Network Operator Application Notes 23.10.0 - Sphinx Test
NVIDIA Docs Hub  NVIDIA Networking  Networking Software  Cloud Orchestration  Network Operator Application Notes 23.10.0 - Sphinx Test  universe-infra-api-gateway
1.0

universe-infra-api-gateway

Chart version: 0.5.0-dev

AppVersion: 0.5.0-dev

Description: A Helm chart for universe-infra-api-gateway

Values

  • > global (object): global settings for chart

    Default:

    Copy
    Copied!
                
    
            
    {
  "image": {
    "registry": null,
    "tag": null
  }
}

  • > nameOverride (string): overrides chart name

    Default:

    Copy
    Copied!
                
    
            
    ""

  • > fullnameOverride (string): overrides generated fullName for release

    Default:

    Copy
    Copied!
                
    
            
    ""

  • > imagePullSecrets (list): imagePullSecrets to add to the Pod spec

    Default:

    Copy
    Copied!
                
    
            
    []

  • > envoy (object): configuration for envoy container

    Default: see default values for nested options

  • > envoy.image.registry (string): registry for envoy image

    Default:

    Copy
    Copied!
                
    
            
    ""

  • > envoy.image.repository (string): envoy image name

    Default:

    Copy
    Copied!
                
    
            
    "universe-infra-api-gateway"

  • > envoy.image.pullPolicy (string): pullPolicy for envoy image

    Default:

    Copy
    Copied!
                
    
            
    "IfNotPresent"

  • > envoy.image.tag (string): tag for envoy image if not set, Helm chart appVersion will be used as tag

    Default:

    Copy
    Copied!
                
    
            
    ""

  • > envoy.config (object): will be translated to ConfigMap which holds envoy configuration

    Default: see default values for nested options

  • > envoy.config.enabled (bool): enables or disables deployment of envoy configuration

    Default:

    Copy
    Copied!
                
    
            
    true

  • > envoy.config.listener.address (string): envoy will listen on this address

    Default:

    Copy
    Copied!
                
    
            
    "0.0.0.0"

  • > envoy.config.listener.port (int): envoy will listen on this port

    Default:

    Copy
    Copied!
                
    
            
    10000

  • > envoy.config.listener.serverTLS (object): server TLS configuration

    Default:

    Copy
    Copied!
                
    
            
    {
  "cert": "/vault/secrets/server.cert",
  "enabled": false,
  "key": "/vault/secrets/server.key"
}

  • > envoy.config.listener.peerValidation (object): client certificate validation (mTLS)

    Default:

    Copy
    Copied!
                
    
            
    {
  "ca": "/vault/secrets/ca.cert",
  "enabled": false
}

  • > envoy.config.listener.access_log.enabled (bool): enables or disables access_log for envoy

    Default:

    Copy
    Copied!
                
    
            
    true

  • > envoy.config.listener.access_log.log_format (object): format of the access log, will be injected as is to envoy’s config file

    Default:

    Copy
    Copied!
                
    
            
    {
  "json_format": {
    "bytes_received": "%BYTES_RECEIVED%",
    "bytes_sent": "%BYTES_SENT%",
    "connection_termination_details": "%CONNECTION_TERMINATION_DETAILS%",
    "downstream": "%DOWNSTREAM_REMOTE_ADDRESS%",
    "duration": "%DURATION%",
    "grpc_status": "%GRPC_STATUS%",
    "path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%",
    "protocol": "%PROTOCOL%",
    "start_time": "%START_TIME(%s.%3f)%",
    "tls_local_uri_san": "%DOWNSTREAM_LOCAL_URI_SAN%",
    "tls_peer_cert_end": "%DOWNSTREAM_PEER_CERT_V_END%",
    "tls_peer_cert_start": "%DOWNSTREAM_PEER_CERT_V_START%",
    "tls_peer_issuer": "%DOWNSTREAM_PEER_ISSUER%",
    "tls_peer_serial": "%DOWNSTREAM_PEER_SERIAL%",
    "tls_peer_subject": "%DOWNSTREAM_PEER_SUBJECT%",
    "tls_peer_uri_san": "%DOWNSTREAM_PEER_URI_SAN%",
    "tls_requested_server_name": "%REQUESTED_SERVER_NAME%",
    "upstream": "%UPSTREAM_HOST%",
    "upstream_failure_reason": "%UPSTREAM_TRANSPORT_FAILURE_REASON%"
  },
  "omit_empty_values": true
}

  • > envoy.config.upstream (object): upstream configuration for universe services if service has empty address or port it will be ignored

    Default:

    Copy
    Copied!
                
    
            
    {
  "example-service": {
    "address": null,
    "port": null,
    "prefixes": [
      {
        "idleTimeout": null,
        "prefix": "/example",
        "timeout": null
      }
    ]
  }
}

  • > envoy.config.upstream.example-service.prefixes (list): routes to match for example service

    Default:

    Copy
    Copied!
                
    
            
    [
  {
    "idleTimeout": null,
    "prefix": "/example",
    "timeout": null
  }
]

  • > envoy.config.upstream.example-service.prefixes[0].timeout (string): specifies the upstream timeout for the prefix

    Default:

    Copy
    Copied!
                
    
            
    null

  • > envoy.config.upstream.example-service.prefixes[0].idleTimeout (string): specifies the idle timeout for the prefix

    Default:

    Copy
    Copied!
                
    
            
    null

  • > envoy.config.upstream.example-service.address (string): address of API server

    Default:

    Copy
    Copied!
                
    
            
    null

  • > envoy.config.upstream.example-service.port (string): port of API server

    Default:

    Copy
    Copied!
                
    
            
    null

  • > podAnnotations (object): podAnnotations to add to the Pod spec

    Default:

    Copy
    Copied!
                
    
            
    {}

  • > podSecurityContext (object): podSecurityContext to add to the Pod spec

    Default:

    Copy
    Copied!
                
    
            
    {}

  • > resources (object): resources for envoy container

    Default:

    Copy
    Copied!
                
    
            
    {}

  • > nodeSelector (object): nodeSelector to add to the Pod spec

    Default:

    Copy
    Copied!
                
    
            
    {}

  • > tolerations (list): tolerations to add to the Pod spec

    Default:

    Copy
    Copied!
                
    
            
    []

  • > affinity (object): affinity to add to the Pod spec

    Default:

    Copy
    Copied!
                
    
            
    {}

  • > service (object): service configuration for api-gateway Pod

    Default: see default values for nested options

  • > service.name (string): override for Service name

    Default: if not set explicitly Helm release name will be used

  • > service.type (string): service type

    Default:

    Copy
    Copied!
                
    
            
    "NodePort"

  • > service.targetPort (int): application port, port on which envoy listen

    Default:

    Copy
    Copied!
                
    
            
    10000

  • > service.port (int): service port

    Default:

    Copy
    Copied!
                
    
            
    10000

  • > service.nodePort (string): configure static node port for the service

    Default: if not set explicitly will be assigned automatically by k8s

  • > vaultApproleSecret (object): settings for Secret which store roleID and secretID for approle auth method in Vault. Config from this secret is read by vault-sidecar container and used to authenticate in Vault server

    Default: see default values for nested options

  • > vaultApproleSecret.create (bool): enables or disables creation of the Secret

    Default:

    Copy
    Copied!
                
    
            
    false

  • > vaultApproleSecret.name (string): override for default Secret name

    Default: if not set explicitly Helm release name + “-secret” will be used

  • > vaultApproleSecret.roleID (string): roleID which vault-sidecar will use for authentication in Vault server

    Default:

    Copy
    Copied!
                
    
            
    null

  • > vaultApproleSecret.secretID (string): secretID which vault-sidecar will use for authentication in Vault server

    Default:

    Copy
    Copied!
                
    
            
    null

  • > vaultAnnotations (object): configuration for Vault related Pod annotations. These annotations are used by vault-injector mutating webhook to determine configuration of the vault-sidecar container which will be attached to the plugin Pod.

    Default: see default values for nested options

  • > vaultAnnotations.addAnnotations (bool): enables or disables addition of the annotations

    Default:

    Copy
    Copied!
                
    
            
    false

  • > vaultAnnotations.namespace (string): namespace in vault-server (namespaces are available only in Vault Enterprise)

    Default:

    Copy
    Copied!
                
    
            
    null

  • > vaultAnnotations.role (string): add label with role Name

    Default:

    Copy
    Copied!
                
    
            
    null

  • > vaultAnnotations.serverCertSecret (string): vault PKI cert issue path

    Default:

    Copy
    Copied!
                
    
            
    null

  • > vaultAnnotations.serverCertCommonName (string): common name for generated certificate

    Default:

    Copy
    Copied!
                
    
            
    null

  • > vaultAnnotations.serverCertTTL (string): TTL for generated certificate

    Default:

    Copy
    Copied!
                
    
            
    "24h"

Previous universe-infra-admin-controller
Next universe-infra-catalog
© Copyright 2023, NVIDIA. Last updated on Feb 7, 2024.