settings.proto

Package: gloo.solo.io

Types:

Source File: github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto

Settings

Represents global settings for all the Gloo components.

"discoveryNamespace": string
"watchNamespaces": []string
"kubernetesConfigSource": .gloo.solo.io.Settings.KubernetesCrds
"directoryConfigSource": .gloo.solo.io.Settings.Directory
"consulKvSource": .gloo.solo.io.Settings.ConsulKv
"kubernetesSecretSource": .gloo.solo.io.Settings.KubernetesSecrets
"vaultSecretSource": .gloo.solo.io.Settings.VaultSecrets
"directorySecretSource": .gloo.solo.io.Settings.Directory
"kubernetesArtifactSource": .gloo.solo.io.Settings.KubernetesConfigmaps
"directoryArtifactSource": .gloo.solo.io.Settings.Directory
"bindAddr": string
"refreshRate": .google.protobuf.Duration
"devMode": bool
"linkerd": bool
"circuitBreakers": .gloo.solo.io.CircuitBreakerConfig
"knative": .gloo.solo.io.Settings.KnativeOptions
"discovery": .gloo.solo.io.Settings.DiscoveryOptions
"consul": .gloo.solo.io.Settings.ConsulConfiguration
"kubernetes": .gloo.solo.io.Settings.KubernetesConfiguration
"extensions": .gloo.solo.io.Extensions
"metadata": .core.solo.io.Metadata
"status": .core.solo.io.Status
Field Type Description Default
discoveryNamespace string This is the namespace to which Gloo will write its own resources, e.g. discovered Upstreams or default Gateways. If empty, this will default to “gloo-system”.
watchNamespaces []string Use this setting to restrict the namespaces that Gloo takes into consideration when watching for resources.In a usual production scenario, RBAC policies will limit the namespaces that Gloo has access to. If watch_namespaces contains namespaces outside of this whitelist, Gloo will fail to start. If not set, this defaults to all available namespaces. Please note that, the discovery_namespace will always be included in this list.
kubernetesConfigSource .gloo.solo.io.Settings.KubernetesCrds
directoryConfigSource .gloo.solo.io.Settings.Directory
consulKvSource .gloo.solo.io.Settings.ConsulKv
kubernetesSecretSource .gloo.solo.io.Settings.KubernetesSecrets
vaultSecretSource .gloo.solo.io.Settings.VaultSecrets
directorySecretSource .gloo.solo.io.Settings.Directory
kubernetesArtifactSource .gloo.solo.io.Settings.KubernetesConfigmaps
directoryArtifactSource .gloo.solo.io.Settings.Directory
bindAddr string Where the gloo xDS server should bind (should not need configuration by user)
refreshRate .google.protobuf.Duration How frequently to resync watches, etc
devMode bool Enable serving debug data on port 9090
linkerd bool Enable automatic linkerd upstream header addition for easier routing to linkerd services
circuitBreakers .gloo.solo.io.CircuitBreakerConfig Default circuit breakers when not set in a specific upstream.
knative .gloo.solo.io.Settings.KnativeOptions Configuration options for the Clusteringress Controller (for Knative).
discovery .gloo.solo.io.Settings.DiscoveryOptions Options for configuring Gloo’s Discovery service
consul .gloo.solo.io.Settings.ConsulConfiguration Options to configure Gloo’s integration with HashiCorp Consul.
kubernetes .gloo.solo.io.Settings.KubernetesConfiguration Options to configure Gloo’s integration with Kubernetes.
extensions .gloo.solo.io.Extensions Settings for extensions
metadata .core.solo.io.Metadata Metadata contains the object metadata for this resource
status .core.solo.io.Status Status indicates the validation status of this resource. Status is read-only by clients, and set by gloo during validation

KubernetesCrds

Use Kubernetes CRDs as storage.

Field Type Description Default

KubernetesSecrets

Use Kubernetes as storage for secret data.

Field Type Description Default

VaultSecrets

Use HashiCorp Vault as storage for secret data.

"token": string
"address": string
"caCert": string
"caPath": string
"clientCert": string
"clientKey": string
"tlsServerName": string
"insecure": .google.protobuf.BoolValue
"rootKey": string
Field Type Description Default
token string the Token used to authenticate to Vault
address string address is the address of the Vault server. This should be a complete URL such as “http://vault.example.com".
caCert string caCert is the path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.
caPath string caPath is the path to a directory of PEM-encoded CA cert files to verify the Vault server SSL certificate.
clientCert string clientCert is the path to the certificate for Vault communication
clientKey string clientKey is the path to the private key for Vault communication
tlsServerName string tlsServerName, if set, is used to set the SNI host when connecting via TLS.
insecure .google.protobuf.BoolValue Insecure enables or disables SSL verification
rootKey string all keys stored in Vault will begin with this Vault this can be used to run multiple instances of Gloo against the same Consul cluster defaults to gloo

ConsulKv

Use HashiCorp Consul Key-Value as storage for config data. Configuration options for connecting to Consul can be configured in the Settings’ root consul field

"rootKey": string
Field Type Description Default
rootKey string all keys stored in Consul will begin with this prefix this can be used to run multiple instances of Gloo against the same Consul cluster defaults to gloo

KubernetesConfigmaps

Use Kubernetes ConfigMaps as storage.

Field Type Description Default

Directory

As an alternative to Kubernetes CRDs, Gloo is able to store resources in a local file system. This option determines the root of the directory tree used to this end.

"directory": string
Field Type Description Default
directory string

KnativeOptions

"clusterIngressProxyAddress": string
"knativeExternalProxyAddress": string
"knativeInternalProxyAddress": string
Field Type Description Default
clusterIngressProxyAddress string Address of the clusteringress proxy. If empty, it will default to clusteringress-proxy.$POD_NAMESPACE.svc.cluster.local. Use if running Knative Version 0.7.X or less
knativeExternalProxyAddress string Address of the externally-facing knative proxy. If empty, it will default to knative-external-proxy.$POD_NAMESPACE.svc.cluster.local. Use if running Knative Version 0.8.X or higher
knativeInternalProxyAddress string Address of the internally-facing knative proxy. If empty, it will default to knative-internal-proxy.$POD_NAMESPACE.svc.cluster.local. Use if running Knative Version 0.8.X or higher

DiscoveryOptions

"fdsMode": .gloo.solo.io.Settings.DiscoveryOptions.FdsMode
Field Type Description Default
fdsMode .gloo.solo.io.Settings.DiscoveryOptions.FdsMode

FdsMode

Possible modes for running the function discovery service (FDS). FDS polls services in-cluster for Swagger and gRPC endpoints. This behavior can be controlled with the use of annotations. FdsMode specifies what policy FDS will use when determining which services to poll.

Name Description
BLACKLIST In BLACKLIST mode (default), FDS will poll all services in cluster except those services labeled with discovery.solo.io/function_discovery=disabled. This label can also be used on namespaces to apply to all services within a namespace which are not explicitly whitelisted. Note that kube-system and kube-public namespaces must be explicitly whitelisted even in blacklist mode.
WHITELIST In WHITELIST mode, FDS will poll only services in cluster labeled with discovery.solo.io/function_discovery=enabled. This label can also be used on namespaces to apply to all services which are not explicitly blacklisted within a namespace.
DISABLED In DISABLED mode, FDS will not run.

ConsulConfiguration

Provides overrides for the default configuration parameters used to connect to Consul.

Note: It is also possible to configure the Consul client Gloo uses via the environment variables described here. These need to be set on the Gloo container.

"address": string
"datacenter": string
"username": string
"password": string
"token": string
"caFile": string
"caPath": string
"certFile": string
"keyFile": string
"insecureSkipVerify": .google.protobuf.BoolValue
"waitTime": .google.protobuf.Duration
"serviceDiscovery": .gloo.solo.io.Settings.ConsulConfiguration.ServiceDiscoveryOptions
Field Type Description Default
address string The address of the Consul server. Defaults to the value of the standard CONSUL_HTTP_ADDR env if set, otherwise to 127.0.0.1:8500.
datacenter string Datacenter to use. If not provided, the default agent datacenter is used.
username string Username to use for HTTP Basic Authentication
password string Password to use for HTTP Basic Authentication
token string Token is used to provide a per-request ACL token which overrides the agent’s default token.
caFile string caFile is the optional path to the CA certificate used for Consul communication, defaults to the system bundle if not specified.
caPath string caPath is the optional path to a directory of CA certificates to use for Consul communication, defaults to the system bundle if not specified.
certFile string CertFile is the optional path to the certificate for Consul communication. If this is set then you need to also set KeyFile.
keyFile string KeyFile is the optional path to the private key for Consul communication. If this is set then you need to also set CertFile.
insecureSkipVerify .google.protobuf.BoolValue InsecureSkipVerify if set to true will disable TLS host verification.
waitTime .google.protobuf.Duration WaitTime limits how long a watches for Consul resources will block. If not provided, the agent default values will be used.
serviceDiscovery .gloo.solo.io.Settings.ConsulConfiguration.ServiceDiscoveryOptions Enable Service Discovery via Consul with this field set to empty struct {} to enable with defaults

ServiceDiscoveryOptions

service discovery options for Consul

"dataCenters": []string
Field Type Description Default
dataCenters []string Use this parameter to restrict the data centers that will be considered when discovering and routing to services. If not provided, Gloo will use all available data centers.

KubernetesConfiguration

Provides overrides for the default configuration parameters used to interact with Kubernetes.

"rateLimits": .gloo.solo.io.Settings.KubernetesConfiguration.RateLimits
Field Type Description Default
rateLimits .gloo.solo.io.Settings.KubernetesConfiguration.RateLimits Rate limits for the kuberentes clients

RateLimits

"qPS": float
"burst": int
Field Type Description Default
qPS float The maximum queries-per-second Gloo can make to the Kubernetes API Server.
burst int Maximum burst for throttle. When a steady state of QPS requests per second, this is an additional number of allowed, to allow for short bursts.