gateway-helm
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Global settings
2
global:
3
# If set, these take highest precedence and change envoyGateway, envoyProxy, and ratelimit's container registry and pull secrets.
4
# -- Global override for image registry
5
imageRegistry: ""
6
# -- Global override for image pull secrets
7
imagePullSecrets: []
8
# If set, these override image-specific values: useful when installing the chart in a private registry environment.
9
# Override image-specific values directly if a global override is not desired.
10
images:
11
envoyGateway:
12
# This is the full image name including the hub, repo, and tag.
13
image: chainreg.biz/chainguard-private/envoy-gateway-fips:latest@sha256:4cdac98da3ec8a6880a87e092bccbd4a9221ef55279bae0fcaa5969ca354598a
14
# Specify image pull policy if default behavior isn't desired.
15
# Default behavior: latest images will be Always else IfNotPresent.
16
pullPolicy: IfNotPresent
17
# List of secrets in the same namespace of the component that can be used to pull images from private repositories.
18
pullSecrets: []
19
ratelimit:
20
# This is the full image name including the hub, repo, and tag.
21
image: chainreg.biz/chainguard-private/envoy-ratelimit-fips:latest@sha256:99e34a8ceb802aceae34af46da835fba40faacc6c70b86892f4c6f976f003c96
22
# Specify image pull policy if default behavior isn't desired.
23
# Default behavior: latest images will be Always else IfNotPresent.
24
pullPolicy: IfNotPresent
25
# List of secrets in the same namespace of the component that can be used to pull images from private repositories.
26
pullSecrets: []
27
envoyProxy:
28
# This is the full image name including the hub, repo, and tag for the Envoy Proxy data plane.
29
# If not specified, uses the default image built into envoy-gateway.
30
image: ""
31
# Specify image pull policy if default behavior isn't desired.
32
# Default behavior: IfNotPresent.
33
pullPolicy: ""
34
# List of secrets in the same namespace of the component that can be used to pull images from private repositories.
35
pullSecrets: []
36
# -- Labels to apply to all resources
37
commonLabels: {}
38
podDisruptionBudget:
39
minAvailable: 0
40
# maxUnavailable: 1
41
deployment:
42
annotations: {}
43
envoyGateway:
44
image:
45
# if both this and global.imageRegistry are specified, this has to include both registry and repository explicitly, eg docker.io/envoyproxy/gateway
46
repository: ""
47
tag: ""
48
imagePullPolicy: ""
49
imagePullSecrets: []
50
# -- Additional environment variables for the envoy-gateway container.
51
extraEnv: []
52
resources:
53
limits:
54
memory: 1024Mi
55
requests:
56
cpu: 100m
57
memory: 256Mi
58
securityContext:
59
allowPrivilegeEscalation: false
60
capabilities:
61
drop:
62
- ALL
63
privileged: false
64
runAsNonRoot: true
65
runAsGroup: 65532
66
runAsUser: 65532
67
seccompProfile:
68
type: RuntimeDefault
69
ports:
70
- name: grpc
71
port: 18000
72
targetPort: 18000
73
- name: ratelimit
74
port: 18001
75
targetPort: 18001
76
- name: wasm
77
port: 18002
78
targetPort: 18002
79
- name: metrics
80
port: 19001
81
targetPort: 19001
82
priorityClassName: null
83
replicas: 1
84
pod:
85
affinity: {}
86
annotations:
87
prometheus.io/scrape: 'true'
88
prometheus.io/port: '19001'
89
labels: {}
90
topologySpreadConstraints: []
91
tolerations: []
92
nodeSelector: {}
93
# Additional volumeMounts on the deployment definition.
94
extraVolumeMounts: []
95
# - name: foo
96
# mountPath: "/etc/foo"
97
# readOnly: true
98
# Additional volumes on the deployment definition.
99
extraVolumes: []
100
# - name: foo
101
# configMap:
102
# name: myconfigmap
103
service:
104
# If set to PreferClose, the Envoy fleet will prioritize connecting to the Envoy Gateway pods that are topologically closest to them.
105
trafficDistribution: ""
106
annotations: {}
107
# -- Service type. Can be set to LoadBalancer with specific IP, e.g.:
108
# type: LoadBalancer
109
# loadBalancerIP: 10.236.90.20
110
type: "ClusterIP"
111
hpa:
112
enabled: false
113
minReplicas: 1
114
maxReplicas: 1
115
metrics: []
116
behavior: {}
117
config:
118
# -- EnvoyGateway configuration. Visit https://gateway.envoyproxy.io/docs/api/extension_types/#envoygateway to view all options.
119
envoyGateway:
120
gateway:
121
controllerName: gateway.envoyproxy.io/gatewayclass-controller
122
provider:
123
type: Kubernetes
124
logging:
125
level:
126
default: info
127
extensionApis: {}
128
createNamespace: false
129
# -- Override the namespace for resources deployed by the chart.
130
# Defaults to the release namespace.
131
namespaceOverride: ""
132
kubernetesClusterDomain: cluster.local
133
# -- Certgen is used to generate the certificates required by EnvoyGateway. If you want to construct a custom certificate, you can generate a custom certificate through Cert-Manager before installing EnvoyGateway. Certgen will not overwrite the custom certificate. Please do not manually modify `values.yaml` to disable certgen, it may cause EnvoyGateway OIDC,OAuth2,etc. to not work as expected.
134
certgen:
135
job:
136
annotations: {}
137
args: []
138
pod:
139
annotations: {}
140
labels: {}
141
resources: {}
142
affinity: {}
143
tolerations: []
144
nodeSelector: {}
145
ttlSecondsAfterFinished: 30
146
securityContext:
147
allowPrivilegeEscalation: false
148
capabilities:
149
drop:
150
- ALL
151
privileged: false
152
readOnlyRootFilesystem: true
153
runAsNonRoot: true
154
runAsGroup: 65532
155
runAsUser: 65532
156
seccompProfile:
157
type: RuntimeDefault
158
rbac:
159
annotations: {}
160
labels: {}
161
topologyInjector:
162
enabled: true
163
annotations: {}
164
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.