Solo UI relay

Review Helm values for the Solo UI relay Helm chart.

Review Helm values for the Solo UI relay Helm chart.

Overview

The relay chart deploys lightweight agent components for workload clusters in a multicluster Solo UI setup for Solo Enterprise for Istio, including:

OpenTelemetry collector for telemetry collection and forwarding
Tunnel client for secure communication with the management cluster

For more information, see the installation guide.

Required Values

The following values must be configured for the relay chart to function:

Parameter	Description	Why Required
`cluster`	Name of the workload cluster where this chart is deployed	Chart deployment will fail without cluster identification
`telemetry.fqdn`	Management cluster telemetry endpoint	Cannot forward telemetry data without management cluster endpoint
`tunnel.fqdn`	Management cluster tunnel endpoint	Cannot establish secure tunnel without management cluster endpoint

Values

Key	Type	Description	Default
cluster	string	Name of the workload cluster where this chart is deployed. The cluster name must only contain letters, digits, hyphens (-), and dots (.). It must start and end with a letter or digit and be between 1 and 253 characters.	`""`
global.image.registry	string	Fallback registry for all solo-owned images. Excludes third party images. Per-image registry takes precedence when set.	`"us-docker.pkg.dev/solo-public"`
global.image.repository	string	Fallback repository for all solo-owned images. Excludes third party images. Per-image repository takes precedence when set.	`"solo-enterprise"`
global.image.tag	string	Fallback tag for all solo-owned images. Excludes third party images. Per-image tag takes precedence when set; falls back to chart version if both are unset.	`""`
global.imagePullPolicy	string	Configure image pull policy for all images in this chart	`"IfNotPresent"`
istio	object	Istio ambient mode integration. When enabled (the default), relay pods are labeled with `istio.io/dataplane-mode=ambient`, so the workload cluster’s collectors can reach the management cluster’s global Services (tunnel server, telemetry gateway) over ambient multi-cluster mesh without any post-install labeling. Disable when installing into a cluster that is not running ambient mode.	`{"ambient":{"enabled":true}}`
istio.ambient.enabled	bool	Apply the ambient dataplane-mode label to relay pods automatically on install.	`true`
kubernetes.watchNamespaces	list	List of namespaces the relay k8sobjects collector should watch. When empty (default) the collector watches all namespaces (cluster-wide). When set, only the listed namespaces (plus the release namespace) are watched, and cluster-scoped resources (namespaces, nodes, customresourcedefinitions, gatewayclasses) are excluded. This setting scopes collection only; it does not change the chart’s RBAC. Installing the relay still requires cluster-wide permissions because the ClusterRole retains a wildcard rule required for control-plane lease operations.	`[]`
podSecurityContext	object	Default pod-level security context applied to all pods (can be overridden per-component)	`{"runAsNonRoot":true}`
securityContext	object	Default container-level security context applied to all containers (can be overridden per-container)	`{"readOnlyRootFilesystem":true}`
telemetry.collector.affinity	object	Affinity for the telemetry collector pods	`{}`
telemetry.collector.livenessProbe	object	Liveness probe configuration	`{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}`
telemetry.collector.nodeSelector	object	Node selector for the telemetry collector pods	`{}`
telemetry.collector.podSecurityContext	object	Pod-level security context for the telemetry collector workload	`{}`
telemetry.collector.readinessProbe	object	Readiness probe configuration	`{"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}`
telemetry.collector.replicaCount	int	Number of replicas. When telemetry.metrics.enabled=true, a single replica scrapes all Prometheus targets cluster-wide. Increase replicaCount and enable sharding to distribute scrape load across multiple replicas.	`1`
telemetry.collector.resources	object	Resources for the telemetry collector	`{"limits":{"cpu":"500m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"300Mi"}}`
telemetry.collector.securityContext	object	Container security context for telemetry collector	(uses global securityContext)
telemetry.collector.sharding	object	Sharding configuration for distributing Prometheus scrape targets across replicas. Sharding uses hashmod relabeling to ensure each target is scraped by exactly one collector. Requires metrics.enabled=true and replicaCount > 1.	`{"enabled":false,"label":"__address__"}`
telemetry.collector.sharding.enabled	bool	Enable sharding of collector targets	`false`
telemetry.collector.sharding.label	string	Label to hash for shard assignment. Common values: “address” (default), “pod”, “instance”	`"__address__"`
telemetry.collector.tolerations	list	Tolerations for the telemetry collector pods	`[]`
telemetry.fqdn	string		`""`
telemetry.image	object	Shared image configuration for all telemetry collectors	`{"name":"opentelemetry-collector-contrib","pullPolicy":"","registry":"docker.io","repository":"otel","tag":"0.150.1"}`
telemetry.image.name	string	Image name	`"opentelemetry-collector-contrib"`
telemetry.image.pullPolicy	string	Image pull policy	`""`
telemetry.image.registry	string	Image registry	`"docker.io"`
telemetry.image.repository	string	Image repository	`"otel"`
telemetry.image.tag	string	OpenTelemetry collector image tag	`"0.150.1"`
telemetry.k8sobjects.affinity	object	Affinity for the relay deployment pods	`{}`
telemetry.k8sobjects.enabled	bool	Enable the k8sobjects collector (singleton)	`true`
telemetry.k8sobjects.livenessProbe	object	Liveness probe configuration	`{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}`
telemetry.k8sobjects.nodeSelector	object	Node selector for the relay deployment pods	`{}`
telemetry.k8sobjects.podSecurityContext	object	Pod-level security context for the relay deployment (k8sobjects + tunnel-client)	`{}`
telemetry.k8sobjects.readinessProbe	object	Readiness probe configuration	`{"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}`
telemetry.k8sobjects.resources	object	Resources for the k8sobjects collector	`{"limits":{"cpu":"200m","memory":"512Mi"},"requests":{"cpu":"50m","memory":"256Mi"}}`
telemetry.k8sobjects.securityContext	object	Container security context for k8sobjects collector	(uses global securityContext)
telemetry.k8sobjects.tolerations	list	Tolerations for the relay deployment pods	`[]`
telemetry.metrics.enabled	bool	Enable Prometheus metrics scraping	`true`
telemetry.port	int	Management cluster telemetry port	`4316`
telemetry.selfMonitoring.enabled	bool	Enable relay self-monitoring metrics export to management cluster	`false`
telemetry.traces.enabled	bool	Enable OTLP trace ingestion	`true`
traces.verbose	bool	Enable verbose traces	`false`
tunnel.fqdn	string		`""`
tunnel.image.name	string	Image name	`"solo-enterprise-tunnel-client"`
tunnel.image.pullPolicy	string	Image pull policy	`""`
tunnel.image.registry	string	Registry for the tunnel client image. Overrides global.registry when set.	`""`
tunnel.image.repository	string	Repository for the tunnel client image. Overrides global.repository when set.	`""`
tunnel.image.tag	string	Tag for the tunnel client image. Overrides global.tag when set; falls back to chart version if both are unset.	`""`
tunnel.livenessProbe	object	Liveness probe for the tunnel	`{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}`
tunnel.livenessProbe.failureThreshold	int	Failure threshold for liveness probe	`3`
tunnel.livenessProbe.initialDelaySeconds	int	Initial delay seconds for liveness probe	`10`
tunnel.livenessProbe.periodSeconds	int	Period seconds for liveness probe	`10`
tunnel.livenessProbe.successThreshold	int	Success threshold for liveness probe	`1`
tunnel.livenessProbe.timeoutSeconds	int	Timeout seconds for liveness probe	`5`
tunnel.port	int	Management cluster tunnel port	`9000`
tunnel.readinessProbe	object	Readiness probe for the tunnel	`{"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}`
tunnel.readinessProbe.failureThreshold	int	Failure threshold for readiness probe	`3`
tunnel.readinessProbe.initialDelaySeconds	int	Initial delay seconds for readiness probe	`5`
tunnel.readinessProbe.periodSeconds	int	Period seconds for readiness probe	`10`
tunnel.readinessProbe.successThreshold	int	Success threshold for readiness probe	`1`
tunnel.readinessProbe.timeoutSeconds	int	Timeout seconds for readiness probe	`5`
tunnel.resources	object	Resources for the tunnel client. If this is set by the user, it will override all defaults from values.yaml	`{"limits":{"cpu":"500m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"300Mi"}}`
tunnel.resources.limits	object	Resources for the tunnel client. If this is set by the user, it will override all defaults from values.yaml. If this is set to null, it will not render the limits block.	`{"cpu":"500m","memory":"1024Mi"}`
tunnel.resources.limits.cpu	string	CPU limits for the tunnel client	`"500m"`
tunnel.resources.limits.memory	string	Memory limits for the tunnel client	`"1024Mi"`
tunnel.resources.requests	object	Resources for the tunnel client. If this is set by the user, it will override all defaults from values.yaml. If this is set to null, it will not render the requests block.	`{"cpu":"100m","memory":"300Mi"}`
tunnel.resources.requests.cpu	string	CPU requests for the tunnel client	`"100m"`
tunnel.resources.requests.memory	string	Memory requests for the tunnel client	`"300Mi"`
tunnel.securityContext	object	Container security context for the tunnel client	(uses global securityContext)

Solo UI management