Documentation ¶
Index ¶
- type AccessLogger
- type AwsSettings
- type CertGenCron
- type CertGenJob
- type Chart
- type CircuitBreakersSettings
- type CleanupJob
- type Config
- type ConfigMap
- type Consul
- type ConsulUpstreamDiscovery
- type ContainerSecurityStandards
- type DaemonSetSpec
- type DeploymentSpec
- type DeploymentSpecSansResources
- type Directory
- type Discovery
- type DiscoveryDeployment
- type Duration
- type EnvoyContainer
- type EnvoySidecarContainer
- type Failover
- type FdsOptions
- type Gateway
- type GatewayParameters
- type GatewayParametersForGatewayClasses
- type GatewayParamsIstioProxyContainer
- type GatewayParamsSdsContainer
- type GatewayParamsSecurityContext
- type GatewayParamsStatsConfig
- type GatewayProxy
- type GatewayProxyDeployment
- type GatewayProxyGatewaySettings
- type GatewayProxyKind
- type GatewayProxyPodTemplate
- type GatewayProxyService
- type GatewayValidation
- type Global
- type GlobalConfigMap
- type Gloo
- type GlooDeployment
- type GlooDeploymentContainer
- type GracefulShutdownSpec
- type HelmConfig
- type HorizontalPodAutoscaler
- type Image
- type Ingress
- type IngressDeployment
- type IngressProxy
- type IngressProxyDeployment
- type Integrations
- type InvalidConfigPolicy
- type Istio
- type IstioIntegration
- type IstioProxyContainer
- type IstioSDS
- type Job
- type JobSpec
- type K8s
- type Knative
- type KnativeProxy
- type KnativeProxyInternal
- type KubeGateway
- type KubeResourceOverride
- type KubernetesSecrets
- type Mtls
- type Namespace
- type PodDisruptionBudget
- type PodDisruptionBudgetWithOverride
- type PodSecurityContext
- type PodSecurityStandards
- type PodSpec
- type ProvisionedDeployment
- type ProvisionedService
- type Rbac
- type ResourceAllocation
- type ResourceRef
- type ResourceRequirements
- type RolloutJob
- type SdsContainer
- type SecretOptions
- type SecretOptionsSource
- type SecurityContext
- type SecurityOpts
- type SecuritySettings
- type Service
- type ServiceAccount
- type ServiceDiscoveryOptions
- type ServiceSpec
- type Settings
- type Stats
- type Tracing
- type UdsOptions
- type VaultAwsAuth
- type VaultSecrets
- type VaultTlsConfig
- type Webhook
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessLogger ¶ added in v0.18.38
type AccessLogger struct { Image *Image `json:"image,omitempty"` Port *uint `json:"port,omitempty"` ServiceName *string `json:"serviceName,omitempty"` Enabled *bool `json:"enabled,omitempty"` Stats *Stats `json:"stats,omitempty" desc:"overrides for prometheus stats published by the access logging pod"` RunAsUser *float64 `json:"runAsUser,omitempty" desc:"Explicitly set the user ID for the processes in the container to run as. Default is 10101."` FsGroup *float64 `json:"fsGroup,omitempty" desc:"Explicitly set the group ID for volume ownership. Default is 10101"` ExtraAccessLoggerLabels map[string]string `` /* 160-byte string literal not displayed */ ExtraAccessLoggerAnnotations map[string]string `` /* 170-byte string literal not displayed */ Service *KubeResourceOverride `json:"service,omitempty"` Deployment *KubeResourceOverride `json:"deployment,omitempty"` AccessLoggerContainerSecurityContext *SecurityContext `` /* 323-byte string literal not displayed */ *DeploymentSpec }
type AwsSettings ¶ added in v1.5.0
type AwsSettings struct { EnableCredentialsDiscovery *bool `` /* 225-byte string literal not displayed */ EnableServiceAccountCredentials *bool `` /* 228-byte string literal not displayed */ StsCredentialsRegion *string `` /* 137-byte string literal not displayed */ PropagateOriginalRouting *bool `` /* 171-byte string literal not displayed */ CredentialRefreshDelay *Duration `` /* 141-byte string literal not displayed */ FallbackToFirstFunction *bool `` /* 217-byte string literal not displayed */ }
type CertGenCron ¶ added in v1.9.25
type CertGenCron struct { Enabled *bool `json:"enabled,omitempty" desc:"enable the cronjob"` Schedule *string `json:"schedule,omitempty" desc:"Cron job scheduling"` MtlsKubeResourceOverride map[string]interface{} `json:"mtlsKubeResourceOverride,omitempty" desc:"override fields in the gloo-mtls-certgen cronjob."` ValidationWebhookKubeResourceOverride map[string]interface{} `json:"validationWebhookKubeResourceOverride,omitempty" desc:"override fields in the gateway-certgen cronjob."` }
Scheduling: ┌───────────── minute (0 - 59) │ ┌───────────── hour (0 - 23) │ │ ┌───────────── day of the month (1 - 31) │ │ │ ┌───────────── month (1 - 12) │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday; │ │ │ │ │ 7 is also Sunday on some systems) │ │ │ │ │ │ │ │ │ │ * * * * *
type CertGenJob ¶ added in v0.21.1
type CertGenJob struct { Job Enabled *bool `` /* 136-byte string literal not displayed */ SetTtlAfterFinished *bool `json:"setTtlAfterFinished,omitempty" desc:"Set ttlSecondsAfterFinished on the job. Defaults to true"` FloatingUserId *bool `` /* 142-byte string literal not displayed */ ForceRotation *bool `json:"forceRotation,omitempty" desc:"If true, will create new certs even if the old one are still valid."` RotationDuration *string `` /* 648-byte string literal not displayed */ RunAsUser *float64 `json:"runAsUser,omitempty" desc:"Explicitly set the user ID for the processes in the container to run as. Default is 10101."` Resources *ResourceRequirements `json:"resources,omitempty"` RunOnUpdate *bool `json:"runOnUpdate,omitempty" desc:"enable to run the job also on pre-upgrade"` Cron *CertGenCron `json:"cron,omitempty" desc:"CronJob parameters"` }
type CircuitBreakersSettings ¶ added in v1.11.47
type CircuitBreakersSettings struct { MaxConnections *uint32 `` /* 183-byte string literal not displayed */ MaxPendingRequests *uint32 `` /* 194-byte string literal not displayed */ MaxRequests *uint32 `` /* 187-byte string literal not displayed */ MaxRetries *uint32 `` /* 182-byte string literal not displayed */ }
type CleanupJob ¶ added in v1.9.25
type CleanupJob struct { *JobSpec Enabled *bool `` /* 132-byte string literal not displayed */ Image *Image `json:"image,omitempty"` Resources *ResourceRequirements `json:"resources,omitempty"` FloatingUserId *bool `` /* 142-byte string literal not displayed */ RunAsUser *float64 `json:"runAsUser,omitempty" desc:"Explicitly set the user ID for the processes in the container to run as. Default is 10101."` }
type Config ¶
type Config struct { Namespace *Namespace `json:"namespace,omitempty"` // This is an Alpha API and is subject to change in subsequent 1.17 beta releases KubeGateway *KubeGateway `json:"kubeGateway,omitempty" desc:"Settings for the Gloo Gateway Kubernetes Gateway API controller."` Settings *Settings `json:"settings,omitempty"` Gloo *Gloo `json:"gloo,omitempty"` Discovery *Discovery `json:"discovery,omitempty"` Gateway *Gateway `json:"gateway,omitempty"` GatewayProxies map[string]GatewayProxy `json:"gatewayProxies,omitempty"` Ingress *Ingress `json:"ingress,omitempty"` IngressProxy *IngressProxy `json:"ingressProxy,omitempty"` K8s *K8s `json:"k8s,omitempty"` AccessLogger *AccessLogger `json:"accessLogger,omitempty"` }
type ConfigMap ¶ added in v1.8.0
type ConfigMap struct { Data map[string]string `json:"data,omitempty"` *KubeResourceOverride }
type Consul ¶ added in v1.6.0
type Consul struct { Datacenter *string `json:"datacenter,omitempty" desc:"Datacenter to use. If not provided, the default agent datacenter is used."` Username *string `json:"username,omitempty" desc:"Username to use for HTTP Basic Authentication."` Password *string `json:"password,omitempty" desc:"Password to use for HTTP Basic Authentication."` Token *string `json:"token,omitempty" desc:"Token is used to provide a per-request ACL token which overrides the agent's default token."` CaFile *string `` /* 159-byte string literal not displayed */ CaPath *string `` /* 173-byte string literal not displayed */ CertFile *string `` /* 157-byte string literal not displayed */ KeyFile *string `` /* 156-byte string literal not displayed */ InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty" desc:"InsecureSkipVerify if set to true will disable TLS host verification."` WaitTime *string `` /* 156-byte string literal not displayed */ ServiceDiscovery *ServiceDiscoveryOptions `` /* 141-byte string literal not displayed */ HttpAddress *string `` /* 232-byte string literal not displayed */ DnsAddress *string `` /* 273-byte string literal not displayed */ DnsPollingInterval *string `` /* 292-byte string literal not displayed */ }
type ConsulUpstreamDiscovery ¶ added in v1.6.0
type ConsulUpstreamDiscovery struct { UseTlsTagging *bool `` /* 212-byte string literal not displayed */ TlsTagName *string `` /* 244-byte string literal not displayed */ SplitTlsServices *bool `` /* 163-byte string literal not displayed */ RootCa *ResourceRef `json:"rootCa,omitempty" desc:"The name/namespace of the root CA needed to use TLS with consul services."` }
type ContainerSecurityStandards ¶ added in v1.16.14
type DaemonSetSpec ¶ added in v0.17.3
type DeploymentSpec ¶
type DeploymentSpec struct { DeploymentSpecSansResources Resources *ResourceRequirements `json:"resources,omitempty" desc:"resources for the main pod in the deployment"` *KubeResourceOverride }
type DeploymentSpecSansResources ¶ added in v1.3.21
type Directory ¶ added in v1.15.3
type Directory struct {
Directory string `json:"directory,omitempty" desc:"Directory to read secrets from."`
}
type Discovery ¶
type Discovery struct { Deployment *DiscoveryDeployment `json:"deployment,omitempty"` FdsMode *string `json:"fdsMode,omitempty" desc:"mode for function discovery (blacklist or whitelist). See more info in the settings docs"` UdsOptions *UdsOptions `json:"udsOptions,omitempty" desc:"Configuration options for the Upstream Discovery Service (UDS)."` FdsOptions *FdsOptions `json:"fdsOptions,omitempty" desc:"Configuration options for the Function Discovery Service (FDS)."` Enabled *bool `json:"enabled,omitempty" desc:"enable Discovery features"` ServiceAccount `json:"serviceAccount,omitempty" ` LogLevel *string `` /* 173-byte string literal not displayed */ }
type DiscoveryDeployment ¶
type DiscoveryDeployment struct { Image *Image `json:"image,omitempty"` Stats Stats `json:"stats,omitempty" desc:"overrides for prometheus stats published by the discovery pod"` FloatingUserId *bool `` /* 142-byte string literal not displayed */ RunAsUser *float64 `json:"runAsUser,omitempty" desc:"Explicitly set the user ID for the processes in the container to run as. Default is 10101."` FsGroup *float64 `json:"fsGroup,omitempty" desc:"Explicitly set the group ID for volume ownership. Default is 10101"` ExtraDiscoveryLabels map[string]string `` /* 163-byte string literal not displayed */ ExtraDiscoveryAnnotations map[string]string `` /* 173-byte string literal not displayed */ EnablePodSecurityContext *bool `json:"enablePodSecurityContext,omitempty" desc:"Whether or not to render the pod security context. Default is true"` DiscoveryContainerSecurityContext *SecurityContext `` /* 312-byte string literal not displayed */ *DeploymentSpec }
type Duration ¶ added in v1.6.0
type Duration struct { Seconds *int32 `json:"seconds,omitempty" desc:"The value of this duration in seconds."` Nanos *int32 `json:"nanos,omitempty" desc:"The value of this duration in nanoseconds."` }
google.protobuf.Duration
type EnvoyContainer ¶ added in v1.17.0
type EnvoyContainer struct { Image *Image `json:"image,omitempty"` SecurityContext *GatewayParamsSecurityContext `json:"securityContext,omitempty" desc:"securityContext for envoy proxy container."` Resources *ResourceRequirements `json:"resources,omitempty" desc:"Resource requirements for envoy proxy container."` }
type EnvoySidecarContainer ¶ added in v1.3.8
type EnvoySidecarContainer struct { Image *Image `json:"image,omitempty"` SecurityContext *SecurityContext `` /* 341-byte string literal not displayed */ }
type Failover ¶ added in v1.5.0
type Failover struct { Enabled *bool `json:"enabled,omitempty" desc:"(Enterprise Only): Configure this proxy for failover"` Port *uint `json:"port,omitempty" desc:"(Enterprise Only): Port to use for failover Gateway Bind port, and service. Default is 15443"` NodePort *uint `json:"nodePort,omitempty" desc:"(Enterprise Only): Optional NodePort for failover Service"` SecretName *string `json:"secretName,omitempty" desc:"(Enterprise Only): Secret containing downstream Ssl Secrets Default is failover-downstream"` *KubeResourceOverride }
type FdsOptions ¶ added in v1.11.44
type FdsOptions struct {
GraphqlEnabled *bool `json:"graphqlEnabled,omitempty" desc:"Enable GraphQL schema generation on the function discovery service. Defaults to true."`
}
Configuration options for the Function Discovery Service (FDS).
type Gateway ¶
type Gateway struct { Enabled *bool `json:"enabled,omitempty" desc:"enable Gloo Edge API Gateway features"` Validation GatewayValidation `` /* 176-byte string literal not displayed */ CertGenJob *CertGenJob `` /* 187-byte string literal not displayed */ RolloutJob *RolloutJob `` /* 189-byte string literal not displayed */ CleanupJob *CleanupJob `json:"cleanupJob,omitempty" desc:"This job cleans up resources that are not deleted by Helm when Gloo Edge is uninstalled."` UpdateValues *bool `` /* 169-byte string literal not displayed */ ProxyServiceAccount ServiceAccount `json:"proxyServiceAccount,omitempty" ` ReadGatewaysFromAllNamespaces *bool `` /* 177-byte string literal not displayed */ IsolateVirtualHostsBySslConfig *bool `` /* 213-byte string literal not displayed */ CompressedProxySpec *bool `json:"compressedProxySpec,omitempty" desc:"if true, enables compression for the Proxy CRD spec"` PersistProxySpec *bool `json:"persistProxySpec,omitempty" desc:"Enable writing Proxy CRD to etcd. Disabled by default for performance."` TranslateEmptyGateways *bool `` /* 142-byte string literal not displayed */ Service *KubeResourceOverride }
type GatewayParameters ¶ added in v1.17.0
type GatewayParameters struct { EnvoyContainer *EnvoyContainer `json:"envoyContainer,omitempty" desc:"Config for the Envoy container of the proxy deployment."` ProxyDeployment *ProvisionedDeployment `` /* 239-byte string literal not displayed */ Service *ProvisionedService `` /* 225-byte string literal not displayed */ SdsContainer *GatewayParamsSdsContainer `json:"sdsContainer,omitempty" desc:"Config used to manage the Gloo Gateway SDS container."` Istio *Istio `json:"istio,omitempty" desc:"Configs used to manage Istio integration."` Stats *GatewayParamsStatsConfig `json:"stats,omitempty" desc:"Config used to manage the stats endpoints exposed on the deployed proxies"` FloatingUserId *bool `` /* 160-byte string literal not displayed */ }
type GatewayParametersForGatewayClasses ¶ added in v1.17.0
type GatewayParametersForGatewayClasses struct {
GlooGateway *GatewayParameters `json:"glooGateway,omitempty" desc:"Default GatewayParameters for gloo-gateway GatewayClass."`
}
type GatewayParamsIstioProxyContainer ¶ added in v1.17.0
type GatewayParamsIstioProxyContainer struct { Image *Image `json:"image,omitempty" desc:"Istio-proxy image to use for mTLS"` SecurityContext *GatewayParamsSecurityContext `` /* 314-byte string literal not displayed */ LogLevel *string `` /* 168-byte string literal not displayed */ // TODO(npolshak): Deprecate GatewayProxy IstioMetaMeshId/IstioMetaClusterId/IstioDiscoveryAddress in favor of IstioProxyContainer // Note: these are only supported for k8s Gateway API. IstioMetaMeshId *string `` /* 183-byte string literal not displayed */ IstioMetaClusterId *string `` /* 186-byte string literal not displayed */ IstioDiscoveryAddress *string `` /* 229-byte string literal not displayed */ }
type GatewayParamsSdsContainer ¶ added in v1.17.0
type GatewayParamsSdsContainer struct { Image *Image `json:"image,omitempty"` SecurityContext *GatewayParamsSecurityContext `` /* 311-byte string literal not displayed */ LogLevel *string `` /* 158-byte string literal not displayed */ Resources *ResourceRequirements `json:"sdsResources,omitempty" desc:"Sets default resource requirements for all sds containers."` }
type GatewayParamsSecurityContext ¶ added in v1.17.0
type GatewayParamsSecurityContext struct {
*corev1.SecurityContext
}
GatewayParamsSecurityContext is a passthrough struct that provides the corev1.SecurityContext without exposing the SecurityOpts/MergePolicy. MergePolicy is irrelevant to the GatewayParameters case because there is already a default and merge behavior defined. The "default" GatewayParameters are expected to be the base config, which is where a default policy can defined; each gwapi.Gateway can have specific GatewayParameters which can then override/merge into the default policy
type GatewayParamsStatsConfig ¶ added in v1.17.0
type GatewayParamsStatsConfig struct { Enabled *bool `json:"enabled,omitempty" desc:"Enable the prometheus endpoint"` RoutePrefixRewrite *string `json:"routePrefixRewrite,omitempty" desc:"Set the prefix rewrite used for the prometheus endpoint"` EnableStatsRoute *bool `json:"enableStatsRoute,omitempty" desc:"Enable the stats endpoint"` StatsRoutePrefixRewrite *string `json:"statsRoutePrefixRewrite,omitempty" desc:"Set the prefix rewrite used for the stats endpoint"` }
type GatewayProxy ¶
type GatewayProxy struct { Kind *GatewayProxyKind `json:"kind,omitempty" desc:"value to determine how the gateway proxy is deployed"` Namespace *string `` /* 131-byte string literal not displayed */ PodTemplate *GatewayProxyPodTemplate `json:"podTemplate,omitempty"` ConfigMap *ConfigMap `json:"configMap,omitempty"` CustomStaticLayer interface{} `` /* 339-byte string literal not displayed */ GlobalDownstreamMaxConnections *uint32 `` /* 173-byte string literal not displayed */ HealthyPanicThreshold *int8 `` /* 134-byte string literal not displayed */ Service *GatewayProxyService `json:"service,omitempty"` AntiAffinity *bool `json:"antiAffinity,omitempty" desc:"configure anti affinity such that pods are preferably not co-located"` Affinity map[string]interface{} `json:"affinity,omitempty"` TopologySpreadConstraints []interface{} `json:"topologySpreadConstraints,omitempty" desc:"configure topologySpreadConstraints for gateway proxy pods"` Tracing *Tracing `json:"tracing,omitempty"` GatewaySettings *GatewayProxyGatewaySettings `json:"gatewaySettings,omitempty" desc:"settings for the helm generated gateways, leave nil to not render"` ExtraEnvoyArgs []string `` /* 126-byte string literal not displayed */ ExtraContainersHelper *string `json:"extraContainersHelper,omitempty"` ExtraInitContainersHelper *string `json:"extraInitContainersHelper,omitempty"` ExtraVolumes []map[string]interface{} `json:"extraVolumes,omitempty"` ExtraVolumeHelper *string `json:"extraVolumeHelper,omitempty"` ExtraListenersHelper *string `json:"extraListenersHelper,omitempty"` Stats *Stats `json:"stats,omitempty" desc:"overrides for prometheus stats published by the gateway-proxy pod"` ReadConfig *bool `json:"readConfig,omitempty" desc:"expose a read-only subset of the Envoy admin api"` ReadConfigMulticluster *bool `json:"readConfigMulticluster,omitempty" desc:"expose a read-only subset of the Envoy admin api to gloo-fed"` ExtraProxyVolumeMounts []map[string]interface{} `json:"extraProxyVolumeMounts,omitempty"` ExtraProxyVolumeMountHelper *string `` /* 142-byte string literal not displayed */ LoopBackAddress *string `` /* 184-byte string literal not displayed */ Failover Failover `json:"failover,omitempty" desc:"(Enterprise Only): Failover configuration"` Disabled *bool `` /* 139-byte string literal not displayed */ EnvoyApiVersion *string `json:"envoyApiVersion,omitempty" desc:"Version of the Envoy API to use for the xDS transport and resources. Default is V3"` EnvoyBootstrapExtensions []map[string]interface{} `` /* 256-byte string literal not displayed */ EnvoyOverloadManager map[string]interface{} `` /* 302-byte string literal not displayed */ EnvoyStaticClusters []map[string]interface{} `` /* 238-byte string literal not displayed */ HorizontalPodAutoscaler *HorizontalPodAutoscaler `` /* 240-byte string literal not displayed */ PodDisruptionBudget *PodDisruptionBudgetWithOverride `` /* 147-byte string literal not displayed */ IstioMetaMeshId *string `json:"istioMetaMeshId,omitempty" desc:"ISTIO_META_MESH_ID Environment Variable. Defaults to \"cluster.local\""` IstioMetaClusterId *string `json:"istioMetaClusterId,omitempty" desc:"ISTIO_META_CLUSTER_ID Environment Variable. Defaults to \"Kubernetes\""` IstioDiscoveryAddress *string `` /* 156-byte string literal not displayed */ IstioSpiffeCertProviderAddress *string `` /* 132-byte string literal not displayed */ EnvoyLogLevel *string `` /* 189-byte string literal not displayed */ EnvoyStatsConfig map[string]interface{} `` /* 219-byte string literal not displayed */ XdsServiceAddress *string `json:"xdsServiceAddress,omitempty" desc:"The k8s service name for the xds server. Defaults to gloo."` XdsServicePort *uint32 `` /* 193-byte string literal not displayed */ TcpKeepaliveTimeSeconds *uint32 `` /* 289-byte string literal not displayed */ DisableCoreDumps *bool `` /* 134-byte string literal not displayed */ DisableExtauthSidecar *bool `` /* 232-byte string literal not displayed */ *KubeResourceOverride }
type GatewayProxyDeployment ¶
type GatewayProxyDeployment struct { *DeploymentSpecSansResources *KubeResourceOverride }
type GatewayProxyGatewaySettings ¶ added in v0.19.1
type GatewayProxyGatewaySettings struct { Enabled *bool `json:"enabled,omitempty" desc:"enable/disable default gateways"` DisableGeneratedGateways *bool `json:"disableGeneratedGateways,omitempty" desc:"set to true to disable the gateway generation for a gateway proxy"` DisableHttpGateway *bool `json:"disableHttpGateway,omitempty" desc:"Set to true to disable http gateway generation."` DisableHttpsGateway *bool `json:"disableHttpsGateway,omitempty" desc:"Set to true to disable https gateway generation."` IPv4Only *bool `` /* 149-byte string literal not displayed */ UseProxyProto *bool `json:"useProxyProto,omitempty" desc:"use proxy protocol"` HttpHybridGateway map[string]interface{} `json:"httpHybridGateway,omitempty" desc:"custom yaml to use for hybrid gateway settings for the http gateway"` HttpsHybridGateway map[string]interface{} `json:"httpsHybridGateway,omitempty" desc:"custom yaml to use for hybrid gateway settings for the https gateway"` CustomHttpGateway map[string]interface{} `json:"customHttpGateway,omitempty" desc:"custom yaml to use for http gateway settings"` CustomHttpsGateway map[string]interface{} `json:"customHttpsGateway,omitempty" desc:"custom yaml to use for https gateway settings"` AccessLoggingService map[string]interface{} `` /* 215-byte string literal not displayed */ GatewayOptions map[string]interface{} `` /* 200-byte string literal not displayed */ HttpGatewayKubeOverride map[string]interface{} `json:"httpGatewayKubeOverride,omitempty"` HttpsGatewayKubeOverride map[string]interface{} `json:"httpsGatewayKubeOverride,omitempty"` *KubeResourceOverride }
type GatewayProxyKind ¶ added in v0.17.3
type GatewayProxyKind struct { Deployment *GatewayProxyDeployment `json:"deployment,omitempty" desc:"set to deploy as a kubernetes deployment, otherwise nil"` DaemonSet *DaemonSetSpec `json:"daemonSet,omitempty" desc:"set to deploy as a kubernetes daemonset, otherwise nil"` }
type GatewayProxyPodTemplate ¶ added in v0.17.3
type GatewayProxyPodTemplate struct { HttpPort *int `json:"httpPort,omitempty" desc:"HTTP port for the gateway service target port."` HttpsPort *int `json:"httpsPort,omitempty" desc:"HTTPS port for the gateway service target port."` ExtraPorts []interface{} `json:"extraPorts,omitempty" desc:"extra ports for the gateway pod."` ExtraAnnotations map[string]string `json:"extraAnnotations,omitempty" desc:"extra annotations to add to the pod."` NodeName *string `json:"nodeName,omitempty" desc:"name of node to run on."` NodeSelector map[string]string `json:"nodeSelector,omitempty" desc:"label selector for nodes."` Tolerations []*corev1.Toleration `json:"tolerations,omitempty"` Probes *bool `` /* 134-byte string literal not displayed */ LivenessProbeEnabled *bool `json:"livenessProbeEnabled,omitempty" desc:"Set to true to enable a liveness probe (default is false)."` Resources *ResourceRequirements `json:"resources,omitempty"` DisableNetBind *bool `` /* 233-byte string literal not displayed */ RunUnprivileged *bool `` /* 181-byte string literal not displayed */ FloatingUserId *bool `` /* 203-byte string literal not displayed */ RunAsUser *float64 `` /* 231-byte string literal not displayed */ FsGroup *float64 `` /* 160-byte string literal not displayed */ GracefulShutdown *GracefulShutdownSpec `json:"gracefulShutdown,omitempty"` TerminationGracePeriodSeconds *int `` /* 247-byte string literal not displayed */ CustomReadinessProbe *corev1.Probe `json:"customReadinessProbe,omitempty"` CustomLivenessProbe *corev1.Probe `json:"customLivenessProbe,omitempty"` ExtraGatewayProxyLabels map[string]string `` /* 170-byte string literal not displayed */ ExtraContainers []interface{} `` /* 221-byte string literal not displayed */ ExtraInitContainers []interface{} `` /* 233-byte string literal not displayed */ EnablePodSecurityContext *bool `json:"enablePodSecurityContext,omitempty" desc:"Whether or not to render the pod security context. Default is true."` PodSecurityContext *PodSecurityContext `` /* 323-byte string literal not displayed */ *GlooDeploymentContainer }
GatewayProxyPodTemplate contains the Helm API available to configure the PodTemplate on the gateway-proxy Deployment
Note to Developers: The Helm API for the PodTemplate is split between the values defined in this struct, and the values in the PodSpec, which is available for a GatewayProxy under `gatewayProxy.kind.Deployment`. The side effect of this, is that there may be Helm values which may live on both structs, but only one is used by our templates. Always refer back to the Helm templates to see which is used.
type GatewayProxyService ¶
type GatewayProxyService struct { Type *string "" /* 182-byte string literal not displayed */ HttpPort *int `json:"httpPort,omitempty" desc:"HTTP port for the gateway service"` HttpsPort *int `json:"httpsPort,omitempty" desc:"HTTPS port for the gateway service"` HttpNodePort *int `json:"httpNodePort,omitempty" desc:"HTTP nodeport for the gateway service if using type NodePort"` HttpsNodePort *int `json:"httpsNodePort,omitempty" desc:"HTTPS nodeport for the gateway service if using type NodePort"` ClusterIP *string "" /* 131-byte string literal not displayed */ ExtraAnnotations map[string]string `json:"extraAnnotations,omitempty"` ExternalTrafficPolicy *string `json:"externalTrafficPolicy,omitempty"` Name *string `json:"name,omitempty" desc:"Custom name override for the service resource of the proxy"` HttpsFirst *bool `json:"httpsFirst,omitempty" desc:"List HTTPS port before HTTP"` LoadBalancerIP *string `json:"loadBalancerIP,omitempty" desc:"IP address of the load balancer"` LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty" desc:"List of IP CIDR ranges that are allowed to access the load balancer"` CustomPorts []interface{} `` /* 166-byte string literal not displayed */ ExternalIPs []string `` /* 146-byte string literal not displayed */ ConfigDumpService *KubeResourceOverride `json:"configDumpService,omitempty" desc:"kube resource override for gateway proxy config dump service"` *KubeResourceOverride }
type GatewayValidation ¶ added in v0.20.3
type GatewayValidation struct { Enabled *bool `json:"enabled,omitempty" desc:"enable Gloo Edge API Gateway validation hook (default true)"` AlwaysAcceptResources *bool `` /* 271-byte string literal not displayed */ AllowWarnings *bool `` /* 189-byte string literal not displayed */ WarnMissingTlsSecret *bool `` /* 385-byte string literal not displayed */ ServerEnabled *bool `` /* 325-byte string literal not displayed */ DisableTransformationValidation *bool `` /* 325-byte string literal not displayed */ WarnRouteShortCircuiting *bool `` /* 308-byte string literal not displayed */ SecretName *string `` /* 209-byte string literal not displayed */ FailurePolicy *string `` /* 193-byte string literal not displayed */ Webhook *Webhook `json:"webhook,omitempty" desc:"webhook specific configuration"` ValidationServerGrpcMaxSizeBytes *int `json:"validationServerGrpcMaxSizeBytes,omitempty" desc:"gRPC max message size in bytes for the gloo validation server"` LivenessProbeEnabled *bool `` /* 165-byte string literal not displayed */ }
type Global ¶ added in v0.18.11
type Global struct { Image *Image `json:"image,omitempty"` Extensions interface{} `json:"extensions,omitempty"` GlooRbac *Rbac `json:"glooRbac,omitempty"` GlooStats Stats `` /* 164-byte string literal not displayed */ GlooMtls Mtls `json:"glooMtls,omitempty" desc:"Config used to enable internal mtls authentication."` IstioSDS IstioSDS `` /* 133-byte string literal not displayed */ IstioIntegration IstioIntegration `` /* 138-byte string literal not displayed */ ExtraSpecs *bool `` /* 180-byte string literal not displayed */ ExtauthCustomYaml *bool `` /* 246-byte string literal not displayed */ Console interface{} `json:"console,omitempty" desc:"Configuration options for the Enterprise Console (UI)."` Graphql interface{} `json:"graphql,omitempty" desc:"(Enterprise Only): GraphQL configuration options."` ConfigMaps []*GlobalConfigMap `json:"configMaps,omitempty" desc:"Config used to create ConfigMaps at install time to store arbitrary data."` ExtraCustomResources *bool `` /* 175-byte string literal not displayed */ AdditionalLabels map[string]string `json:"additionalLabels,omitempty" desc:"Additional labels to add to all gloo resources."` PodSecurityStandards *PodSecurityStandards `` /* 165-byte string literal not displayed */ SecuritySettings *SecuritySettings `json:"securitySettings,omitempty" desc:"Global settings for pod and container security contexts"` }
type GlobalConfigMap ¶ added in v1.12.41
type Gloo ¶
type Gloo struct { Deployment *GlooDeployment `json:"deployment,omitempty"` ServiceAccount `json:"serviceAccount,omitempty"` SplitLogOutput *bool `` /* 162-byte string literal not displayed */ GlooService *KubeResourceOverride `json:"service,omitempty"` LogLevel *string `` /* 172-byte string literal not displayed */ DisableLeaderElection *bool `` /* 194-byte string literal not displayed */ HeaderSecretRefNsMatchesUs *bool `` /* 196-byte string literal not displayed */ PodDisruptionBudget *PodDisruptionBudget `json:"podDisruptionBudget,omitempty"` }
type GlooDeployment ¶
type GlooDeployment struct { XdsPort *int `json:"xdsPort,omitempty" desc:"port where gloo serves xDS API to Envoy."` RestXdsPort *uint32 `json:"restXdsPort,omitempty" desc:"port where gloo serves REST xDS API to Envoy."` ValidationPort *int `json:"validationPort,omitempty" desc:"port where gloo serves gRPC Proxy Validation to Gateway."` ProxyDebugPort *int `json:"proxyDebugPort,omitempty" desc:"port where gloo serves gRPC Proxy contents to glooctl."` Stats *Stats `json:"stats,omitempty" desc:"overrides for prometheus stats published by the gloo pod."` FloatingUserId *bool `` /* 238-byte string literal not displayed */ RunAsUser *float64 `` /* 231-byte string literal not displayed */ ExternalTrafficPolicy *string `json:"externalTrafficPolicy,omitempty" desc:"Set the external traffic policy on the gloo service."` ExtraGlooLabels map[string]string `` /* 151-byte string literal not displayed */ ExtraGlooAnnotations map[string]string `` /* 161-byte string literal not displayed */ LivenessProbeEnabled *bool `json:"livenessProbeEnabled,omitempty" desc:"Set to true to enable a liveness probe for Gloo Edge (default is false)."` OssImageTag *string `` /* 139-byte string literal not displayed */ PodSecurityContext *PodSecurityContext `` /* 314-byte string literal not displayed */ *DeploymentSpec *GlooDeploymentContainer }
type GlooDeploymentContainer ¶ added in v1.14.0
type GlooDeploymentContainer struct { Image *Image `json:"image,omitempty"` GlooContainerSecurityContext *SecurityContext `` /* 333-byte string literal not displayed */ }
type GracefulShutdownSpec ¶ added in v1.4.8
type HelmConfig ¶ added in v0.18.11
type HorizontalPodAutoscaler ¶ added in v1.6.11
type HorizontalPodAutoscaler struct { ApiVersion *string `` /* 160-byte string literal not displayed */ MinReplicas *int32 `` /* 133-byte string literal not displayed */ MaxReplicas *int32 `` /* 167-byte string literal not displayed */ TargetCPUUtilizationPercentage *int32 `` /* 192-byte string literal not displayed */ Metrics []map[string]interface{} `` /* 230-byte string literal not displayed */ Behavior map[string]interface{} `` /* 209-byte string literal not displayed */ *KubeResourceOverride }
type Image ¶
type Image struct { Tag *string `json:"tag,omitempty" desc:"The image tag for the container."` Repository *string `json:"repository,omitempty" desc:"The image repository (name) for the container."` Digest *string `json:"digest,omitempty" desc:"The container image's hash digest (e.g. 'sha256:12345...'), consumed when variant=standard."` FipsDigest *string `` /* 233-byte string literal not displayed */ DistrolessDigest *string `` /* 251-byte string literal not displayed */ FipsDistrolessDigest *string `` /* 360-byte string literal not displayed */ Registry *string `json:"registry,omitempty" desc:"The image hostname prefix and registry, such as quay.io/solo-io."` PullPolicy *string `` /* 203-byte string literal not displayed */ PullSecret *string `` /* 126-byte string literal not displayed */ Variant *string `` /* 281-byte string literal not displayed */ Fips *bool `` /* 221-byte string literal not displayed */ }
Common
type Ingress ¶
type Ingress struct { Enabled *bool `json:"enabled,omitempty"` Deployment *IngressDeployment `json:"deployment,omitempty"` RequireIngressClass *bool `` /* 256-byte string literal not displayed */ CustomIngress *bool `` /* 295-byte string literal not displayed */ }
type IngressDeployment ¶
type IngressDeployment struct { Image *Image `json:"image,omitempty"` RunAsUser *float64 `json:"runAsUser,omitempty" desc:"Explicitly set the user ID for the processes in the container to run as. Default is 10101."` FloatingUserId *bool `` /* 142-byte string literal not displayed */ ExtraIngressLabels map[string]string `` /* 149-byte string literal not displayed */ ExtraIngressAnnotations map[string]string `` /* 159-byte string literal not displayed */ Stats *bool `json:"stats,omitempty" desc:"Controls whether or not Envoy stats are enabled"` IngressContainerSecurityContext *SecurityContext `` /* 311-byte string literal not displayed */ *DeploymentSpec }
type IngressProxy ¶
type IngressProxy struct { Deployment *IngressProxyDeployment `json:"deployment,omitempty"` ConfigMap *ConfigMap `json:"configMap,omitempty"` Tracing *string `json:"tracing,omitempty"` LoopBackAddress *string `` /* 184-byte string literal not displayed */ Label *string `` /* 155-byte string literal not displayed */ *ServiceSpec }
type IngressProxyDeployment ¶
type IngressProxyDeployment struct { Image *Image `json:"image,omitempty"` HttpPort *int `json:"httpPort,omitempty" desc:"HTTP port for the ingress container"` HttpsPort *int `json:"httpsPort,omitempty" desc:"HTTPS port for the ingress container"` ExtraPorts []interface{} `json:"extraPorts,omitempty"` ExtraAnnotations map[string]string `json:"extraAnnotations,omitempty"` FloatingUserId *bool `` /* 142-byte string literal not displayed */ RunAsUser *float64 `json:"runAsUser,omitempty" desc:"Explicitly set the user ID for the pod to run as. Default is 10101"` ExtraIngressProxyLabels map[string]string `` /* 160-byte string literal not displayed */ Stats *bool `json:"stats,omitempty" desc:"Controls whether or not Envoy stats are enabled"` IngressProxyContainerSecurityContext *SecurityContext `` /* 321-byte string literal not displayed */ *DeploymentSpec }
type Integrations ¶
type Integrations struct { Knative *Knative `json:"knative,omitempty"` Consul *Consul `json:"consul,omitempty" desc:"Consul settings to inject into the consul client on startup"` ConsulUpstreamDiscovery *ConsulUpstreamDiscovery `` /* 147-byte string literal not displayed */ }
type InvalidConfigPolicy ¶ added in v1.0.0
type InvalidConfigPolicy struct { ReplaceInvalidRoutes *bool `` /* 308-byte string literal not displayed */ InvalidRouteResponseCode *int64 `json:"invalidRouteResponseCode,omitempty" desc:"the response code for the direct response"` InvalidRouteResponseBody *string `json:"invalidRouteResponseBody,omitempty" desc:"the response body for the direct response"` }
type Istio ¶ added in v1.17.0
type Istio struct { IstioProxyContainer *GatewayParamsIstioProxyContainer `json:"istioProxyContainer,omitempty" desc:"Config used to manage the istio-proxy container."` CustomSidecars []interface{} `` /* 149-byte string literal not displayed */ }
type IstioIntegration ¶ added in v1.6.11
type IstioIntegration struct { Enabled *bool `` /* 156-byte string literal not displayed */ EnableAutoMtls *bool `json:"enableAutoMtls,omitempty" desc:"Enables Istio auto mtls configuration for Gloo Edge upstreams."` DisableAutoinjection *bool `` /* 424-byte string literal not displayed */ // NOTE: these fields are deprecated and will be removed in a future release and are not supported with Kubernetes Gateway API. LabelInstallNamespace *bool `` /* 622-byte string literal not displayed */ WhitelistDiscovery *bool `` /* 369-byte string literal not displayed */ EnableIstioSidecarOnGateway *bool `` /* 350-byte string literal not displayed */ IstioSidecarRevTag *string `` /* 534-byte string literal not displayed */ AppendXForwardedHost *bool `` /* 279-byte string literal not displayed */ }
type IstioProxyContainer ¶ added in v1.9.25
type IstioProxyContainer struct { Image *Image `json:"image,omitempty" desc:"Istio-proxy image to use for mTLS"` SecurityContext *SecurityContext `` /* 314-byte string literal not displayed */ LogLevel *string `` /* 168-byte string literal not displayed */ // TODO(npolshak): Deprecate GatewayProxy IstioMetaMeshId/IstioMetaClusterId/IstioDiscoveryAddress in favor of IstioProxyContainer // Note: these are only supported for k8s Gateway API. IstioMetaMeshId *string `` /* 183-byte string literal not displayed */ IstioMetaClusterId *string `` /* 186-byte string literal not displayed */ IstioDiscoveryAddress *string `` /* 229-byte string literal not displayed */ }
type IstioSDS ¶ added in v1.5.0
type IstioSDS struct { // NOTE: IstioSDS.Enabled is deprecated. Use IstioIntegration.Enabled instead. Enabled *bool `` /* 214-byte string literal not displayed */ CustomSidecars []interface{} `` /* 152-byte string literal not displayed */ }
type Job ¶ added in v0.20.3
type Job struct { Image *Image `json:"image,omitempty"` *JobSpec KubeResourceOverride map[string]interface{} `json:"kubeResourceOverride,omitempty" desc:"override fields in the gateway-certgen job."` MtlsKubeResourceOverride map[string]interface{} `json:"mtlsKubeResourceOverride,omitempty" desc:"override fields in the gloo-mtls-certgen job."` }
type JobSpec ¶ added in v0.18.0
type JobSpec struct { *PodSpec ActiveDeadlineSeconds *int `json:"activeDeadlineSeconds,omitempty" desc:"Deadline in seconds for Kubernetes jobs."` BackoffLimit *int `` /* 129-byte string literal not displayed */ Completions *int `json:"completions,omitempty" desc:"Specifies the desired number of successfully finished pods the job should be run with."` ManualSelector *bool `json:"manualSelector,omitempty" desc:"Controls generation of pod labels and pod selectors."` Parallelism *int `json:"parallelism,omitempty" desc:"Specifies the maximum desired number of pods the job should run at any given time."` TtlSecondsAfterFinished *int `` /* 156-byte string literal not displayed */ ExtraPodLabels map[string]string `` /* 130-byte string literal not displayed */ ExtraPodAnnotations map[string]string `` /* 140-byte string literal not displayed */ ContainerSecurityContext *SecurityContext `` /* 380-byte string literal not displayed */ }
type K8s ¶ added in v0.13.34
type K8s struct {
ClusterName *string `json:"clusterName,omitempty" desc:"cluster name to use when referencing services."`
}
type Knative ¶
type Knative struct { Enabled *bool `json:"enabled,omitempty" desc:"enabled knative components"` Version *string `` /* 213-byte string literal not displayed */ Proxy *KnativeProxy `json:"proxy,omitempty"` RequireIngressClass *bool `` /* 187-byte string literal not displayed */ ExtraKnativeInternalLabels map[string]string `` /* 166-byte string literal not displayed */ ExtraKnativeInternalAnnotations map[string]string `` /* 176-byte string literal not displayed */ ExtraKnativeExternalLabels map[string]string `` /* 166-byte string literal not displayed */ ExtraKnativeExternalAnnotations map[string]string `` /* 176-byte string literal not displayed */ }
type KnativeProxy ¶
type KnativeProxy struct { Image *Image `json:"image,omitempty"` HttpPort *int `json:"httpPort,omitempty" desc:"HTTP port for the proxy"` HttpsPort *int `json:"httpsPort,omitempty" desc:"HTTPS port for the proxy"` Tracing *string `json:"tracing,omitempty" desc:"tracing configuration"` RunAsUser *float64 `json:"runAsUser,omitempty" desc:"Explicitly set the user ID for the pod to run as. Default is 10101"` LoopBackAddress *string `` /* 184-byte string literal not displayed */ Stats *bool `json:"stats,omitempty" desc:"Controls whether or not Envoy stats are enabled"` ExtraClusterIngressProxyLabels map[string]string `` /* 175-byte string literal not displayed */ ExtraClusterIngressProxyAnnotations map[string]string `` /* 185-byte string literal not displayed */ Internal *KnativeProxyInternal `json:"internal,omitempty" desc:"kube resource overrides for knative internal proxy resources"` *DeploymentSpec *ServiceSpec ConfigMap *KubeResourceOverride `json:"configMap,omitempty"` Deployment *KubeResourceOverride `json:"deployment,omitempty"` ContainerSecurityContext *SecurityContext `` /* 224-byte string literal not displayed */ }
type KnativeProxyInternal ¶ added in v1.8.0
type KnativeProxyInternal struct { Deployment *KubeResourceOverride `json:"deployment,omitempty"` Service *KubeResourceOverride `json:"service,omitempty"` ConfigMap *KubeResourceOverride `json:"configMap,omitempty"` }
type KubeGateway ¶ added in v1.17.0
type KubeGateway struct { Enabled *bool `json:"enabled,omitempty" desc:"Enable the Gloo Gateway Kubernetes Gateway API controller."` GatewayParameters *GatewayParametersForGatewayClasses `json:"gatewayParameters,omitempty" desc:"Maps GatewayClasses to default GatewayParameters"` }
type KubeResourceOverride ¶ added in v1.8.0
type KubeResourceOverride struct {
KubeResourceOverride map[string]interface{} `` /* 156-byte string literal not displayed */
}
Used to override any field in generated kubernetes resources.
type KubernetesSecrets ¶ added in v1.15.3
type KubernetesSecrets struct { }
type Mtls ¶ added in v1.3.6
type Mtls struct { Enabled *bool `json:"enabled,omitempty" desc:"Enables internal mtls authentication"` Sds SdsContainer `json:"sds,omitempty"` EnvoySidecar EnvoySidecarContainer `json:"envoy,omitempty"` IstioProxy IstioProxyContainer `json:"istioProxy,omitempty" desc:"Istio-proxy container"` EnvoySidecarResources *ResourceRequirements `json:"envoySidecarResources,omitempty" desc:"Sets default resource requirements for all Envoy sidecar containers."` SdsResources *ResourceRequirements `json:"sdsResources,omitempty" desc:"Sets default resource requirements for all sds containers."` }
type Namespace ¶
type Namespace struct {
Create *bool `json:"create,omitempty" desc:"create the installation namespace"`
}
type PodDisruptionBudget ¶ added in v1.6.11
type PodDisruptionBudget struct { MinAvailable *string `` /* 297-byte string literal not displayed */ }
type PodDisruptionBudgetWithOverride ¶ added in v1.14.19
type PodDisruptionBudgetWithOverride struct { *PodDisruptionBudget *KubeResourceOverride }
type PodSecurityContext ¶ added in v1.14.5
type PodSecurityContext struct { *corev1.PodSecurityContext *SecurityOpts }
type PodSecurityStandards ¶ added in v1.16.14
type PodSecurityStandards struct {
Container *ContainerSecurityStandards `` /* 164-byte string literal not displayed */
}
type PodSpec ¶ added in v0.18.0
type PodSpec struct { RestartPolicy *string `json:"restartPolicy,omitempty" desc:"restart policy to use when the pod exits"` PriorityClassName *string `json:"priorityClassName,omitempty" desc:"name of a defined priority class"` NodeName *string `json:"nodeName,omitempty" desc:"name of node to run on"` NodeSelector map[string]string `json:"nodeSelector,omitempty" desc:"label selector for nodes"` Tolerations []*corev1.Toleration `json:"tolerations,omitempty"` Affinity map[string]interface{} `json:"affinity,omitempty"` HostAliases []interface{} `json:"hostAliases,omitempty"` InitContainers []interface{} `` /* 208-byte string literal not displayed */ }
type ProvisionedDeployment ¶ added in v1.17.0
type ProvisionedDeployment struct {
Replicas *int32 `json:"replicas,omitempty" desc:"number of instances to deploy. If set to null, a default of 1 will be imposed."`
}
type ProvisionedService ¶ added in v1.17.0
type ProvisionedService struct {
Type *string `json:"type,omitempty" desc:"K8s service type. If set to null, a default of LoadBalancer will be imposed."`
}
type ResourceAllocation ¶ added in v0.18.1
type ResourceRef ¶ added in v1.6.0
type ResourceRef struct { Namespace *string `json:"namespace,omitempty" desc:"The namespace of this resource."` Name *string `json:"name,omitempty" desc:"The name of this resource."` }
equivalent of core.solo.io.ResourceRef
type ResourceRequirements ¶ added in v0.18.1
type ResourceRequirements struct { Limits *ResourceAllocation `json:"limits,omitempty" desc:"resource limits of this container"` Requests *ResourceAllocation `json:"requests,omitempty" desc:"resource requests of this container"` }
type RolloutJob ¶ added in v1.9.25
type RolloutJob struct { *JobSpec Enabled *bool `` /* 138-byte string literal not displayed */ Image *Image `json:"image,omitempty"` Resources *ResourceRequirements `json:"resources,omitempty"` FloatingUserId *bool `` /* 142-byte string literal not displayed */ RunAsUser *float64 `json:"runAsUser,omitempty" desc:"Explicitly set the user ID for the processes in the container to run as. Default is 10101."` Timeout *int `` /* 155-byte string literal not displayed */ }
type SdsContainer ¶ added in v1.3.8
type SdsContainer struct { Image *Image `json:"image,omitempty"` SecurityContext *SecurityContext `` /* 311-byte string literal not displayed */ LogLevel *string `` /* 158-byte string literal not displayed */ Resources *ResourceRequirements `json:"sdsResources,omitempty" desc:"Sets default resource requirements for all sds containers."` }
type SecretOptions ¶ added in v1.15.3
type SecretOptions struct {
Sources []*SecretOptionsSource `json:"sources,omitempty" desc:"List of sources to use for secrets."`
}
type SecretOptionsSource ¶ added in v1.15.3
type SecretOptionsSource struct { Kubernetes KubernetesSecrets `json:"kubernetes,omitempty" desc:"Only one of kubernetes, vault, or directory may be set"` Vault VaultSecrets `json:"vault,omitempty" desc:"Only one of kubernetes, vault, or directory may be set"` Directory Directory `json:"directory,omitempty" desc:"Only one of kubernetes, vault, or directory may be set"` }
type SecurityContext ¶ added in v1.14.5
type SecurityContext struct { *corev1.SecurityContext *SecurityOpts }
type SecurityOpts ¶ added in v1.14.5
type SecurityOpts struct {
MergePolicy *string `` /* 813-byte string literal not displayed */
}
type SecuritySettings ¶ added in v1.17.3
type SecuritySettings struct {
FloatingUserId *bool `` /* 559-byte string literal not displayed */
}
type Service ¶ added in v1.3.18
type Service struct { Type *string `json:"type,omitempty" desc:"K8s service type"` ExtraAnnotations map[string]string `json:"extraAnnotations,omitempty" desc:"extra annotations to add to the service"` LoadBalancerIP *string `json:"loadBalancerIP,omitempty" desc:"IP address of the load balancer"` HttpPort *int `json:"httpPort,omitempty" desc:"HTTP port for the knative/ingress proxy service"` HttpsPort *int `json:"httpsPort,omitempty" desc:"HTTPS port for the knative/ingress proxy service"` *KubeResourceOverride }
type ServiceAccount ¶ added in v0.18.20
type ServiceAccount struct { ExtraAnnotations map[string]string `json:"extraAnnotations,omitempty" desc:"extra annotations to add to the service account"` DisableAutomount *bool `` /* 204-byte string literal not displayed */ *KubeResourceOverride }
type ServiceDiscoveryOptions ¶ added in v1.6.0
type ServiceDiscoveryOptions struct {
DataCenters []string `` /* 213-byte string literal not displayed */
}
type ServiceSpec ¶ added in v1.3.18
type ServiceSpec struct {
Service *Service `json:"service,omitempty" desc:"K8s service configuration"`
}
type Settings ¶
type Settings struct { WatchNamespaces []string `` /* 141-byte string literal not displayed */ WriteNamespace *string `` /* 139-byte string literal not displayed */ Integrations *Integrations `json:"integrations,omitempty"` Create *bool `json:"create,omitempty" desc:"create a Settings CRD which provides bootstrap configuration to Gloo Edge controllers"` Extensions interface{} `json:"extensions,omitempty"` SingleNamespace *bool `json:"singleNamespace,omitempty" desc:"Enable to use install namespace as WatchNamespace and WriteNamespace"` InvalidConfigPolicy *InvalidConfigPolicy `json:"invalidConfigPolicy,omitempty" desc:"Define policies for Gloo Edge to handle invalid configuration"` Linkerd *bool `json:"linkerd,omitempty" desc:"Enable automatic Linkerd integration in Gloo Edge"` DisableProxyGarbageCollection *bool `` /* 391-byte string literal not displayed */ RegexMaxProgramSize *uint32 `` /* 219-byte string literal not displayed */ DisableKubernetesDestinations *bool `` /* 1093-byte string literal not displayed */ Aws AwsSettings `json:"aws,omitempty"` RateLimit interface{} `` /* 504-byte string literal not displayed */ RatelimitServer interface{} `` /* 300-byte string literal not displayed */ CircuitBreakers CircuitBreakersSettings `json:"circuitBreakers,omitempty" desc:"Set this to configure the circuit breaker settings for Gloo."` EnableRestEds *bool `json:"enableRestEds,omitempty" desc:"Whether or not to use rest xds for all EDS by default. Defaults to false."` // NOTE: DevMode is deprecated. See https://docs.solo.io/gloo-edge/latest/operations/debugging_gloo/#debugging-the-control-plane for more details. DevMode *bool `` /* 290-byte string literal not displayed */ SecretOptions SecretOptions `json:"secretOptions,omitempty" desc:"Options for how Gloo Edge should handle secrets."` *KubeResourceOverride }
type Stats ¶ added in v1.2.13
type Stats struct { Enabled *bool `json:"enabled,omitempty" desc:"Controls whether or not Envoy stats are enabled"` RoutePrefixRewrite *string `json:"routePrefixRewrite,omitempty" desc:"The Envoy stats endpoint to which the metrics are written"` SetDatadogAnnotations *bool `json:"setDatadogAnnotations,omitempty" desc:"Sets the default datadog annotations"` EnableStatsRoute *bool `json:"enableStatsRoute,omitempty" desc:"Enables an additional route to the stats cluster defaulting to /stats"` StatsPrefixRewrite *string `json:"statsPrefixRewrite,omitempty" desc:"The Envoy stats endpoint with general metrics for the additional stats route"` ServiceMonitorEnabled *bool `` /* 184-byte string literal not displayed */ PodMonitorEnabled *bool `` /* 176-byte string literal not displayed */ }
type UdsOptions ¶ added in v1.9.5
type UdsOptions struct { Enabled *bool `json:"enabled,omitempty" desc:"Enable upstream discovery service. Defaults to true."` WatchLabels map[string]string `` /* 148-byte string literal not displayed */ }
Configuration options for the Upstream Discovery Service (UDS).
type VaultAwsAuth ¶ added in v1.15.3
type VaultAwsAuth struct { VaultRole string `` /* 170-byte string literal not displayed */ Region string `json:"region,omitempty" desc:"The AWS region to use for the login attempt."` IamServerIdHeader string `json:"iamServerIdHeader,omitempty" desc:"The IAM Server ID Header required to be included in the request."` MountPath string `json:"mountPath,omitempty" desc:"The Vault path on which the AWS auth is mounted."` AccessKeyID string `` /* 389-byte string literal not displayed */ SecretAccessKey string `` /* 397-byte string literal not displayed */ SessionToken string `json:"sessionToken,omitempty" desc:"The Session Token as provided by the security credentials on the AWS IAM resource."` LeaseIncrement *uint32 `` /* 265-byte string literal not displayed */ }
type VaultSecrets ¶ added in v1.15.3
type VaultSecrets struct { Address string `` /* 175-byte string literal not displayed */ RootKey string `` /* 183-byte string literal not displayed */ PathPrefix string `` /* 233-byte string literal not displayed */ TlsConfig VaultTlsConfig `` /* 205-byte string literal not displayed */ AccessToken string `json:"accessToken,omitempty" desc:"Vault token to use for authentication. Only one of accessToken or aws may be set."` Aws VaultAwsAuth `json:"aws,omitempty" desc:"Only one of accessToken or aws may be set."` }
type VaultTlsConfig ¶ added in v1.15.3
type VaultTlsConfig struct { CaCert string `json:"caCert,omitempty" desc:"Path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate."` CaPath string `json:"caPath,omitempty" desc:"Path to a directory of PEM-encoded CA cert files to verify the Vault server SSL certificate."` ClientCert string `json:"clientCert,omitempty" desc:"Path to the certificate for Vault communication."` ClientKey string `json:"clientKey,omitempty" desc:"Path to the private key for Vault communication."` TlsServerName string `json:"tlsServerName,omitempty" desc:"If set, it is used to set the SNI host when connecting via TLS."` Insecure bool `json:"insecure,omitempty" desc:"Disables TLS verification when set to true."` }
type Webhook ¶ added in v1.3.27
type Webhook struct { Enabled *bool `json:"enabled,omitempty" desc:"enable validation webhook (default true)"` DisableHelmHook *bool `json:"disableHelmHook,omitempty" desc:"do not create the webhook as helm hook (default false)"` TimeoutSeconds *int `json:"timeoutSeconds,omitempty" desc:"the timeout for the webhook, defaults to 10"` ExtraAnnotations map[string]string `json:"extraAnnotations,omitempty" desc:"extra annotations to add to the webhook"` SkipDeleteValidationResources []string `` /* 329-byte string literal not displayed */ // EnablePolicyApi provides granular access to users to opt-out of Policy validation // There are some known race conditions in our Gloo Gateway processes resource references, // even when allowWarnings=true: https://github.com/solo-io/solo-projects/issues/6321 // As a result, this is intended as a short-term solution to provide users a way to opt-out of Policy API validation. // The desired long-term strategy is that our validation logic is stable, and users can leverage it EnablePolicyApi *bool `` /* 234-byte string literal not displayed */ *KubeResourceOverride }