Network Operator Application Notes 23.10.0 - Sphinx Test
1.0

universe-infra-api-gateway

Chart version: 0.5.0-dev

AppVersion: 0.5.0-dev

Description: A Helm chart for universe-infra-api-gateway

  • > global (object): global settings for chart

    Default:

    Copy
    Copied!
                

    { "image": { "registry": null, "tag": null } }

  • > nameOverride (string): overrides chart name

    Default:

    Copy
    Copied!
                

    ""

  • > fullnameOverride (string): overrides generated fullName for release

    Default:

    Copy
    Copied!
                

    ""

  • > imagePullSecrets (list): imagePullSecrets to add to the Pod spec

    Default:

    Copy
    Copied!
                

    []

  • > envoy (object): configuration for envoy container

    Default: see default values for nested options

  • > envoy.image.registry (string): registry for envoy image

    Default:

    Copy
    Copied!
                

    ""

  • > envoy.image.repository (string): envoy image name

    Default:

    Copy
    Copied!
                

    "universe-infra-api-gateway"

  • > envoy.image.pullPolicy (string): pullPolicy for envoy image

    Default:

    Copy
    Copied!
                

    "IfNotPresent"

  • > envoy.image.tag (string): tag for envoy image if not set, Helm chart appVersion will be used as tag

    Default:

    Copy
    Copied!
                

    ""

  • > envoy.config (object): will be translated to ConfigMap which holds envoy configuration

    Default: see default values for nested options

  • > envoy.config.enabled (bool): enables or disables deployment of envoy configuration

    Default:

    Copy
    Copied!
                

    true

  • > envoy.config.listener.address (string): envoy will listen on this address

    Default:

    Copy
    Copied!
                

    "0.0.0.0"

  • > envoy.config.listener.port (int): envoy will listen on this port

    Default:

    Copy
    Copied!
                

    10000

  • > envoy.config.listener.serverTLS (object): server TLS configuration

    Default:

    Copy
    Copied!
                

    { "cert": "/vault/secrets/server.cert", "enabled": false, "key": "/vault/secrets/server.key" }

  • > envoy.config.listener.peerValidation (object): client certificate validation (mTLS)

    Default:

    Copy
    Copied!
                

    { "ca": "/vault/secrets/ca.cert", "enabled": false }

  • > envoy.config.listener.access_log.enabled (bool): enables or disables access_log for envoy

    Default:

    Copy
    Copied!
                

    true

  • > envoy.config.listener.access_log.log_format (object): format of the access log, will be injected as is to envoy’s config file

    Default:

    Copy
    Copied!
                

    { "json_format": { "bytes_received": "%BYTES_RECEIVED%", "bytes_sent": "%BYTES_SENT%", "connection_termination_details": "%CONNECTION_TERMINATION_DETAILS%", "downstream": "%DOWNSTREAM_REMOTE_ADDRESS%", "duration": "%DURATION%", "grpc_status": "%GRPC_STATUS%", "path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", "protocol": "%PROTOCOL%", "start_time": "%START_TIME(%s.%3f)%", "tls_local_uri_san": "%DOWNSTREAM_LOCAL_URI_SAN%", "tls_peer_cert_end": "%DOWNSTREAM_PEER_CERT_V_END%", "tls_peer_cert_start": "%DOWNSTREAM_PEER_CERT_V_START%", "tls_peer_issuer": "%DOWNSTREAM_PEER_ISSUER%", "tls_peer_serial": "%DOWNSTREAM_PEER_SERIAL%", "tls_peer_subject": "%DOWNSTREAM_PEER_SUBJECT%", "tls_peer_uri_san": "%DOWNSTREAM_PEER_URI_SAN%", "tls_requested_server_name": "%REQUESTED_SERVER_NAME%", "upstream": "%UPSTREAM_HOST%", "upstream_failure_reason": "%UPSTREAM_TRANSPORT_FAILURE_REASON%" }, "omit_empty_values": true }

  • > envoy.config.upstream (object): upstream configuration for universe services if service has empty address or port it will be ignored

    Default:

    Copy
    Copied!
                

    { "example-service": { "address": null, "port": null, "prefixes": [ { "idleTimeout": null, "prefix": "/example", "timeout": null } ] } }

  • > envoy.config.upstream.example-service.prefixes (list): routes to match for example service

    Default:

    Copy
    Copied!
                

    [ { "idleTimeout": null, "prefix": "/example", "timeout": null } ]

  • > envoy.config.upstream.example-service.prefixes[0].timeout (string): specifies the upstream timeout for the prefix

    Default:

    Copy
    Copied!
                

    null

  • > envoy.config.upstream.example-service.prefixes[0].idleTimeout (string): specifies the idle timeout for the prefix

    Default:

    Copy
    Copied!
                

    null

  • > envoy.config.upstream.example-service.address (string): address of API server

    Default:

    Copy
    Copied!
                

    null

  • > envoy.config.upstream.example-service.port (string): port of API server

    Default:

    Copy
    Copied!
                

    null

  • > podAnnotations (object): podAnnotations to add to the Pod spec

    Default:

    Copy
    Copied!
                

    {}

  • > podSecurityContext (object): podSecurityContext to add to the Pod spec

    Default:

    Copy
    Copied!
                

    {}

  • > resources (object): resources for envoy container

    Default:

    Copy
    Copied!
                

    {}

  • > nodeSelector (object): nodeSelector to add to the Pod spec

    Default:

    Copy
    Copied!
                

    {}

  • > tolerations (list): tolerations to add to the Pod spec

    Default:

    Copy
    Copied!
                

    []

  • > affinity (object): affinity to add to the Pod spec

    Default:

    Copy
    Copied!
                

    {}

  • > service (object): service configuration for api-gateway Pod

    Default: see default values for nested options

  • > service.name (string): override for Service name

    Default: if not set explicitly Helm release name will be used

  • > service.type (string): service type

    Default:

    Copy
    Copied!
                

    "NodePort"

  • > service.targetPort (int): application port, port on which envoy listen

    Default:

    Copy
    Copied!
                

    10000

  • > service.port (int): service port

    Default:

    Copy
    Copied!
                

    10000

  • > service.nodePort (string): configure static node port for the service

    Default: if not set explicitly will be assigned automatically by k8s

  • > vaultApproleSecret (object): settings for Secret which store roleID and secretID for approle auth method in Vault. Config from this secret is read by vault-sidecar container and used to authenticate in Vault server

    Default: see default values for nested options

  • > vaultApproleSecret.create (bool): enables or disables creation of the Secret

    Default:

    Copy
    Copied!
                

    false

  • > vaultApproleSecret.name (string): override for default Secret name

    Default: if not set explicitly Helm release name + “-secret” will be used

  • > vaultApproleSecret.roleID (string): roleID which vault-sidecar will use for authentication in Vault server

    Default:

    Copy
    Copied!
                

    null

  • > vaultApproleSecret.secretID (string): secretID which vault-sidecar will use for authentication in Vault server

    Default:

    Copy
    Copied!
                

    null

  • > vaultAnnotations (object): configuration for Vault related Pod annotations. These annotations are used by vault-injector mutating webhook to determine configuration of the vault-sidecar container which will be attached to the plugin Pod.

    Default: see default values for nested options

  • > vaultAnnotations.addAnnotations (bool): enables or disables addition of the annotations

    Default:

    Copy
    Copied!
                

    false

  • > vaultAnnotations.namespace (string): namespace in vault-server (namespaces are available only in Vault Enterprise)

    Default:

    Copy
    Copied!
                

    null

  • > vaultAnnotations.role (string): add label with role Name

    Default:

    Copy
    Copied!
                

    null

  • > vaultAnnotations.serverCertSecret (string): vault PKI cert issue path

    Default:

    Copy
    Copied!
                

    null

  • > vaultAnnotations.serverCertCommonName (string): common name for generated certificate

    Default:

    Copy
    Copied!
                

    null

  • > vaultAnnotations.serverCertTTL (string): TTL for generated certificate

    Default:

    Copy
    Copied!
                

    "24h"

Previous universe-infra-admin-controller
Next universe-infra-catalog
© Copyright 2023, NVIDIA. Last updated on Feb 7, 2024.