| global |
struct |
{“insecure”:false,“devMode”:false} |
global chart values which can be set from parent charts |
| global.insecure |
bool |
false |
Set to true to enable insecure communication between Gloo Mesh components |
| global.devMode |
bool |
false |
Set to true to enable dev mode for the logger. |
| defaultMetricsPort |
uint32 |
9091 |
The port on which to serve internal Prometheus metrics for the Gloo Mesh application. Set to 0 to disable. |
| relay |
struct |
{“cluster”:"",“serverAddress”:"",“authority”:“enterprise-networking.gloo-mesh”,“insecure”:false,“clientCertSecret”:{“name”:“relay-client-tls-secret”},“rootTlsSecret”:{“name”:“relay-root-tls-secret”},“tokenSecret”:{“name”:“relay-identity-token-secret”,“namespace”:"",“key”:“token”},“maxGrpcMessageSize”:“4294967295”} |
options for connecting relay |
| relay.cluster |
string |
|
cluster identifier for the relay agent |
| relay.serverAddress |
string |
|
address of the relay server |
| relay.authority |
string |
enterprise-networking.gloo-mesh |
set the authority/host header to this value when dialing the Relay gRPC Server |
| relay.insecure |
bool |
false |
communicate with relay server over plain HTTP |
| relay.clientCertSecret |
struct |
{“name”:“relay-client-tls-secret”} |
Reference to a Secret containing the Client TLS Certificates used to identify the Relay Agent to the Server. If the secret does not exist, a Token and Root cert secret are required. |
| relay.clientCertSecret.name |
string |
relay-client-tls-secret |
|
| relay.clientCertSecret.namespace |
string |
|
|
| relay.rootTlsSecret |
struct |
{“name”:“relay-root-tls-secret”} |
Reference to a Secret containing a Root TLS Certificates used to verify the Relay Server Certificate. The secret can also optionally specify a ‘tls.key’ which will be used to generate the Agent Client Certificate. |
| relay.rootTlsSecret.name |
string |
relay-root-tls-secret |
|
| relay.rootTlsSecret.namespace |
string |
|
|
| relay.tokenSecret |
struct |
{“name”:“relay-identity-token-secret”,“namespace”:"",“key”:“token”} |
Reference to a Secret containing a shared Token for authenticating to the Relay Server |
| relay.tokenSecret.name |
string |
relay-identity-token-secret |
Name of the Kubernetes Secret |
| relay.tokenSecret.namespace |
string |
|
Namespace of the Kubernetes Secret |
| relay.tokenSecret.key |
string |
token |
Key value of the data within the Kubernetes Secret |
| relay.maxGrpcMessageSize |
string |
4294967295 |
Specify to set a custom maximum message size for grpc messages sent to the Relay server |
| settingsRef |
struct |
{“name”:“settings”,“namespace”:“gloo-mesh”} |
ref to the settings object that will be received from the networking server. |
| settingsRef.name |
string |
settings |
|
| settingsRef.namespace |
string |
gloo-mesh |
|
| istiodSidecar |
struct |
{“createRoleBinding”:false,“istiodServiceAccount”:{“name”:“istiod-service-account”,“namespace”:“istio-system”}} |
settings pertaining to the istiod sidecar deployment |
| istiodSidecar.createRoleBinding |
bool |
false |
create cluster role binding needed by istiod sidecar |
| istiodSidecar.istiodServiceAccount |
struct |
{“name”:“istiod-service-account”,“namespace”:“istio-system”} |
object reference to istiod service account |
| istiodSidecar.istiodServiceAccount.name |
string |
istiod-service-account |
|
| istiodSidecar.istiodServiceAccount.namespace |
string |
istio-system |
|
| verbose |
bool |
false |
enables verbose/debug logging |
| ext-auth-service |
struct |
{“enabled”:false,“extraTemplateAnnotations”:{“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"}} |
customizations to the ext-auth-service helm chart |
| ext-auth-service.enabled |
bool |
false |
if true, deploy ExtAuth service (default false) |
| ext-auth-service.extraTemplateAnnotations |
map[string, string] |
|
extra annotations to add to the extauth service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| ext-auth-service.extraTemplateAnnotations.<MAP_KEY> |
string |
|
extra annotations to add to the extauth service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| ext-auth-service.extraTemplateAnnotations.proxy.istio.io/config |
string |
{ “holdApplicationUntilProxyStarts”: true } |
extra annotations to add to the extauth service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| rate-limiter |
struct |
{“enabled”:false,“extraTemplateAnnotations”:{“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"},“redis”:{“auth”:{“enabled”:false,“secretName”:“redis-secrets”,“passwordKey”:“redis-password”,“usernameKey”:“redis-username”},“certs”:{“caCert”:“redis.crt”,“enabled”:false,“mountPoint”:"/etc/tls”,“signingKey”:“redis.key”,“secretName”:“redis.crt”},“enabled”:true,“hostname”:“redis”,“service”:{“name”:“redis”,“port”:6379,“socket”:“tcp”}}} |
customizations to the rate-limiter helm chart |
| rate-limiter.enabled |
bool |
false |
if true, deploy rate limit service (default false) |
| rate-limiter.extraTemplateAnnotations |
map[string, string] |
|
extra annotations to add to the ratelimit service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| rate-limiter.extraTemplateAnnotations.<MAP_KEY> |
string |
|
extra annotations to add to the ratelimit service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| rate-limiter.extraTemplateAnnotations.proxy.istio.io/config |
string |
{ “holdApplicationUntilProxyStarts”: true } |
extra annotations to add to the ratelimit service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
| rate-limiter.redis |
struct |
{“auth”:{“enabled”:false,“secretName”:“redis-secrets”,“passwordKey”:“redis-password”,“usernameKey”:“redis-username”},“certs”:{“caCert”:“redis.crt”,“enabled”:false,“mountPoint”:"/etc/tls”,“signingKey”:“redis.key”,“secretName”:“redis.crt”},“enabled”:true,“hostname”:“redis”,“service”:{“name”:“redis”,“port”:6379,“socket”:“tcp”}} |
customizations for ratelimiter redis cache |
| rate-limiter.redis.auth |
struct |
{“enabled”:false,“secretName”:“redis-secrets”,“passwordKey”:“redis-password”,“usernameKey”:“redis-username”} |
Redis authorization settings |
| rate-limiter.redis.auth.enabled |
bool |
false |
use authentication (redis AUTH) when conecting to Redis (default: false) |
| rate-limiter.redis.auth.secretName |
string |
redis-secrets |
name of the kubernetes secret that contains redis username and password (default: ‘redis-secrets’) |
| rate-limiter.redis.auth.passwordKey |
string |
redis-password |
key for the kubernetes secret that contains the redis password (default: ‘redis-password’) |
| rate-limiter.redis.auth.usernameKey |
string |
redis-username |
key for the kubernetes secret that contains the redis username. Note: the value contained within this secret should be ‘default’ if no explicit username is set (default: ‘redis-username’) |
| rate-limiter.redis.certs |
struct |
{“caCert”:“redis.crt”,“enabled”:false,“mountPoint”:"/etc/tls”,“signingKey”:“redis.key”,“secretName”:“redis.crt”} |
configuration to allow using explicit CA certs if using redis with TLS |
| rate-limiter.redis.certs.caCert |
string |
redis.crt |
file name for the mounted secret that contains the ca cert (default: ‘redis.crt’) |
| rate-limiter.redis.certs.enabled |
bool |
false |
set to true if you want to use an expliciy CA cert when connecting to Redis (e.g. to support self-signed certs) (default: ‘false’) |
| rate-limiter.redis.certs.mountPoint |
string |
/etc/tls |
Mount point for the secret that contains the cert (default: ‘/etc/tls’) |
| rate-limiter.redis.certs.signingKey |
string |
redis.key |
file name for the mounted secret that contains a signing key. Note: this is only relevant if helm is going to install Redis using self-signed certs. For connecting to an existing Redis, this will be ignored. (default: ‘redis.key’) |
| rate-limiter.redis.certs.secretName |
string |
redis.crt |
name of the secret containing the cacert (default: ‘redis-certs-keys’) |
| rate-limiter.redis.enabled |
bool |
true |
if true, deploy redis service (default true). If false, it is assumed than an external redis already exists and will be pointed to in config |
| rate-limiter.redis.hostname |
string |
redis |
the hostname of the redis service (default ‘redis’) |
| rate-limiter.redis.service |
struct |
{“name”:“redis”,“port”:6379,“socket”:“tcp”} |
connection and service details for the ratelimiter redis instance |
| rate-limiter.redis.service.name |
string |
redis |
redis kubernetes service name. Ignored if redis.enabled=false (external redis not in kubernetes). (default: ‘redis’) |
| rate-limiter.redis.service.port |
int |
6379 |
redis port the ratelimiter service will connect to (default: 6379) |
| rate-limiter.redis.service.socket |
string |
tcp |
Socket type for connection to redis. Valis values are ‘tcp’, ‘tls’, and ‘unix’. (Default: tcp) |
| enterpriseAgent |
struct |
{“image”:{“repository”:“enterprise-agent”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}],“resources”:{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}},“sidecars”:{},“floatingUserId”:false,“runAsUser”:10101,“serviceType”:“ClusterIP”,“ports”:{“grpc”:9977,“healthcheck”:8090,“http”:9988},“enabled”:true} |
Configuration for the enterpriseAgent deployment. |
| enterpriseAgent |
struct |
{“image”:{“repository”:“enterprise-agent”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}],“resources”:{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}} |
|
| enterpriseAgent.image |
struct |
{“repository”:“enterprise-agent”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”} |
Specify the container image |
| enterpriseAgent.image.tag |
string |
|
Tag for the container. |
| enterpriseAgent.image.repository |
string |
enterprise-agent |
Image name (repository). |
| enterpriseAgent.image.registry |
string |
gcr.io/gloo-mesh |
Image registry. |
| enterpriseAgent.image.pullPolicy |
string |
IfNotPresent |
Image pull policy. |
| enterpriseAgent.image.pullSecret |
string |
|
Image pull secret. |
| enterpriseAgent.Env[] |
slice |
[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}] |
Specify environment variables for the container. See the Kubernetes documentation for specification details. |
| enterpriseAgent.resources |
struct |
{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}} |
Specify container resource requirements. See the Kubernetes documentation for specification details. |
| enterpriseAgent.resources.limits |
map[string, struct] |
|
|
| enterpriseAgent.resources.limits.<MAP_KEY> |
struct |
|
|
| enterpriseAgent.resources.limits.<MAP_KEY> |
string |
|
|
| enterpriseAgent.resources.requests |
map[string, struct] |
|
|
| enterpriseAgent.resources.requests.<MAP_KEY> |
struct |
|
|
| enterpriseAgent.resources.requests.<MAP_KEY> |
string |
|
|
| enterpriseAgent.resources.requests.cpu |
struct |
"50m” |
|
| enterpriseAgent.resources.requests.cpu |
string |
DecimalSI |
|
| enterpriseAgent.resources.requests.memory |
struct |
"128Mi” |
|
| enterpriseAgent.resources.requests.memory |
string |
BinarySI |
|
| enterpriseAgent.sidecars |
map[string, struct] |
|
Configuration for the deployed containers. |
| enterpriseAgent.sidecars.<MAP_KEY> |
struct |
|
Configuration for the deployed containers. |
| enterpriseAgent.sidecars.<MAP_KEY>.image |
struct |
|
Specify the container image |
| enterpriseAgent.sidecars.<MAP_KEY>.image.tag |
string |
|
Tag for the container. |
| enterpriseAgent.sidecars.<MAP_KEY>.image.repository |
string |
|
Image name (repository). |
| enterpriseAgent.sidecars.<MAP_KEY>.image.registry |
string |
|
Image registry. |
| enterpriseAgent.sidecars.<MAP_KEY>.image.pullPolicy |
string |
|
Image pull policy. |
| enterpriseAgent.sidecars.<MAP_KEY>.image.pullSecret |
string |
|
Image pull secret. |
| enterpriseAgent.sidecars.<MAP_KEY>.Env[] |
slice |
|
Specify environment variables for the container. See the Kubernetes documentation for specification details. |
| enterpriseAgent.sidecars.<MAP_KEY>.resources |
struct |
|
Specify container resource requirements. See the Kubernetes documentation for specification details. |
| enterpriseAgent.sidecars.<MAP_KEY>.resources.limits |
map[string, struct] |
|
|
| enterpriseAgent.sidecars.<MAP_KEY>.resources.limits.<MAP_KEY> |
struct |
|
|
| enterpriseAgent.sidecars.<MAP_KEY>.resources.limits.<MAP_KEY> |
string |
|
|
| enterpriseAgent.sidecars.<MAP_KEY>.resources.requests |
map[string, struct] |
|
|
| enterpriseAgent.sidecars.<MAP_KEY>.resources.requests.<MAP_KEY> |
struct |
|
|
| enterpriseAgent.sidecars.<MAP_KEY>.resources.requests.<MAP_KEY> |
string |
|
|
| enterpriseAgent.floatingUserId |
bool |
false |
Allow the pod to be assigned a dynamic user ID. |
| enterpriseAgent.runAsUser |
uint32 |
10101 |
Static user ID to run the containers as. Unused if floatingUserId is ‘true’. |
| enterpriseAgent.serviceType |
string |
ClusterIP |
Specify the service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. |
| enterpriseAgent.ports |
map[string, uint32] |
|
Specify service ports as a map from port name to port number. |
| enterpriseAgent.ports.<MAP_KEY> |
uint32 |
|
Specify service ports as a map from port name to port number. |
| enterpriseAgent.ports.grpc |
uint32 |
9977 |
Specify service ports as a map from port name to port number. |
| enterpriseAgent.ports.healthcheck |
uint32 |
8090 |
Specify service ports as a map from port name to port number. |
| enterpriseAgent.ports.http |
uint32 |
9988 |
Specify service ports as a map from port name to port number. |
| enterpriseAgent.DeploymentOverrides |
invalid |
|
Provide arbitrary overrides for the component's deployment template |
| enterpriseAgent.ServiceOverrides |
invalid |
|
Provide arbitrary overrides for the component's service template. |
| enterpriseAgent.enabled |
bool |
true |
Enables or disables creation of the operator deployment/service |
