| accessLogsBufferSize |
int |
Number of access logs to buffer per Envoy proxy. |
50 |
| cluster |
string |
Name of the workload cluster to deploy Gloo agent in. |
|
| devMode |
bool |
Set to true to enable development mode for the logger, which can cause panics. Do not use in production. |
false |
| ext-auth-service |
struct |
Customizations for the ext-auth-service Helm chart. |
|
| ext-auth-service.enabled |
bool |
if true, deploy the dependency service (default false) |
false |
| ext-auth-service.extraTemplateAnnotations |
map[string, string] |
extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
{“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"} |
| ext-auth-service.extraTemplateAnnotations.<MAP_KEY> |
string |
extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
|
| ext-auth-service.extraTemplateAnnotations.proxy.istio.io/config |
string |
extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
{ “holdApplicationUntilProxyStarts”: true } |
| gloo-network-agent |
struct |
Customizations for the Gloo Network-specific agent functionality. |
|
| gloo-network-agent.enabled |
bool |
if true, deploy the dependency service (default false) |
false |
| glooMeshAgent |
struct |
|
|
| glooMeshAgent |
struct |
Configuration for the glooMeshAgent deployment. |
|
| glooMeshAgent.deploymentOverrides |
struct |
Arbitrary overrides for the component's deployment template. |
|
| glooMeshAgent.enabled |
bool |
Enable creation of the deployment/service. |
true |
| glooMeshAgent.env[] |
slice |
Environment variables for the container. For more info, see the Kubernetes documentation. |
[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“K8S_MEM_LIMIT”,“valueFrom”:{“resourceFieldRef”:{“resource”:“limits.memory”,“divisor”:“1”}}}] |
| glooMeshAgent.extraEnvs |
struct |
Extra environment variables for the container |
|
| glooMeshAgent.floatingUserId |
bool |
Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. |
false |
| glooMeshAgent.image |
struct |
Container image. |
|
| glooMeshAgent.image.pullPolicy |
string |
Image pull policy. |
IfNotPresent |
| glooMeshAgent.image.pullSecret |
string |
Image pull secret. |
|
| glooMeshAgent.image.registry |
string |
Image registry. |
gcr.io/gloo-mesh |
| glooMeshAgent.image.repository |
string |
Image name (repository). |
gloo-mesh-agent |
| glooMeshAgent.image.tag |
string |
Version tag for the container image. |
|
| glooMeshAgent.ports |
map[string, uint32] |
Service ports as a map from port name to port number. |
{“grpc”:9977,“healthcheck”:8090,“http”:9988,“stats”:9091} |
| glooMeshAgent.ports.<MAP_KEY> |
uint32 |
Service ports as a map from port name to port number. |
|
| glooMeshAgent.ports.grpc |
uint32 |
Service ports as a map from port name to port number. |
9977 |
| glooMeshAgent.ports.healthcheck |
uint32 |
Service ports as a map from port name to port number. |
8090 |
| glooMeshAgent.ports.http |
uint32 |
Service ports as a map from port name to port number. |
9988 |
| glooMeshAgent.ports.stats |
uint32 |
Service ports as a map from port name to port number. |
9091 |
| glooMeshAgent.resources |
struct |
Container resource requirements. For more info, see the Kubernetes documentation. |
{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}} |
| glooMeshAgent.runAsUser |
uint32 |
Static user ID to run the containers as. Unused if floatingUserId is ‘true’. |
10101 |
| glooMeshAgent.securityContext |
struct |
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
|
| glooMeshAgent.serviceOverrides |
struct |
Arbitrary overrides for the component's service template. |
|
| glooMeshAgent.serviceType |
string |
Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. |
ClusterIP |
| glooMeshAgent.sidecars |
map[string, struct] |
Optional configuration for the deployed containers. |
{} |
| glooMeshAgent.sidecars.<MAP_KEY> |
struct |
Optional configuration for the deployed containers. |
|
| glooMeshAgent.sidecars.<MAP_KEY>.env[] |
slice |
Environment variables for the container. For more info, see the Kubernetes documentation. |
|
| glooMeshAgent.sidecars.<MAP_KEY>.extraEnvs |
struct |
Extra environment variables for the container |
|
| glooMeshAgent.sidecars.<MAP_KEY>.image |
struct |
Container image. |
|
| glooMeshAgent.sidecars.<MAP_KEY>.image.pullPolicy |
string |
Image pull policy. |
|
| glooMeshAgent.sidecars.<MAP_KEY>.image.pullSecret |
string |
Image pull secret. |
|
| glooMeshAgent.sidecars.<MAP_KEY>.image.registry |
string |
Image registry. |
|
| glooMeshAgent.sidecars.<MAP_KEY>.image.repository |
string |
Image name (repository). |
|
| glooMeshAgent.sidecars.<MAP_KEY>.image.tag |
string |
Version tag for the container image. |
|
| glooMeshAgent.sidecars.<MAP_KEY>.resources |
struct |
Container resource requirements. For more info, see the Kubernetes documentation. |
|
| glooMeshAgent.sidecars.<MAP_KEY>.securityContext |
struct |
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
|
| glooMeshPortalServer |
struct |
|
|
| glooMeshPortalServer |
struct |
Configuration for the glooMeshPortalServer deployment. |
|
| glooMeshPortalServer.apiKeyStorage |
struct |
Configure backend storage for API keys. |
|
| glooMeshPortalServer.apiKeyStorage.redis |
struct |
Configuration for using a Redis instance for authentication. |
|
| glooMeshPortalServer.apiKeyStorage.redis.address |
string |
Address to use when connecting to the Redis instance. To use the default Redis deployment, specify ‘redis.gloo-mesh.svc.cluster.local:6379’. |
|
| glooMeshPortalServer.apiKeyStorage.redis.auth |
struct |
Optional authentication values to use when connecting to the Redis instance |
|
| glooMeshPortalServer.apiKeyStorage.redis.auth.enabled |
bool |
Connect to the Redis instance with a password |
false |
| glooMeshPortalServer.apiKeyStorage.redis.auth.passwordKey |
string |
The secret key containing the password to use for authentication |
|
| glooMeshPortalServer.apiKeyStorage.redis.auth.secretName |
string |
Name of the k8s secret that contains the password |
|
| glooMeshPortalServer.apiKeyStorage.redis.auth.usernameKey |
string |
The secret key containing the username to use for authentication |
|
| glooMeshPortalServer.apiKeyStorage.redis.certs |
struct |
Configuration for TLS verification when connecting to the Redis instance |
|
| glooMeshPortalServer.apiKeyStorage.redis.certs.caCertKey |
string |
The secret key containing the ca cert |
|
| glooMeshPortalServer.apiKeyStorage.redis.certs.enabled |
bool |
Enable a secure network connection to the Redis instance via TLS |
false |
| glooMeshPortalServer.apiKeyStorage.redis.certs.secretName |
string |
Name of the k8s secret that contains the certs |
|
| glooMeshPortalServer.apiKeyStorage.redis.connection |
struct |
Optional connection parameters |
|
| glooMeshPortalServer.apiKeyStorage.redis.connection.connMaxIdleTime |
string |
The maximum amount of time a connection may be idle. Should be less than server's timeout. Default is 30 minutes. -1 disables idle timeout check. |
30m |
| glooMeshPortalServer.apiKeyStorage.redis.connection.connMaxLifetime |
string |
The maximum amount of time a connection may be reused. If <= 0, connections are not closed due to a connection's age. |
0 |
| glooMeshPortalServer.apiKeyStorage.redis.connection.contextTimeoutEnabled |
bool |
ContextTimeoutEnabled controls whether the client respects context timeouts and deadlines. |
false |
| glooMeshPortalServer.apiKeyStorage.redis.connection.dialTimeout |
string |
Dial timeout for establishing new connections. Default is 5 seconds. |
5s |
| glooMeshPortalServer.apiKeyStorage.redis.connection.idleTimeout |
string |
Deprecated: in favor of ‘connMaxIdleTime’. Amount of time after which client closes idle connections. Should be less than server's timeout. Default is 30 minutes. -1 disables idle timeout check. |
30m |
| glooMeshPortalServer.apiKeyStorage.redis.connection.masterName |
string |
The master name. Only needed for sentinel mode. |
|
| glooMeshPortalServer.apiKeyStorage.redis.connection.maxConnAge |
string |
Deprecated: in favor of using ‘connMaxLifetime’. Connection age at which client retires (closes) the connection. Default is to not close aged connections. |
0 |
| glooMeshPortalServer.apiKeyStorage.redis.connection.maxIdleConns |
int |
Maximum number of idle connections. |
0 |
| glooMeshPortalServer.apiKeyStorage.redis.connection.maxRedirects |
int |
The maximum number of retries before giving up. Command is retried on network errors and MOVED/ASK redirects. Default is 3 retries. |
3 |
| glooMeshPortalServer.apiKeyStorage.redis.connection.maxRetries |
int |
Maximum number of retries before giving up. Default is 3. -1 disables retries. |
3 |
| glooMeshPortalServer.apiKeyStorage.redis.connection.maxRetryBackoff |
string |
Maximum backoff between each retry. Default is 512 milliseconds. -1 disables backoff. |
512ms |
| glooMeshPortalServer.apiKeyStorage.redis.connection.minIdleConns |
int |
Minimum number of idle connections which is useful when establishing new connection is slow. |
0 |
| glooMeshPortalServer.apiKeyStorage.redis.connection.minRetryBackoff |
string |
Minimum backoff between each retry. Default is 8 milliseconds. -1 disables backoff. |
8ms |
| glooMeshPortalServer.apiKeyStorage.redis.connection.poolFifo |
bool |
Type of connection pool. true for FIFO pool. false for LIFO pool. Note that FIFO has higher overhead compared to LIFO. |
false |
| glooMeshPortalServer.apiKeyStorage.redis.connection.poolSize |
int |
Maximum number of socket connections. Default is 10 connections per every available CPU as reported by runtime.GOMAXPROCS. |
0 |
| glooMeshPortalServer.apiKeyStorage.redis.connection.poolTimeout |
string |
Amount of time client waits for connection if all connections are busy before returning an error. Default is ReadTimeout + 1 second. |
4s |
| glooMeshPortalServer.apiKeyStorage.redis.connection.readOnly |
bool |
Enables read-only commands on slave nodes. Default is false. |
false |
| glooMeshPortalServer.apiKeyStorage.redis.connection.readTimeout |
string |
Timeout for socket reads. if reached, commands will fail with a timeout instead of blocking. Default is 3 seconds. -1 disables timeout. 0 uses the default value. |
3s |
| glooMeshPortalServer.apiKeyStorage.redis.connection.routeByLatency |
bool |
Allows routing read-only commands to the closest master or slave node. It automatically enables ReadOnly. |
false |
| glooMeshPortalServer.apiKeyStorage.redis.connection.routeRandomly |
bool |
Allows routing read-only commands to the random master or slave node. It automatically enables ReadOnly. |
false |
| glooMeshPortalServer.apiKeyStorage.redis.connection.writeTimeout |
string |
Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Default is ReadTimeout. |
3s |
| glooMeshPortalServer.apiKeyStorage.redis.db |
int |
DB to connect to |
0 |
| glooMeshPortalServer.apiKeyStorage.secretKey |
string |
The string value that you want to use to hash API keys before they are stored in the backing database. |
change this |
| glooMeshPortalServer.apiKeyStorage.type |
string |
Backend storage for API keys. Currently, redis is supported. |
redis |
| glooMeshPortalServer.deploymentOverrides |
struct |
Arbitrary overrides for the component's deployment template. |
|
| glooMeshPortalServer.devMode |
bool |
Set to true to enable development mode for the logger, which can cause panics. Do not use in production. |
false |
| glooMeshPortalServer.enabled |
bool |
Deploy the Portal server for Gloo Platform Portal to the cluster. |
false |
| glooMeshPortalServer.enabled |
bool |
Enable creation of the deployment/service. |
true |
| glooMeshPortalServer.env[] |
slice |
Environment variables for the container. For more info, see the Kubernetes documentation. |
[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}},{“name”:“APIKEY_STORAGE_SECRET_KEY”,“valueFrom”:{“secretKeyRef”:{“name”:“portal-storage-secret-key”,“key”:“key”}}},{“name”:“REDIS_USERNAME”,“valueFrom”:{“secretKeyRef”:{“name”:“portal-redis-credentials”,“key”:“username”,“optional”:true}}},{“name”:“REDIS_PASSWORD”,“valueFrom”:{“secretKeyRef”:{“name”:“portal-redis-credentials”,“key”:“password”,“optional”:true}}}] |
| glooMeshPortalServer.extraEnvs |
struct |
Extra environment variables for the container |
|
| glooMeshPortalServer.floatingUserId |
bool |
Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. |
false |
| glooMeshPortalServer.image |
struct |
Container image. |
|
| glooMeshPortalServer.image.pullPolicy |
string |
Image pull policy. |
IfNotPresent |
| glooMeshPortalServer.image.pullSecret |
string |
Image pull secret. |
|
| glooMeshPortalServer.image.registry |
string |
Image registry. |
gcr.io/gloo-mesh |
| glooMeshPortalServer.image.repository |
string |
Image name (repository). |
gloo-mesh-portal-server |
| glooMeshPortalServer.image.tag |
string |
Version tag for the container image. |
|
| glooMeshPortalServer.ports |
map[string, uint32] |
Service ports as a map from port name to port number. |
{“http”:8080} |
| glooMeshPortalServer.ports.<MAP_KEY> |
uint32 |
Service ports as a map from port name to port number. |
|
| glooMeshPortalServer.ports.http |
uint32 |
Service ports as a map from port name to port number. |
8080 |
| glooMeshPortalServer.resources |
struct |
Container resource requirements. For more info, see the Kubernetes documentation. |
{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}} |
| glooMeshPortalServer.runAsUser |
uint32 |
Static user ID to run the containers as. Unused if floatingUserId is ‘true’. |
10101 |
| glooMeshPortalServer.securityContext |
struct |
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
|
| glooMeshPortalServer.serviceOverrides |
struct |
Arbitrary overrides for the component's service template. |
|
| glooMeshPortalServer.serviceType |
string |
Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. |
ClusterIP |
| glooMeshPortalServer.sidecars |
map[string, struct] |
Optional configuration for the deployed containers. |
{} |
| glooMeshPortalServer.sidecars.<MAP_KEY> |
struct |
Optional configuration for the deployed containers. |
|
| glooMeshPortalServer.sidecars.<MAP_KEY>.env[] |
slice |
Environment variables for the container. For more info, see the Kubernetes documentation. |
|
| glooMeshPortalServer.sidecars.<MAP_KEY>.extraEnvs |
struct |
Extra environment variables for the container |
|
| glooMeshPortalServer.sidecars.<MAP_KEY>.image |
struct |
Container image. |
|
| glooMeshPortalServer.sidecars.<MAP_KEY>.image.pullPolicy |
string |
Image pull policy. |
|
| glooMeshPortalServer.sidecars.<MAP_KEY>.image.pullSecret |
string |
Image pull secret. |
|
| glooMeshPortalServer.sidecars.<MAP_KEY>.image.registry |
string |
Image registry. |
|
| glooMeshPortalServer.sidecars.<MAP_KEY>.image.repository |
string |
Image name (repository). |
|
| glooMeshPortalServer.sidecars.<MAP_KEY>.image.tag |
string |
Version tag for the container image. |
|
| glooMeshPortalServer.sidecars.<MAP_KEY>.resources |
struct |
Container resource requirements. For more info, see the Kubernetes documentation. |
|
| glooMeshPortalServer.sidecars.<MAP_KEY>.securityContext |
struct |
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
|
| glooMeshPortalServer.verbose |
bool |
Enable verbose/debug logging. |
false |
| glooSpireServer |
struct |
|
|
| glooSpireServer |
struct |
Configuration for the glooSpireServer deployment. |
|
| glooSpireServer.controller |
struct |
|
|
| glooSpireServer.controller |
struct |
Sidecar controller configuration. |
|
| glooSpireServer.controller.leaderElection |
bool |
Enable leader election for the controller. Enabling this will ensure there is only one active controller. |
true |
| glooSpireServer.controller.verbose |
bool |
Enable verbose/debug logging. |
true |
| glooSpireServer.deploymentOverrides |
struct |
Arbitrary overrides for the component's deployment template. |
|
| glooSpireServer.enabled |
bool |
Enable SPIRE server component. |
false |
| glooSpireServer.enabled |
bool |
Enable creation of the deployment/service. |
true |
| glooSpireServer.env[] |
slice |
Environment variables for the container. For more info, see the Kubernetes documentation. |
[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}] |
| glooSpireServer.extraEnvs |
struct |
Extra environment variables for the container |
|
| glooSpireServer.floatingUserId |
bool |
Allow the pod to be assigned a dynamic user ID. Required for OpenShift installations. |
false |
| glooSpireServer.image |
struct |
Container image. |
|
| glooSpireServer.image.pullPolicy |
string |
Image pull policy. |
IfNotPresent |
| glooSpireServer.image.pullSecret |
string |
Image pull secret. |
|
| glooSpireServer.image.registry |
string |
Image registry. |
ghcr.io/spiffe |
| glooSpireServer.image.repository |
string |
Image name (repository). |
spire-server |
| glooSpireServer.image.tag |
string |
Version tag for the container image. |
|
| glooSpireServer.plugins |
struct |
Plugins configuration. |
|
| glooSpireServer.plugins.datastore |
struct |
Datastore configuration |
|
| glooSpireServer.plugins.datastore.connectionString |
string |
Connection string for the database. |
/run/spire/data/datastore.sqlite3 |
| glooSpireServer.plugins.datastore.databaseType |
string |
Database type: postgres, mysql, or sqlite3. |
sqlite3 |
| glooSpireServer.plugins.nodeAttestor |
struct |
Node attestor configuration |
|
| glooSpireServer.plugins.nodeAttestor.aws |
struct |
AWS node attestor configuration. |
|
| glooSpireServer.plugins.nodeAttestor.aws.accessKeyId |
string |
AWS access key ID for long term credentials. Defaults to AWS_ACCESS_KEY_ID environment variable. |
|
| glooSpireServer.plugins.nodeAttestor.aws.assumeRole |
string |
The ARN of the role to assume when making AWS API calls. |
|
| glooSpireServer.plugins.nodeAttestor.aws.disableInstanceProfileSelectors |
bool |
Disables retrieving the attesting instance profile information that is used in the selectors. Useful in cases where the server cannot reach iam.amazonaws.com. Defaults to false. |
false |
| glooSpireServer.plugins.nodeAttestor.aws.enabled |
bool |
Enables the AWS node attestor. Defaults to false. |
false |
| glooSpireServer.plugins.nodeAttestor.aws.secretAccessKey |
string |
AWS secret access key for long term credentials. Defaults to AWS_SECRET_ACCESS_KEY environment variable. |
|
| glooSpireServer.plugins.nodeAttestor.aws.skipBlockDevice |
bool |
Skip anti-tampering mechanism which checks to make sure that the underlying root volume has not been detached prior to attestation. Defaults to false. |
false |
| glooSpireServer.plugins.nodeAttestor.gcp |
struct |
GCP node attestor configuration. |
|
| glooSpireServer.plugins.nodeAttestor.gcp.allowedLabelKeys[] |
[]string |
List of instance label keys that are allowed to be used in selectors. |
null |
| glooSpireServer.plugins.nodeAttestor.gcp.allowedMetadataKeys[] |
[]string |
List of instance metadata keys that are allowed to be used in selectors. |
null |
| glooSpireServer.plugins.nodeAttestor.gcp.allowedProjectIds[] |
[]string |
List of Project IDs from which nodes can be attested. |
null |
| glooSpireServer.plugins.nodeAttestor.gcp.enabled |
bool |
Enables the GCP node attestor. Defaults to false. |
false |
| glooSpireServer.plugins.nodeAttestor.gcp.maxMetadataValueSize |
uint16 |
Maximum instance metadata value size considered by the node attestor. Defaults to 128 KiB. |
128 |
| glooSpireServer.plugins.nodeAttestor.gcp.useInstanceMetadata |
bool |
If true, instance metadata is fetched from the Google Compute Engine API and used to augment the node selectors produced by the node attestor. Defaults to true. |
true |
| glooSpireServer.plugins.upstreamAuthority |
struct |
Upstream authority configuration |
|
| glooSpireServer.plugins.upstreamAuthority.certManager |
struct |
Upstream authority cert-manager configuration. |
|
| glooSpireServer.plugins.upstreamAuthority.certManager.enabled |
bool |
Enables the cert-manager upstream authority plugin. Defaults to false. |
false |
| glooSpireServer.plugins.upstreamAuthority.certManager.issuerGroup |
string |
The group of the issuer to reference in CertificateRequests. Defaults to ‘cert-manager.io’ if empty. |
cert-manager.io |
| glooSpireServer.plugins.upstreamAuthority.certManager.issuerKind |
string |
The kind of the issuer to reference in CertificateRequests. Defaults to ‘Issuer’ if empty. |
Issuer |
| glooSpireServer.plugins.upstreamAuthority.certManager.issuerName |
string |
The name of the issuer to reference in CertificateRequests. |
|
| glooSpireServer.plugins.upstreamAuthority.certManager.namespace |
string |
The namespace to create CertificateRequests for signing. |
|
| glooSpireServer.plugins.upstreamAuthority.disk |
struct |
Upstream authority disk configuration. |
|
| glooSpireServer.plugins.upstreamAuthority.disk.bundleFilePath |
string |
Path to the PEM encoded upstream authority root certificate file. If SPIRE is using self-signed CA, this can be left unset. |
/run/spire/certs/root-cert.pem |
| glooSpireServer.plugins.upstreamAuthority.disk.certFilePath |
string |
Path to the PEM encoded upstream authority certificate file. |
/run/spire/certs/cert-chain.pem |
| glooSpireServer.plugins.upstreamAuthority.disk.enabled |
bool |
Enables the disk upstream authority plugin. Defaults to true. |
true |
| glooSpireServer.plugins.upstreamAuthority.disk.keyFilePath |
string |
Path to the PEM encoded upstream authority key file. |
/run/spire/certs/ca-key.pem |
| glooSpireServer.ports |
map[string, uint32] |
Service ports as a map from port name to port number. |
{“api”:8081} |
| glooSpireServer.ports.<MAP_KEY> |
uint32 |
Service ports as a map from port name to port number. |
|
| glooSpireServer.ports.api |
uint32 |
Service ports as a map from port name to port number. |
8081 |
| glooSpireServer.resources |
struct |
Container resource requirements. For more info, see the Kubernetes documentation. |
{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}} |
| glooSpireServer.runAsUser |
uint32 |
Static user ID to run the containers as. Unused if floatingUserId is ‘true’. |
10101 |
| glooSpireServer.securityContext |
struct |
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
|
| glooSpireServer.server |
struct |
Server configuration. |
|
| glooSpireServer.server.agentTtl |
string |
TTL for the SPIRE agent SVIDs specified as as number and unit suffix, such as 1h for 1 hour. Defaults to 48 hours. |
48h |
| glooSpireServer.server.caTtl |
string |
TTL for the SPIRE server CA specified as as number and unit suffix, such as 87600h for 87600 hours. |
87600h |
| glooSpireServer.server.defaultX509SvidTtl |
string |
Default TTL for all X509 SVIDs specified as as number and unit suffix, such as 1h for 1 hour. Defaults to 48 hours. |
48h |
| glooSpireServer.server.logLevel |
string |
Log level of SPIRE server. |
DEBUG |
| glooSpireServer.server.trustDomain |
string |
Trust domain of SPIRE server. |
cluster.local |
| glooSpireServer.serviceOverrides |
struct |
Arbitrary overrides for the component's service template. |
|
| glooSpireServer.serviceType |
string |
Kubernetes service type. Can be either “ClusterIP”, “NodePort”, “LoadBalancer”, or “ExternalName”. |
ClusterIP |
| glooSpireServer.sidecars |
map[string, struct] |
Optional configuration for the deployed containers. |
{“glooSpireController”:{“image”:{“repository”:“gloo-mesh-spire-controller”,“registry”:“gcr.io/gloo-mesh”,“pullPolicy”:“IfNotPresent”},“env”:[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}],“extraEnvs”:{},“resources”:{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}}}} |
| glooSpireServer.sidecars.<MAP_KEY> |
struct |
Optional configuration for the deployed containers. |
|
| glooSpireServer.sidecars.<MAP_KEY>.env[] |
slice |
Environment variables for the container. For more info, see the Kubernetes documentation. |
|
| glooSpireServer.sidecars.<MAP_KEY>.extraEnvs |
struct |
Extra environment variables for the container |
|
| glooSpireServer.sidecars.<MAP_KEY>.image |
struct |
Container image. |
|
| glooSpireServer.sidecars.<MAP_KEY>.image.pullPolicy |
string |
Image pull policy. |
|
| glooSpireServer.sidecars.<MAP_KEY>.image.pullSecret |
string |
Image pull secret. |
|
| glooSpireServer.sidecars.<MAP_KEY>.image.registry |
string |
Image registry. |
|
| glooSpireServer.sidecars.<MAP_KEY>.image.repository |
string |
Image name (repository). |
|
| glooSpireServer.sidecars.<MAP_KEY>.image.tag |
string |
Version tag for the container image. |
|
| glooSpireServer.sidecars.<MAP_KEY>.resources |
struct |
Container resource requirements. For more info, see the Kubernetes documentation. |
|
| glooSpireServer.sidecars.<MAP_KEY>.securityContext |
struct |
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
|
| glooSpireServer.sidecars.glooSpireController |
struct |
Optional configuration for the deployed containers. |
|
| glooSpireServer.sidecars.glooSpireController.env[] |
slice |
Environment variables for the container. For more info, see the Kubernetes documentation. |
[{“name”:“POD_NAMESPACE”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.namespace”}}}] |
| glooSpireServer.sidecars.glooSpireController.extraEnvs |
struct |
Extra environment variables for the container |
|
| glooSpireServer.sidecars.glooSpireController.image |
struct |
Container image. |
|
| glooSpireServer.sidecars.glooSpireController.image.pullPolicy |
string |
Image pull policy. |
IfNotPresent |
| glooSpireServer.sidecars.glooSpireController.image.pullSecret |
string |
Image pull secret. |
|
| glooSpireServer.sidecars.glooSpireController.image.registry |
string |
Image registry. |
gcr.io/gloo-mesh |
| glooSpireServer.sidecars.glooSpireController.image.repository |
string |
Image name (repository). |
gloo-mesh-spire-controller |
| glooSpireServer.sidecars.glooSpireController.image.tag |
string |
Version tag for the container image. |
|
| glooSpireServer.sidecars.glooSpireController.resources |
struct |
Container resource requirements. For more info, see the Kubernetes documentation. |
{“requests”:{“cpu”:“50m”,“memory”:“128Mi”}} |
| glooSpireServer.sidecars.glooSpireController.securityContext |
struct |
Container security context. Set to ‘false’ to omit the security context entirely. For more info, see the Kubernetes documentation. |
|
| insecure |
bool |
Permit unencrypted and unauthenticated communication between Gloo control and data planes. Do not use in production. |
false |
| istiodSidecar |
struct |
Configuration for the istiod sidecar deployment. |
|
| istiodSidecar.createRoleBinding |
bool |
Create the cluster role binding for the istiod sidecar. Set this value to ‘true’ only when using the Vault integration. |
false |
| istiodSidecar.istiodServiceAccount |
struct |
Object reference for the istiod service account. |
|
| istiodSidecar.istiodServiceAccount.name |
string |
|
istiod |
| istiodSidecar.istiodServiceAccount.namespace |
string |
|
istio-system |
| leaderElection |
bool |
Enable leader election for the high-availability deployment. |
true |
| legacyMetricsPipeline |
struct |
Configuration for the legacy metrics pipeline, which uses Gloo agents to propagate metrics to the management server. |
|
| legacyMetricsPipeline.enabled |
bool |
Set to false to disable the legacy telemetry pipeline. |
true |
| managedInstallations |
struct |
Subchart for setting up managed installations of Control Planes and Gateways in workload clusters. |
|
| managedInstallations.controlPlane |
struct |
Configuration for the managed Istio control plane instance. |
|
| managedInstallations.controlPlane.enabled |
bool |
Install the managed Istio control plane instance in the cluster. |
true |
| managedInstallations.controlPlane.installations[] |
[]struct |
List of Istio control plane installations. |
[{“revision”:“auto”,“clusters”:null,“istioOperatorSpec”:{}}] |
| managedInstallations.controlPlane.installations[].clusters[] |
[]ptr |
Clusters to install the Istio control planes in. |
|
| managedInstallations.controlPlane.installations[].clusters[].defaultRevision |
bool |
When set to true, the installation for this revision is applied as the active Istio installation in the cluster. Resources with the ‘istio-injection=true’ label entry use this revision. You might change this setting for Istio installations during a canary upgrade. For more info, see the upgrade docs. |
|
| managedInstallations.controlPlane.installations[].clusters[].name |
string |
Name of the cluster to install Istio into. Must match the registered cluster name. |
|
| managedInstallations.controlPlane.installations[].clusters[].trustDomain |
string |
Trust domain value for this cluster's Istio installation mesh config. Defaults to the cluster's name. |
|
| managedInstallations.controlPlane.installations[].istioOperatorSpec |
struct |
IstioOperator specification for the control plane. For more info, see the IstioOperatorSpec reference. |
|
| managedInstallations.controlPlane.installations[].revision |
string |
Istio revision for this installation, such as ‘1-17’. Label workload resources with ‘istio.io/rev=$REVISION’ to use this installation. Defaults to ‘AUTO’, which installs the default supported version of Solo Istio. |
|
| managedInstallations.eastWestGateways[] |
[]struct |
Configuration for the managed east-west gateway. |
null |
| managedInstallations.eastWestGateways[].enabled |
bool |
Install the gateway in the cluster. |
|
| managedInstallations.eastWestGateways[].installations[] |
[]struct |
List of Istio gateway installations. For more info, see the GatewayInstallation reference. |
|
| managedInstallations.eastWestGateways[].installations[].clusters[] |
[]ptr |
Clusters to install the gateway in. |
|
| managedInstallations.eastWestGateways[].installations[].clusters[].activeGateway |
bool |
When set to true, the installation for this revision is applied as the active gateway through which primary service traffic is routed in the cluster. If the istioOperatorSpec defines a service, this field switches the service selectors to the revision specified in the gatewayRevsion. You might change this setting for gateway installations during a canary upgrade. For more info, see the upgrade docs. |
|
| managedInstallations.eastWestGateways[].installations[].clusters[].name |
string |
Name of the cluster to install the gateway into. Must match the registered cluster name. |
|
| managedInstallations.eastWestGateways[].installations[].clusters[].trustDomain |
string |
Trust domain value for this cluster's Istio installation mesh config. Defaults to the cluster's name. |
|
| managedInstallations.eastWestGateways[].installations[].controlPlaneRevision |
string |
Optional: The revision of an Istio control plane in the cluster that this gateway should also use. If a control plane installation of this revision is not found, no gateway is created. |
|
| managedInstallations.eastWestGateways[].installations[].gatewayRevision |
string |
Istio revision for this installation, such as ‘1-17’. Defaults to ‘AUTO’, which installs the default supported version of Solo Istio. |
|
| managedInstallations.eastWestGateways[].installations[].istioOperatorSpec |
struct |
IstioOperator specification for the gateway. For more info, see the IstioOperatorSpec reference. |
|
| managedInstallations.eastWestGateways[].name |
string |
Name of the gateway. Must be unique. |
|
| managedInstallations.enabled |
bool |
Enable managed Istio installations. |
false |
| managedInstallations.northSouthGateways[] |
[]struct |
Configuration for the managed north-south (ingress) gateway. Requires a Gloo Gateway license. |
[{“name”:“istio-ingressgateway”,“enabled”:true,“installations”:[{“gatewayRevision”:“auto”,“clusters”:null,“istioOperatorSpec”:{}}]}] |
| managedInstallations.northSouthGateways[].enabled |
bool |
Install the gateway in the cluster. |
|
| managedInstallations.northSouthGateways[].installations[] |
[]struct |
List of Istio gateway installations. For more info, see the GatewayInstallation reference. |
|
| managedInstallations.northSouthGateways[].installations[].clusters[] |
[]ptr |
Clusters to install the gateway in. |
|
| managedInstallations.northSouthGateways[].installations[].clusters[].activeGateway |
bool |
When set to true, the installation for this revision is applied as the active gateway through which primary service traffic is routed in the cluster. If the istioOperatorSpec defines a service, this field switches the service selectors to the revision specified in the gatewayRevsion. You might change this setting for gateway installations during a canary upgrade. For more info, see the upgrade docs. |
|
| managedInstallations.northSouthGateways[].installations[].clusters[].name |
string |
Name of the cluster to install the gateway into. Must match the registered cluster name. |
|
| managedInstallations.northSouthGateways[].installations[].clusters[].trustDomain |
string |
Trust domain value for this cluster's Istio installation mesh config. Defaults to the cluster's name. |
|
| managedInstallations.northSouthGateways[].installations[].controlPlaneRevision |
string |
Optional: The revision of an Istio control plane in the cluster that this gateway should also use. If a control plane installation of this revision is not found, no gateway is created. |
|
| managedInstallations.northSouthGateways[].installations[].gatewayRevision |
string |
Istio revision for this installation, such as ‘1-17’. Defaults to ‘AUTO’, which installs the default supported version of Solo Istio. |
|
| managedInstallations.northSouthGateways[].installations[].istioOperatorSpec |
struct |
IstioOperator specification for the gateway. For more info, see the IstioOperatorSpec reference. |
|
| managedInstallations.northSouthGateways[].name |
string |
Name of the gateway. Must be unique. |
|
| maxGrpcMessageSize |
string |
Maximum message size for gRPC messages sent and received by the management server. |
4294967295 |
| metricsBufferSize |
int |
Number of metrics messages to buffer per Envoy proxy. |
50 |
| namespacedRbac[] |
[]struct |
Scopes watches and RBAC policies for the given set of GVKs to the given set of namespaces. Currently, ‘secrets’ are the only supported resource. |
[{“resources”:[],“namespaces”:[]}] |
| namespacedRbac[].namespaces[] |
[]string |
|
|
| namespacedRbac[].resources[] |
[]string |
|
|
| postgresql |
struct |
Configuration for PostgreSQL. See the Bitnami Postgresql Helm chart for the complete set of values |
|
| postgresql.enabled |
bool |
Whether to enabled PostgreSQL dependency |
false |
| postgresql.fullnameOverride |
string |
Override the full name of PostgreSQL components |
postgresql |
| rate-limiter |
struct |
Customizations for the rate-limiter Helm chart. |
|
| rate-limiter.enabled |
bool |
if true, deploy the dependency service (default false) |
false |
| rate-limiter.extraTemplateAnnotations |
map[string, string] |
extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
{“proxy.istio.io/config”:"{ "holdApplicationUntilProxyStarts": true }"} |
| rate-limiter.extraTemplateAnnotations.<MAP_KEY> |
string |
extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
|
| rate-limiter.extraTemplateAnnotations.proxy.istio.io/config |
string |
extra annotations to add to the dependency service pods. Defaults to proxy.istio.io/config: ‘{ “holdApplicationUntilProxyStarts”: true }’ |
{ “holdApplicationUntilProxyStarts”: true } |
| readOnlyGeneratedResources |
bool |
If true, the deployment only reads Istio resource outputs that are created by Gloo Platform, and filters out Istio resource fields that Gloo Mesh cannot properly unmarshal. These other resource outputs are not visible in the Gloo UI. |
false |
| relay |
struct |
Configuration for securing relay communication between the workload agents and the management server. |
|
| relay.authority |
string |
SNI name in the authority/host header used to connect to relay forwarding server. Must match server certificate CommonName. Do not change the default value. |
gloo-mesh-mgmt-server.gloo-mesh |
| relay.clientTlsSecret |
struct |
Custom certs: Secret containing client TLS certs used to identify the Gloo agent to the management server. If you do not specify a clientTlssSecret, you must specify a tokenSecret and a rootTlsSecret. |
|
| relay.clientTlsSecret.name |
string |
|
relay-client-tls-secret |
| relay.clientTlsSecret.namespace |
string |
|
|
| relay.clientTlsSecretRotationGracePeriodRatio |
string |
The ratio of the client TLS certificate lifetime to when the management server starts the certificate rotation process. |
|
| relay.rootTlsSecret |
struct |
Secret containing a root TLS cert used to verify the management server cert. The secret can also optionally specify a ‘tls.key’, which is used to generate the agent client cert. |
|
| relay.rootTlsSecret.name |
string |
|
relay-root-tls-secret |
| relay.rootTlsSecret.namespace |
string |
|
|
| relay.serverAddress |
string |
Address and port by which gloo-mesh-mgmt-server in the Gloo control plane can be accessed by the Gloo workload agents. |
|
| relay.tokenSecret |
struct |
Secret containing a shared token for authenticating Gloo agents when they first communicate with the management server. A token secret is not needed with ACM certs. |
|
| relay.tokenSecret.key |
string |
Key value of the data within the Kubernetes secret. |
token |
| relay.tokenSecret.name |
string |
Name of the Kubernetes secret. |
relay-identity-token-secret |
| relay.tokenSecret.namespace |
string |
Namespace of the Kubernetes secret. |
|
| sidecar-accel |
struct |
Customizations for eBPF sidecar acceleration. Do not use in production. |
|
| sidecar-accel.enabled |
bool |
if true, deploy the dependency service (default false) |
false |
| telemetryCollector |
struct |
Helm values for configuring the Gloo Platform Telemetry Collector. See the OpenTelemetry Helm chart for the complete set of values. |
|
| telemetryCollector.clusterRole |
map[string, interface] |
|
{“create”:true,“rules”:[{“apiGroups”:[""],“resources”:[“nodes”,“nodes/proxy”,“nodes/metrics”,“services”,“endpoints”,“pods”,“ingresses”,“configmaps”],“verbs”:[“get”,“list”,“watch”]},{“apiGroups”:[“extensions”,“networking.k8s.io”],“resources”:[“ingresses/status”,“ingresses”],“verbs”:[“get”,“list”,“watch”]},{“nonResourceURLs”:["/metrics”],“verbs”:[“get”]}]} |
| telemetryCollector.clusterRole.<MAP_KEY> |
interface |
|
|
| telemetryCollector.clusterRole.create |
interface |
|
|
| telemetryCollector.clusterRole.rules |
interface |
|
|
| telemetryCollector.command |
map[string, interface] |
|
{“extraArgs”:["–config=/conf/relay.yaml”],“name”:“gloo-otel-collector”} |
| telemetryCollector.command.<MAP_KEY> |
interface |
|
|
| telemetryCollector.command.extraArgs |
interface |
|
|
| telemetryCollector.command.name |
interface |
|
|
| telemetryCollector.configMap |
map[string, interface] |
|
{“create”:false} |
| telemetryCollector.configMap.<MAP_KEY> |
interface |
|
|
| telemetryCollector.configMap.create |
interface |
|
|
| telemetryCollector.enabled |
bool |
|
false |
| telemetryCollector.extraEnvs[] |
[]map |
|
[{“name”:“KUBE_NODE_NAME”,“valueFrom”:{“fieldRef”:{“fieldPath”:“spec.nodeName”}}},{“name”:“KUBE_POD_NAME”,“valueFrom”:{“fieldRef”:{“fieldPath”:“metadata.name”}}}] |
| telemetryCollector.extraVolumeMounts[] |
[]map |
|
[{“mountPath”:"/etc/otel-certs”,“name”:“root-ca”,“readOnly”:true},{“mountPath”:"/conf”,“name”:“telemetry-configmap”},{“mountPath”:"/var/run/cilium”,“name”:“cilium-run”}] |
| telemetryCollector.extraVolumes[] |
[]map |
|
[{“name”:“root-ca”,“secret”:{“defaultMode”:420,“secretName”:“relay-root-tls-secret”}},{“configMap”:{“items”:[{“key”:“relay”,“path”:“relay.yaml”}],“name”:“gloo-telemetry-collector-config”},“name”:“telemetry-configmap”},{“hostPath”:{“path”:"/var/run/cilium”,“type”:“DirectoryOrCreate”},“name”:“cilium-run”}] |
| telemetryCollector.fullnameOverride |
string |
|
gloo-telemetry-collector |
| telemetryCollector.image |
struct |
|
|
| telemetryCollector.image.pullPolicy |
string |
|
IfNotPresent |
| telemetryCollector.image.repository |
string |
|
gcr.io/gloo-mesh/gloo-otel-collector |
| telemetryCollector.image.tag |
string |
|
|
| telemetryCollector.mode |
string |
|
daemonset |
| telemetryCollector.nameOverride |
string |
|
|
| telemetryCollector.podAnnotations |
map[string, interface] |
|
null |
| telemetryCollector.podAnnotations.<MAP_KEY> |
interface |
|
|
| telemetryCollector.ports |
map[string, interface] |
|
{“jaeger-compact”:{“hostPort”:0},“jaeger-grpc”:{“hostPort”:0},“jaeger-thrift”:{“hostPort”:0},“otlp”:{“hostPort”:0},“otlp-http”:{“hostPort”:0},“zipkin”:{“hostPort”:0}} |
| telemetryCollector.ports.<MAP_KEY> |
interface |
|
|
| telemetryCollector.ports.jaeger-compact |
interface |
|
|
| telemetryCollector.ports.jaeger-grpc |
interface |
|
|
| telemetryCollector.ports.jaeger-thrift |
interface |
|
|
| telemetryCollector.ports.otlp |
interface |
|
|
| telemetryCollector.ports.otlp-http |
interface |
|
|
| telemetryCollector.ports.zipkin |
interface |
|
|
| telemetryCollector.presets |
map[string, interface] |
|
{“clusterMetrics”:{“enabled”:false},“hostMetrics”:{“enabled”:false},“kubeletMetrics”:{“enabled”:false},“kubernetesAttributes”:{“enabled”:false},“logsCollection”:{“enabled”:false,“includeCollectorLogs”:false}} |
| telemetryCollector.presets.<MAP_KEY> |
interface |
|
|
| telemetryCollector.presets.clusterMetrics |
interface |
|
|
| telemetryCollector.presets.hostMetrics |
interface |
|
|
| telemetryCollector.presets.kubeletMetrics |
interface |
|
|
| telemetryCollector.presets.kubernetesAttributes |
interface |
|
|
| telemetryCollector.presets.logsCollection |
interface |
|
|
| telemetryCollector.replicaCount |
int |
|
0 |
| telemetryCollector.resources |
map[string, interface] |
|
{“requests”:{“cpu”:“100m”,“memory”:“300Mi”}} |
| telemetryCollector.resources.<MAP_KEY> |
interface |
|
|
| telemetryCollector.resources.requests |
interface |
|
|
| telemetryCollector.service |
map[string, interface] |
|
{“clusterIP”:“None”,“enabled”:true,“type”:“ClusterIP”} |
| telemetryCollector.service.<MAP_KEY> |
interface |
|
|
| telemetryCollector.service.clusterIP |
interface |
|
|
| telemetryCollector.service.enabled |
interface |
|
|
| telemetryCollector.service.type |
interface |
|
|
| telemetryCollector.tolerations[] |
[]interface |
|
[{“effect”:“NoSchedule”,“operator”:“Exists”},{“key”:“CriticalAddonsOnly”,“operator”:“Exists”},{“effect”:“NoExecute”,“operator”:“Exists”},{“effect”:“NoExecute”,“key”:“node.kubernetes.io/not-ready”,“operator”:“Exists”},{“effect”:“NoExecute”,“key”:“node.kubernetes.io/unreachable”,“operator”:“Exists”},{“effect”:“NoSchedule”,“key”:“node.kubernetes.io/disk-pressure”,“operator”:“Exists”},{“effect”:“NoSchedule”,“key”:“node.kubernetes.io/memory-pressure”,“operator”:“Exists”},{“effect”:“NoSchedule”,“key”:“node.kubernetes.io/pid-pressure”,“operator”:“Exists”},{“effect”:“NoSchedule”,“key”:“node.kubernetes.io/unschedulable”,“operator”:“Exists”}] |
| telemetryCollectorCustomization |
struct |
Helm values for customizing the Gloo Platform Telemetry Collector. |
|
| telemetryCollectorCustomization.disableDefaultPipeline |
bool |
Deprecated in favor of the pipelines field, which allows selectively enabling or customizing pipelines. Disables the default metrics/ui pipeline. |
false |
| telemetryCollectorCustomization.enableCloudMetadataProcessing |
bool |
Enable scraping of network information from the compute instance that the collector agent runs on. |
false |
| telemetryCollectorCustomization.extraExporters |
struct |
Configuration for extra exporters, such as to forward your data to a third-party provider. Exporters can forward the data to a destination on the local or remote network. |
|
| telemetryCollectorCustomization.extraExporters.clickhouse |
map[string, interface] |
An exporter to forward data to Clickhouse. |
{“database”:“default”,“endpoint”:“tcp://clickhouse.gloo-mesh.svc:9000?dial_timeout=10s\u0026compress=lz4”,“logs_table_name”:“gloo_api_logs”,“password”:“default”,“retry_on_failure”:{“enabled”:true,“initial_interval”:“1s”,“max_elapsed_time”:“5m”,“max_interval”:“30s”},“timeout”:“5s”,“ttl_days”:3,“username”:“default”} |
| telemetryCollectorCustomization.extraExporters.clickhouse.<MAP_KEY> |
interface |
An exporter to forward data to Clickhouse. |
|
| telemetryCollectorCustomization.extraExporters.clickhouse.database |
interface |
An exporter to forward data to Clickhouse. |
|
| telemetryCollectorCustomization.extraExporters.clickhouse.endpoint |
interface |
An exporter to forward data to Clickhouse. |
|
| telemetryCollectorCustomization.extraExporters.clickhouse.logs_table_name |
interface |
An exporter to forward data to Clickhouse. |
|
| telemetryCollectorCustomization.extraExporters.clickhouse.password |
interface |
An exporter to forward data to Clickhouse. |
|
| telemetryCollectorCustomization.extraExporters.clickhouse.retry_on_failure |
interface |
An exporter to forward data to Clickhouse. |
|
| telemetryCollectorCustomization.extraExporters.clickhouse.timeout |
interface |
An exporter to forward data to Clickhouse. |
|
| telemetryCollectorCustomization.extraExporters.clickhouse.ttl_days |
interface |
An exporter to forward data to Clickhouse. |
|
| telemetryCollectorCustomization.extraExporters.clickhouse.username |
interface |
An exporter to forward data to Clickhouse. |
|
| telemetryCollectorCustomization.extraPipelines |
map[string, interface] |
Specify any added receivers, processors, or exporters in an extra pipeline. |
null |
| telemetryCollectorCustomization.extraPipelines.<MAP_KEY> |
interface |
Specify any added receivers, processors, or exporters in an extra pipeline. |
|
| telemetryCollectorCustomization.extraProcessors |
struct |
Configuration for extra processors to drop and generate new data. Processors transform data before it is forwarded to downstream processors and/or exporters. For more information, see the OTel documentation. |
|
| telemetryCollectorCustomization.extraProcessors.batch |
map[string, interface] |
The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor. |
{“send_batch_max_size”:3000,“send_batch_size”:2000,“timeout”:“600ms”} |
| telemetryCollectorCustomization.extraProcessors.batch.<MAP_KEY> |
interface |
The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor. |
|
| telemetryCollectorCustomization.extraProcessors.batch.send_batch_max_size |
interface |
The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor. |
|
| telemetryCollectorCustomization.extraProcessors.batch.send_batch_size |
interface |
The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor. |
|
| telemetryCollectorCustomization.extraProcessors.batch.timeout |
interface |
The batch processor accepts spans, metrics, or logs and places them into batches. For more information, see Batch Processor. |
|
| telemetryCollectorCustomization.extraProcessors.batch/logs |
struct |
The batch log processor accepts logs and places them into batches. For more information, see Batch Processor. |
|
| telemetryCollectorCustomization.extraProcessors.batch/logs.metadata_cardinality_limit |
int |
the maximum number of batcher instances that will be created through a distinct combination of MetadataKeys. |
0 |
| telemetryCollectorCustomization.extraProcessors.batch/logs.metadata_keys[] |
[]string |
List of clients. Metadata keys that will be used to form distinct batchers. If this setting is empty a single batcher instance will be used. When a batcher instance is full, it will be sent and a new batcher instance will be created. |
[] |
| telemetryCollectorCustomization.extraProcessors.batch/logs.send_batch_max_size |
int |
The maximum size of a batch. If the batch size is larger than this value, the batch is sent. |
100 |
| telemetryCollectorCustomization.extraProcessors.batch/logs.send_batch_size |
int |
The maximum number of traces or metrics to include in a batch. |
100 |
| telemetryCollectorCustomization.extraProcessors.batch/logs.timeout |
string |
The maximum amount of time to wait for a batch to be filled before sending it anyway. |
5s |
| telemetryCollectorCustomization.extraProcessors.memory_limiter |
map[string, interface] |
The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor. |
{“check_interval”:“1s”,“limit_percentage”:85,“spike_limit_percentage”:10} |
| telemetryCollectorCustomization.extraProcessors.memory_limiter.<MAP_KEY> |
interface |
The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor. |
|
| telemetryCollectorCustomization.extraProcessors.memory_limiter.check_interval |
interface |
The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor. |
|
| telemetryCollectorCustomization.extraProcessors.memory_limiter.limit_percentage |
interface |
The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor. |
|
| telemetryCollectorCustomization.extraProcessors.memory_limiter.spike_limit_percentage |
interface |
The memory limiter processor is used to prevent out of memory situations on the collector. For more information, see Memory Limiter Processor. |
|
| telemetryCollectorCustomization.extraReceivers |
struct |
Configuration for extra receivers, such as to scrape extra Prometheus targets. Receivers listen on a network port to receive telemetry data. |
|
| telemetryCollectorCustomization.extraReceivers.filelog/access_logs |
map[string, interface] |
The file log receive tails and parses logs from files. For more information, see File Log Receiver. |
{“include”:["/var/log/pods//istio-proxy/.log”],“include_file_name”:false,“include_file_path”:true,“operators”:[{“expr”:“body matches "^[^{}]*$"",“type”:“filter”},{“id”:“get-format”,“routes”:[{“expr”:“body matches "^\\{"",“output”:“parser-docker”},{“expr”:“body matches "^[^ Z]+ "",“output”:“parser-crio”},{“expr”:“body matches "^[^ Z]+Z"",“output”:“parser-containerd”}],“type”:“router”},{“id”:“parser-crio”,“output”:“extract_metadata_from_filepath”,“regex”:“^(?P\u003ctime\u003e[^ Z]+) (?P\u003cstream\u003estdout |
| telemetryCollectorCustomization.extraReceivers.filelog/access_logs.<MAP_KEY> |
interface |
The file log receive tails and parses logs from files. For more information, see File Log Receiver. |
|
| telemetryCollectorCustomization.extraReceivers.filelog/access_logs.include |
interface |
The file log receive tails and parses logs from files. For more information, see File Log Receiver. |
|
| telemetryCollectorCustomization.extraReceivers.filelog/access_logs.include_file_name |
interface |
The file log receive tails and parses logs from files. For more information, see File Log Receiver. |
|
| telemetryCollectorCustomization.extraReceivers.filelog/access_logs.include_file_path |
interface |
The file log receive tails and parses logs from files. For more information, see File Log Receiver. |
|
| telemetryCollectorCustomization.extraReceivers.filelog/access_logs.operators |
interface |
The file log receive tails and parses logs from files. For more information, see File Log Receiver. |
|
| telemetryCollectorCustomization.pipelines |
struct |
Selectively enable, disable, or customize any of the default pipelines. |
|
| telemetryCollectorCustomization.pipelines.logs/cilium_flows |
struct |
Configure the collection of cilium flows. |
|
| telemetryCollectorCustomization.pipelines.logs/cilium_flows.enabled |
bool |
Determines whether the Gloo OTel pipeline is enabled or disabled. |
false |
| telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline |
struct |
The configuration of the Gloo OTel pipeline. |
|
| telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline.exporters[] |
[]string |
List of exporters to use in the pipeline. |
[“otlp”] |
| telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline.processors[] |
[]string |
List of processors to use in the pipeline. |
[“batch/logs”,“resource/cluster_context”] |
| telemetryCollectorCustomization.pipelines.logs/cilium_flows.pipeline.receivers[] |
[]string |
List of receivers to use in the pipeline. |
[“hubble”] |
| telemetryCollectorCustomization.pipelines.logs/istio_access_logs |
struct |
A pre-defined pipeline that collects Istio access logs. This pipeline is disabled by default. |
|
| telemetryCollectorCustomization.pipelines.logs/istio_access_logs.enabled |
bool |
Determines whether the Gloo OTel pipeline is enabled or disabled. |
false |
| telemetryCollectorCustomization.pipelines.logs/istio_access_logs.pipeline |
struct |
The configuration of the Gloo OTel pipeline. |
|
| telemetryCollectorCustomization.pipelines.logs/istio_access_logs.pipeline.exporters[] |
[]string |
List of exporters to use in the pipeline. |
[“otlp”] |
| telemetryCollectorCustomization.pipelines.logs/istio_access_logs.pipeline.processors[] |
[]string |
List of processors to use in the pipeline. |
[“batch/logs”] |
| telemetryCollectorCustomization.pipelines.logs/istio_access_logs.pipeline.receivers[] |
[]string |
List of receivers to use in the pipeline. |
[“filelog/access_logs”] |
| telemetryCollectorCustomization.pipelines.metrics/cilium |
struct |
The metrics pipeline collects extra cilium metrics and is exportable for use in custom pipelines such as Grafana. |
|
| telemetryCollectorCustomization.pipelines.metrics/cilium.enabled |
bool |
Determines whether the Gloo OTel pipeline is enabled or disabled. |
false |
| telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline |
struct |
The configuration of the Gloo OTel pipeline. |
|
| telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline.exporters[] |
[]string |
List of exporters to use in the pipeline. |
[“otlp”] |
| telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline.processors[] |
[]string |
List of processors to use in the pipeline. |
[“memory_limiter”,“filter/cilium”,“batch”] |
| telemetryCollectorCustomization.pipelines.metrics/cilium.pipeline.receivers[] |
[]string |
List of receivers to use in the pipeline. |
[“prometheus”] |
| telemetryCollectorCustomization.pipelines.metrics/otlp_relay |
struct |
A pre-defined pipeline that allows otlp telemetry from other collectors to be relayed to the otel gateway. This pipeline is disabled by default |
|
| telemetryCollectorCustomization.pipelines.metrics/otlp_relay.enabled |
bool |
Determines whether the Gloo OTel pipeline is enabled or disabled. |
false |
| telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline |
struct |
The configuration of the Gloo OTel pipeline. |
|
| telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline.exporters[] |
[]string |
List of exporters to use in the pipeline. |
[“otlp”] |
| telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline.processors[] |
[]string |
List of processors to use in the pipeline. |
null |
| telemetryCollectorCustomization.pipelines.metrics/otlp_relay.pipeline.receivers[] |
[]string |
List of receivers to use in the pipeline. |
[“otlp”] |
| telemetryCollectorCustomization.pipelines.metrics/ui |
struct |
The metrics/ui pipeline collects the metrics that are required for the Gloo UI graph. This pipeline is enabled by default. |
|
| telemetryCollectorCustomization.pipelines.metrics/ui.enabled |
bool |
Determines whether the Gloo OTel pipeline is enabled or disabled. |
true |
| telemetryCollectorCustomization.pipelines.metrics/ui.pipeline |
struct |
The configuration of the Gloo OTel pipeline. |
|
| telemetryCollectorCustomization.pipelines.metrics/ui.pipeline.exporters[] |
[]string |
List of exporters to use in the pipeline. |
[“otlp”] |
| telemetryCollectorCustomization.pipelines.metrics/ui.pipeline.processors[] |
[]string |
List of processors to use in the pipeline. |
[“memory_limiter”,“filter/min”,“batch”,“attributes/drop_extra_istio_labels”,“attributes/drop_extra_otel_labels”,“gloo_metrics_processor”] |
| telemetryCollectorCustomization.pipelines.metrics/ui.pipeline.receivers[] |
[]string |
List of receivers to use in the pipeline. |
[“prometheus”] |
| telemetryCollectorCustomization.pipelines.traces/istio |
struct |
A pre-defined pipeline that collects traces to observe and monitor requests. |
|
| telemetryCollectorCustomization.pipelines.traces/istio.enabled |
bool |
Determines whether the Gloo OTel pipeline is enabled or disabled. |
false |
| telemetryCollectorCustomization.pipelines.traces/istio.pipeline |
struct |
The configuration of the Gloo OTel pipeline. |
|
| telemetryCollectorCustomization.pipelines.traces/istio.pipeline.exporters[] |
[]string |
List of exporters to use in the pipeline. |
[“otlp”] |
| telemetryCollectorCustomization.pipelines.traces/istio.pipeline.processors[] |
[]string |
List of processors to use in the pipeline. |
[“batch”] |
| telemetryCollectorCustomization.pipelines.traces/istio.pipeline.receivers[] |
[]string |
List of receivers to use in the pipeline. |
[“jaeger”,“opencensus”,“otlp”,“zipkin”] |
| telemetryCollectorCustomization.serverName |
string |
SNI and certificate subject alternative name used in the collector certificate. |
gloo-telemetry-gateway.gloo-mesh |
| telemetryCollectorCustomization.telemetry |
map[string, interface] |
Configure the service telemetry (logs and metrics) as described in the otel-collector docs. |
{“metrics”:{“address”:“0.0.0.0:8888”}} |
| telemetryCollectorCustomization.telemetry.<MAP_KEY> |
interface |
Configure the service telemetry (logs and metrics) as described in the otel-collector docs. |
|
| telemetryCollectorCustomization.telemetry.metrics |
interface |
Configure the service telemetry (logs and metrics) as described in the otel-collector docs. |
|
| verbose |
bool |
Enable verbose/debug logging. |
false |
