Skip to main content
logoTetrate Enterprise Gateway for Envoy (TEG)Version: v1.2.x

teg-envoy-gateway-helm

Version: 1.2.1 Type: application AppVersion: latest

The Helm chart for Tetrate Enterprise Gateway for Envoy

Homepage: https://tetrate.io/

Requirements

RepositoryNameVersion
oci://docker.io/envoyproxygateway-helmv1.2.4

Values

KeyTypeDefaultDescription
certgenobject{"job":{"annotations":{},"resources":{},"ttlSecondsAfterFinished":30},"rbac":{"annotations":{},"labels":{}}}TEG Certificate Generation Job configuration used to generate TLS Certificates for Redis
config.envoyProxyobject{"logging":{"level":{"default":"warn"}}}Configuration for every Envoy Proxy replica in each Gateway which uses the default 'teg' GatewayClass (which references the EnvoyProxy resource made from these values). This is merged with defaults to product an EnvoyProxy object (https://gateway.envoyproxy.io/latest/api/extension_types/#envoyproxyspec). Values specified here take precedence
config.envoyProxy.logging.level.defaultstring"warn"All Envoy log areas to log at level warn Individual areas can be altered with eg oauth2: debug
corazaWafobject-Coraza WAF Configuration for Envoy Proxy
corazaWaf.directiveslist["Include @recommended-conf","SecRuleEngine On","SecDebugLogLevel 2","Include @crs-setup-conf","Include @owasp_crs/*.conf"]Directives to configure Coraza WAF You can find more details about the directives here: https://github.com/corazawaf/coraza-proxy-wasm/tree/main/wasmplugin/rules
corazaWaf.enabledboolfalseSwitch to enable Coraza WAF
corazaWaf.imageobject-Coraza WAF image configuration
corazaWaf.image.pullPolicystring"IfNotPresent"Coraza WAF image pull policy
corazaWaf.image.repositorystring"ghcr.io/tetratelabs/coraza-proxy-wasm"Coraza WAF image repository
corazaWaf.image.tagstring"0.6.0-trc0-busybox"Coraza WAF image tag
deploymentobject-Tetrate Enterprise Gateway for Envoy control plane components configuration options
deployment.tegEnvoyGatewayobject-Tetrate Enterprise Gateway for Envoy deployment configuration
deployment.tegEnvoyGateway.imageobject-Tetrate Enterprise Gateway for Envoy image configuration
deployment.tegEnvoyGateway.image.pullPolicystring"IfNotPresent"Tetrate Enterprise Gateway for Envoy image pull policy
deployment.tegEnvoyGateway.image.pullSecretslist[]Tetrate Enterprise Gateway for Envoy image pull secrets
deployment.tegEnvoyGateway.image.repositorystring"docker.io/tetrate/teg-envoy-gateway"Tetrate Enterprise Gateway for Envoy image repository
deployment.tegEnvoyGateway.image.tagstring"15ea4ec"Tetrate Enterprise Gateway for Envoy image tag
deployment.tegEnvoyGateway.replicasint1Tetrate Enterprise Gateway for Envoy replicas in cluster
deployment.tegEnvoyGateway.resourcesobject{}Tetrate Enterprise Gateway for Envoy deployment resources More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
gateway-helmobject{"config":{"envoyGateway":{"extensionApis":{"enableEnvoyPatchPolicy":true},"provider":{"kubernetes":{"overwrite_control_plane_certs":false,"rateLimitDeployment":{"container":{"env":[{"name":"LOG_FORMAT","value":"json"},{"name":"REDIS_HEALTH_CHECK_ACTIVE_CONNECTION","value":"false"},{"name":"REDIS_TYPE","value":"SINGLE"},{"name":"REDIS_TLS_CACERT","value":"/redis-certs/ca.crt"}]}}}},"rateLimit":{"backend":{"redis":{"tls":{"certificateRef":{"name":"redis-tls"}},"url":"teg-redis.envoy-gateway-system.svc.cluster.local:6379"},"type":"Redis"}}}}}Envoy Gateway installation configuration. Detailed configuration documentation can be found here: https://github.com/envoyproxy/gateway/tree/main/charts/gateway-helm Tetrate Enterprise Gateway for Envoy configures underlying Envoy gateway installation configuration. In case there are any conflicts, between TEG configuration and EG configuration provided here, EG configuration is given precedence.
gateway-helm.config.envoyGateway.rateLimit.backend.redis.urlstring"teg-redis.envoy-gateway-system.svc.cluster.local:6379"If you change the namespace or name of the Redis Service, change this to match
redisobject-TEG Redis deployment configuration
redis.disabledboolfalseRedis enabled by default
redis.imageobject-Redis image configuration
redis.image.pullPolicystring"IfNotPresent"Redis image pull policy in cluster
redis.image.pullSecretslist[]Redis image pull secrets
redis.image.repositorystring"redis"Redis image repository
redis.image.tagstring"7.0.11"Redis image tag
redis.passwordstring""default user auth password for redis deployment
redis.replicasint1Redis replicas to deploy
redis.resourcesobject{}Redis deployment resources More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
redis.serviceobject-Redis service configuration
redis.service.portint6379Redis service exposed port
redis.service.typestring"ClusterIP"Redis service type