DirectorySecurity AdvisoriesPricing
/
Sign in
Directory
istio-gateway logoHELM

istio-gateway

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:
1
# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally.
2
# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`.
3
_internal_defaults_do_not_set:
4
# Name allows overriding the release name. Generally this should not be set
5
name: ""
6
# revision declares which revision this gateway is a part of
7
revision: ""
8
9
# Controls the spec.replicas setting for the Gateway deployment if set.
10
# Otherwise defaults to Kubernetes Deployment default (1).
11
replicaCount:
12
13
kind: Deployment
14
15
rbac:
16
# If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed
17
# when using http://gateway-api.org/.
18
enabled: true
19
20
serviceAccount:
21
# If set, a service account will be created. Otherwise, the default is used
22
create: true
23
# Annotations to add to the service account
24
annotations: {}
25
# The name of the service account to use.
26
# If not set, the release name is used
27
name: ""
28
29
podAnnotations:
30
prometheus.io/port: "15020"
31
prometheus.io/scrape: "true"
32
prometheus.io/path: "/stats/prometheus"
33
inject.istio.io/templates: "gateway"
34
sidecar.istio.io/inject: "true"
35
36
# Define the security context for the pod.
37
# If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443.
38
# On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl.
39
securityContext: {}
40
containerSecurityContext: {}
41
42
service:
43
# Type of service. Set to "None" to disable the service entirely
44
type: LoadBalancer
45
# Set to a specific ClusterIP, or "" for automatic assignment
46
clusterIP: ""
47
# Additional labels to add to the service selector
48
selectorLabels: {}
49
ports:
50
- name: status-port
51
port: 15021
52
protocol: TCP
53
targetPort: 15021
54
- name: http2
55
port: 80
56
protocol: TCP
57
targetPort: 80
58
- name: https
59
port: 443
60
protocol: TCP
61
targetPort: 443
62
annotations: {}
63
loadBalancerIP: ""
64
loadBalancerSourceRanges: []
65
externalTrafficPolicy: ""
66
externalIPs: []
67
ipFamilyPolicy: ""
68
ipFamilies: []
69
## Whether to automatically allocate NodePorts (only for LoadBalancers).
70
# allocateLoadBalancerNodePorts: false
71
## Set LoadBalancer class (only for LoadBalancers).
72
# loadBalancerClass: ""
73
74
resources:
75
requests:
76
cpu: 100m
77
memory: 128Mi
78
limits:
79
cpu: 2000m
80
memory: 1024Mi
81
82
autoscaling:
83
enabled: true
84
minReplicas: 1
85
maxReplicas: 5
86
targetCPUUtilizationPercentage: 80
87
targetMemoryUtilizationPercentage: {}
88
autoscaleBehavior: {}
89
90
# Pod environment variables
91
env: {}
92
93
# Use envVarFrom to define full environment variable entries with complex sources,
94
# such as valueFrom.secretKeyRef, valueFrom.configMapKeyRef. Each item must include a `name` and `valueFrom`.
95
#
96
# Example:
97
# envVarFrom:
98
# - name: EXAMPLE_SECRET
99
# valueFrom:
100
# secretKeyRef:
101
# name: example-name
102
# key: example-key
103
envVarFrom: []
104
105
# Deployment Update strategy
106
strategy: {}
107
108
# Sets the Deployment minReadySeconds value
109
minReadySeconds:
110
111
# Optionally configure a custom readinessProbe. By default the control plane
112
# automatically injects the readinessProbe. If you wish to override that
113
# behavior, you may define your own readinessProbe here.
114
readinessProbe: {}
115
116
# Labels to apply to all resources
117
labels:
118
# By default, don't enroll gateways into the ambient dataplane
119
"istio.io/dataplane-mode": none
120
121
# Annotations to apply to all resources
122
annotations: {}
123
124
nodeSelector: {}
125
126
tolerations: []
127
128
topologySpreadConstraints: []
129
130
affinity: {}
131
132
# If specified, the gateway will act as a network gateway for the given network.
133
networkGateway: ""
134
135
# Specify image pull policy if default behavior isn't desired.
136
# Default behavior: latest images will be Always else IfNotPresent
137
imagePullPolicy: ""
138
139
imagePullSecrets: []
140
141
# This value is used to configure a Kubernetes PodDisruptionBudget for the gateway.
142
#
143
# By default, the `podDisruptionBudget` is disabled (set to `{}`),
144
# which means that no PodDisruptionBudget resource will be created.
145
#
146
# The PodDisruptionBudget can be only enabled if autoscaling is enabled
147
# with minReplicas > 1 or if autoscaling is disabled but replicaCount > 1.
148
#
149
# To enable the PodDisruptionBudget, configure it by specifying the
150
# `minAvailable` or `maxUnavailable`. For example, to set the
151
# minimum number of available replicas to 1, you can update this value as follows:
152
#
153
# podDisruptionBudget:
154
# minAvailable: 1
155
#
156
# Or, to allow a maximum of 1 unavailable replica, you can set:
157
#
158
# podDisruptionBudget:
159
# maxUnavailable: 1
160
#
161
# You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`.
162
# For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows:
163
#
164
# podDisruptionBudget:
165
# minAvailable: 1
166
# unhealthyPodEvictionPolicy: AlwaysAllow
167
#
168
# To disable the PodDisruptionBudget, you can leave it as an empty object `{}`:
169
#
170
# podDisruptionBudget: {}
171
#
172
podDisruptionBudget: {}
173
174
# Sets the per-pod terminationGracePeriodSeconds setting.
175
terminationGracePeriodSeconds: 30
176
177
# A list of `Volumes` added into the Gateway Pods. See
178
# https://kubernetes.io/docs/concepts/storage/volumes/.
179
volumes: []
180
181
# A list of `VolumeMounts` added into the Gateway Pods. See
182
# https://kubernetes.io/docs/concepts/storage/volumes/.
183
volumeMounts: []
184
185
# Inject initContainers into the Gateway Pods.
186
initContainers: []
187
188
# Inject additional containers into the Gateway Pods.
189
additionalContainers: []
190
191
# Configure this to a higher priority class in order to make sure your Istio gateway pods
192
# will not be killed because of low priority class.
193
# Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
194
# for more detail.
195
priorityClassName: ""
196
197
# Configure the lifecycle hooks for the gateway. See
198
# https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/.
199
lifecycle: {}
200
201
# When enabled, a default NetworkPolicy for gateways will be created
202
global:
203
networkPolicy:
204
enabled: false
205

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0SOC 2Golden ImagesCVE RemediationPublic SectorStartups

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogOpen Source LeadershipPartnersNewsroomCareersLegal
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.