DirectorySecurity AdvisoriesPricing
Sign in
Directory
istio-gateway logoHELM

istio-gateway

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:

1
# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally.
2
# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`.
3
_internal_defaults_do_not_set:
4
# Name allows overriding the release name. Generally this should not be set
5
name: ""
6
# revision declares which revision this gateway is a part of
7
revision: ""
8
9
# Controls the spec.replicas setting for the Gateway deployment if set.
10
# Otherwise defaults to Kubernetes Deployment default (1).
11
replicaCount:
12
13
kind: Deployment
14
15
rbac:
16
# If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed
17
# when using http://gateway-api.org/.
18
enabled: true
19
20
serviceAccount:
21
# If set, a service account will be created. Otherwise, the default is used
22
create: true
23
# Annotations to add to the service account
24
annotations: {}
25
# The name of the service account to use.
26
# If not set, the release name is used
27
name: ""
28
29
podAnnotations:
30
prometheus.io/port: "15020"
31
prometheus.io/scrape: "true"
32
prometheus.io/path: "/stats/prometheus"
33
inject.istio.io/templates: "gateway"
34
sidecar.istio.io/inject: "true"
35
36
# Define the security context for the pod.
37
# If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443.
38
# On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl.
39
securityContext: {}
40
containerSecurityContext: {}
41
42
service:
43
# Type of service. Set to "None" to disable the service entirely
44
type: LoadBalancer
45
# Additional labels to add to the service selector
46
selectorLabels: {}
47
ports:
48
- name: status-port
49
port: 15021
50
protocol: TCP
51
targetPort: 15021
52
- name: http2
53
port: 80
54
protocol: TCP
55
targetPort: 80
56
- name: https
57
port: 443
58
protocol: TCP
59
targetPort: 443
60
annotations: {}
61
loadBalancerIP: ""
62
loadBalancerSourceRanges: []
63
externalTrafficPolicy: ""
64
externalIPs: []
65
ipFamilyPolicy: ""
66
ipFamilies: []
67
## Whether to automatically allocate NodePorts (only for LoadBalancers).
68
# allocateLoadBalancerNodePorts: false
69
## Set LoadBalancer class (only for LoadBalancers).
70
# loadBalancerClass: ""
71
72
resources:
73
requests:
74
cpu: 100m
75
memory: 128Mi
76
limits:
77
cpu: 2000m
78
memory: 1024Mi
79
80
autoscaling:
81
enabled: true
82
minReplicas: 1
83
maxReplicas: 5
84
targetCPUUtilizationPercentage: 80
85
targetMemoryUtilizationPercentage: {}
86
autoscaleBehavior: {}
87
88
# Pod environment variables
89
env: {}
90
91
# Use envVarFrom to define full environment variable entries with complex sources,
92
# such as valueFrom.secretKeyRef, valueFrom.configMapKeyRef. Each item must include a `name` and `valueFrom`.
93
#
94
# Example:
95
# envVarFrom:
96
# - name: EXAMPLE_SECRET
97
# valueFrom:
98
# secretKeyRef:
99
# name: example-name
100
# key: example-key
101
envVarFrom: []
102
103
# Deployment Update strategy
104
strategy: {}
105
106
# Sets the Deployment minReadySeconds value
107
minReadySeconds:
108
109
# Optionally configure a custom readinessProbe. By default the control plane
110
# automatically injects the readinessProbe. If you wish to override that
111
# behavior, you may define your own readinessProbe here.
112
readinessProbe: {}
113
114
# Labels to apply to all resources
115
labels:
116
# By default, don't enroll gateways into the ambient dataplane
117
"istio.io/dataplane-mode": none
118
119
# Annotations to apply to all resources
120
annotations: {}
121
122
nodeSelector: {}
123
124
tolerations: []
125
126
topologySpreadConstraints: []
127
128
affinity: {}
129
130
# If specified, the gateway will act as a network gateway for the given network.
131
networkGateway: ""
132
133
# Specify image pull policy if default behavior isn't desired.
134
# Default behavior: latest images will be Always else IfNotPresent
135
imagePullPolicy: ""
136
137
imagePullSecrets: []
138
139
# This value is used to configure a Kubernetes PodDisruptionBudget for the gateway.
140
#
141
# By default, the `podDisruptionBudget` is disabled (set to `{}`),
142
# which means that no PodDisruptionBudget resource will be created.
143
#
144
# To enable the PodDisruptionBudget, configure it by specifying the
145
# `minAvailable` or `maxUnavailable`. For example, to set the
146
# minimum number of available replicas to 1, you can update this value as follows:
147
#
148
# podDisruptionBudget:
149
# minAvailable: 1
150
#
151
# Or, to allow a maximum of 1 unavailable replica, you can set:
152
#
153
# podDisruptionBudget:
154
# maxUnavailable: 1
155
#
156
# You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`.
157
# For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows:
158
#
159
# podDisruptionBudget:
160
# minAvailable: 1
161
# unhealthyPodEvictionPolicy: AlwaysAllow
162
#
163
# To disable the PodDisruptionBudget, you can leave it as an empty object `{}`:
164
#
165
# podDisruptionBudget: {}
166
#
167
podDisruptionBudget: {}
168
169
# Sets the per-pod terminationGracePeriodSeconds setting.
170
terminationGracePeriodSeconds: 30
171
172
# A list of `Volumes` added into the Gateway Pods. See
173
# https://kubernetes.io/docs/concepts/storage/volumes/.
174
volumes: []
175
176
# A list of `VolumeMounts` added into the Gateway Pods. See
177
# https://kubernetes.io/docs/concepts/storage/volumes/.
178
volumeMounts: []
179
180
# Inject initContainers into the Gateway Pods.
181
initContainers: []
182
183
# Inject additional containers into the Gateway Pods.
184
additionalContainers: []
185
186
# Configure this to a higher priority class in order to make sure your Istio gateway pods
187
# will not be killed because of low priority class.
188
# Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
189
# for more detail.
190
priorityClassName: ""
191
192
# Configure the lifecycle hooks for the gateway. See
193
# https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/.
194
lifecycle: {}
195

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.