universe-infra-api-gateway
Chart version: 0.5.0-dev
AppVersion: 0.5.0-dev
Description: A Helm chart for universe-infra-api-gateway
>
global
(object): global settings for chartDefault:
{ "image": { "registry": null, "tag": null } }
>
nameOverride
(string): overrides chart nameDefault:
""
>
fullnameOverride
(string): overrides generated fullName for releaseDefault:
""
>
imagePullSecrets
(list): imagePullSecrets to add to the Pod specDefault:
[]
>
envoy
(object): configuration for envoy containerDefault: see default values for nested options
>
envoy.image.registry
(string): registry for envoy imageDefault:
""
>
envoy.image.repository
(string): envoy image nameDefault:
"universe-infra-api-gateway"
>
envoy.image.pullPolicy
(string): pullPolicy for envoy imageDefault:
"IfNotPresent"
>
envoy.image.tag
(string): tag for envoy image if not set, Helm chart appVersion will be used as tagDefault:
""
>
envoy.config
(object): will be translated to ConfigMap which holds envoy configurationDefault: see default values for nested options
>
envoy.config.enabled
(bool): enables or disables deployment of envoy configurationDefault:
true
>
envoy.config.listener.address
(string): envoy will listen on this addressDefault:
"0.0.0.0"
>
envoy.config.listener.port
(int): envoy will listen on this portDefault:
10000
>
envoy.config.listener.serverTLS
(object): server TLS configurationDefault:
{ "cert": "/vault/secrets/server.cert", "enabled": false, "key": "/vault/secrets/server.key" }
>
envoy.config.listener.peerValidation
(object): client certificate validation (mTLS)Default:
{ "ca": "/vault/secrets/ca.cert", "enabled": false }
>
envoy.config.listener.access_log.enabled
(bool): enables or disables access_log for envoyDefault:
true
>
envoy.config.listener.access_log.log_format
(object): format of the access log, will be injected as is to envoy’s config fileDefault:
{ "json_format": { "bytes_received": "%BYTES_RECEIVED%", "bytes_sent": "%BYTES_SENT%", "connection_termination_details": "%CONNECTION_TERMINATION_DETAILS%", "downstream": "%DOWNSTREAM_REMOTE_ADDRESS%", "duration": "%DURATION%", "grpc_status": "%GRPC_STATUS%", "path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", "protocol": "%PROTOCOL%", "start_time": "%START_TIME(%s.%3f)%", "tls_local_uri_san": "%DOWNSTREAM_LOCAL_URI_SAN%", "tls_peer_cert_end": "%DOWNSTREAM_PEER_CERT_V_END%", "tls_peer_cert_start": "%DOWNSTREAM_PEER_CERT_V_START%", "tls_peer_issuer": "%DOWNSTREAM_PEER_ISSUER%", "tls_peer_serial": "%DOWNSTREAM_PEER_SERIAL%", "tls_peer_subject": "%DOWNSTREAM_PEER_SUBJECT%", "tls_peer_uri_san": "%DOWNSTREAM_PEER_URI_SAN%", "tls_requested_server_name": "%REQUESTED_SERVER_NAME%", "upstream": "%UPSTREAM_HOST%", "upstream_failure_reason": "%UPSTREAM_TRANSPORT_FAILURE_REASON%" }, "omit_empty_values": true }
>
envoy.config.upstream
(object): upstream configuration for universe services if service has empty address or port it will be ignoredDefault:
{ "example-service": { "address": null, "port": null, "prefixes": [ { "idleTimeout": null, "prefix": "/example", "timeout": null } ] } }
>
envoy.config.upstream.example-service.prefixes
(list): routes to match for example serviceDefault:
[ { "idleTimeout": null, "prefix": "/example", "timeout": null } ]
>
envoy.config.upstream.example-service.prefixes[0].timeout
(string): specifies the upstream timeout for the prefixDefault:
null
>
envoy.config.upstream.example-service.prefixes[0].idleTimeout
(string): specifies the idle timeout for the prefixDefault:
null
>
envoy.config.upstream.example-service.address
(string): address of API serverDefault:
null
>
envoy.config.upstream.example-service.port
(string): port of API serverDefault:
null
>
podAnnotations
(object): podAnnotations to add to the Pod specDefault:
{}
>
podSecurityContext
(object): podSecurityContext to add to the Pod specDefault:
{}
>
resources
(object): resources for envoy containerDefault:
{}
>
nodeSelector
(object): nodeSelector to add to the Pod specDefault:
{}
>
tolerations
(list): tolerations to add to the Pod specDefault:
[]
>
affinity
(object): affinity to add to the Pod specDefault:
{}
>
service
(object): service configuration for api-gateway PodDefault: see default values for nested options
>
service.name
(string): override for Service nameDefault: if not set explicitly Helm release name will be used
>
service.type
(string): service typeDefault:
"NodePort"
>
service.targetPort
(int): application port, port on which envoy listenDefault:
10000
>
service.port
(int): service portDefault:
10000
>
service.nodePort
(string): configure static node port for the serviceDefault: if not set explicitly will be assigned automatically by k8s
>
vaultApproleSecret
(object): settings for Secret which store roleID and secretID for approle auth method in Vault. Config from this secret is read by vault-sidecar container and used to authenticate in Vault serverDefault: see default values for nested options
>
vaultApproleSecret.create
(bool): enables or disables creation of the SecretDefault:
false
>
vaultApproleSecret.name
(string): override for default Secret nameDefault: if not set explicitly Helm release name + “-secret” will be used
>
vaultApproleSecret.roleID
(string): roleID which vault-sidecar will use for authentication in Vault serverDefault:
null
>
vaultApproleSecret.secretID
(string): secretID which vault-sidecar will use for authentication in Vault serverDefault:
null
>
vaultAnnotations
(object): configuration for Vault related Pod annotations. These annotations are used by vault-injector mutating webhook to determine configuration of the vault-sidecar container which will be attached to the plugin Pod.Default: see default values for nested options
>
vaultAnnotations.addAnnotations
(bool): enables or disables addition of the annotationsDefault:
false
>
vaultAnnotations.namespace
(string): namespace in vault-server (namespaces are available only in Vault Enterprise)Default:
null
>
vaultAnnotations.role
(string): add label with role NameDefault:
null
>
vaultAnnotations.serverCertSecret
(string): vault PKI cert issue pathDefault:
null
>
vaultAnnotations.serverCertCommonName
(string): common name for generated certificateDefault:
null
>
vaultAnnotations.serverCertTTL
(string): TTL for generated certificateDefault:
"24h"