Modify Helm chart values

Gloo Mesh Enterprise uses Helm chart values for settings that control features such as relay certificates, rate limiting, or external authentication.

As you use Gloo Mesh, you might need to modify the Helm chart values to enable or disable these settings for the features that you want to use. Upgrading the Helm chart settings typically does not restart the gloo-mesh-mgmt-server or gloo-mesh-agent pods in your clusters. However, to verify any prerequisite steps or impact, consult the guides for the feature that you want to enable before changing the Helm chart values.

About Gloo Mesh Helm chart components

The following table provides an overview of the Gloo Mesh Helm chart components. You might want to modify some of these charts’ values for your Gloo Mesh setup.

Before you begin

1. Review the Helm value reference documentation for a description of the Helm chart settings that you can modify. Drill down to the reference section for the version of Gloo Mesh Enterprise that you run. To check your version, run meshctl version --kubecontext $MGMT_CONTEXT.

2. Save the environment variables that you need.

   # Save the kubeconfig contexts for your clusters. Run kubectl config get-contexts, look for your cluster in the CLUSTER column, and get the context name in the NAME column. Note: Do not use context names with underscores. The context name is used as a SAN specification in the generated certificate that connects workload clusters to the management cluster, and underscores in SAN are not FQDN compliant. You can rename a context by running kubectl config rename-context "<oldcontext>" <newcontext>.
   export MGMT_CONTEXT=<management_cluster_config>
   export REMOTE_CONTEXT=<remote_cluster_config>
   
   # Set the Gloo Mesh Enterprise version. The latest version is used as an example. You can find other versions in the Changelog documentation.
   export GLOO_MESH_VERSION=2.1.0-beta16
   
   # Add your Gloo Mesh Enterprise license that you got from your Solo account representative.
   export GLOO_MESH_LICENSE_KEY=<license_key>
   

Installing or upgrading modified Helm values

Install or upgrade the Gloo Mesh Enterprise Helm chart with helm install or helm upgrade CLI commands by using a configuration file such as values.yaml or the --set option. You can download the bundled Gloo Mesh Enterprise charts from https://storage.googleapis.com/gloo-mesh-enterprise/.

1. Target your cluster.

   • Management cluster
   • Workload cluster

   
       kubectl config use-context ${MGMT_CONTEXT}
       

   
       kubectl config use-context ${REMOTE_CONTEXT}
       

2. Add and update the Helm chart repos. Add or update the gloo-mesh-enterprise repo for the management cluster and gloo-mesh-agent for the workload clusters.

   • Management cluster
   • Workload cluster
   • Already added Helm chart repo

   
       helm repo add gloo-mesh-enterprise https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-enterprise
       

   
       helm repo add gloo-mesh-agent https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-agent
       

   
       helm repo update
       

3. Optional: View the latest chart versions.

   helm search repo
   

4. Optional: If you already installed the Helm chart, view the current Helm values of the installed chart.

   • Management cluster
   • Workload cluster

   
      helm show values gloo-mesh-enterprise/gloo-mesh-enterprise --version $GLOO_MESH_VERSION
      

   
      helm show values gloo-mesh-agent/gloo-mesh-agent --version $GLOO_MESH_VERSION
      

5. If you did not already install the Helm chart, create the gloo-mesh namespace.

   kubectl create ns gloo-mesh
   

6. Continue to the next sections to install or upgrade Helm chart values, depending on which method you want to use.

   • Use the --set flag option in the CLI.
   • Pass in a values.yaml configuration file with the --values flag option in the CLI.

Modifying values with –set

Specify the Helm value that you want to modify in the --set command. Remember to include the prefix for the component that you want to modify. For a description of the Helm chart settings that you can modify, review the Helm value reference documentation.

helm install gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise \
--namespace gloo-mesh \
--kube-context ${MGMT_CONTEXT} \
--version ${GLOO_MESH_VERSION} \
--set glooMeshLicenseKey=${GLOO_MESH_LICENSE_KEY} \
--set glooMeshMgmtServer.floatingUserId=true \
--set glooMeshUi.floatingUserId=true \
--set glooMeshRedis.floatingUserId=true

helm upgrade gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise \
--namespace gloo-mesh \
--kube-context ${MGMT_CONTEXT} \
--version ${GLOO_MESH_VERSION} \
--set glooMeshLicenseKey=${GLOO_MESH_LICENSE_KEY} \
--set glooMeshMgmtServer.floatingUserId=true \
--set glooMeshUi.floatingUserId=true \
--set glooMeshRedis.floatingUserId=true

helm install gloo-mesh-agent gloo-mesh-agent/gloo-mesh-agent \
--namespace gloo-mesh \
--kube-context=${REMOTE_CONTEXT} \
--version ${GLOO_MESH_VERSION} \
--set insecure=true

helm upgrade gloo-mesh-agent gloo-mesh-agent/gloo-mesh-agent \
--namespace gloo-mesh \
--kube-context=${REMOTE_CONTEXT} \
--version ${GLOO_MESH_VERSION} \
--set insecure=true

Modifying values with a configuration file

1. Create a configuration file with a name such as values.yaml, and include the Helm values that you want to modify, such as the following example. The example modifies the settings of the glooMeshMgmtServer and glooMeshUi components so that you can provide your own relay certificates. The example also shows how you might use the deploymentOverrides and serviceOverrides to modify the default deployment of the glooMeshMgmtServer with your own Kubernetes resources, like a config map or service account.

   For a description of each Helm chart setting that you can modify, review the Helm value reference documentation.

   insecure: false
   mgmtClusterName: $MGMT_CLUSTER
   glooMeshMgmtServer:
     deploymentOverrides:
       spec:
         template:
           spec:
             volumeMounts:
               - name: envoy-config
                 configMap:
                   name: my-custom-envoy-config
     floatingUserId: false
     relay:
       disableCa: true
       disableCaCertGeneration: true
       tlsSecret:
         name: relay-server-tls-secret
         namespace: gloo-mesh
     serviceOverrides:
       spec:
         serviceAccountName: other-service-account
   glooMeshUi:
     floatingUserId: false
   

2. Optional: Review your changes in the context of the entire template for the Helm chart that you plan to install, such as gloo-mesh-enterprise/gloo-mesh-enterprise for the management cluster. The output includes the YAML manifests for all the resources that Gloo Mesh Enterprise installs in your cluster with the Helm chart, including the changes that you just made.

   helm template gloo-mesh-enterprise https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-enterprise/gloo-mesh-enterprise-$GLOO_MESH_VERSION.tgz --namespace gloo-mesh --values values.yaml
   

3. Install or upgrade the Helm chart with your updated Helm values.

helm install gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise \
--namespace gloo-mesh \
--kube-context ${MGMT_CONTEXT} \
--version ${GLOO_MESH_VERSION} \
--set glooMeshLicenseKey=${GLOO_MESH_LICENSE_KEY} \
--values values.yaml

helm upgrade gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise \
--namespace gloo-mesh \
--kube-context ${MGMT_CONTEXT} \
--version ${GLOO_MESH_VERSION} \
--values values.yaml

helm install gloo-mesh-agent gloo-mesh-agent/gloo-mesh-agent \
--namespace gloo-mesh \
--kube-context=${REMOTE_CONTEXT} \
--version ${GLOO_MESH_VERSION} \
--values values.yaml

helm upgrade gloo-mesh-agent gloo-mesh-agent/gloo-mesh-agent \
--namespace gloo-mesh \
--kube-context=${REMOTE_CONTEXT} \
--version ${GLOO_MESH_VERSION} \
--values values.yaml