gateway-helm
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Global settings
2
global:
3
# If set, these take highest precedence and change both envoyGateway and ratelimit's container registry and pull secrets.
4
# -- Global override for image registry
5
imageRegistry: ""
6
# -- Global override for image pull secrets
7
imagePullSecrets: []
8
# If set, these override image-specific values: useful when installing the chart in a private registry environment.
9
# Override image-specific values directly if a global override is not desired.
10
images:
11
envoyGateway:
12
# This is the full image name including the hub, repo, and tag.
13
image: cgr.dev/chainguard-private/envoy-gateway-fips:latest@sha256:e41ce03c463979fe599af116127c14f93574cd7c92182ab33cba37098968e2e1
14
# Specify image pull policy if default behavior isn't desired.
15
# Default behavior: latest images will be Always else IfNotPresent.
16
pullPolicy: IfNotPresent
17
# List of secrets in the same namespace of the component that can be used to pull images from private repositories.
18
pullSecrets: []
19
ratelimit:
20
# This is the full image name including the hub, repo, and tag.
21
image: cgr.dev/chainguard-private/envoy-ratelimit-fips:latest@sha256:90aa994a45422ff83fdcbf91f67875af12248bf3e39c955b7cc4ea05d64ca2ee
22
# Specify image pull policy if default behavior isn't desired.
23
# Default behavior: latest images will be Always else IfNotPresent.
24
pullPolicy: IfNotPresent
25
# List of secrets in the same namespace of the component that can be used to pull images from private repositories.
26
pullSecrets: []
27
podDisruptionBudget:
28
minAvailable: 0
29
# maxUnavailable: 1
30
deployment:
31
annotations: {}
32
envoyGateway:
33
image:
34
# if both this and global.imageRegistry are specified, this has to include both registry and repository explicitly, eg docker.io/envoyproxy/gateway
35
repository: ""
36
tag: ""
37
imagePullPolicy: ""
38
imagePullSecrets: []
39
resources:
40
limits:
41
memory: 1024Mi
42
requests:
43
cpu: 100m
44
memory: 256Mi
45
securityContext:
46
allowPrivilegeEscalation: false
47
capabilities:
48
drop:
49
- ALL
50
privileged: false
51
runAsNonRoot: true
52
runAsGroup: 65532
53
runAsUser: 65532
54
seccompProfile:
55
type: RuntimeDefault
56
ports:
57
- name: grpc
58
port: 18000
59
targetPort: 18000
60
- name: ratelimit
61
port: 18001
62
targetPort: 18001
63
- name: wasm
64
port: 18002
65
targetPort: 18002
66
- name: metrics
67
port: 19001
68
targetPort: 19001
69
priorityClassName: null
70
replicas: 1
71
pod:
72
affinity: {}
73
annotations:
74
prometheus.io/scrape: 'true'
75
prometheus.io/port: '19001'
76
labels: {}
77
topologySpreadConstraints: []
78
tolerations: []
79
nodeSelector: {}
80
service:
81
# If set to PreferClose, the Envoy fleet will prioritize connecting to the Envoy Gateway pods that are topologically closest to them.
82
trafficDistribution: ""
83
annotations: {}
84
# -- Service type. Can be set to LoadBalancer with specific IP, e.g.:
85
# type: LoadBalancer
86
# loadBalancerIP: 10.236.90.20
87
type: "ClusterIP"
88
hpa:
89
enabled: false
90
minReplicas: 1
91
maxReplicas: 1
92
metrics: []
93
behavior: {}
94
config:
95
# -- EnvoyGateway configuration. Visit https://gateway.envoyproxy.io/docs/api/extension_types/#envoygateway to view all options.
96
envoyGateway:
97
gateway:
98
controllerName: gateway.envoyproxy.io/gatewayclass-controller
99
provider:
100
type: Kubernetes
101
logging:
102
level:
103
default: info
104
extensionApis: {}
105
createNamespace: false
106
kubernetesClusterDomain: cluster.local
107
# -- Certgen is used to generate the certificates required by EnvoyGateway. If you want to construct a custom certificate, you can generate a custom certificate through Cert-Manager before installing EnvoyGateway. Certgen will not overwrite the custom certificate. Please do not manually modify `values.yaml` to disable certgen, it may cause EnvoyGateway OIDC,OAuth2,etc. to not work as expected.
108
certgen:
109
job:
110
annotations: {}
111
args: []
112
pod:
113
annotations: {}
114
labels: {}
115
resources: {}
116
affinity: {}
117
tolerations: []
118
nodeSelector: {}
119
ttlSecondsAfterFinished: 30
120
securityContext:
121
allowPrivilegeEscalation: false
122
capabilities:
123
drop:
124
- ALL
125
privileged: false
126
readOnlyRootFilesystem: true
127
runAsNonRoot: true
128
runAsGroup: 65532
129
runAsUser: 65532
130
seccompProfile:
131
type: RuntimeDefault
132
rbac:
133
annotations: {}
134
labels: {}
135
topologyInjector:
136
enabled: true
137
annotations: {}
138
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.