| experimental |
struct |
|
Experimental features for Gloo Platform. Disabled by default. Do not use in production. |
| experimental.ambientEnabled |
bool |
false |
Allow Gloo Mesh to create Istio Ambient Mesh resources. |
| experimental.asyncStatusWrites |
bool |
false |
Enable asynchronous writing of statuses to Kubernetes objects. |
| prometheus |
map |
|
Helm values for configuring Prometheus. See the Prometheus Helm chart for the complete set of values. |
| legacyMetricsPipeline |
struct |
|
Configuration for the legacy metrics pipeline, which uses Gloo agents to propagate metrics to the management server. |
| legacyMetricsPipeline.enabled |
bool |
true |
Set to false to disable the legacy telemetry pipeline. |
| glooNetwork |
struct |
|
Gloo Network configuration options. |
| glooNetwork.enabled |
bool |
false |
Enable translation of network policies to enforce access policies and service isolation. |
| redis |
struct |
|
Redis configuration options. |
| redis.address |
string |
gloo-mesh-redis.gloo-mesh:6379 |
Address to use when connecting to the Redis instance. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’. |
| redis.auth |
struct |
|
Optional authentication values to use when connecting to the Redis instance |
| redis.auth.enabled |
bool |
false |
Connect to the Redis instance with a password |
| redis.auth.secretName |
string |
redis-auth-secrets |
Name of the k8s secret that contains the password |
| redis.auth.usernameKey |
string |
username |
The secret key containing the username to use for authentication |
| redis.auth.passwordKey |
string |
password |
The secret key containing the password to use for authentication |
| redis.db |
int |
0 |
DB to connect to |
| redis.certs |
struct |
|
Configuration for TLS verification when connecting to the Redis instance |
| redis.certs.enabled |
bool |
false |
Enable a secure network connection to the Redis instance via TLS |
| redis.certs.caCertKey |
string |
|
The secret key containing the ca cert |
| redis.certs.secretName |
string |
redis-certs |
Name of the k8s secret that contains the certs |
| redis.connection |
struct |
|
Optional connection parameters |
| redis.connection.maxRetries |
int |
3 |
Maximum number of retries before giving up. Default is 3. -1 disables retries. |
| redis.connection.minRetryBackoff |
string |
8ms |
Minimum backoff between each retry. Default is 8 milliseconds. -1 disables backoff. |
| redis.connection.maxRetryBackoff |
string |
512ms |
Maximum backoff between each retry. Default is 512 milliseconds. -1 disables backoff. |
| redis.connection.dialTimeout |
string |
5s |
Dial timeout for establishing new connections. Default is 5 seconds. |
| redis.connection.readTimeout |
string |
3s |
Timeout for socket reads. if reached, commands will fail with a timeout instead of blocking. Default is 3 seconds. -1 disables timeout. 0 uses the default value. |
| redis.connection.writeTimeout |
string |
|
Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Default is ReadTimeout. |
| redis.connection.poolFifo |
bool |
false |
Type of connection pool. true for FIFO pool. false for LIFO pool. Note that FIFO has higher overhead compared to LIFO. |
| redis.connection.poolSize |
int |
0 |
Maximum number of socket connections. Default is 10 connections per every available CPU as reported by runtime.GOMAXPROCS. |
| redis.connection.minIdleConns |
int |
0 |
Minimum number of idle connections which is useful when establishing new connection is slow. |
| redis.connection.maxConnAge |
string |
|
Connection age at which client retires (closes) the connection. Default is to not close aged connections. |
| redis.connection.poolTimeout |
string |
|
Amount of time client waits for connection if all connections are busy before returning an error. Default is ReadTimeout + 1 second. |
| redis.connection.idleTimeout |
string |
5m0s |
Amount of time after which client closes idle connections. Should be less than server's timeout. Default is 5 minutes. -1 disables idle timeout check. |
| redis.connection.idleCheckFrequency |
string |
1m0s |
Frequency of idle checks made by idle connections reaper. Default is 1 minute. -1 disables idle connections reaper, but idle connections are still discarded by the client if IdleTimeout is set. |
| licenseKey |
string |
|
Deprecated: Legacy Gloo Mesh Enterprise license key. Use individual product license fields, the trial license field, or a license secret instead. |
| glooGatewayLicenseKey |
string |
|
Gloo Gateway license key. |
| glooMeshLicenseKey |
string |
|
Gloo Mesh Enterprise license key. |
| glooNetworkLicenseKey |
string |
|
Gloo Network license key. |
| glooTrialLicenseKey |
string |
|
Gloo trial license key, for a trial installation of all products. |
| licenseSecretName |
string |
license-keys |
Provide license keys in a secret in the adminNamespace of the management cluster, instead of in the license key fields. |
| leaderElection |
bool |
true |
Enable leader election for the high-availability deployment. |
| verbose |
bool |
false |
Enable verbose/debug logging. |
| devMode |
bool |
false |
Set to true to enable development mode for the logger, which can cause panics. Do not use in production. |
| insecure |
bool |
false |
Permit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production. |
| prometheusUrl |
string |
http://prometheus-server |
Prometheus server address. |
| adminNamespace |
string |
|
Namespace to install control plane components into. The admin namespace also contains global configuration, such as Workspace, global overrides WorkspaceSettings, and KubernetesCluster resources. |
| readOnlyGeneratedResources |
bool |
false |
If true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI. |
| mgmtClusterName |
string |
|
DEPRECATED: Use global.cluster. |
| global |
struct |
|
Global values shared by the Gloo Mesh Enterprise chart and its subcharts. |
| global.cluster |
string |
mgmt-cluster |
Name of the management cluster. Be sure to modify this value to match your cluster's name. |
| registerMgmtPlane |
struct |
|
Set up the management cluster with the Gloo management server, register a Gloo agent, and create a simple workspace that selects all registered clusters and namespaces by default. This way, you can get started quickly for single cluster or testing setups. For multicluster or production setups, use your own fine-grained workspaces instead. |
| registerMgmtPlane.enabled |
bool |
false |
enable installation of the agent when installing the management server |
| registerMgmtPlane.GlooAgentValues |
struct |
|
See the gloo-mesh-agent helm chart docs for more |
| telemetryGateway |
struct |
|
Configuration for the Gloo Platform Telemetry Gateway. See the OpenTelemetry Helm chart for the complete set of values. |
| telemetryGateway.nameOverride |
string |
|
|
| telemetryGateway.fullnameOverride |
string |
gloo-telemetry-gateway |
|
| telemetryGateway.enabled |
bool |
false |
|
| telemetryGateway.mode |
string |
deployment |
|
| telemetryGateway.replicaCount |
int |
1 |
|
| telemetryGateway.command |
map[string, interface] |
{“extraArgs”:["–config=/conf/relay.yaml”],“name”:“gloo-otel-collector”} |
|
| telemetryGateway.command.<MAP_KEY> |
interface |
|
|
| telemetryGateway.command.extraArgs |
interface |
|
|
| telemetryGateway.command.name |
interface |
|
|
| telemetryGateway.image |
struct |
|
|
| telemetryGateway.image.pullPolicy |
string |
IfNotPresent |
|
| telemetryGateway.image.repository |
string |
gcr.io/gloo-mesh/gloo-otel-collector |
|
| telemetryGateway.image.tag |
string |
|
|
| telemetryGateway.extraVolumes[] |
[]map |
[{“name”:“tls-keys”,“secret”:{“defaultMode”:420,“secretName”:“gloo-telemetry-gateway-tls-secret”}},{“configMap”:{“items”:[{“key”:“relay”,“path”:“relay.yaml”}],“name”:“gloo-telemetry-gateway-config”},“name”:“telemetry-configmap”}] |
|
| telemetryGateway.extraVolumes[] |
map[string, interface] |
|
|
| telemetryGateway.extraVolumes[].<MAP_KEY> |
interface |
|
|
| telemetryGateway.extraVolumeMounts[] |
[]map |
[{“mountPath”:"/etc/otel-certs”,“name”:“tls-keys”,“readOnly”:true},{“mountPath”:"/conf”,“name”:“telemetry-configmap”}] |
|
| telemetryGateway.extraVolumeMounts[] |
map[string, interface] |
|
|
| telemetryGateway.extraVolumeMounts[].<MAP_KEY> |
interface |
|
|
| telemetryGateway.resources |
map[string, interface] |
{“requests”:{“cpu”:“200m”,“memory”:“300Mi”}} |
|
| telemetryGateway.resources.<MAP_KEY> |
interface |
|
|
| telemetryGateway.resources.requests |
interface |
|
|
| telemetryGateway.extraEnvs[] |
[]map |
null |
|
| telemetryGateway.extraEnvs[] |
map[string, interface] |
|
|
| telemetryGateway.extraEnvs[].<MAP_KEY> |
interface |
|
|
| telemetryGateway.presets |
map[string, interface] |
{“clusterMetrics”:{“enabled”:false},“hostMetrics”:{“enabled”:false},“kubeletMetrics”:{“enabled”:false},“kubernetesAttributes”:{“enabled”:false},“logsCollection”:{“enabled”:false,“includeCollectorLogs”:false}} |
|
| telemetryGateway.presets.<MAP_KEY> |
interface |
|
|
| telemetryGateway.presets.clusterMetrics |
interface |
|
|
| telemetryGateway.presets.hostMetrics |
interface |
|
|
| telemetryGateway.presets.kubeletMetrics |
interface |
|
|
| telemetryGateway.presets.kubernetesAttributes |
interface |
|
|
| telemetryGateway.presets.logsCollection |
interface |
|
|
| telemetryGateway.configMap |
map[string, interface] |
{“create”:false} |
|
| telemetryGateway.configMap.<MAP_KEY> |
interface |
|
|
| telemetryGateway.configMap.create |
interface |
|
|
| telemetryGateway.clusterRole |
map[string, interface] |
{“create”:true,“rules”:[{“apiGroups”:[""],“resources”:[“nodes”,“nodes/proxy”,“nodes/metrics”,“services”,“endpoints”,“pods”,“ingresses”,“configmaps”],“verbs”:[“get”,“list”,“watch”]},{“apiGroups”:[“extensions”,“networking.k8s.io”],“resources”:[“ingresses/status”,“ingresses”],“verbs”:[“get”,“list”,“watch”]},{“nonResourceURLs”:["/metrics”],“verbs”:[“get”]}]} |
|
| telemetryGateway.clusterRole.<MAP_KEY> |
interface |
|
|
| telemetryGateway.clusterRole.create |
interface |
|
|
| telemetryGateway.clusterRole.rules |
interface |
|
|
| telemetryGateway.service |
map[string, interface] |
{“type”:“LoadBalancer”} |
|
| telemetryGateway.service.<MAP_KEY> |
interface |
|
|
| telemetryGateway.service.type |
interface |
|
|
| telemetryGateway.podAnnotations |
map[string, interface] |
{“prometheus.io/path”:"/metrics”,“prometheus.io/port”:“9091”,“prometheus.io/scrape”:“true”} |
|
| telemetryGateway.podAnnotations.<MAP_KEY> |
interface |
|
|
| telemetryGateway.podAnnotations.prometheus.io/path |
interface |
|
|
| telemetryGateway.podAnnotations.prometheus.io/port |
interface |
|
|
| telemetryGateway.podAnnotations.prometheus.io/scrape |
interface |
|
|
| telemetryGateway.ports |
map[string, interface] |
{“jaeger-compact”:{“enabled”:false},“jaeger-grpc”:{“enabled”:false},“jaeger-thrift”:{“enabled”:false},“otlp”:{“containerPort”:4317,“enabled”:true,“hostPort”:0,“protocol”:“TCP”,“servicePort”:4317},“otlp-http”:{“enabled”:false},“zipkin”:{“enabled”:false}} |
|
| telemetryGateway.ports.<MAP_KEY> |
interface |
|
|
| telemetryGateway.ports.jaeger-compact |
interface |
|
|
| telemetryGateway.ports.jaeger-grpc |
interface |
|
|
| telemetryGateway.ports.jaeger-thrift |
interface |
|
|
| telemetryGateway.ports.otlp |
interface |
|
|
| telemetryGateway.ports.otlp-http |
interface |
|
|
| telemetryGateway.ports.zipkin |
interface |
|
|
| telemetryGateway.tolerations[] |
[]interface |
null |
|
| telemetryGateway.tolerations[] |
interface |
|
|
| telemetryGatewayCustomization |
struct |
|
Customization for the Gloo Platform Telemetry Gateway. |
| telemetryGatewayCustomization.serverName |
string |
gloo-telemetry-gateway.gloo-mesh |
SNI and certificate subject alternative name used in the telemetry gateway certificate. |
| telemetryGatewayCustomization.extraReceivers |
map[string, interface] |
null |
Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data. |
| telemetryGatewayCustomization.extraReceivers.<MAP_KEY> |
interface |
|
Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data. |
| telemetryGatewayCustomization.extraProcessors |
map[string, interface] |
{“batch”:{“send_batch_max_size”:3000,“send_batch_size”:2000,“timeout”:“600ms”},“memory_limiter”:{“check_interval”:“1s”,“limit_percentage”:85,“spike_limit_percentage”:10}} |
Configuration for extra processors to drop and generate new data. Processors can transform the data before it is forwarded to another processor and an exporter. |
| telemetryGatewayCustomization.extraProcessors.<MAP_KEY> |
interface |
|
Configuration for extra processors to drop and generate new data. Processors can transform the data before it is forwarded to another processor and an exporter. |
| telemetryGatewayCustomization.extraProcessors.batch |
interface |
|
Configuration for extra processors to drop and generate new data. Processors can transform the data before it is forwarded to another processor and an exporter. |
| telemetryGatewayCustomization.extraProcessors.memory_limiter |
interface |
|
Configuration for extra processors to drop and generate new data. Processors can transform the data before it is forwarded to another processor and an exporter. |
| telemetryGatewayCustomization.extraExporters |
map[string, interface] |
null |
Configuration for extra exporters, such as to forward your data to a third-party provider. Exporters forward the data they get to a destination on the local or remote network. |
| telemetryGatewayCustomization.extraExporters.<MAP_KEY> |
interface |
|
Configuration for extra exporters, such as to forward your data to a third-party provider. Exporters forward the data they get to a destination on the local or remote network. |
| telemetryGatewayCustomization.extraPipelines |
map[string, interface] |
null |
Specify any added receivers, processors, or exporters in an extra pipeline. |
| telemetryGatewayCustomization.extraPipelines.<MAP_KEY> |
interface |
|
Specify any added receivers, processors, or exporters in an extra pipeline. |
| telemetryGatewayCustomization.telemetry |
map[string, interface] |
{“metrics”:{“address”:“0.0.0.0:8888”}} |
Configure the service telemetry (logs and metrics) as described in the otel-collector docs. |
| telemetryGatewayCustomization.telemetry.<MAP_KEY> |
interface |
|
Configure the service telemetry (logs and metrics) as described in the otel-collector docs. |
| telemetryGatewayCustomization.telemetry.metrics |
interface |
|
Configure the service telemetry (logs and metrics) as described in the otel-collector docs. |
| telemetryGatewayCustomization.reloadTlsCertificate |
struct |
|
Interval of time between reloading the TLS certificate of the telemetry gateway. |
| telemetryGatewayCustomization.reloadTlsCertificate.seconds |
int64 |
0 |
|
| telemetryGatewayCustomization.reloadTlsCertificate.nanos |
int32 |
0 |
|
| telemetryGatewayCustomization.disableCertGeneration |
bool |
false |
Disable cert generation for the Gloo Platform Telemetry Gateway. |
| telemetryGatewayCustomization.disableDefaultPipeline |
bool |
false |
Disables the default pipeline. Useful if you want to create a custom pipeline using ‘extraPipelines’ and to disable the default pipeline. |
| glooMeshMgmtServer |
struct |
|
Configuration for the glooMeshMgmtServer deployment. |
| glooMeshMgmtServer |
struct |
|
|
| glooMeshMgmtServer.leaderElection |
bool |
false |
Enable leader election for the high-availability deployment. |
| glooMeshMgmtServer |
struct |
|
|
| glooMeshMgmtServer.verbose |
bool |
false |
Enable verbose/debug logging. |
| glooMeshMgmtServer |
struct |
|
|
| glooMeshMgmtServer.devMode |
bool |
false |
Set to true to enable development mode for the logger, which can cause panics. Do not use in production. |
| glooMeshMgmtServer |
struct |
|
|
| glooMeshMgmtServer.insecure |
bool |
false |
Permit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production. |
| glooMeshMgmtServer |
struct |
|
|
| glooMeshMgmtServer.readOnlyGeneratedResources |
bool |
false |
If true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI. |
| glooMeshMgmtServer.relay |
struct |
|
Configuration for certificates to secure server-agent relay communication. Required only for multicluster setups. |
| glooMeshMgmtServer.relay.tlsSecret |
struct |
|
Secret containing client TLS certs used to secure the management server. |
| glooMeshMgmtServer.relay.tlsSecret.name |
string |
relay-server-tls-secret |
|
| glooMeshMgmtServer.relay.tlsSecret.namespace |
string |
|
|
| glooMeshMgmtServer.relay.signingTlsSecret |
struct |
|
Secret containing TLS certs used to sign CSRs created by workload agents. |
| glooMeshMgmtServer.relay.signingTlsSecret.name |
string |
relay-tls-signing-secret |
|
| glooMeshMgmtServer.relay.signingTlsSecret.namespace |
string |
|
|
| glooMeshMgmtServer.relay.tokenSecret |
struct |
|
Secret containing a shared token for authenticating Gloo agents when they first communicate with the management server. |
| glooMeshMgmtServer.relay.tokenSecret.name |
string |
relay-identity-token-secret |
Name of the Kubernetes secret. |
| glooMeshMgmtServer.relay.tokenSecret.namespace |
string |
|
Namespace of the Kubernetes secret. |
| glooMeshMgmtServer.relay.tokenSecret.key |
string |
token |
Key value of the data within the Kubernetes secret. |
| glooMeshMgmtServer.relay.disableCa |
bool |
false |
To disable relay CA functionality, set to true. Set to true only when you supply your custom client certs to the agents for relay mTLS. The gloo-mesh-mgmt-server pod will not require a token secret or the signing cert secret. The agent pod will not require the token secret, but will fail without a client cert. |
| glooMeshMgmtServer.relay.disableTokenGeneration |
bool |
false |
Do not create the relay token Kubernetes secret. Set to true only when you supply own. |
| glooMeshMgmtServer.relay.disableCaCertGeneration |
bool |
false |
Do not auto-generate self-signed CA certificates. Set to true only when you supply own. |
| glooMeshMgmtServer.relay.pushRbac |
bool |
true |
Push RBAC resources to the management server. Required for multicluster RBAC in the Gloo UI. |
| glooMeshMgmtServer.enabled |
bool |
true |
Deploy the gloo-mesh-mgmt-server. |
| glooMeshMgmtServer.maxGrpcMessageSize |
string |
4294967295 |
Maximum message size for gRPC messages sent and received by the management server. |
| glooMeshMgmtServer.concurrency |
uint16 |
10 |
Concurrency to use for translation operations. |
| glooMeshMgmtServer.enableClusterLoadBalancing |
bool |
false |
Experimental: Enable cluster load balancing. The management server replicas attempt to auto-balance the number of registered workload clusters, based on the number of replicas and the number of total clusters. For example, the server might disconnect a workload cluster if the number of connected clusters is greater than the allotted number. |
| glooMeshMgmtServer.statsPort |
uint32 |
9091 |
Port on the management server deployment to pull stats from. |
| glooMeshMgmtServer.serviceAccount |
struct |
|
Service account configuration to use for the management server deployment. |
| glooMeshMgmtServer.serviceAccount.extraAnnotations |
map[string, string] |
null |
Extra annotations to add to the service account. |
| glooMeshMgmtServer.serviceAccount.extraAnnotations.<MAP_KEY> |
string |
|
Extra annotations to add to the service account. |
| glooMeshMgmtServer.cloudResourcesDiscovery |
struct |
|
Configuration for automatic discovery of CloudResources. |
| glooMeshMgmtServer.cloudResourcesDiscovery.enabled |
bool |
true |
Enable automated discovery of CloudResources, such as AWS Lambda functions, based on CloudProvider configuration. |
| glooMeshMgmtServer.cloudResourcesDiscovery.pollingInterval |
uint16 |
10 |
Polling interval (in seconds) for calling AWS when attempting to discover CloudResources. |
| glooMeshMgmtServer |
struct |
|
Configuration for the glooMeshMgmtServer deployment. |
| glooMeshMgmtServer |
struct |
|
|
| glooMeshMgmtServer.image |
struct |
|
Container image. |
| glooMeshMgmtServer.image.tag |
string |
|
Version tag for the container image. |
| glooMeshMgmtServer.image.repository |
string |
gloo-mesh-mgmt-server |
Image name (repository). |
| glooMeshMgmtServer.image.registry |
string |
gcr.io/gloo-mesh |
Image registry. |
| glooMeshMgmtServer.image.pullPolicy |
string |
IfNotPresent |
Image pull policy. |
| glooMeshMgmtServer.image.pullSecret |
string |
|
Image pull secret. |
| glooMeshMgmtServer.env[] |
slice |
[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“POD_UID”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.uid”}}},{“name”:“LICENSE_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“gloo-mesh-enterprise-license”,“key”:“key”,“optional”:true}}},{“name”:“REDIS_USERNAME”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“username”,“optional”:true}}},{“name”:“REDIS_PASSWORD”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“password”,“optional”:true}}}] |
Environment variables for the container. For more info, see the Kubernetes documentation. |
| glooMeshMgmtServer.extraEnvs |
struct |
|
Extra environment variables for the container |
| glooMeshMgmtServer.resources |
struct |
{“requests”:{“cpu”:“125m”,“memory”:“1Gi”}} |
Container resource requirements. For more info, see the Kubernetes documentation. |
| glooMeshMgmtServer.securityContext |
struct |
|
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
| glooMeshMgmtServer.sidecars |
map[string, struct] |
{} |
Optional configuration for the deployed containers. |
| glooMeshMgmtServer.sidecars.<MAP_KEY> |
struct |
|
Optional configuration for the deployed containers. |
| glooMeshMgmtServer.sidecars.<MAP_KEY>.image |
struct |
|
Container image. |
| glooMeshMgmtServer.sidecars.<MAP_KEY>.image.tag |
string |
|
Version tag for the container image. |
| glooMeshMgmtServer.sidecars.<MAP_KEY>.image.repository |
string |
|
Image name (repository). |
| glooMeshMgmtServer.sidecars.<MAP_KEY>.image.registry |
string |
|
Image registry. |
| glooMeshMgmtServer.sidecars.<MAP_KEY>.image.pullPolicy |
string |
|
Image pull policy. |
| glooMeshMgmtServer.sidecars.<MAP_KEY>.image.pullSecret |
string |
|
Image pull secret. |
| glooMeshMgmtServer.sidecars.<MAP_KEY>.env[] |
slice |
|
Environment variables for the container. For more info, see the Kubernetes documentation. |
| glooMeshMgmtServer.sidecars.<MAP_KEY>.extraEnvs |
struct |
|
Extra environment variables for the container |
| glooMeshMgmtServer.sidecars.<MAP_KEY>.resources |
struct |
|
Container resource requirements. For more info, see the Kubernetes documentation. |
| glooMeshMgmtServer.sidecars.<MAP_KEY>.securityContext |
struct |
|
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
| glooMeshMgmtServer.floatingUserId |
bool |
false |
Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. |
| glooMeshMgmtServer.runAsUser |
uint32 |
10101 |
Static user ID to run the containers as. Unused if floatingUserId is ‘true’. |
| glooMeshMgmtServer.serviceType |
string |
LoadBalancer |
Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. |
| glooMeshMgmtServer.ports |
map[string, uint32] |
{“grpc”:9900,“healthcheck”:8090} |
Service ports as a map from port name to port number. |
| glooMeshMgmtServer.ports.<MAP_KEY> |
uint32 |
|
Service ports as a map from port name to port number. |
| glooMeshMgmtServer.ports.grpc |
uint32 |
9900 |
Service ports as a map from port name to port number. |
| glooMeshMgmtServer.ports.healthcheck |
uint32 |
8090 |
Service ports as a map from port name to port number. |
| glooMeshMgmtServer.deploymentOverrides |
struct |
|
Arbitrary overrides for the component's deployment template |
| glooMeshMgmtServer.serviceOverrides |
struct |
|
Arbitrary overrides for the component's service template. |
| glooMeshMgmtServer.enabled |
bool |
true |
Enable creation of the deployment/service. |
| glooMeshUi |
struct |
|
Configuration for the glooMeshUi deployment. |
| glooMeshUi |
struct |
|
|
| glooMeshUi.prometheusUrl |
string |
|
Prometheus server address. |
| glooMeshUi |
struct |
|
|
| glooMeshUi.verbose |
bool |
false |
Enable verbose/debug logging. |
| glooMeshUi |
struct |
|
|
| glooMeshUi.readOnlyGeneratedResources |
bool |
false |
If true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI. |
| glooMeshUi.enabled |
bool |
true |
Deploy the gloo-mesh-ui. |
| glooMeshUi.settingsName |
string |
settings |
Name of the UI settings object to use. |
| glooMeshUi.auth |
struct |
|
Configure authentication for the UI. |
| glooMeshUi.auth.enabled |
bool |
false |
Require authentication to access the UI. |
| glooMeshUi.auth.backend |
string |
|
Authentication backend to use. ‘oidc’ is supported. |
| glooMeshUi.auth.oidc |
struct |
|
Settings for the OpenID Connect (OIDC) backend. |
| glooMeshUi.auth.oidc.clientId |
string |
|
OIDC client ID |
| glooMeshUi.auth.oidc.clientSecret |
string |
|
Plaintext OIDC client secret, which will be encoded in base64 and stored in a secret named the value of ‘clientSecretName’. |
| glooMeshUi.auth.oidc.clientSecretName |
string |
|
Name for the secret that will contain the client secret. |
| glooMeshUi.auth.oidc.issuerUrl |
string |
|
Issuer URL from the OIDC provider, such as ‘https://.<provider_url>/'. |
| glooMeshUi.auth.oidc.appUrl |
string |
|
URL that the UI for OIDC app is available at, from the DNS and other ingress settings that expose OIDC app UI service. |
| glooMeshUi.auth.oidc.session |
struct |
|
Session storage configuration. If omitted, a cookie is used. |
| glooMeshUi.auth.oidc.session.backend |
string |
|
Backend to use for auth session storage. ‘cookie’ and ‘redis’ are supported. |
| glooMeshUi.auth.oidc.session.redis |
struct |
|
Redis instance configuration. |
| glooMeshUi.auth.oidc.session.redis.host |
string |
|
Host at which the Redis instance is accessible. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’. |
| glooMeshUi.licenseSecretName |
string |
|
Provide license keys in a secret in the adminNamespace of the management cluster, instead of in the license key fields. |
| glooMeshUi |
struct |
|
Configuration for the glooMeshUi deployment. |
| glooMeshUi |
struct |
|
|
| glooMeshUi.image |
struct |
|
Container image. |
| glooMeshUi.image.tag |
string |
|
Version tag for the container image. |
| glooMeshUi.image.repository |
string |
gloo-mesh-apiserver |
Image name (repository). |
| glooMeshUi.image.registry |
string |
gcr.io/gloo-mesh |
Image registry. |
| glooMeshUi.image.pullPolicy |
string |
IfNotPresent |
Image pull policy. |
| glooMeshUi.image.pullSecret |
string |
|
Image pull secret. |
| glooMeshUi.env[] |
slice |
[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“LICENSE_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“gloo-mesh-enterprise-license”,“key”:“key”,“optional”:true}}},{“name”:“REDIS_USERNAME”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“username”,“optional”:true}}},{“name”:“REDIS_PASSWORD”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“password”,“optional”:true}}}] |
Environment variables for the container. For more info, see the Kubernetes documentation. |
| glooMeshUi.extraEnvs |
struct |
|
Extra environment variables for the container |
| glooMeshUi.resources |
struct |
{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}} |
Container resource requirements. For more info, see the Kubernetes documentation. |
| glooMeshUi.securityContext |
struct |
|
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
| glooMeshUi.sidecars |
map[string, struct] |
{“console”:{“image”:{“repository”:“gloo-mesh-ui”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:null,“extraEnvs”:{},“resources”:{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}},“envoy”:{“image”:{“repository”:“gloo-mesh-envoy”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“ENVOY_UID”,“value”:“0”}],“extraEnvs”:{},“resources”:{“requests”:{“cpu”:“500m”,“memory”:“256Mi”}}}} |
Optional configuration for the deployed containers. |
| glooMeshUi.sidecars.<MAP_KEY> |
struct |
|
Optional configuration for the deployed containers. |
| glooMeshUi.sidecars.<MAP_KEY>.image |
struct |
|
Container image. |
| glooMeshUi.sidecars.<MAP_KEY>.image.tag |
string |
|
Version tag for the container image. |
| glooMeshUi.sidecars.<MAP_KEY>.image.repository |
string |
|
Image name (repository). |
| glooMeshUi.sidecars.<MAP_KEY>.image.registry |
string |
|
Image registry. |
| glooMeshUi.sidecars.<MAP_KEY>.image.pullPolicy |
string |
|
Image pull policy. |
| glooMeshUi.sidecars.<MAP_KEY>.image.pullSecret |
string |
|
Image pull secret. |
| glooMeshUi.sidecars.<MAP_KEY>.env[] |
slice |
|
Environment variables for the container. For more info, see the Kubernetes documentation. |
| glooMeshUi.sidecars.<MAP_KEY>.extraEnvs |
struct |
|
Extra environment variables for the container |
| glooMeshUi.sidecars.<MAP_KEY>.resources |
struct |
|
Container resource requirements. For more info, see the Kubernetes documentation. |
| glooMeshUi.sidecars.<MAP_KEY>.securityContext |
struct |
|
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
| glooMeshUi.sidecars.console |
struct |
|
Optional configuration for the deployed containers. |
| glooMeshUi.sidecars.console.image |
struct |
|
Container image. |
| glooMeshUi.sidecars.console.image.tag |
string |
|
Version tag for the container image. |
| glooMeshUi.sidecars.console.image.repository |
string |
gloo-mesh-ui |
Image name (repository). |
| glooMeshUi.sidecars.console.image.registry |
string |
gcr.io/gloo-mesh |
Image registry. |
| glooMeshUi.sidecars.console.image.pullPolicy |
string |
IfNotPresent |
Image pull policy. |
| glooMeshUi.sidecars.console.image.pullSecret |
string |
|
Image pull secret. |
| glooMeshUi.sidecars.console.env[] |
slice |
null |
Environment variables for the container. For more info, see the Kubernetes documentation. |
| glooMeshUi.sidecars.console.extraEnvs |
struct |
|
Extra environment variables for the container |
| glooMeshUi.sidecars.console.resources |
struct |
{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}} |
Container resource requirements. For more info, see the Kubernetes documentation. |
| glooMeshUi.sidecars.console.securityContext |
struct |
|
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
| glooMeshUi.sidecars.envoy |
struct |
|
Optional configuration for the deployed containers. |
| glooMeshUi.sidecars.envoy.image |
struct |
|
Container image. |
| glooMeshUi.sidecars.envoy.image.tag |
string |
|
Version tag for the container image. |
| glooMeshUi.sidecars.envoy.image.repository |
string |
gloo-mesh-envoy |
Image name (repository). |
| glooMeshUi.sidecars.envoy.image.registry |
string |
gcr.io/gloo-mesh |
Image registry. |
| glooMeshUi.sidecars.envoy.image.pullPolicy |
string |
IfNotPresent |
Image pull policy. |
| glooMeshUi.sidecars.envoy.image.pullSecret |
string |
|
Image pull secret. |
| glooMeshUi.sidecars.envoy.env[] |
slice |
[{“name”:“ENVOY_UID”,“value”:“0”}] |
Environment variables for the container. For more info, see the Kubernetes documentation. |
| glooMeshUi.sidecars.envoy.extraEnvs |
struct |
|
Extra environment variables for the container |
| glooMeshUi.sidecars.envoy.resources |
struct |
{“requests”:{“cpu”:“500m”,“memory”:“256Mi”}} |
Container resource requirements. For more info, see the Kubernetes documentation. |
| glooMeshUi.sidecars.envoy.securityContext |
struct |
|
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
| glooMeshUi.floatingUserId |
bool |
false |
Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. |
| glooMeshUi.runAsUser |
uint32 |
10101 |
Static user ID to run the containers as. Unused if floatingUserId is ‘true’. |
| glooMeshUi.serviceType |
string |
ClusterIP |
Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. |
| glooMeshUi.ports |
map[string, uint32] |
{“console”:8090,“grpc”:10101,“healthcheck”:8081} |
Service ports as a map from port name to port number. |
| glooMeshUi.ports.<MAP_KEY> |
uint32 |
|
Service ports as a map from port name to port number. |
| glooMeshUi.ports.console |
uint32 |
8090 |
Service ports as a map from port name to port number. |
| glooMeshUi.ports.grpc |
uint32 |
10101 |
Service ports as a map from port name to port number. |
| glooMeshUi.ports.healthcheck |
uint32 |
8081 |
Service ports as a map from port name to port number. |
| glooMeshUi.deploymentOverrides |
struct |
|
Arbitrary overrides for the component's deployment template |
| glooMeshUi.serviceOverrides |
struct |
|
Arbitrary overrides for the component's service template. |
| glooMeshUi.enabled |
bool |
true |
Enable creation of the deployment/service. |
| glooMeshRedis |
struct |
|
Configuration for the glooMeshRedis deployment. |
| glooMeshRedis.enabled |
bool |
true |
Deploy the default Redis instance. |
| glooMeshRedis.addr |
string |
|
Deprecated: Use ‘redis.address’ instead. |
| glooMeshRedis |
struct |
|
Configuration for the glooMeshRedis deployment. |
| glooMeshRedis |
struct |
|
|
| glooMeshRedis.image |
struct |
|
Container image. |
| glooMeshRedis.image.tag |
string |
|
Version tag for the container image. |
| glooMeshRedis.image.repository |
string |
redis |
Image name (repository). |
| glooMeshRedis.image.registry |
string |
docker.io |
Image registry. |
| glooMeshRedis.image.pullPolicy |
string |
IfNotPresent |
Image pull policy. |
| glooMeshRedis.image.pullSecret |
string |
|
Image pull secret. |
| glooMeshRedis.env[] |
slice |
[{“name”:“MASTER”,“value”:“true”}] |
Environment variables for the container. For more info, see the Kubernetes documentation. |
| glooMeshRedis.extraEnvs |
struct |
|
Extra environment variables for the container |
| glooMeshRedis.resources |
struct |
{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}} |
Container resource requirements. For more info, see the Kubernetes documentation. |
| glooMeshRedis.securityContext |
struct |
|
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
| glooMeshRedis.sidecars |
map[string, struct] |
{} |
Optional configuration for the deployed containers. |
| glooMeshRedis.sidecars.<MAP_KEY> |
struct |
|
Optional configuration for the deployed containers. |
| glooMeshRedis.sidecars.<MAP_KEY>.image |
struct |
|
Container image. |
| glooMeshRedis.sidecars.<MAP_KEY>.image.tag |
string |
|
Version tag for the container image. |
| glooMeshRedis.sidecars.<MAP_KEY>.image.repository |
string |
|
Image name (repository). |
| glooMeshRedis.sidecars.<MAP_KEY>.image.registry |
string |
|
Image registry. |
| glooMeshRedis.sidecars.<MAP_KEY>.image.pullPolicy |
string |
|
Image pull policy. |
| glooMeshRedis.sidecars.<MAP_KEY>.image.pullSecret |
string |
|
Image pull secret. |
| glooMeshRedis.sidecars.<MAP_KEY>.env[] |
slice |
|
Environment variables for the container. For more info, see the Kubernetes documentation. |
| glooMeshRedis.sidecars.<MAP_KEY>.extraEnvs |
struct |
|
Extra environment variables for the container |
| glooMeshRedis.sidecars.<MAP_KEY>.resources |
struct |
|
Container resource requirements. For more info, see the Kubernetes documentation. |
| glooMeshRedis.sidecars.<MAP_KEY>.securityContext |
struct |
|
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
| glooMeshRedis.floatingUserId |
bool |
false |
Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. |
| glooMeshRedis.runAsUser |
uint32 |
10101 |
Static user ID to run the containers as. Unused if floatingUserId is ‘true’. |
| glooMeshRedis.serviceType |
string |
ClusterIP |
Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. |
| glooMeshRedis.ports |
map[string, uint32] |
{“redis”:6379} |
Service ports as a map from port name to port number. |
| glooMeshRedis.ports.<MAP_KEY> |
uint32 |
|
Service ports as a map from port name to port number. |
| glooMeshRedis.ports.redis |
uint32 |
6379 |
Service ports as a map from port name to port number. |
| glooMeshRedis.deploymentOverrides |
struct |
|
Arbitrary overrides for the component's deployment template |
| glooMeshRedis.serviceOverrides |
struct |
|
Arbitrary overrides for the component's service template. |
| glooMeshRedis.enabled |
bool |
true |
Enable creation of the deployment/service. |
