size int The maximum number of traces or metrics to include in a batch. 100
telemetryGatewayCustomization.extraProcessors.batch/logs.timeout string The maximum amount of time to wait for a batch to be filled before sending it anyway. 5s
telemetryGatewayCustomization.extraProcessors.memory_limiter map[string, interface] The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor. {“check_interval”:“1s”,“limit_percentage”:85,“spike_limit_percentage”:10}
telemetryGatewayCustomization.extraProcessors.memory_limiter.<MAP_KEY> interface The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryGatewayCustomization.extraProcessors.memory_limiter.check_interval interface The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryGatewayCustomization.extraProcessors.memory_limiter.limit_percentage interface The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryGatewayCustomization.extraProcessors.memory_limiter.spike_limit_percentage interface The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryGatewayCustomization.extraReceivers map[string, interface] Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data. null
telemetryGatewayCustomization.extraReceivers.<MAP_KEY> interface Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data.
telemetryGatewayCustomization.pipelines struct Selectively enable, disable, or customize any of the default pipelines.
telemetryGatewayCustomization.pipelines.logs/clickhouse struct A pre-defined pipeline that forwards Istio access logs that the collector agents receive to Clickhouse.
telemetryGatewayCustomization.pipelines.logs/clickhouse.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. false
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline.exporters[] []string List of exporters to use in the pipeline. [“clickhouse”]
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline.processors[] []string List of processors to use in the pipeline. [“batch/logs”]
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline.receivers[] []string List of receivers to use in the pipeline. [“otlp”]
telemetryGatewayCustomization.pipelines.logs/redis_stream struct Configure the exporting of telemetry into redis streams.
telemetryGatewayCustomization.pipelines.logs/redis_stream.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. false
telemetryGatewayCustomization.pipelines.logs/redis_stream.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.logs/redis_stream.pipeline.exporters[] []string List of exporters to use in the pipeline. [“redisstream”]
telemetryGatewayCustomization.pipelines.logs/redis_stream.pipeline.processors[] []string List of processors to use in the pipeline. [“batch/logs”]
telemetryGatewayCustomization.pipelines.logs/redis_stream.pipeline.receivers[] []string List of receivers to use in the pipeline. [“otlp”]
telemetryGatewayCustomization.pipelines.metrics/prometheus struct A pre-defined pipeline that collects metrics from various sources, such as the Gloo management server, Gloo Platform, Istio, Cilium, and the Gloo OTel pipeline, and makes this data available to the built-in Prometheus server.
telemetryGatewayCustomization.pipelines.metrics/prometheus.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. true
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline.exporters[] []string List of exporters to use in the pipeline. [“prometheus”]
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline.processors[] []string List of processors to use in the pipeline. [“memory_limiter”,“batch”]
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline.receivers[] []string List of receivers to use in the pipeline. [“otlp”,“prometheus”]
telemetryGatewayCustomization.pipelines.traces/jaeger struct A pre-defined pipeline that collects traces to observe and monitor traffic requests, and makes them available to the built-in Jaeger tracing platform demo.
telemetryGatewayCustomization.pipelines.traces/jaeger.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. false
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline.exporters[] []string List of exporters to use in the pipeline. [“otlp/jaeger”]
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline.processors[] []string List of processors to use in the pipeline. [“batch”]
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline.receivers[] []string List of receivers to use in the pipeline. [“otlp”]
telemetryGatewayCustomization.reloadTlsCertificate struct Interval of time between reloading the TLS certificate of the telemetry gateway.
telemetryGatewayCustomization.reloadTlsCertificate.nanos int32 0
telemetryGatewayCustomization.reloadTlsCertificate.seconds int64 0
telemetryGatewayCustomization.serverName string SNI and certificate subject alternative name used in the telemetry gateway certificate. gloo-telemetry-gateway.gloo-mesh
telemetryGatewayCustomization.telemetry map[string, interface] Configure the service telemetry (logs and metrics) as described in the otel-collector docs. {“metrics”:{“address”:“0.0.0.0:8888”}}
telemetryGatewayCustomization.telemetry.<MAP_KEY> interface Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryGatewayCustomization.telemetry.metrics interface Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
verbose bool Enable verbose/debug logging. false