duynguyen/k8s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7aa06a183cfa0872cde3412f6f524cb7783222c8
k8s-cluster/envoy-gateway/values.yaml
duynguyen 7aa06a183c first commit
2026-04-12 16:09:15 +07:00

149 lines
4.3 KiB
YAML
Raw Blame History

# Global settings
global:
# If set, these take highest precedence and change both envoyGateway and ratelimit's container registry and pull secrets.
# -- Global override for image registry
imageRegistry: ""
# -- Global override for image pull secrets
imagePullSecrets: []
# If set, these override image-specific values: useful when installing the chart in a private registry environment.
# Override image-specific values directly if a global override is not desired.
images:
envoyGateway:
# This is the full image name including the hub, repo, and tag.
image: docker.io/envoyproxy/gateway:v1.7.1
# Specify image pull policy if default behavior isn't desired.
# Default behavior: latest images will be Always else IfNotPresent.
pullPolicy: IfNotPresent
# List of secrets in the same namespace of the component that can be used to pull images from private repositories.
pullSecrets: []
ratelimit:
# This is the full image name including the hub, repo, and tag.
image: "docker.io/envoyproxy/ratelimit:c8765e89"
# Specify image pull policy if default behavior isn't desired.
# Default behavior: latest images will be Always else IfNotPresent.
pullPolicy: IfNotPresent
# List of secrets in the same namespace of the component that can be used to pull images from private repositories.
pullSecrets: []
podDisruptionBudget:
minAvailable: 0
# maxUnavailable: 1
deployment:
annotations: {}
envoyGateway:
image:
# if both this and global.imageRegistry are specified, this has to include both registry and repository explicitly, eg docker.io/envoyproxy/gateway
repository: ""
tag: ""
imagePullPolicy: ""
imagePullSecrets: []
resources:
limits:
memory: 1024Mi
requests:
cpu: 100m
memory: 256Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsNonRoot: true
runAsGroup: 65532
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
ports:
- name: grpc
port: 18000
targetPort: 18000
- name: ratelimit
port: 18001
targetPort: 18001
- name: wasm
port: 18002
targetPort: 18002
- name: metrics
port: 19001
targetPort: 19001
priorityClassName: null
replicas: 1
pod:
affinity: {}
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '19001'
labels: {}
topologySpreadConstraints: []
tolerations: []
nodeSelector: {}
service:
# If set to PreferClose, the Envoy fleet will prioritize connecting to the Envoy Gateway pods that are topologically closest to them.
trafficDistribution: ""
annotations: {}
# -- Service type. Can be set to LoadBalancer with specific IP, e.g.:
# type: LoadBalancer
loadBalancerIP: 192.168.1.30
type: "ClusterIP"
hpa:
enabled: false
minReplicas: 1
maxReplicas: 1
metrics: []
behavior: {}
config:
# -- EnvoyGateway configuration. Visit https://gateway.envoyproxy.io/docs/api/extension_types/#envoygateway to view all options.
envoyGateway:
gateway:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
provider:
type: Kubernetes
logging:
level:
default: info
extensionApis: {}
createNamespace: false
kubernetesClusterDomain: cluster.local
# -- Certgen is used to generate the certificates required by EnvoyGateway. If you want to construct a custom certificate, you can generate a custom certificate through Cert-Manager before installing EnvoyGateway. Certgen will not overwrite the custom certificate. Please do not manually modify `values.yaml` to disable certgen, it may cause EnvoyGateway OIDC,OAuth2,etc. to not work as expected.
certgen:
job:
annotations: {}
args: []
pod:
annotations: {}
labels: {}
resources: {}
affinity: {}
tolerations: []
nodeSelector: {}
ttlSecondsAfterFinished: 30
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsGroup: 65532
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
rbac:
annotations: {}
labels: {}
topologyInjector:
enabled: true
annotations: {}
Reference in New Issue View Git Blame Copy Permalink