Gloo Platform

Option Type Description Default Value
clickhouse struct Configuration for the Clickhouse deployment, which stores logs from OTel collectors. See the Bitnami Clickhouse Helm chart for the complete set of values.
clickhouse.auth struct Authentication configuration
clickhouse.auth.existingSecret string Name of existing secret to use for authentication clickhouse-auth
clickhouse.auth.existingSecretKey string Key in existing secret to use for authentication password
clickhouse.enabled bool Set to false to disable the clickhouse dependency. false
clickhouse.fullnameOverride string Override the full name, used for the service and the statefulset clickhouse
clickhouse.keeper struct Keeper configuration
clickhouse.keeper.enabled bool Set to false to disable the zookeeper dependency. false
clickhouse.replicaCount int Number of replicas 1
clickhouse.shards int Number of shards to create 1
clickhouse.zookeeper struct Zookeeper configuration
clickhouse.zookeeper.enabled bool Set to false to disable the zookeeper dependency. false
common struct
common struct Common values shared across components. When applicable, these can be overridden in specific components.
common.addonNamespace string Namespace to install add-on components into, such as the Gloo external auth and rate limiting services. Only set this value if you install Gloo Platform and its addons in a single release.
common.adminNamespace string Namespace to install control plane components into. The admin namespace also contains global configuration, such as Workspace, global overrides WorkspaceSettings, and KubernetesCluster resources.
common.cluster string Name of the cluster. Be sure to modify this value to match your cluster's name.
common.clusterDomain string The local cluster domain suffix this cluster is configured with. Defaults to ‘cluster.local’.
common.devMode bool Set to true to enable development mode for the logger, which can cause panics. Do not use in production. false
common.insecure bool Permit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production. false
common.leaderElection bool Enable leader election for the high-availability deployment. true
common.prometheusClientCertSecretName string The name of the secret that contains the Prometheus client TLS certificates used to identify the UI client to the Prometheus server. The secret must be in the same namespace as the gloo-mesh-ui pod. Set this field only when you use a custom HTTPS Prometheus server.
common.prometheusUrl string Prometheus server address. http://prometheus-server
common.readOnlyGeneratedResources bool If true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI. false
common.verbose bool Enable verbose/debug logging. false
demo struct Demo-specific features that improve quick setups. Do not use in production.
demo.manageAddonNamespace bool Automatically create the add-on namespace set in ‘common.addonNamespace’. false
experimental struct Deprecated: Use ‘featureGates’ fields instead.
experimental.ambientEnabled bool Allow Gloo Mesh to create Istio Ambient Mesh resources. false
experimental.asyncStatusWrites bool Enable asynchronous writing of statuses to Kubernetes objects. false
extAuthService struct Configuration for the Gloo external authentication service.
extAuthService.enabled bool Enable the Gloo external authentication service. false
extAuthService.extAuth struct Configuration for the extauth service.
extAuthService.extAuth.apiKeyStorage struct Configuration for the deployed extauth service.
extAuthService.extAuth.apiKeyStorage.config map[string, interface] The ApiKeyStorage configuration. To configure access to Redis use the RedisOptions. Currently, only redis is supported. null
extAuthService.extAuth.apiKeyStorage.config.<MAP_KEY> interface The ApiKeyStorage configuration. To configure access to Redis use the RedisOptions. Currently, only redis is supported.
extAuthService.extAuth.apiKeyStorage.enabled bool Enable API key storage. false
extAuthService.extAuth.apiKeyStorage.name string The permanent storage to be used. Currently, only redis is supported.
extAuthService.extAuth.apiKeyStorage.redis struct Configuration for using a Redis instance for authentication.
extAuthService.extAuth.apiKeyStorage.redis.auth struct Values for the authentication details.
extAuthService.extAuth.apiKeyStorage.redis.auth.enabled bool Connect to the Redis instance with a password false
extAuthService.extAuth.apiKeyStorage.redis.auth.passwordKey string The secret key containing the password to use for authentication
extAuthService.extAuth.apiKeyStorage.redis.auth.secretName string Name of the k8s secret that contains the password
extAuthService.extAuth.apiKeyStorage.redis.auth.usernameKey string The secret key containing the username to use for authentication
extAuthService.extAuth.apiKeyStorage.secretKey string The secret key to hash the API key with.
extAuthService.extAuth.floatingUserID bool Set to true to use a floating user ID. false
extAuthService.extAuth.headersToRedact[] []string Headers that will be redacted in the server logs. [“authorization”]
extAuthService.extAuth.healthCheckFailTimeout int When receiving a termination signal, the pod waits this amount of seconds for a request that it can use to notify Envoy that it should fail the health check for this endpoint. If no request is received within this interval, the server will shutdown gracefully. The interval should be greater than the active health check interval configured in Envoy for this service. 15
extAuthService.extAuth.healthCheckHttpPath string Path for Envoy health checks. /healthcheck
extAuthService.extAuth.healthLivenessCheckHttpPath string Path for liveness health checks. /livenesscheck
extAuthService.extAuth.image struct Values for the extauth image.
extAuthService.extAuth.image.pullPolicy string Image pull policy. IfNotPresent
extAuthService.extAuth.image.registry string Image registry. gcr.io/gloo-mesh
extAuthService.extAuth.image.repository string Image name (repository). ext-auth-service
extAuthService.extAuth.image.tag string Version tag for the container. 0.55.3
extAuthService.extAuth.leaderElectionEnabled bool Enable leader election for ext-auth-service. false
extAuthService.extAuth.logLevel string Severity level to collect logs for. INFO
extAuthService.extAuth.namespacedRbac[] []struct Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource. [{“resources”:[],“namespaces”:[]}]
extAuthService.extAuth.namespacedRbac[].namespaces[] []string
extAuthService.extAuth.namespacedRbac[].resources[] []string
extAuthService.extAuth.opaServer struct Configuration for the optional OPA server sidecar.
extAuthService.extAuth.opaServer.additionalOpaEnv map[string, string] Additional OPA environment variables {}
extAuthService.extAuth.opaServer.additionalOpaEnv.<MAP_KEY> string Additional OPA environment variables
extAuthService.extAuth.opaServer.configYaml string OPA configuration yaml file
extAuthService.extAuth.opaServer.enabled bool Enable the OPA server. false
extAuthService.extAuth.opaServer.image struct Values for the sidecar OPA Server image.
extAuthService.extAuth.opaServer.image.pullPolicy string Image pull policy. IfNotPresent
extAuthService.extAuth.opaServer.image.registry string Image registry. openpolicyagent
extAuthService.extAuth.opaServer.image.repository string Image name (repository). opa
extAuthService.extAuth.opaServer.image.tag string Version tag for the container. 0.59.0
extAuthService.extAuth.pluginDirectory string Directory in which the server expects Go plugin .so files. /auth-plugins/
extAuthService.extAuth.replicas int Number of replicas to create 1
extAuthService.extAuth.resources struct Values for the container resource requests.
extAuthService.extAuth.resources.requests struct Minimum amount of compute resources required. For more info, see the Kubernetes documentation.
extAuthService.extAuth.resources.requests.cpu string Amount of CPU resource. 125m
extAuthService.extAuth.resources.requests.memory string Amount of memory resource. 256Mi
extAuthService.extAuth.runAsUser int User ID for the containers to run as. 10101
extAuthService.extAuth.service struct Configuration for the deployed extauth service.
extAuthService.extAuth.service.annotations map[string, string] Kubernetes service annotations. {}
extAuthService.extAuth.service.annotations.<MAP_KEY> string Kubernetes service annotations.
extAuthService.extAuth.service.debugNodePort int Only relevant if the service is of type NodePort. 32001
extAuthService.extAuth.service.debugPort int Port on the extauth server to pull logs from. 9091
extAuthService.extAuth.service.grpcNodePort int Only relevant if the service is of type NodePort. 32000
extAuthService.extAuth.service.grpcPort int Port the extauth server listens on for gRPC requests. 8083
extAuthService.extAuth.service.healthNodePort int Only relevant if the service is of type NodePort. 32002
extAuthService.extAuth.service.healthPort int Port the extauth server listens on for health checks. 8082
extAuthService.extAuth.service.type string Kubernetes service type. ClusterIP
extAuthService.extAuth.signingKey string Provide the server's secret signing key. If empty, a random key is generated.
extAuthService.extAuth.signingKeyFile struct Mount the secret as a file rather than pass the signing key as a environment variable. To ensure maximum security by default, the file is limited to 0440 permissions and the fsGroup matches the runAsGroup.
extAuthService.extAuth.signingKeyFile.enabled bool Mount the secret as a file. false
extAuthService.extAuth.signingKeyFile.fileMode int File permission. 288
extAuthService.extAuth.signingKeyFile.fsGroup int Group ID for volume ownership. 10101
extAuthService.extAuth.signingKeyFile.groupSettingEnabled bool Set to true to use a volume group. true
extAuthService.extAuth.signingKeyFile.runAsGroup int Group ID for the container to run as. 10101
extAuthService.extAuth.signingKeyFile.runAsUser int User ID for the container to run as. 10101
extAuthService.extAuth.userIdHeader string User ID header.
extAuthService.extAuth.watchNamespace string Namespaces to watch in your cluster. If omitted or empty, all namespaces are watched.
extAuthService.extraLabels map[string, string] Extra key-value pairs to add to the labels data of the extauth deployment. null
extAuthService.extraLabels.<MAP_KEY> string Extra key-value pairs to add to the labels data of the extauth deployment.
extAuthService.extraTemplateAnnotations map[string, string] Extra annotations to add to the extauth service pods. {“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"}
extAuthService.extraTemplateAnnotations.<MAP_KEY> string Extra annotations to add to the extauth service pods.
extAuthService.extraTemplateAnnotations.proxy.istio.io/config string Extra annotations to add to the extauth service pods. { “holdApplicationUntilProxyStarts”: true }
featureGates map[string, bool] Feature gates for Gloo Platform. Each feature can be enabled or disabled using a boolean value. For a list of supported features, see https://docs.solo.io/gloo-mesh-enterprise/main/reference/version/feature_gates/ {}
featureGates.<MAP_KEY> bool Feature gates for Gloo Platform. Each feature can be enabled or disabled using a boolean value. For a list of supported features, see https://docs.solo.io/gloo-mesh-enterprise/main/reference/version/feature_gates/
glooAgent struct
glooAgent struct Configuration for the Gloo agent.
glooAgent struct Configuration for the glooAgent deployment.
glooAgent.accessLogsBufferSize int Number of access logs to buffer per Envoy proxy. 50
glooAgent.deploymentOverrides struct Arbitrary overrides for the component's deployment template.
glooAgent.devMode bool Set to true to enable development mode for the logger, which can cause panics. Do not use in production. false
glooAgent.enabled bool Configuration for the Gloo agent. false
glooAgent.enabled bool Deploy a Gloo agent to the cluster. false
glooAgent.enabled bool Enable creation of the deployment/service. true
glooAgent.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}}]
glooAgent.extraEnvs struct Extra environment variables for the container
glooAgent.floatingUserId bool Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. false
glooAgent.image struct Container image.
glooAgent.image.pullPolicy string Image pull policy. IfNotPresent
glooAgent.image.pullSecret string Image pull secret.
glooAgent.image.registry string Image registry. gcr.io/gloo-mesh
glooAgent.image.repository string Image name (repository). gloo-mesh-agent
glooAgent.image.tag string Version tag for the container image.
glooAgent.insecure bool Permit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production. false
glooAgent.istiodSidecar struct Configuration for the istiod sidecar deployment.
glooAgent.istiodSidecar.createRoleBinding bool Create the cluster role binding for the istiod sidecar. Set this value to ‘true’ only when using the Vault integration. false
glooAgent.istiodSidecar.istiodServiceAccount struct Object reference for the istiod service account.
glooAgent.istiodSidecar.istiodServiceAccount.name string istiod
glooAgent.istiodSidecar.istiodServiceAccount.namespace string istio-system
glooAgent.leaderElection bool Enable leader election for the high-availability deployment. false
glooAgent.maxGrpcMessageSize string Maximum message size for gRPC messages sent and received by the management server. 4294967295
glooAgent.metricsBufferSize int Number of metrics messages to buffer per Envoy proxy. 50
glooAgent.namespacedRbac[] []struct Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource. [{“resources”:[],“namespaces”:[]}]
glooAgent.namespacedRbac[].namespaces[] []string
glooAgent.namespacedRbac[].resources[] []string
glooAgent.ports map[string, uint32] Service ports as a map from port name to port number. {“grpc”:9977,“grpc-internaladmin”:31337,“healthcheck”:8091,“http”:9988,“stats”:9093}
glooAgent.ports.<MAP_KEY> uint32 Service ports as a map from port name to port number.
glooAgent.ports.grpc uint32 Service ports as a map from port name to port number. 9977
glooAgent.ports.grpc-internaladmin uint32 Service ports as a map from port name to port number. 31337
glooAgent.ports.healthcheck uint32 Service ports as a map from port name to port number. 8091
glooAgent.ports.http uint32 Service ports as a map from port name to port number. 9988
glooAgent.ports.stats uint32 Service ports as a map from port name to port number. 9093
glooAgent.readOnlyGeneratedResources bool If true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI. false
glooAgent.relay struct Configuration for securing relay communication between the workload agents and the management server.
glooAgent.relay.authority string SNI name in the authority/host header used to connect to relay forwarding server. Must match server certificate CommonName. Do not change the default value.
glooAgent.relay.clientTlsSecret struct Custom certs: Secret containing client TLS certs used to identify the Gloo agent to the management server. If you do not specify a clientTlssSecret, you must specify a tokenSecret and a rootTlsSecret.
glooAgent.relay.clientTlsSecret.name string relay-client-tls-secret
glooAgent.relay.clientTlsSecret.namespace string
glooAgent.relay.clientTlsSecretRotationGracePeriodRatio string The ratio of the client TLS certificate lifetime to when the management server starts the certificate rotation process.
glooAgent.relay.rootTlsSecret struct Secret containing a root TLS cert used to verify the management server cert. The secret can also optionally specify a ‘tls.key’, which is used to generate the agent client cert.
glooAgent.relay.rootTlsSecret.name string relay-root-tls-secret
glooAgent.relay.rootTlsSecret.namespace string
glooAgent.relay.serverAddress string Address and port by which gloo-mesh-mgmt-server in the Gloo control plane can be accessed by the Gloo workload agents.
glooAgent.relay.tokenSecret struct Secret containing a shared token for authenticating Gloo agents when they first communicate with the management server. A token secret is not needed with ACM certs.
glooAgent.relay.tokenSecret.key string Key value of the data within the Kubernetes secret. token
glooAgent.relay.tokenSecret.name string Name of the Kubernetes secret. relay-identity-token-secret
glooAgent.relay.tokenSecret.namespace string Namespace of the Kubernetes secret.
glooAgent.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}
glooAgent.runAsSidecar bool Run Gloo agent as a sidecar of the Gloo mesh server pod. false
glooAgent.runAsUser uint32 Static user ID to run the containers as. Unused if floatingUserId is ‘true’. 10101
glooAgent.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooAgent.serviceOverrides struct Arbitrary overrides for the component's service template.
glooAgent.serviceType string Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. ClusterIP
glooAgent.sidecars map[string, struct] Optional configuration for the deployed containers. {}
glooAgent.sidecars.<MAP_KEY> struct Optional configuration for the deployed containers.
glooAgent.sidecars.<MAP_KEY>.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation.
glooAgent.sidecars.<MAP_KEY>.extraEnvs struct Extra environment variables for the container
glooAgent.sidecars.<MAP_KEY>.image struct Container image.
glooAgent.sidecars.<MAP_KEY>.image.pullPolicy string Image pull policy.
glooAgent.sidecars.<MAP_KEY>.image.pullSecret string Image pull secret.
glooAgent.sidecars.<MAP_KEY>.image.registry string Image registry.
glooAgent.sidecars.<MAP_KEY>.image.repository string Image name (repository).
glooAgent.sidecars.<MAP_KEY>.image.tag string Version tag for the container image.
glooAgent.sidecars.<MAP_KEY>.resources struct Container resource requirements. For more info, see the Kubernetes documentation.
glooAgent.sidecars.<MAP_KEY>.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooAgent.verbose bool Enable verbose/debug logging. false
glooAnalyzer struct
glooAnalyzer struct Configuration for the Gloo analyzer.
glooAnalyzer struct Configuration for the glooAnalyzer deployment.
glooAnalyzer.deploymentOverrides struct Arbitrary overrides for the component's deployment template.
glooAnalyzer.enabled bool Enable creation of the deployment/service. true
glooAnalyzer.enabled bool Enable the Gloo analyzer to gather data about your Istio environment that Gloo Mesh Core uses to return insights. false
glooAnalyzer.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}}]
glooAnalyzer.extraEnvs struct Extra environment variables for the container
glooAnalyzer.floatingUserId bool Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. false
glooAnalyzer.image struct Container image.
glooAnalyzer.image.pullPolicy string Image pull policy. IfNotPresent
glooAnalyzer.image.pullSecret string Image pull secret.
glooAnalyzer.image.registry string Image registry. gcr.io/gloo-mesh
glooAnalyzer.image.repository string Image name (repository). gloo-mesh-analyzer
glooAnalyzer.image.tag string Version tag for the container image.
glooAnalyzer.interval uint Gloo Analyzer polling interval (in seconds) 30
glooAnalyzer.istioAdminNamespace string Select the admin namespace of your Istio installation. Defaults to istio-system. istio-system
glooAnalyzer.ports map[string, uint32] Service ports as a map from port name to port number. {“stats”:9095}
glooAnalyzer.ports.<MAP_KEY> uint32 Service ports as a map from port name to port number.
glooAnalyzer.ports.stats uint32 Service ports as a map from port name to port number. 9095
glooAnalyzer.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}
glooAnalyzer.runAsSidecar bool Run the Gloo analyzer as a sidecar to the Gloo management server in single cluster or to the Gloo agent in multicluster environments. true
glooAnalyzer.runAsUser uint32 Static user ID to run the containers as. Unused if floatingUserId is ‘true’. 10101
glooAnalyzer.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooAnalyzer.serviceOverrides struct Arbitrary overrides for the component's service template.
glooAnalyzer.serviceType string Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. ClusterIP
glooAnalyzer.sidecars map[string, struct] Optional configuration for the deployed containers. {}
glooAnalyzer.sidecars.<MAP_KEY> struct Optional configuration for the deployed containers.
glooAnalyzer.sidecars.<MAP_KEY>.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation.
glooAnalyzer.sidecars.<MAP_KEY>.extraEnvs struct Extra environment variables for the container
glooAnalyzer.sidecars.<MAP_KEY>.image struct Container image.
glooAnalyzer.sidecars.<MAP_KEY>.image.pullPolicy string Image pull policy.
glooAnalyzer.sidecars.<MAP_KEY>.image.pullSecret string Image pull secret.
glooAnalyzer.sidecars.<MAP_KEY>.image.registry string Image registry.
glooAnalyzer.sidecars.<MAP_KEY>.image.repository string Image name (repository).
glooAnalyzer.sidecars.<MAP_KEY>.image.tag string Version tag for the container image.
glooAnalyzer.sidecars.<MAP_KEY>.resources struct Container resource requirements. For more info, see the Kubernetes documentation.
glooAnalyzer.sidecars.<MAP_KEY>.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooAnalyzer.verbose bool Enable verbose/debug logging. false
glooInsightsEngine struct
glooInsightsEngine struct Configuration for Gloo Core Insights.
glooInsightsEngine struct Configuration for the glooInsightsEngine deployment.
glooInsightsEngine.concurrency uint amount of concurrency to use for gloo core insights engine operations 50
glooInsightsEngine.deploymentOverrides struct Arbitrary overrides for the component's deployment template.
glooInsightsEngine.devMode bool Set to true to enable development mode for the logger, which can cause panics. Do not use in production. false
glooInsightsEngine.enabled bool Enable creation of the deployment/service. true
glooInsightsEngine.enabled bool enables gloo core insights engine false
glooInsightsEngine.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“POD_UID”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.uid”}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}},{“name”:“LICENSE_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“gloo-mesh-enterprise-license”,“key”:“key”,“optional”:true}}},{“name”:“REDIS_USERNAME”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“username”,“optional”:true}}},{“name”:“REDIS_PASSWORD”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“password”,“optional”:true}}}]
glooInsightsEngine.extraEnvs struct Extra environment variables for the container
glooInsightsEngine.floatingUserId bool Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. false
glooInsightsEngine.gcInterval uint Insights Engine garbage collection interval (in seconds) 5
glooInsightsEngine.image struct Container image.
glooInsightsEngine.image.pullPolicy string Image pull policy. IfNotPresent
glooInsightsEngine.image.pullSecret string Image pull secret.
glooInsightsEngine.image.registry string Image registry. gcr.io/gloo-mesh
glooInsightsEngine.image.repository string Image name (repository). gloo-mesh-insights
glooInsightsEngine.image.tag string Version tag for the container image.
glooInsightsEngine.leaderElection bool Enable leader election for the high-availability deployment. false
glooInsightsEngine.ports map[string, uint32] Service ports as a map from port name to port number. {“stats”:9094}
glooInsightsEngine.ports.<MAP_KEY> uint32 Service ports as a map from port name to port number.
glooInsightsEngine.ports.stats uint32 Service ports as a map from port name to port number. 9094
glooInsightsEngine.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
glooInsightsEngine.runAsSidecar bool run as a sidecar of the Gloo mesh server pod. true
glooInsightsEngine.runAsUser uint32 Static user ID to run the containers as. Unused if floatingUserId is ‘true’. 10101
glooInsightsEngine.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooInsightsEngine.serviceOverrides struct Arbitrary overrides for the component's service template.
glooInsightsEngine.serviceType string Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. ClusterIP
glooInsightsEngine.sidecars map[string, struct] Optional configuration for the deployed containers. {}
glooInsightsEngine.sidecars.<MAP_KEY> struct Optional configuration for the deployed containers.
glooInsightsEngine.sidecars.<MAP_KEY>.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation.
glooInsightsEngine.sidecars.<MAP_KEY>.extraEnvs struct Extra environment variables for the container
glooInsightsEngine.sidecars.<MAP_KEY>.image struct Container image.
glooInsightsEngine.sidecars.<MAP_KEY>.image.pullPolicy string Image pull policy.
glooInsightsEngine.sidecars.<MAP_KEY>.image.pullSecret string Image pull secret.
glooInsightsEngine.sidecars.<MAP_KEY>.image.registry string Image registry.
glooInsightsEngine.sidecars.<MAP_KEY>.image.repository string Image name (repository).
glooInsightsEngine.sidecars.<MAP_KEY>.image.tag string Version tag for the container image.
glooInsightsEngine.sidecars.<MAP_KEY>.resources struct Container resource requirements. For more info, see the Kubernetes documentation.
glooInsightsEngine.sidecars.<MAP_KEY>.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooInsightsEngine.verbose bool Enable verbose/debug logging. false
glooMgmtServer struct
glooMgmtServer struct Configuration for the Gloo management server.
glooMgmtServer struct Configuration for the glooMgmtServer deployment.
glooMgmtServer.cloudResourcesDiscovery struct Configuration for automatic discovery of CloudResources.
glooMgmtServer.cloudResourcesDiscovery.enabled bool Enable automated discovery of CloudResources, such as AWS Lambda functions, based on CloudProvider configuration. true
glooMgmtServer.cloudResourcesDiscovery.pollingInterval uint16 Polling interval (in seconds) for calling AWS when attempting to discover CloudResources. 10
glooMgmtServer.concurrency uint16 Concurrency to use for translation operations. 10
glooMgmtServer.createGlobalWorkspace bool Single-cluster setups only: Create a global workspace that selects all namespaces, and create default workspace settings. false
glooMgmtServer.deploymentOverrides struct Arbitrary overrides for the component's deployment template.
glooMgmtServer.devMode bool Set to true to enable development mode for the logger, which can cause panics. Do not use in production. false
glooMgmtServer.enableClusterLoadBalancing bool Experimental: Enable cluster load balancing. The management server replicas attempt to auto-balance the number of registered workload clusters, based on the number of replicas and the number of total clusters. For example, the server might disconnect a workload cluster if the number of connected clusters is greater than the allotted number. false
glooMgmtServer.enabled bool Deploy the gloo-mesh-mgmt-server. false
glooMgmtServer.enabled bool Enable creation of the deployment/service. true
glooMgmtServer.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“POD_UID”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.uid”}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}},{“name”:“LICENSE_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“gloo-mesh-enterprise-license”,“key”:“key”,“optional”:true}}},{“name”:“REDIS_USERNAME”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“username”,“optional”:true}}},{“name”:“REDIS_PASSWORD”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“password”,“optional”:true}}}]
glooMgmtServer.extraEnvs struct Extra environment variables for the container
glooMgmtServer.floatingUserId bool Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. false
glooMgmtServer.image struct Container image.
glooMgmtServer.image.pullPolicy string Image pull policy. IfNotPresent
glooMgmtServer.image.pullSecret string Image pull secret.
glooMgmtServer.image.registry string Image registry. gcr.io/gloo-mesh
glooMgmtServer.image.repository string Image name (repository). gloo-mesh-mgmt-server
glooMgmtServer.image.tag string Version tag for the container image.
glooMgmtServer.insecure bool Permit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production. false
glooMgmtServer.leaderElection bool Enable leader election for the high-availability deployment. false
glooMgmtServer.maxGrpcMessageSize string Maximum message size for gRPC messages sent and received by the management server. 4294967295
glooMgmtServer.namespacedRbac[] []struct Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource. [{“resources”:[],“namespaces”:[]}]
glooMgmtServer.namespacedRbac[].namespaces[] []string
glooMgmtServer.namespacedRbac[].resources[] []string
glooMgmtServer.policyApis struct Configuration for Gloo Platform Managed APIs.
glooMgmtServer.policyApis.enabled bool disable policy apis for gloo platform resources true
glooMgmtServer.ports map[string, uint32] Service ports as a map from port name to port number. {“grpc”:9900,“healthcheck”:8090}
glooMgmtServer.ports.<MAP_KEY> uint32 Service ports as a map from port name to port number.
glooMgmtServer.ports.grpc uint32 Service ports as a map from port name to port number. 9900
glooMgmtServer.ports.healthcheck uint32 Service ports as a map from port name to port number. 8090
glooMgmtServer.readOnlyGeneratedResources bool If true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI. false
glooMgmtServer.registerCluster bool Set up the management cluster with the Gloo management server and a simple workspace that selects all registered clusters and namespaces by default. This way, you can get started quickly for single cluster or testing setups. For multicluster or production setups, use your own fine-grained workspaces instead. To complete your installation, make sure to enable all other Gloo components that you want, including the Gloo agent. false
glooMgmtServer.relay struct Configuration for certificates to secure server-agent relay communication. Required only for multicluster setups.
glooMgmtServer.relay.disableCa bool To disable relay CA functionality, set to true. Set to true only when you supply your custom client certs to the agents for relay mTLS. The gloo-mesh-mgmt-server pod will not require a token secret or the signing cert secret. The agent pod will not require the token secret, but will fail without a client cert. false
glooMgmtServer.relay.disableCaCertGeneration bool Do not auto-generate self-signed CA certificates. Set to true only when you supply own. false
glooMgmtServer.relay.disableTokenGeneration bool Do not create the relay token Kubernetes secret. Set to true only when you supply own. false
glooMgmtServer.relay.pushCrds bool Push CRD resources to the management server. true
glooMgmtServer.relay.pushRbac bool Push RBAC resources to the management server. Required for multicluster RBAC in the Gloo UI. true
glooMgmtServer.relay.signingTlsSecret struct Secret containing TLS certs used to sign CSRs created by workload agents.
glooMgmtServer.relay.signingTlsSecret.name string relay-tls-signing-secret
glooMgmtServer.relay.signingTlsSecret.namespace string
glooMgmtServer.relay.tlsSecret struct Secret containing client TLS certs used to secure the management server.
glooMgmtServer.relay.tlsSecret.name string relay-server-tls-secret
glooMgmtServer.relay.tlsSecret.namespace string
glooMgmtServer.relay.tokenSecret struct Secret containing a shared token for authenticating Gloo agents when they first communicate with the management server.
glooMgmtServer.relay.tokenSecret.key string Key value of the data within the Kubernetes secret. token
glooMgmtServer.relay.tokenSecret.name string Name of the Kubernetes secret. relay-identity-token-secret
glooMgmtServer.relay.tokenSecret.namespace string Namespace of the Kubernetes secret.
glooMgmtServer.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“125m”,“memory”:“1Gi”}}
glooMgmtServer.runAsUser uint32 Static user ID to run the containers as. Unused if floatingUserId is ‘true’. 10101
glooMgmtServer.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMgmtServer.serviceAccount struct Service account configuration to use for the management server deployment.
glooMgmtServer.serviceAccount.extraAnnotations map[string, string] Extra annotations to add to the service account. null
glooMgmtServer.serviceAccount.extraAnnotations.<MAP_KEY> string Extra annotations to add to the service account.
glooMgmtServer.serviceOverrides struct Arbitrary overrides for the component's service template.
glooMgmtServer.serviceType string Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. LoadBalancer
glooMgmtServer.sidecars map[string, struct] Optional configuration for the deployed containers. {}
glooMgmtServer.sidecars.<MAP_KEY> struct Optional configuration for the deployed containers.
glooMgmtServer.sidecars.<MAP_KEY>.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation.
glooMgmtServer.sidecars.<MAP_KEY>.extraEnvs struct Extra environment variables for the container
glooMgmtServer.sidecars.<MAP_KEY>.image struct Container image.
glooMgmtServer.sidecars.<MAP_KEY>.image.pullPolicy string Image pull policy.
glooMgmtServer.sidecars.<MAP_KEY>.image.pullSecret string Image pull secret.
glooMgmtServer.sidecars.<MAP_KEY>.image.registry string Image registry.
glooMgmtServer.sidecars.<MAP_KEY>.image.repository string Image name (repository).
glooMgmtServer.sidecars.<MAP_KEY>.image.tag string Version tag for the container image.
glooMgmtServer.sidecars.<MAP_KEY>.resources struct Container resource requirements. For more info, see the Kubernetes documentation.
glooMgmtServer.sidecars.<MAP_KEY>.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooMgmtServer.statsPort uint32 Port on the management server deployment to pull stats from. 9091
glooMgmtServer.verbose bool Enable verbose/debug logging. false
glooNetwork struct Gloo Network configuration options.
glooNetwork.agent struct Values for the Gloo Network Agent DaemonSet.
glooNetwork.agent.bpfRoot string File path where eBPF programs run. /sys/fs/bpf
glooNetwork.agent.debug bool Run the Network agent in debug mode. false
glooNetwork.agent.fullname string Name of the Network agent deployment. gloo-network-agent
glooNetwork.agent.image struct Values for the Network agent image.
glooNetwork.agent.image.hub string Image registry. us-docker.pkg.dev
glooNetwork.agent.image.pullPolicy string Image pull policy. Always
glooNetwork.agent.image.repository string Image name (repository). gloo-mesh/gloo-network-agent-8d33bc4d8c7a/gloo-network-agent
glooNetwork.agent.image.tag string Version tag for the container. 0.2.3
glooNetwork.agent.resources struct Values for the container and init container.
glooNetwork.agent.resources.container struct Resource values for the container.
glooNetwork.agent.resources.container.limit struct Maximum amount of compute resources allowed. For more info, see the Kubernetes documentation.
glooNetwork.agent.resources.container.limit.cpu string Amount of CPU resource. 300m
glooNetwork.agent.resources.container.limit.memory string Amount of memory resource. 200Mi
glooNetwork.agent.resources.container.request struct Minimum amount of compute resources required. For more info, see the Kubernetes documentation.
glooNetwork.agent.resources.container.request.cpu string Amount of CPU resource. 100m
glooNetwork.agent.resources.container.request.memory string Amount of memory resource. 200Mi
glooNetwork.agent.resources.init struct Resource values for the init container.
glooNetwork.agent.resources.init.limit struct Maximum amount of compute resources allowed. For more info, see the Kubernetes documentation.
glooNetwork.agent.resources.init.limit.cpu string Amount of CPU resource. 300m
glooNetwork.agent.resources.init.limit.memory string Amount of memory resource. 50Mi
glooNetwork.agent.resources.init.request struct Minimum amount of compute resources required. For more info, see the Kubernetes documentation.
glooNetwork.agent.resources.init.request.cpu string Amount of CPU resource. 100m
glooNetwork.agent.resources.init.request.memory string Amount of memory resource. 50Mi
glooNetwork.agent.revisionHistoryLimit int Number of old ReplicaSets for the agent deployment you want to retain. 10
glooNetwork.enabled bool Install the Gloo Network-specific agent functionality only if you provided a Gloo Network license key. false
glooPortalServer struct
glooPortalServer struct Configuration for the glooPortalServer deployment.
glooPortalServer.apiKeyStorage struct Configure backend storage for API keys.
glooPortalServer.apiKeyStorage.redis struct Configuration for using a Redis instance for authentication.
glooPortalServer.apiKeyStorage.redis.address string Address to use when connecting to the Redis instance. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’.
glooPortalServer.apiKeyStorage.redis.auth struct Optional authentication values to use when connecting to the Redis instance
glooPortalServer.apiKeyStorage.redis.auth.enabled bool Connect to the Redis instance with a password false
glooPortalServer.apiKeyStorage.redis.auth.passwordKey string The secret key containing the password to use for authentication
glooPortalServer.apiKeyStorage.redis.auth.secretName string Name of the k8s secret that contains the password
glooPortalServer.apiKeyStorage.redis.auth.usernameKey string The secret key containing the username to use for authentication
glooPortalServer.apiKeyStorage.redis.certs struct Configuration for TLS verification when connecting to the Redis instance
glooPortalServer.apiKeyStorage.redis.certs.caCertKey string The secret key containing the ca cert
glooPortalServer.apiKeyStorage.redis.certs.enabled bool Enable a secure network connection to the Redis instance via TLS false
glooPortalServer.apiKeyStorage.redis.certs.secretName string Name of the k8s secret that contains the certs
glooPortalServer.apiKeyStorage.redis.connection struct Optional connection parameters
glooPortalServer.apiKeyStorage.redis.connection.connMaxIdleTime string The maximum amount of time a connection may be idle. Should be less than server's timeout. Default is 30 minutes. -1 disables idle timeout check. 30m
glooPortalServer.apiKeyStorage.redis.connection.connMaxLifetime string The maximum amount of time a connection may be reused. If <= 0, connections are not closed due to a connection's age. 0
glooPortalServer.apiKeyStorage.redis.connection.contextTimeoutEnabled bool ContextTimeoutEnabled controls whether the client respects context timeouts and deadlines. false
glooPortalServer.apiKeyStorage.redis.connection.dialTimeout string Dial timeout for establishing new connections. Default is 5 seconds. 5s
glooPortalServer.apiKeyStorage.redis.connection.idleTimeout string Deprecated: in favor of ‘connMaxIdleTime’. Amount of time after which client closes idle connections. Should be less than server's timeout. Default is 30 minutes. -1 disables idle timeout check. 30m
glooPortalServer.apiKeyStorage.redis.connection.masterName string The master name. Only needed for sentinel mode.
glooPortalServer.apiKeyStorage.redis.connection.maxConnAge string Deprecated: in favor of using ‘connMaxLifetime’. Connection age at which client retires (closes) the connection. Default is to not close aged connections. 0
glooPortalServer.apiKeyStorage.redis.connection.maxIdleConns int Maximum number of idle connections. 0
glooPortalServer.apiKeyStorage.redis.connection.maxRedirects int The maximum number of retries before giving up. Command is retried on network errors and MOVED/ASK redirects. Default is 3 retries. 3
glooPortalServer.apiKeyStorage.redis.connection.maxRetries int Maximum number of retries before giving up. Default is 3. -1 disables retries. 3
glooPortalServer.apiKeyStorage.redis.connection.maxRetryBackoff string Maximum backoff between each retry. Default is 512 milliseconds. -1 disables backoff. 512ms
glooPortalServer.apiKeyStorage.redis.connection.minIdleConns int Minimum number of idle connections which is useful when establishing new connection is slow. 0
glooPortalServer.apiKeyStorage.redis.connection.minRetryBackoff string Minimum backoff between each retry. Default is 8 milliseconds. -1 disables backoff. 8ms
glooPortalServer.apiKeyStorage.redis.connection.poolFifo bool Type of connection pool. true for FIFO pool. false for LIFO pool. Note that FIFO has higher overhead compared to LIFO. false
glooPortalServer.apiKeyStorage.redis.connection.poolSize int Maximum number of socket connections. Default is 10 connections per every available CPU as reported by runtime.GOMAXPROCS. 0
glooPortalServer.apiKeyStorage.redis.connection.poolTimeout string Amount of time client waits for connection if all connections are busy before returning an error. Default is ReadTimeout + 1 second. 4s
glooPortalServer.apiKeyStorage.redis.connection.readOnly bool Enables read-only commands on slave nodes. Default is false. false
glooPortalServer.apiKeyStorage.redis.connection.readTimeout string Timeout for socket reads. if reached, commands will fail with a timeout instead of blocking. Default is 3 seconds. -1 disables timeout. 0 uses the default value. 3s
glooPortalServer.apiKeyStorage.redis.connection.routeByLatency bool Allows routing read-only commands to the closest master or slave node. It automatically enables ReadOnly. false
glooPortalServer.apiKeyStorage.redis.connection.routeRandomly bool Allows routing read-only commands to the random master or slave node. It automatically enables ReadOnly. false
glooPortalServer.apiKeyStorage.redis.connection.writeTimeout string Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Default is ReadTimeout. 3s
glooPortalServer.apiKeyStorage.redis.db int DB to connect to 0
glooPortalServer.apiKeyStorage.secretKey string The string value that you want to use to hash API keys before they are stored in the backing database. change this
glooPortalServer.apiKeyStorage.type string Backend storage for API keys. Currently, redis is supported. redis
glooPortalServer.deploymentOverrides struct Arbitrary overrides for the component's deployment template.
glooPortalServer.devMode bool Set to true to enable development mode for the logger, which can cause panics. Do not use in production. false
glooPortalServer.enabled bool Deploy the Portal server for Gloo Platform Portal to the cluster. false
glooPortalServer.enabled bool Enable creation of the deployment/service. true
glooPortalServer.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“APIKEY_STORAGE_SECRET_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“portal-storage-secret-key”,“key”:“key”}}},{“name”:“REDIS_USERNAME”,“valueFrom”:{“secretKeyRef”:{“name”:“portal-redis-credentials”,“key”:“username”,“optional”:true}}},{“name”:“REDIS_PASSWORD”,“valueFrom”:{“secretKeyRef”:{“name”:“portal-redis-credentials”,“key”:“password”,“optional”:true}}}]
glooPortalServer.extraEnvs struct Extra environment variables for the container
glooPortalServer.floatingUserId bool Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. false
glooPortalServer.image struct Container image.
glooPortalServer.image.pullPolicy string Image pull policy. IfNotPresent
glooPortalServer.image.pullSecret string Image pull secret.
glooPortalServer.image.registry string Image registry. gcr.io/gloo-mesh
glooPortalServer.image.repository string Image name (repository). gloo-mesh-portal-server
glooPortalServer.image.tag string Version tag for the container image.
glooPortalServer.ports map[string, uint32] Service ports as a map from port name to port number. {“http”:8080}
glooPortalServer.ports.<MAP_KEY> uint32 Service ports as a map from port name to port number.
glooPortalServer.ports.http uint32 Service ports as a map from port name to port number. 8080
glooPortalServer.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}
glooPortalServer.runAsUser uint32 Static user ID to run the containers as. Unused if floatingUserId is ‘true’. 10101
glooPortalServer.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooPortalServer.serviceOverrides struct Arbitrary overrides for the component's service template.
glooPortalServer.serviceType string Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. ClusterIP
glooPortalServer.sidecars map[string, struct] Optional configuration for the deployed containers. {}
glooPortalServer.sidecars.<MAP_KEY> struct Optional configuration for the deployed containers.
glooPortalServer.sidecars.<MAP_KEY>.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation.
glooPortalServer.sidecars.<MAP_KEY>.extraEnvs struct Extra environment variables for the container
glooPortalServer.sidecars.<MAP_KEY>.image struct Container image.
glooPortalServer.sidecars.<MAP_KEY>.image.pullPolicy string Image pull policy.
glooPortalServer.sidecars.<MAP_KEY>.image.pullSecret string Image pull secret.
glooPortalServer.sidecars.<MAP_KEY>.image.registry string Image registry.
glooPortalServer.sidecars.<MAP_KEY>.image.repository string Image name (repository).
glooPortalServer.sidecars.<MAP_KEY>.image.tag string Version tag for the container image.
glooPortalServer.sidecars.<MAP_KEY>.resources struct Container resource requirements. For more info, see the Kubernetes documentation.
glooPortalServer.sidecars.<MAP_KEY>.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooPortalServer.verbose bool Enable verbose/debug logging. false
glooSpireServer struct
glooSpireServer struct Configuration for the glooSpireServer deployment.
glooSpireServer.controller struct
glooSpireServer.controller struct Sidecar controller configuration.
glooSpireServer.controller.leaderElection bool Enable leader election for the controller. Enabling this will ensure there is only one active controller. true
glooSpireServer.controller.verbose bool Enable verbose/debug logging. true
glooSpireServer.deploymentOverrides struct Arbitrary overrides for the component's deployment template.
glooSpireServer.enabled bool Enable SPIRE server component. false
glooSpireServer.enabled bool Enable creation of the deployment/service. true
glooSpireServer.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}]
glooSpireServer.extraEnvs struct Extra environment variables for the container
glooSpireServer.floatingUserId bool Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. false
glooSpireServer.image struct Container image.
glooSpireServer.image.pullPolicy string Image pull policy. IfNotPresent
glooSpireServer.image.pullSecret string Image pull secret.
glooSpireServer.image.registry string Image registry. ghcr.io/spiffe
glooSpireServer.image.repository string Image name (repository). spire-server
glooSpireServer.image.tag string Version tag for the container image.
glooSpireServer.plugins struct Plugins configuration.
glooSpireServer.plugins.datastore struct Datastore configuration
glooSpireServer.plugins.datastore.clientCertPath string Path to the client certificate for the datastore connection (MySQL only).
glooSpireServer.plugins.datastore.clientKeyPath string Path to the client key for the datastore connection (MySQL only).
glooSpireServer.plugins.datastore.connectionString string Connection string for the database. /run/spire/data/datastore.sqlite3
glooSpireServer.plugins.datastore.databaseType string Database type: postgres, mysql, or sqlite3. sqlite3
glooSpireServer.plugins.datastore.disableMigration bool Disable automatic datastore migration. Use of this flag allows finer control over when datastore migrations occur and coordination of the migration of a datastore shared with a SPIRE Server cluster. Defaults to false. false
glooSpireServer.plugins.datastore.enableTls bool Enable TLS for the datatore connection. false
glooSpireServer.plugins.datastore.maxConnectionLifetime string Maximum amount of time a connection may be reused. Defaults to unlimited.
glooSpireServer.plugins.datastore.maxIdleConnections int Maximum number of idle connections to the datastore. Defaults to 2. 0
glooSpireServer.plugins.datastore.maxOpenConnections int Maximum number of open connections to the datastore. Defaults to unlimited. 0
glooSpireServer.plugins.datastore.rootCaPath string Path to the root CA certificate for the datastore connection (MySQL only).
glooSpireServer.plugins.nodeAttestor struct Node attestor configuration
glooSpireServer.plugins.nodeAttestor.aws struct AWS node attestor configuration.
glooSpireServer.plugins.nodeAttestor.aws.accessKeyId string AWS access key ID for long term credentials. Defaults to AWS_ACCESS_KEY_ID environment variable.
glooSpireServer.plugins.nodeAttestor.aws.assumeRole string The ARN of the role to assume when making AWS API calls.
glooSpireServer.plugins.nodeAttestor.aws.disableInstanceProfileSelectors bool Disables retrieving the attesting instance profile information that is used in the selectors. Useful in cases where the server cannot reach iam.amazonaws.com. Defaults to false. false
glooSpireServer.plugins.nodeAttestor.aws.enabled bool Enables the AWS node attestor. Defaults to false. false
glooSpireServer.plugins.nodeAttestor.aws.secretAccessKey string AWS secret access key for long term credentials. Defaults to AWS_SECRET_ACCESS_KEY environment variable.
glooSpireServer.plugins.nodeAttestor.aws.skipBlockDevice bool Skip anti-tampering mechanism which checks to make sure that the underlying root volume has not been detached prior to attestation. Defaults to false. false
glooSpireServer.plugins.nodeAttestor.azure struct Azure node attestor configuration.
glooSpireServer.plugins.nodeAttestor.azure.enabled bool Enables the Azure node attestor. Defaults to false. false
glooSpireServer.plugins.nodeAttestor.azure.tenants map[string, struct] Azure tenants configuration. The key is the tenant ID and the value is the configuration for that tenant. null
glooSpireServer.plugins.nodeAttestor.azure.tenants.<MAP_KEY> struct Azure tenants configuration. The key is the tenant ID and the value is the configuration for that tenant.
glooSpireServer.plugins.nodeAttestor.azure.tenants.<MAP_KEY>.appId string Application ID of a registered application in Azure AD.
glooSpireServer.plugins.nodeAttestor.azure.tenants.<MAP_KEY>.appSecret string Application secret of a registered application in Azure AD.
glooSpireServer.plugins.nodeAttestor.azure.tenants.<MAP_KEY>.resourceId string The resource ID (or audience) for the tenant's MSI token. Tokens for a different resource ID are rejected. Defaults to https://management.azure.com/.
glooSpireServer.plugins.nodeAttestor.azure.tenants.<MAP_KEY>.subscriptionId string The ID of the subscription the tenant resides in.
glooSpireServer.plugins.nodeAttestor.azure.tenants.<MAP_KEY>.useMsi bool Whether or not to use MSI to authenticate to Azure services for selector resolution. Defaults to false.
glooSpireServer.plugins.nodeAttestor.gcp struct GCP node attestor configuration.
glooSpireServer.plugins.nodeAttestor.gcp.allowedLabelKeys[] []string List of instance label keys that are allowed to be used in selectors. null
glooSpireServer.plugins.nodeAttestor.gcp.allowedMetadataKeys[] []string List of instance metadata keys that are allowed to be used in selectors. null
glooSpireServer.plugins.nodeAttestor.gcp.allowedProjectIds[] []string List of Project IDs from which nodes can be attested. null
glooSpireServer.plugins.nodeAttestor.gcp.enabled bool Enables the GCP node attestor. Defaults to false. false
glooSpireServer.plugins.nodeAttestor.gcp.maxMetadataValueSize uint16 Maximum instance metadata value size considered by the node attestor. Defaults to 128 KiB. 128
glooSpireServer.plugins.nodeAttestor.gcp.useInstanceMetadata bool If true, instance metadata is fetched from the Google Compute Engine API and used to augment the node selectors produced by the node attestor. Defaults to true. true
glooSpireServer.plugins.upstreamAuthority struct Upstream authority configuration
glooSpireServer.plugins.upstreamAuthority.certManager struct Upstream authority cert-manager configuration.
glooSpireServer.plugins.upstreamAuthority.certManager.enabled bool Enables the cert-manager upstream authority plugin. Defaults to false. false
glooSpireServer.plugins.upstreamAuthority.certManager.issuerGroup string The group of the issuer to reference in CertificateRequests. Defaults to ‘cert-manager.io’ if empty. cert-manager.io
glooSpireServer.plugins.upstreamAuthority.certManager.issuerKind string The kind of the issuer to reference in CertificateRequests. Defaults to ‘Issuer’ if empty. Issuer
glooSpireServer.plugins.upstreamAuthority.certManager.issuerName string The name of the issuer to reference in CertificateRequests.
glooSpireServer.plugins.upstreamAuthority.certManager.namespace string The namespace to create CertificateRequests for signing.
glooSpireServer.plugins.upstreamAuthority.disk struct Upstream authority disk configuration.
glooSpireServer.plugins.upstreamAuthority.disk.bundleFilePath string Path to the PEM encoded upstream authority root certificate file. If SPIRE is using self-signed CA, this can be left unset. /run/spire/certs/root-cert.pem
glooSpireServer.plugins.upstreamAuthority.disk.certFilePath string Path to the PEM encoded upstream authority certificate file. /run/spire/certs/cert-chain.pem
glooSpireServer.plugins.upstreamAuthority.disk.enabled bool Enables the disk upstream authority plugin. Defaults to true. true
glooSpireServer.plugins.upstreamAuthority.disk.keyFilePath string Path to the PEM encoded upstream authority key file. /run/spire/certs/ca-key.pem
glooSpireServer.ports map[string, uint32] Service ports as a map from port name to port number. {“api”:8081}
glooSpireServer.ports.<MAP_KEY> uint32 Service ports as a map from port name to port number.
glooSpireServer.ports.api uint32 Service ports as a map from port name to port number. 8081
glooSpireServer.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}
glooSpireServer.runAsUser uint32 Static user ID to run the containers as. Unused if floatingUserId is ‘true’. 10101
glooSpireServer.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooSpireServer.server struct Server configuration.
glooSpireServer.server.agentTtl string TTL for the SPIRE agent SVIDs specified as as number and unit suffix, such as 1h for 1 hour. Defaults to 48 hours. 48h
glooSpireServer.server.caTtl string TTL for the SPIRE server CA specified as as number and unit suffix, such as 87600h for 87600 hours. 87600h
glooSpireServer.server.defaultX509SvidTtl string Default TTL for all X509 SVIDs specified as as number and unit suffix, such as 1h for 1 hour. Defaults to 48 hours. 48h
glooSpireServer.server.logLevel string Log level of SPIRE server. DEBUG
glooSpireServer.server.trustDomain string Trust domain of SPIRE server. cluster.local
glooSpireServer.serviceOverrides struct Arbitrary overrides for the component's service template.
glooSpireServer.serviceType string Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. ClusterIP
glooSpireServer.sidecars map[string, struct] Optional configuration for the deployed containers. {“glooSpireController”:{“image”:{“repository”:“gloo-mesh-spire-controller”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}],“extraEnvs”:{},“resources”:{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}}}
glooSpireServer.sidecars.<MAP_KEY> struct Optional configuration for the deployed containers.
glooSpireServer.sidecars.<MAP_KEY>.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation.
glooSpireServer.sidecars.<MAP_KEY>.extraEnvs struct Extra environment variables for the container
glooSpireServer.sidecars.<MAP_KEY>.image struct Container image.
glooSpireServer.sidecars.<MAP_KEY>.image.pullPolicy string Image pull policy.
glooSpireServer.sidecars.<MAP_KEY>.image.pullSecret string Image pull secret.
glooSpireServer.sidecars.<MAP_KEY>.image.registry string Image registry.
glooSpireServer.sidecars.<MAP_KEY>.image.repository string Image name (repository).
glooSpireServer.sidecars.<MAP_KEY>.image.tag string Version tag for the container image.
glooSpireServer.sidecars.<MAP_KEY>.resources struct Container resource requirements. For more info, see the Kubernetes documentation.
glooSpireServer.sidecars.<MAP_KEY>.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooSpireServer.sidecars.glooSpireController struct Optional configuration for the deployed containers.
glooSpireServer.sidecars.glooSpireController.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}]
glooSpireServer.sidecars.glooSpireController.extraEnvs struct Extra environment variables for the container
glooSpireServer.sidecars.glooSpireController.image struct Container image.
glooSpireServer.sidecars.glooSpireController.image.pullPolicy string Image pull policy. IfNotPresent
glooSpireServer.sidecars.glooSpireController.image.pullSecret string Image pull secret.
glooSpireServer.sidecars.glooSpireController.image.registry string Image registry. gcr.io/gloo-mesh
glooSpireServer.sidecars.glooSpireController.image.repository string Image name (repository). gloo-mesh-spire-controller
glooSpireServer.sidecars.glooSpireController.image.tag string Version tag for the container image.
glooSpireServer.sidecars.glooSpireController.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}
glooSpireServer.sidecars.glooSpireController.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooUi struct
glooUi struct Configuration for the glooUi deployment.
glooUi.auth struct Configure authentication for the UI.
glooUi.auth.backend string Authentication backend to use. ‘oidc’ is supported.
glooUi.auth.enabled bool Require authentication to access the UI. false
glooUi.auth.oidc struct Settings for the OpenID Connect (OIDC) backend.
glooUi.auth.oidc.appUrl string URL that the UI for OIDC app is available at, from the DNS and other ingress settings that expose OIDC app UI service.
glooUi.auth.oidc.clientId string OIDC client ID
glooUi.auth.oidc.clientSecret string Plaintext OIDC client secret, which will be encoded in base64 and stored in a secret named the value of ‘clientSecretName’.
glooUi.auth.oidc.clientSecretName string Name for the secret that will contain the client secret.
glooUi.auth.oidc.issuerUrl string Issuer URL from the OIDC provider, such as ‘https://.<provider_url>/'.
glooUi.auth.oidc.session struct Session storage configuration. If omitted, a cookie is used.
glooUi.auth.oidc.session.backend string Backend to use for auth session storage. ‘cookie’ and ‘redis’ are supported.
glooUi.auth.oidc.session.redis struct Redis instance configuration.
glooUi.auth.oidc.session.redis.host string Host at which the Redis instance is accessible. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’.
glooUi.basePath string Base path that the UI expects to be rendered on. /
glooUi.deploymentOverrides struct Arbitrary overrides for the component's deployment template.
glooUi.enabled bool Deploy the gloo-mesh-ui. false
glooUi.enabled bool Enable creation of the deployment/service. true
glooUi.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“LICENSE_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“gloo-mesh-enterprise-license”,“key”:“key”,“optional”:true}}},{“name”:“REDIS_USERNAME”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“username”,“optional”:true}}},{“name”:“REDIS_PASSWORD”,“valueFrom”:{“secretKeyRef”:{“name”:“redis-auth-secrets”,“key”:“password”,“optional”:true}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}}]
glooUi.extraEnvs struct Extra environment variables for the container
glooUi.floatingUserId bool Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. false
glooUi.image struct Container image.
glooUi.image.pullPolicy string Image pull policy. IfNotPresent
glooUi.image.pullSecret string Image pull secret.
glooUi.image.registry string Image registry. gcr.io/gloo-mesh
glooUi.image.repository string Image name (repository). gloo-mesh-apiserver
glooUi.image.tag string Version tag for the container image.
glooUi.ipVersion string Configure IP version to ipv4, ipv6 or dualStack. Defaults to dualStack. dualStack
glooUi.licenseSecretName string Provide license keys in a secret in the adminNamespace of the management cluster, instead of in the license key fields.
glooUi.namespacedRbac[] []struct Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource. [{“resources”:[],“namespaces”:[]}]
glooUi.namespacedRbac[].namespaces[] []string
glooUi.namespacedRbac[].resources[] []string
glooUi.ports map[string, uint32] Service ports as a map from port name to port number. {“console”:8090,“grpc”:10101,“healthcheck”:8081}
glooUi.ports.<MAP_KEY> uint32 Service ports as a map from port name to port number.
glooUi.ports.console uint32 Service ports as a map from port name to port number. 8090
glooUi.ports.grpc uint32 Service ports as a map from port name to port number. 10101
glooUi.ports.healthcheck uint32 Service ports as a map from port name to port number. 8081
glooUi.prometheusClientCertSecretName string The name of the secret that contains the Prometheus client TLS certificates used to identify the UI client to the Prometheus server. The secret must be in the same namespace as the gloo-mesh-ui pod. Set this field only when you use a custom HTTPS Prometheus server.
glooUi.prometheusUrl string Prometheus server address.
glooUi.readOnlyGeneratedResources bool If true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI. false
glooUi.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
glooUi.runAsUser uint32 Static user ID to run the containers as. Unused if floatingUserId is ‘true’. 10101
glooUi.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooUi.serviceOverrides struct Arbitrary overrides for the component's service template.
glooUi.serviceType string Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. ClusterIP
glooUi.settingsName string Name of the UI settings object to use. settings
glooUi.sidecars map[string, struct] Optional configuration for the deployed containers. {“console”:{“image”:{“repository”:“gloo-mesh-ui”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:null,“extraEnvs”:{},“resources”:{“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}},“envoy”:{“image”:{“repository”:“gloo-mesh-envoy”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“ENVOY_UID”,“value”:“0”},{“name”:“POD_ID”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.name”}}}],“extraEnvs”:{},“resources”:{“requests”:{“cpu”:“500m”,“memory”:“256Mi”}}}}
glooUi.sidecars.<MAP_KEY> struct Optional configuration for the deployed containers.
glooUi.sidecars.<MAP_KEY>.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation.
glooUi.sidecars.<MAP_KEY>.extraEnvs struct Extra environment variables for the container
glooUi.sidecars.<MAP_KEY>.image struct Container image.
glooUi.sidecars.<MAP_KEY>.image.pullPolicy string Image pull policy.
glooUi.sidecars.<MAP_KEY>.image.pullSecret string Image pull secret.
glooUi.sidecars.<MAP_KEY>.image.registry string Image registry.
glooUi.sidecars.<MAP_KEY>.image.repository string Image name (repository).
glooUi.sidecars.<MAP_KEY>.image.tag string Version tag for the container image.
glooUi.sidecars.<MAP_KEY>.resources struct Container resource requirements. For more info, see the Kubernetes documentation.
glooUi.sidecars.<MAP_KEY>.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooUi.sidecars.console struct Optional configuration for the deployed containers.
glooUi.sidecars.console.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. null
glooUi.sidecars.console.extraEnvs struct Extra environment variables for the container
glooUi.sidecars.console.image struct Container image.
glooUi.sidecars.console.image.pullPolicy string Image pull policy. IfNotPresent
glooUi.sidecars.console.image.pullSecret string Image pull secret.
glooUi.sidecars.console.image.registry string Image registry. gcr.io/gloo-mesh
glooUi.sidecars.console.image.repository string Image name (repository). gloo-mesh-ui
glooUi.sidecars.console.image.tag string Version tag for the container image.
glooUi.sidecars.console.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
glooUi.sidecars.console.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooUi.sidecars.envoy struct Optional configuration for the deployed containers.
glooUi.sidecars.envoy.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“ENVOY_UID”,“value”:“0”},{“name”:“POD_ID”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.name”}}}]
glooUi.sidecars.envoy.extraEnvs struct Extra environment variables for the container
glooUi.sidecars.envoy.image struct Container image.
glooUi.sidecars.envoy.image.pullPolicy string Image pull policy. IfNotPresent
glooUi.sidecars.envoy.image.pullSecret string Image pull secret.
glooUi.sidecars.envoy.image.registry string Image registry. gcr.io/gloo-mesh
glooUi.sidecars.envoy.image.repository string Image name (repository). gloo-mesh-envoy
glooUi.sidecars.envoy.image.tag string Version tag for the container image.
glooUi.sidecars.envoy.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“500m”,“memory”:“256Mi”}}
glooUi.sidecars.envoy.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
glooUi.tls struct Enable TLS termination on UI.
glooUi.tls.certDir string Mount directory which stores the TLS files. Defaults to ‘/etc/tls-certs’. /etc/tls-certs
glooUi.tls.certificate string Name of the certificate. Defaults to ‘tls.crt’. tls.crt
glooUi.tls.enabled bool Enable TLS termination false
glooUi.tls.privateKey string Name of the private key. Defaults to ‘tls.key’. tls.key
glooUi.tls.secretName string Name of the secret which holds the TLS certificate and key
glooUi.tracing struct Configure the tracing page for the UI. Tracing page is disabled if not configured.
glooUi.tracing.basePath string Base path the tracing UI expects to be rendered on.
glooUi.tracing.endpoint string Endpoint of the tracing UI that will be embedded on the tracing page.
glooUi.tracing.port int32 Port of the tracing UI that will be embedded on the tracing page. 0
glooUi.verbose bool Enable verbose/debug logging. false
istioInstallations struct Configuration for deploying managed Istio control plane and gateway installations by using the Istio lifecycle manager.
istioInstallations.controlPlane struct Configuration for the managed Istio control plane instance.
istioInstallations.controlPlane.enabled bool Install the managed Istio control plane instance in the cluster. true
istioInstallations.controlPlane.installations[] []struct List of Istio control plane installations. [{“revision”:“auto”,“clusters”:null,“istioOperatorSpec”:{}}]
istioInstallations.controlPlane.installations[].clusters[] []ptr Clusters to install the Istio control planes in.
istioInstallations.controlPlane.installations[].clusters[].defaultRevision bool When set to true, the installation for this revision is applied as the active Istio installation in the cluster. Resources with the ‘istio-injection=true’ label entry use this revision. You might change this setting for Istio installations during a canary upgrade. For more info, see the upgrade docs.
istioInstallations.controlPlane.installations[].clusters[].name string Name of the cluster to install Istio into. Must match the registered cluster name.
istioInstallations.controlPlane.installations[].clusters[].trustDomain string Trust domain value for this cluster's Istio installation mesh config. Defaults to the cluster's name.
istioInstallations.controlPlane.installations[].istioOperatorSpec struct IstioOperator specification for the control plane. For more info, see the IstioOperatorSpec reference.
istioInstallations.controlPlane.installations[].revision string Istio revision for this installation, such as ‘1-18’. Label workload resources with ‘istio.io/rev=$REVISION’ to use this installation. Defaults to ‘AUTO’, which installs the default supported version of the Solo distribution of Istio.
istioInstallations.eastWestGateways[] []struct Configuration for the managed east-west gateway. null
istioInstallations.eastWestGateways[].enabled bool Install the gateway in the cluster.
istioInstallations.eastWestGateways[].installations[] []struct List of Istio gateway installations. For more info, see the GatewayInstallation reference.
istioInstallations.eastWestGateways[].installations[].clusters[] []ptr Clusters to install the gateway in.
istioInstallations.eastWestGateways[].installations[].clusters[].activeGateway bool When set to true, the installation for this revision is applied as the active gateway through which primary service traffic is routed in the cluster. If the istioOperatorSpec defines a service, this field switches the service selectors to the revision specified in the gatewayRevsion. You might change this setting for gateway installations during a canary upgrade. For more info, see the upgrade docs.
istioInstallations.eastWestGateways[].installations[].clusters[].name string Name of the cluster to install the gateway into. Must match the registered cluster name.
istioInstallations.eastWestGateways[].installations[].clusters[].trustDomain string Trust domain value for this cluster's Istio installation mesh config. Defaults to the cluster's name.
istioInstallations.eastWestGateways[].installations[].controlPlaneRevision string Optional: The revision of an Istio control plane in the cluster that this gateway should also use. If a control plane installation of this revision is not found, no gateway is created.
istioInstallations.eastWestGateways[].installations[].gatewayRevision string Istio revision for this installation, such as ‘1-18’. Defaults to ‘AUTO’, which installs the default supported version of the Solo distribution of Istio.
istioInstallations.eastWestGateways[].installations[].istioOperatorSpec struct IstioOperator specification for the gateway. For more info, see the IstioOperatorSpec reference.
istioInstallations.eastWestGateways[].name string Name of the gateway. Must be unique.
istioInstallations.enabled bool Enable managed Istio installations. false
istioInstallations.northSouthGateways[] []struct Configuration for the managed north-south (ingress) gateway. Requires a Gloo Gateway license. [{“name”:“istio-ingressgateway”,“enabled”:true,“installations”:[{“gatewayRevision”:“auto”,“clusters”:null,“istioOperatorSpec”:{}}]}]
istioInstallations.northSouthGateways[].enabled bool Install the gateway in the cluster.
istioInstallations.northSouthGateways[].installations[] []struct List of Istio gateway installations. For more info, see the GatewayInstallation reference.
istioInstallations.northSouthGateways[].installations[].clusters[] []ptr Clusters to install the gateway in.
istioInstallations.northSouthGateways[].installations[].clusters[].activeGateway bool When set to true, the installation for this revision is applied as the active gateway through which primary service traffic is routed in the cluster. If the istioOperatorSpec defines a service, this field switches the service selectors to the revision specified in the gatewayRevsion. You might change this setting for gateway installations during a canary upgrade. For more info, see the upgrade docs.
istioInstallations.northSouthGateways[].installations[].clusters[].name string Name of the cluster to install the gateway into. Must match the registered cluster name.
istioInstallations.northSouthGateways[].installations[].clusters[].trustDomain string Trust domain value for this cluster's Istio installation mesh config. Defaults to the cluster's name.
istioInstallations.northSouthGateways[].installations[].controlPlaneRevision string Optional: The revision of an Istio control plane in the cluster that this gateway should also use. If a control plane installation of this revision is not found, no gateway is created.
istioInstallations.northSouthGateways[].installations[].gatewayRevision string Istio revision for this installation, such as ‘1-18’. Defaults to ‘AUTO’, which installs the default supported version of the Solo distribution of Istio.
istioInstallations.northSouthGateways[].installations[].istioOperatorSpec struct IstioOperator specification for the gateway. For more info, see the IstioOperatorSpec reference.
istioInstallations.northSouthGateways[].name string Name of the gateway. Must be unique.
jaeger struct Configuration for the Gloo Platform Jaeger instance. See the Jaeger Helm chart for the complete set of values.
jaeger.agent map[string, interface] {“enabled”:false}
jaeger.agent.<MAP_KEY> interface
jaeger.agent.enabled interface
jaeger.allInOne map[string, interface] {“args”:["–query.base-path=/tracing-ui”],“enabled”:true,“extraEnv”:[{“name”:“MEMORY_MAX_TRACES”,“value”:“3000”}]}
jaeger.allInOne.<MAP_KEY> interface
jaeger.allInOne.args interface
jaeger.allInOne.enabled interface
jaeger.allInOne.extraEnv interface
jaeger.collector map[string, interface] {“enabled”:false}
jaeger.collector.<MAP_KEY> interface
jaeger.collector.enabled interface
jaeger.enabled bool Enable installation of Jaeger sub-chart. For demo purposes only. false
jaeger.fullnameOverride string gloo-jaeger
jaeger.provisionDataStore map[string, interface] {“cassandra”:false,“elasticsearch”:false,“kafka”:false}
jaeger.provisionDataStore.<MAP_KEY> interface
jaeger.provisionDataStore.cassandra interface
jaeger.provisionDataStore.elasticsearch interface
jaeger.provisionDataStore.kafka interface
jaeger.query map[string, interface] {“enabled”:false}
jaeger.query.<MAP_KEY> interface
jaeger.query.enabled interface
jaeger.storage map[string, interface] {“type”:“memory”}
jaeger.storage.<MAP_KEY> interface
jaeger.storage.type interface
licensing struct Gloo Platform product licenses.
licensing.glooGatewayLicenseKey string Gloo Gateway license key.
licensing.glooMeshCoreLicenseKey string Gloo Mesh Core license key.
licensing.glooMeshLicenseKey string Gloo Mesh Enterprise license key.
licensing.glooNetworkLicenseKey string Gloo Network license key.
licensing.glooTrialLicenseKey string Gloo trial license key, for a trial installation of all products.
licensing.licenseKey string Deprecated: Legacy Gloo Mesh Enterprise license key. Use individual product license fields, the trial license field, or a license secret instead.
licensing.licenseSecretName string Provide license keys in a secret in the adminNamespace of the management cluster, instead of in the license key fields. license-keys
postgresql struct Configuration for PostgreSQL. See the Bitnami Postgresql Helm chart for the complete set of values
postgresql.enabled bool Whether to enabled PostgreSQL dependency false
postgresql.fullnameOverride string Override the full name of PostgreSQL components postgresql
prometheus map Helm values for configuring Prometheus. See the Prometheus Helm chart for the complete set of values.
rateLimiter struct Configuration for the Gloo rate limiting service.
rateLimiter.enabled bool Enable the Gloo rate limiting service. false
rateLimiter.extraLabels map[string, string] Extra key-value pairs to add to the labels data of the rate limiter deployment. null
rateLimiter.extraLabels.<MAP_KEY> string Extra key-value pairs to add to the labels data of the rate limiter deployment.
rateLimiter.extraTemplateAnnotations map[string, string] Extra annotations to add to the rate limiter service pods. {“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"}
rateLimiter.extraTemplateAnnotations.<MAP_KEY> string Extra annotations to add to the rate limiter service pods.
rateLimiter.extraTemplateAnnotations.proxy.istio.io/config string Extra annotations to add to the rate limiter service pods. { “holdApplicationUntilProxyStarts”: true }
rateLimiter.rateLimiter struct Configuration for the rate limiter.
rateLimiter.rateLimiter.image struct Values for the rate limiter image.
rateLimiter.rateLimiter.image.pullPolicy string Image pull policy. IfNotPresent
rateLimiter.rateLimiter.image.registry string Image registry. gcr.io/gloo-mesh
rateLimiter.rateLimiter.image.repository string Image name (repository). rate-limiter
rateLimiter.rateLimiter.image.tag string Version tag for the container. 0.11.8
rateLimiter.rateLimiter.installClusterRoles bool If true, use ClusterRoles. If false, use Roles. true
rateLimiter.rateLimiter.logLevel string Severity level to collect logs for. INFO
rateLimiter.rateLimiter.ports struct Ports for the rate limiter service.
rateLimiter.rateLimiter.ports.debug uint32 Port on the rate limiter to pull logs from. 9091
rateLimiter.rateLimiter.ports.grpc uint32 Port the rate limiter listens on for gRPC requests. 8083
rateLimiter.rateLimiter.ports.ready uint32 Port the rate limiter listens on for readiness checks. 8084
rateLimiter.rateLimiter.readyPath string Path for readiness checks. /ready
rateLimiter.rateLimiter.resources struct Values for the container resource requests.
rateLimiter.rateLimiter.resources.requests struct Minimum amount of compute resources required. For more info, see the Kubernetes documentation.
rateLimiter.rateLimiter.resources.requests.cpu string Amount of CPU resource. 125m
rateLimiter.rateLimiter.resources.requests.memory string Amount of memory resource. 256Mi
rateLimiter.rateLimiter.service struct Configuration for the deployed rate limiter service.
rateLimiter.rateLimiter.service.annotations map[string, string] Kubernetes service annotations. {}
rateLimiter.rateLimiter.service.annotations.<MAP_KEY> string Kubernetes service annotations.
rateLimiter.rateLimiter.watchNamespace string Namespaces to watch in your cluster. If omitted or empty, all namespaces are watched.
rateLimiter.redis struct Configuration for using a Redis instance for authentication.
rateLimiter.redis.auth struct Values for the authentication details.
rateLimiter.redis.auth.enabled bool Use the default Redis instance for authentication. false
rateLimiter.redis.auth.passwordKey string Key that contains the password. redis-password
rateLimiter.redis.auth.secretName string Name of the secret that contains the username and password. redis-secrets
rateLimiter.redis.auth.usernameKey string Key that contains the username. If Redis doesn't have an explicit username, specify ‘default’. redis-username
rateLimiter.redis.certs struct Provide a CA cert for the rate limiter and Redis instance (if enabled) to use.
rateLimiter.redis.certs.caCert string File name that contains the CA cert. redis.crt
rateLimiter.redis.certs.enabled bool Enable the rate limiter and Redis instance (if enabled) to use the CA cert you provide. false
rateLimiter.redis.certs.mountPoint string Mount path for the certs. /etc/tls
rateLimiter.redis.certs.secretName string Name of the secret for the CA cert. redis-certs-keys
rateLimiter.redis.certs.signingKey string File name that contains the signing key. Only relevant for the Redis instance. redis.key
rateLimiter.redis.clustered bool Set to true if your Redis instance runs in clustered mode. false
rateLimiter.redis.enabled bool Install the default Redis instance. true
rateLimiter.redis.floatingUserID bool Set to true to use a floating user ID. false
rateLimiter.redis.hostname string Hostname clients use to connect to the Redis instance. redis
rateLimiter.redis.image struct Values for the Redis image.
rateLimiter.redis.image.pullPolicy string Image pull policy. IfNotPresent
rateLimiter.redis.image.registry string Image registry. docker.io
rateLimiter.redis.image.repository string Image name (repository). redis
rateLimiter.redis.image.tag string Version tag for the container. 7.2.4-alpine
rateLimiter.redis.runAsUser int User ID to run Redis as. 999
rateLimiter.redis.service struct Values for the Redis service.
rateLimiter.redis.service.db int Select the Redis logical database having the specified zero-based numeric index. 0
rateLimiter.redis.service.name string Name for the Redis service. redis
rateLimiter.redis.service.port int Port for the Redis service. 6379
rateLimiter.redis.service.socket string 'unix’, ‘tcp’, or ‘tls’ are supported. tcp
redis struct Redis configuration options.
redis.address string Address to use when connecting to the Redis instance. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’. gloo-mesh-redis.gloo-mesh:6379
redis.auth struct Optional authentication values to use when connecting to the Redis instance
redis.auth.enabled bool Connect to the Redis instance with a password false
redis.auth.passwordKey string The secret key containing the password to use for authentication password
redis.auth.secretName string Name of the k8s secret that contains the password redis-auth-secrets
redis.auth.usernameKey string The secret key containing the username to use for authentication username
redis.certs struct Configuration for TLS verification when connecting to the Redis instance
redis.certs.caCertKey string The secret key containing the ca cert
redis.certs.enabled bool Enable a secure network connection to the Redis instance via TLS false
redis.certs.secretName string Name of the k8s secret that contains the certs redis-certs
redis.connection struct Optional connection parameters
redis.connection.connMaxIdleTime string The maximum amount of time a connection may be idle. Should be less than server's timeout. Default is 30 minutes. -1 disables idle timeout check. 5m0s
redis.connection.connMaxLifetime string The maximum amount of time a connection may be reused. If <= 0, connections are not closed due to a connection's age. 0
redis.connection.contextTimeoutEnabled bool ContextTimeoutEnabled controls whether the client respects context timeouts and deadlines. false
redis.connection.dialTimeout string Dial timeout for establishing new connections. Default is 5 seconds. 5s
redis.connection.idleTimeout string Deprecated: in favor of ‘connMaxIdleTime’. Amount of time after which client closes idle connections. Should be less than server's timeout. Default is 30 minutes. -1 disables idle timeout check. 5m0s
redis.connection.masterName string The master name. Only needed for sentinel mode.
redis.connection.maxConnAge string Deprecated: in favor of using ‘connMaxLifetime’. Connection age at which client retires (closes) the connection. Default is to not close aged connections. 0
redis.connection.maxIdleConns int Maximum number of idle connections. 0
redis.connection.maxRedirects int The maximum number of retries before giving up. Command is retried on network errors and MOVED/ASK redirects. Default is 3 retries. 3
redis.connection.maxRetries int Maximum number of retries before giving up. Default is 3. -1 disables retries. 3
redis.connection.maxRetryBackoff string Maximum backoff between each retry. Default is 512 milliseconds. -1 disables backoff. 512ms
redis.connection.minIdleConns int Minimum number of idle connections which is useful when establishing new connection is slow. 0
redis.connection.minRetryBackoff string Minimum backoff between each retry. Default is 8 milliseconds. -1 disables backoff. 8ms
redis.connection.poolFifo bool Type of connection pool. true for FIFO pool. false for LIFO pool. Note that FIFO has higher overhead compared to LIFO. false
redis.connection.poolSize int Maximum number of socket connections. Default is 10 connections per every available CPU as reported by runtime.GOMAXPROCS. 0
redis.connection.poolTimeout string Amount of time client waits for connection if all connections are busy before returning an error. Default is ReadTimeout + 1 second.
redis.connection.readOnly bool Enables read-only commands on slave nodes. Default is false. false
redis.connection.readTimeout string Timeout for socket reads. if reached, commands will fail with a timeout instead of blocking. Default is 3 seconds. -1 disables timeout. 0 uses the default value. 3s
redis.connection.routeByLatency bool Allows routing read-only commands to the closest master or slave node. It automatically enables ReadOnly. false
redis.connection.routeRandomly bool Allows routing read-only commands to the random master or slave node. It automatically enables ReadOnly. false
redis.connection.writeTimeout string Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Default is ReadTimeout. 3s
redis.db int DB to connect to 0
redis.deployment struct
redis.deployment struct Configuration for the deployment deployment.
redis.deployment.addr string Deprecated: Use ‘redis.address’ instead.
redis.deployment.deploymentOverrides struct Arbitrary overrides for the component's deployment template.
redis.deployment.enabled bool Deploy the default Redis instance. true
redis.deployment.enabled bool Enable creation of the deployment/service. true
redis.deployment.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation. [{“name”:“MASTER”,“value”:“true”}]
redis.deployment.extraEnvs struct Extra environment variables for the container
redis.deployment.floatingUserId bool Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. false
redis.deployment.image struct Container image.
redis.deployment.image.pullPolicy string Image pull policy. IfNotPresent
redis.deployment.image.pullSecret string Image pull secret.
redis.deployment.image.registry string Image registry. docker.io
redis.deployment.image.repository string Image name (repository). redis
redis.deployment.image.tag string Version tag for the container image.
redis.deployment.ports map[string, uint32] Service ports as a map from port name to port number. {“redis”:6379}
redis.deployment.ports.<MAP_KEY> uint32 Service ports as a map from port name to port number.
redis.deployment.ports.redis uint32 Service ports as a map from port name to port number. 6379
redis.deployment.resources struct Container resource requirements. For more info, see the Kubernetes documentation. {“requests”:{“cpu”:“125m”,“memory”:“256Mi”}}
redis.deployment.runAsUser uint32 Static user ID to run the containers as. Unused if floatingUserId is ‘true’. 10101
redis.deployment.runAsUser int User ID to run Redis as. 999
redis.deployment.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
redis.deployment.serviceOverrides struct Arbitrary overrides for the component's service template.
redis.deployment.serviceType string Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. ClusterIP
redis.deployment.sidecars map[string, struct] Optional configuration for the deployed containers. {}
redis.deployment.sidecars.<MAP_KEY> struct Optional configuration for the deployed containers.
redis.deployment.sidecars.<MAP_KEY>.env[] slice Environment variables for the container. For more info, see the Kubernetes documentation.
redis.deployment.sidecars.<MAP_KEY>.extraEnvs struct Extra environment variables for the container
redis.deployment.sidecars.<MAP_KEY>.image struct Container image.
redis.deployment.sidecars.<MAP_KEY>.image.pullPolicy string Image pull policy.
redis.deployment.sidecars.<MAP_KEY>.image.pullSecret string Image pull secret.
redis.deployment.sidecars.<MAP_KEY>.image.registry string Image registry.
redis.deployment.sidecars.<MAP_KEY>.image.repository string Image name (repository).
redis.deployment.sidecars.<MAP_KEY>.image.tag string Version tag for the container image.
redis.deployment.sidecars.<MAP_KEY>.resources struct Container resource requirements. For more info, see the Kubernetes documentation.
redis.deployment.sidecars.<MAP_KEY>.securityContext struct Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation.
telemetryCollector struct Configuration for the Gloo Platform Telemetry Collector. See the OpenTelemetry Helm chart for the complete set of values.
telemetryCollectorCustomization struct Optional customization for the Gloo Platform Telemetry Collector.
telemetryCollectorCustomization.compatibleService bool OTel Collector service excluding the field internalTrafficPolicy, compatible with k8s < 1.26 false
telemetryCollectorCustomization.disableDefaultPipeline bool Deprecated in favor of the pipelines field, which allows selectively enabling or customizing pipelines. Disables the default metrics/ui pipeline. false
telemetryCollectorCustomization.enableCloudMetadataProcessing bool Enable scraping of network information from the compute instance that the collector agent runs on. false
telemetryCollectorCustomization.extraExporters struct Configuration for extra exporters, such as to forward your data to a third-party provider. Exporters can forward the data to a destination on the local or remote network.
telemetryCollectorCustomization.extraExporters.clickhouse map[string, interface] An exporter to forward data to Clickhouse. {“database”:“default”,“endpoint”:“tcp://clickhouse.gloo-mesh.svc:9000?dial_timeout=10s\u0026compress=lz4”,“logs_table_name”:“gloo_api_logs”,“password”:“default”,“retry_on_failure”:{“enabled”:true,“initial_interval”:“1s”,“max_elapsed_time”:“5m”,“max_interval”:“30s”},“timeout”:“5s”,“ttl_days”:3,“username”:“default”}
telemetryCollectorCustomization.extraExporters.clickhouse.<MAP_KEY> interface An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.database interface An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.endpoint interface An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.logs_table_name interface An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.password interface An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.retry_on_failure interface An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.timeout interface An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.ttl_days interface An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.clickhouse.username interface An exporter to forward data to Clickhouse.
telemetryCollectorCustomization.extraExporters.prometheus map[string, interface] An exporter to forward data to Prometheus. {“endpoint”:“0.0.0.0:9091”}
telemetryCollectorCustomization.extraExporters.prometheus.<MAP_KEY> interface An exporter to forward data to Prometheus.
telemetryCollectorCustomization.extraExporters.prometheus.endpoint interface An exporter to forward data to Prometheus.
telemetryCollectorCustomization.extraExporters.redisstream/basic map[string, interface] An exporter to forward data to single-entry Redis streams. {“endpoint”:“gloo-mesh-redis.gloo-mesh.svc:6379”,“expire”:“30m”,“max_entries”:“1”,“stream_attributes”:{“resource_attributes”:[“cluster_name”,“source”]}}
telemetryCollectorCustomization.extraExporters.redisstream/basic.<MAP_KEY> interface An exporter to forward data to single-entry Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/basic.endpoint interface An exporter to forward data to single-entry Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/basic.expire interface An exporter to forward data to single-entry Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/basic.max_entries interface An exporter to forward data to single-entry Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/basic.stream_attributes interface An exporter to forward data to single-entry Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/ui map[string, interface] An exporter to forward ui data to Redis streams. {“endpoint”:“gloo-mesh-redis.gloo-mesh.svc:6379”,“expire”:“30m”,“stream_attributes”:{“resource_attributes”:[“cluster_name”,“source”,“component”,“k8s.pod.name”,“k8s.container.name”]}}
telemetryCollectorCustomization.extraExporters.redisstream/ui.<MAP_KEY> interface An exporter to forward ui data to Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/ui.endpoint interface An exporter to forward ui data to Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/ui.expire interface An exporter to forward ui data to Redis streams.
telemetryCollectorCustomization.extraExporters.redisstream/ui.stream_attributes interface An exporter to forward ui data to Redis streams.
telemetryCollectorCustomization.extraPipelines map[string, interface] Specify any added receivers, processors, or exporters in an extra pipeline. null
telemetryCollectorCustomization.extraPipelines.<MAP_KEY> interface Specify any added receivers, processors, or exporters in an extra pipeline.
telemetryCollectorCustomization.extraProcessors struct Configuration for extra processors to drop and generate new data. Processors transform data before it is forwarded to downstream processors and/or exporters. For more information, see the OTel documentation.
telemetryCollectorCustomization.extraProcessors.batch map[string, interface] The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor. {“send_batch_max_size”:3000,“send_batch_size”:2000,“timeout”:“600ms”}
telemetryCollectorCustomization.extraProcessors.batch.<MAP_KEY> interface The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryCollectorCustomization.extraProcessors.batch.send_batch_max_size interface The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryCollectorCustomization.extraProcessors.batch.send_batch_size interface The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryCollectorCustomization.extraProcessors.batch.timeout interface The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryCollectorCustomization.extraProcessors.batch/logs struct The batch log processor accepts logs and places them into batches. For more information, see Batch Processor.
telemetryCollectorCustomization.extraProcessors.batch/logs.metadata_cardinality_limit int the maximum number of batcher instances that will be created through a distinct combination of MetadataKeys. 0
telemetryCollectorCustomization.extraProcessors.batch/logs.metadata_keys[] []string List of clients. Metadata keys that will be used to form distinct batchers. If this setting is empty a single batcher instance will be used. When a batcher instance is full, it will be sent and a new batcher instance will be created. []
telemetryCollectorCustomization.extraProcessors.batch/logs.send_batch_max_size int The maximum size of a batch. If the batch size is larger than this value, the batch is sent. 0
telemetryCollectorCustomization.extraProcessors.batch/logs.send_batch_size int The maximum number of traces or metrics to include in a batch. 100
telemetryCollectorCustomization.extraProcessors.batch/logs.timeout string The maximum amount of time to wait for a batch to be filled before sending it anyway. 5s
telemetryCollectorCustomization.extraProcessors.memory_limiter map[string, interface] The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor. {“check_interval”:“1s”,“limit_percentage”:85,“spike_limit_percentage”:10}
telemetryCollectorCustomization.extraProcessors.memory_limiter.<MAP_KEY> interface The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryCollectorCustomization.extraProcessors.memory_limiter.check_interval interface The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryCollectorCustomization.extraProcessors.memory_limiter.limit_percentage interface The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryCollectorCustomization.extraProcessors.memory_limiter.spike_limit_percentage interface The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryCollectorCustomization.extraReceivers struct Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data.
telemetryCollectorCustomization.extraReceivers.filelog/access_logs map[string, interface] This file log receives tails and parses kubernetes access logs of istio-proxy containers. For more information, see File Log Receiver. {“include”:["/var/log/pods//istio-proxy/.log”],“include_file_name”:false,“include_file_path”:true,“operators”:[{“expr”:“body matches "^[^{}]*$"",“type”:“filter”},{“id”:“get-format”,“routes”:[{“expr”:“body matches "^\\{"",“output”:“parser-docker”},{“expr”:“body matches "^[^ Z]+ "",“output”:“parser-crio”},{“expr”:“body matches "^[^ Z]+Z"",“output”:“parser-containerd”}],“type”:“router”},{“id”:“parser-crio”,“output”:“extract_metadata_from_filepath”,“regex”:“^(?P\u003ctime\u003e[^ Z]+) (?P\u003cstream\u003estdout
telemetryCollectorCustomization.extraReceivers.filelog/access_logs.<MAP_KEY> interface This file log receives tails and parses kubernetes access logs of istio-proxy containers. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/access_logs.include interface This file log receives tails and parses kubernetes access logs of istio-proxy containers. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/access_logs.include_file_name interface This file log receives tails and parses kubernetes access logs of istio-proxy containers. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/access_logs.include_file_path interface This file log receives tails and parses kubernetes access logs of istio-proxy containers. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/access_logs.operators interface This file log receives tails and parses kubernetes access logs of istio-proxy containers. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/cilium map[string, interface] This file log receives tails and parses cilium component logs. For more information, see File Log Receiver. {“include”:["/var/log/pods/_cilium-//.log”],“include_file_name”:false,“include_file_path”:true,“operators”:[{“cache”:{“size”:128},“id”:“extract_metadata_from_filepath”,“parse_from”:“attributes["log.file.path"]",“regex”:"(?:(.*\/pods\/)(?P\u003cnamespace\u003e[^_]+)_(?P\u003cpod_name\u003e[^_]+)(?:[^\/]+\/)(?P\u003ccontainer_name\u003e[^\/]+)\/)",“type”:“regex_parser”},{“from”:“attributes.namespace”,“to”:“resource["k8s.namespace.name"]",“type”:“move”},{“from”:“attributes.pod_name”,“to”:“resource["k8s.pod.name"]",“type”:“move”},{“from”:“attributes.container_name”,“to”:“resource["k8s.container.name"]",“type”:“move”},{“cache”:{“size”:128},“id”:“extract_component_from_pod_name”,“parse_from”:“resource["k8s.pod.name"]",“regex”:“^(?P\u003ccomponent_name\u003ecilium(?:-operator)?)",“type”:“regex_parser”},{“from”:“attributes.component_name”,“to”:“resource["component"]",“type”:“move”}]}
telemetryCollectorCustomization.extraReceivers.filelog/cilium.<MAP_KEY> interface This file log receives tails and parses cilium component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/cilium.include interface This file log receives tails and parses cilium component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/cilium.include_file_name interface This file log receives tails and parses cilium component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/cilium.include_file_path interface This file log receives tails and parses cilium component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/cilium.operators interface This file log receives tails and parses cilium component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/gloo_components map[string, interface] This file log receives tails and parses gloo component logs. For more information, see File Log Receiver. {“include”:["/var/log/pods/_gloo-//.log”],“include_file_name”:false,“include_file_path”:true,“operators”:[{“cache”:{“size”:128},“id”:“extract_metadata_from_filepath”,“parse_from”:“attributes["log.file.path"]",“regex”:“^.*\/(?P\u003cnamespace\u003e[^_]+)_(?P\u003cpod_name\u003e[^_]+)_(?P\u003cuid\u003e[a-f0-9\-]{36})\/(?P\u003ccontainer_name\u003e[^\._]+)\/(?P\u003crestart_count\u003e\d+)\.log$”,“type”:“regex_parser”},{“from”:“attributes.namespace”,“to”:“resource["k8s.namespace.name"]",“type”:“move”},{“from”:“attributes.pod_name”,“to”:“resource["k8s.pod.name"]",“type”:“move”},{“from”:“attributes.container_name”,“to”:“resource["k8s.container.name"]",“type”:“move”},{“field”:“resource["component"]",“if”:“resource["k8s.pod.name"] contains "gloo-mesh-agent"",“type”:“add”,“value”:“gloo-mesh-agent”},{“field”:“resource["component"]",“if”:“resource["k8s.pod.name"] contains "gloo-mesh-mgmt-server"",“type”:“add”,“value”:“gloo-mesh-mgmt-server”},{“field”:“resource["component"]",“if”:“resource["k8s.pod.name"] contains "gloo-mesh-ui"",“type”:“add”,“value”:“gloo-mesh-ui”},{“field”:“resource["component"]",“if”:“resource["k8s.pod.name"] contains "gloo-mesh-redis"",“type”:“add”,“value”:“gloo-mesh-redis”},{“field”:“resource["component"]",“if”:“resource["k8s.pod.name"] contains "gloo-telemetry-collector-agent"",“type”:“add”,“value”:“gloo-telemetry-collector-agent”},{“field”:“resource["component"]",“if”:“resource["k8s.pod.name"] contains "gloo-telemetry-gateway"",“type”:“add”,“value”:“gloo-telemetry-gateway”}]}
telemetryCollectorCustomization.extraReceivers.filelog/gloo_components.<MAP_KEY> interface This file log receives tails and parses gloo component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/gloo_components.include interface This file log receives tails and parses gloo component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/gloo_components.include_file_name interface This file log receives tails and parses gloo component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/gloo_components.include_file_path interface This file log receives tails and parses gloo component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/gloo_components.operators interface This file log receives tails and parses gloo component logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/istiod map[string, interface] This file log receives tails and parses istiod logs. For more information, see File Log Receiver. {“include”:["/var/log/pods/_istiod-//.log”],“include_file_name”:false,“include_file_path”:true,“operators”:[{“cache”:{“size”:128},“id”:“extract_metadata_from_filepath”,“parse_from”:“attributes["log.file.path"]",“regex”:“^.*\/(?P\u003cnamespace\u003e[^_]+)_(?P\u003cpod_name\u003e[^_]+)_(?P\u003cuid\u003e[a-f0-9\-]{36})\/(?P\u003ccontainer_name\u003e[^\._]+)\/(?P\u003crestart_count\u003e\d+)\.log$”,“type”:“regex_parser”},{“from”:“attributes.namespace”,“to”:“resource["k8s.namespace.name"]",“type”:“move”},{“from”:“attributes.pod_name”,“to”:“resource["k8s.pod.name"]",“type”:“move”},{“from”:“attributes.container_name”,“to”:“resource["k8s.container.name"]",“type”:“move”},{“cache”:{“size”:128},“id”:“extract_component_from_pod_name”,“parse_from”:“resource["k8s.pod.name"]",“regex”:“^(?P\u003ccomponent_name\u003e.*)-[0-9a-zA-Z]{1,10}-[0-9a-zA-Z]*$”,“type”:“regex_parser”},{“from”:“attributes.component_name”,“to”:“resource["component"]",“type”:“move”}]}
telemetryCollectorCustomization.extraReceivers.filelog/istiod.<MAP_KEY> interface This file log receives tails and parses istiod logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/istiod.include interface This file log receives tails and parses istiod logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/istiod.include_file_name interface This file log receives tails and parses istiod logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/istiod.include_file_path interface This file log receives tails and parses istiod logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.extraReceivers.filelog/istiod.operators interface This file log receives tails and parses istiod logs. For more information, see File Log Receiver.
telemetryCollectorCustomization.pipelines struct Selectively enable, disable, or customize any of the default pipelines.
telemetryCollectorCustomization.pipelines.logs/analyzer struct Used to receive istio analyzer logs for Gloo Mesh Core Observability.
telemetryCollectorCustomization.pipelines.logs/analyzer.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. true
telemetryCollectorCustomization.pipelines.logs/analyzer.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.logs/analyzer.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“otlp”]
telemetryCollectorCustomization.pipelines.logs/analyzer.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. [“redisstream/basic”]
telemetryCollectorCustomization.pipelines.logs/analyzer.pipeline.processors[] []string List of processors to use in the pipeline. [“resource/cluster_context”,“batch/logs”]
telemetryCollectorCustomization.pipelines.logs/analyzer.pipeline.receivers[] []string List of receivers to use in the pipeline. [“otlp”]
telemetryCollectorCustomization.pipelines.logs/cilium_flows struct Configure the collection of cilium flows.
telemetryCollectorCustomization.pipelines.logs/cilium_flows.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. false
telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“otlp”]
telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. [“redisstream/basic”]
telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline.processors[] []string List of processors to use in the pipeline. [“resource/hubble_source_context”,“resource/cluster_context”,“batch/logs”]
telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline.receivers[] []string List of receivers to use in the pipeline. [“hubble”]
telemetryCollectorCustomization.pipelines.logs/portal struct A pre-defined pipeline that collects Istio access logs for Gloo Portal.
telemetryCollectorCustomization.pipelines.logs/portal.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. false
telemetryCollectorCustomization.pipelines.logs/portal.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.logs/portal.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“otlp”]
telemetryCollectorCustomization.pipelines.logs/portal.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. [“clickhouse”]
telemetryCollectorCustomization.pipelines.logs/portal.pipeline.processors[] []string List of processors to use in the pipeline. [“resource/portal_source_context”,“batch/logs”]
telemetryCollectorCustomization.pipelines.logs/portal.pipeline.receivers[] []string List of receivers to use in the pipeline. [“filelog/access_logs”]
telemetryCollectorCustomization.pipelines.logs/ui struct Used to receive component logs for Gloo Mesh Core Observability.
telemetryCollectorCustomization.pipelines.logs/ui.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. true
telemetryCollectorCustomization.pipelines.logs/ui.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.logs/ui.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“otlp”]
telemetryCollectorCustomization.pipelines.logs/ui.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. [“redisstream/ui”]
telemetryCollectorCustomization.pipelines.logs/ui.pipeline.processors[] []string List of processors to use in the pipeline. [“resource/cluster_context”,“resource/ui_source_context”,“batch/logs”]
telemetryCollectorCustomization.pipelines.logs/ui.pipeline.receivers[] []string List of receivers to use in the pipeline. [“filelog/gloo_components”,“filelog/istiod”,“filelog/cilium”]
telemetryCollectorCustomization.pipelines.metrics/cilium struct The metrics pipeline collects extra cilium metrics and is exportable for use in custom pipelines such as Grafana.
telemetryCollectorCustomization.pipelines.metrics/cilium.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. false
telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“otlp”]
telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. [“prometheus”]
telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline.processors[] []string List of processors to use in the pipeline. [“memory_limiter”,“transform/keep_hubble_labels”,“transform/keep_cilium_labels”,“transform/keep_ebpf_solo_io_labels”,“batch”]
telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline.receivers[] []string List of receivers to use in the pipeline. [“prometheus”]
telemetryCollectorCustomization.pipelines.metrics/otlp_relay struct A pre-defined pipeline that allows otlp telemetry from other collectors to be relayed to the otel gateway. This pipeline is disabled by default
telemetryCollectorCustomization.pipelines.metrics/otlp_relay.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. false
telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“otlp”]
telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. [“otlp”]
telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline.processors[] []string List of processors to use in the pipeline. null
telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline.receivers[] []string List of receivers to use in the pipeline. [“otlp”]
telemetryCollectorCustomization.pipelines.metrics/ui struct The metrics/ui pipeline collects the metrics that are required for the Gloo UI graph. This pipeline is enabled by default.
telemetryCollectorCustomization.pipelines.metrics/ui.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. true
telemetryCollectorCustomization.pipelines.metrics/ui.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.metrics/ui.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“otlp”]
telemetryCollectorCustomization.pipelines.metrics/ui.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. [“prometheus”]
telemetryCollectorCustomization.pipelines.metrics/ui.pipeline.processors[] []string List of processors to use in the pipeline. [“memory_limiter”,“filter/min”,“transform/keep_istio_labels”,“transform/keep_otelcol_labels”,“gloo_metrics_processor”,“batch”]
telemetryCollectorCustomization.pipelines.metrics/ui.pipeline.receivers[] []string List of receivers to use in the pipeline. [“prometheus”]
telemetryCollectorCustomization.pipelines.traces/istio struct A pre-defined pipeline that collects traces to observe and monitor requests.
telemetryCollectorCustomization.pipelines.traces/istio.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. false
telemetryCollectorCustomization.pipelines.traces/istio.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.traces/istio.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“otlp”]
telemetryCollectorCustomization.pipelines.traces/istio.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. [“otlp/jaeger”]
telemetryCollectorCustomization.pipelines.traces/istio.pipeline.processors[] []string List of processors to use in the pipeline. [“batch”]
telemetryCollectorCustomization.pipelines.traces/istio.pipeline.receivers[] []string List of receivers to use in the pipeline. [“jaeger”,“opencensus”,“otlp”,“zipkin”]
telemetryCollectorCustomization.pipelines.traces/jaeger struct A pre-defined pipeline that collects traces to observe and monitor traffic requests, and makes them available to the built-in Jaeger tracing platform demo.
telemetryCollectorCustomization.pipelines.traces/jaeger.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. false
telemetryCollectorCustomization.pipelines.traces/jaeger.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryCollectorCustomization.pipelines.traces/jaeger.pipeline.exporters[] []string List of exporters when installed in workload cluster. null
telemetryCollectorCustomization.pipelines.traces/jaeger.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. [“otlp/jaeger”]
telemetryCollectorCustomization.pipelines.traces/jaeger.pipeline.processors[] []string List of processors to use in the pipeline. [“batch”]
telemetryCollectorCustomization.pipelines.traces/jaeger.pipeline.receivers[] []string List of receivers to use in the pipeline. [“otlp”]
telemetryCollectorCustomization.serverName string SNI and certificate subject alternative name used in the collector certificate. gloo-telemetry-gateway.gloo-mesh
telemetryCollectorCustomization.telemetry map[string, interface] Configure the service telemetry (logs and metrics) as described in the otel-collector docs. {“logs”:{“encoding”:“json”},“metrics”:{“address”:“0.0.0.0:8888”}}
telemetryCollectorCustomization.telemetry.<MAP_KEY> interface Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryCollectorCustomization.telemetry.logs interface Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryCollectorCustomization.telemetry.metrics interface Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryGateway struct Configuration for the Gloo Platform Telemetry Gateway. See the OpenTelemetry Helm chart for the complete set of values.
telemetryGatewayCustomization struct Optional customization for the Gloo Platform Telemetry Gateway.
telemetryGatewayCustomization.compatibleService bool OTel Collector service excluding the field internalTrafficPolicy, compatible with k8s < 1.26 false
telemetryGatewayCustomization.disableCertGeneration bool Disable cert generation for the Gloo Platform Telemetry Gateway. false
telemetryGatewayCustomization.disableDefaultPipeline bool Deprecated in favor of the pipelines field, which allows selectively enabling or customizing pipelines. Disables the default metrics/prometheus pipeline. false
telemetryGatewayCustomization.extraExporters struct Configuration for extra exporters, such as to forward your data to a third-party provider. Exporters can forward the data to a destination on the local or remote network.
telemetryGatewayCustomization.extraExporters.clickhouse map[string, interface] An exporter to forward data to Clickhouse. {“database”:“default”,“endpoint”:“tcp://clickhouse.gloo-mesh.svc:9000?dial_timeout=10s\u0026compress=lz4”,“logs_table_name”:“gloo_api_logs”,“password”:“default”,“retry_on_failure”:{“enabled”:true,“initial_interval”:“1s”,“max_elapsed_time”:“5m”,“max_interval”:“30s”},“timeout”:“5s”,“ttl_days”:3,“username”:“default”}
telemetryGatewayCustomization.extraExporters.clickhouse.<MAP_KEY> interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.database interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.endpoint interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.logs_table_name interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.password interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.retry_on_failure interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.timeout interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.ttl_days interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.clickhouse.username interface An exporter to forward data to Clickhouse.
telemetryGatewayCustomization.extraExporters.prometheus map[string, interface] An exporter to forward data to Prometheus. {“endpoint”:“0.0.0.0:9091”}
telemetryGatewayCustomization.extraExporters.prometheus.<MAP_KEY> interface An exporter to forward data to Prometheus.
telemetryGatewayCustomization.extraExporters.prometheus.endpoint interface An exporter to forward data to Prometheus.
telemetryGatewayCustomization.extraExporters.redisstream/basic map[string, interface] An exporter to forward data to single-entry Redis streams. {“endpoint”:“gloo-mesh-redis.gloo-mesh.svc:6379”,“expire”:“30m”,“max_entries”:“1”,“stream_attributes”:{“resource_attributes”:[“cluster_name”,“source”]}}
telemetryGatewayCustomization.extraExporters.redisstream/basic.<MAP_KEY> interface An exporter to forward data to single-entry Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/basic.endpoint interface An exporter to forward data to single-entry Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/basic.expire interface An exporter to forward data to single-entry Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/basic.max_entries interface An exporter to forward data to single-entry Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/basic.stream_attributes interface An exporter to forward data to single-entry Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/ui map[string, interface] An exporter to forward ui data to Redis streams. {“endpoint”:“gloo-mesh-redis.gloo-mesh.svc:6379”,“expire”:“30m”,“stream_attributes”:{“resource_attributes”:[“cluster_name”,“source”,“component”,“k8s.pod.name”,“k8s.container.name”]}}
telemetryGatewayCustomization.extraExporters.redisstream/ui.<MAP_KEY> interface An exporter to forward ui data to Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/ui.endpoint interface An exporter to forward ui data to Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/ui.expire interface An exporter to forward ui data to Redis streams.
telemetryGatewayCustomization.extraExporters.redisstream/ui.stream_attributes interface An exporter to forward ui data to Redis streams.
telemetryGatewayCustomization.extraPipelines map[string, interface] Specify any added receivers, processors, or exporters in an extra pipeline. null
telemetryGatewayCustomization.extraPipelines.<MAP_KEY> interface Specify any added receivers, processors, or exporters in an extra pipeline.
telemetryGatewayCustomization.extraProcessors struct Configuration for extra processors to drop and generate new data. Processors transform data before it is forwarded to downstream processors and/or exporters. For more information, see the OTel documentation.
telemetryGatewayCustomization.extraProcessors.batch map[string, interface] The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor. {“send_batch_max_size”:3000,“send_batch_size”:2000,“timeout”:“600ms”}
telemetryGatewayCustomization.extraProcessors.batch.<MAP_KEY> interface The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch.send_batch_max_size interface The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch.send_batch_size interface The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch.timeout interface The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch/logs struct The batch log processor accepts logs and places them into batches. For more information, see Batch Processor.
telemetryGatewayCustomization.extraProcessors.batch/logs.metadata_cardinality_limit int the maximum number of batcher instances that will be created through a distinct combination of MetadataKeys. 0
telemetryGatewayCustomization.extraProcessors.batch/logs.metadata_keys[] []string List of clients. Metadata keys that will be used to form distinct batchers. If this setting is empty a single batcher instance will be used. When a batcher instance is full, it will be sent and a new batcher instance will be created. []
telemetryGatewayCustomization.extraProcessors.batch/logs.send_batch_max_size int The maximum size of a batch. If the batch size is larger than this value, the batch is sent. 0
telemetryGatewayCustomization.extraProcessors.batch/logs.send_batch_size int The maximum number of traces or metrics to include in a batch. 100
telemetryGatewayCustomization.extraProcessors.batch/logs.timeout string The maximum amount of time to wait for a batch to be filled before sending it anyway. 5s
telemetryGatewayCustomization.extraProcessors.memory_limiter map[string, interface] The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor. {“check_interval”:“1s”,“limit_percentage”:85,“spike_limit_percentage”:10}
telemetryGatewayCustomization.extraProcessors.memory_limiter.<MAP_KEY> interface The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryGatewayCustomization.extraProcessors.memory_limiter.check_interval interface The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryGatewayCustomization.extraProcessors.memory_limiter.limit_percentage interface The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryGatewayCustomization.extraProcessors.memory_limiter.spike_limit_percentage interface The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor.
telemetryGatewayCustomization.extraReceivers map[string, interface] Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data. null
telemetryGatewayCustomization.extraReceivers.<MAP_KEY> interface Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data.
telemetryGatewayCustomization.pipelines struct Selectively enable, disable, or customize any of the default pipelines.
telemetryGatewayCustomization.pipelines.logs/clickhouse struct A pre-defined pipeline that forwards Istio access logs that the collector agents receive to Clickhouse.
telemetryGatewayCustomization.pipelines.logs/clickhouse.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. false
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“clickhouse”]
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. null
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline.processors[] []string List of processors to use in the pipeline. [“filter/include_portal_source”,“batch/logs”]
telemetryGatewayCustomization.pipelines.logs/clickhouse.pipeline.receivers[] []string List of receivers to use in the pipeline. [“otlp”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic struct Configure the exporting of logs into single-entry redis streams.
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. true
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“redisstream/basic”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. null
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic.pipeline.processors[] []string List of processors to use in the pipeline. [“filter/include_basic_source”,“batch/logs”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_basic.pipeline.receivers[] []string List of receivers to use in the pipeline. [“otlp”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui struct Configure the exporting of logs into redis streams for the UI.
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. true
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“redisstream/ui”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. null
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui.pipeline.processors[] []string List of processors to use in the pipeline. [“filter/include_ui_source”,“batch/logs”]
telemetryGatewayCustomization.pipelines.logs/redis_stream_ui.pipeline.receivers[] []string List of receivers to use in the pipeline. [“otlp”]
telemetryGatewayCustomization.pipelines.metrics/prometheus struct A pre-defined pipeline that collects metrics from various sources, such as the Gloo management server, Gloo Platform, Istio, Cilium, and the Gloo OTel pipeline, and makes this data available to the built-in Prometheus server.
telemetryGatewayCustomization.pipelines.metrics/prometheus.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. true
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“prometheus”]
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. null
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline.processors[] []string List of processors to use in the pipeline. [“memory_limiter”,“batch”]
telemetryGatewayCustomization.pipelines.metrics/prometheus.pipeline.receivers[] []string List of receivers to use in the pipeline. [“otlp”]
telemetryGatewayCustomization.pipelines.traces/jaeger struct A pre-defined pipeline that collects traces to observe and monitor traffic requests, and makes them available to the built-in Jaeger tracing platform demo.
telemetryGatewayCustomization.pipelines.traces/jaeger.enabled bool Determines whether the Gloo OTel pipeline is enabled or disabled. false
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline struct The configuration of the Gloo OTel pipeline.
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline.exporters[] []string List of exporters when installed in workload cluster. [“otlp/jaeger”]
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline.managementPlaneExporters[] []string List of exporters used when installed in management plane. null
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline.processors[] []string List of processors to use in the pipeline. [“batch”]
telemetryGatewayCustomization.pipelines.traces/jaeger.pipeline.receivers[] []string List of receivers to use in the pipeline. [“otlp”]
telemetryGatewayCustomization.reloadTlsCertificate string Interval of time between reloading the TLS certificate of the telemetry gateway.
telemetryGatewayCustomization.serverName string SNI and certificate subject alternative name used in the telemetry gateway certificate. gloo-telemetry-gateway.gloo-mesh
telemetryGatewayCustomization.telemetry map[string, interface] Configure the service telemetry (logs and metrics) as described in the otel-collector docs. {“logs”:{“encoding”:“json”},“metrics”:{“address”:“0.0.0.0:8888”}}
telemetryGatewayCustomization.telemetry.<MAP_KEY> interface Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryGatewayCustomization.telemetry.logs interface Configure the service telemetry (logs and metrics) as described in the otel-collector docs.
telemetryGatewayCustomization.telemetry.metrics interface Configure the service telemetry (logs and metrics) as described in the otel-collector docs.