Skip to content

gateway

Configuration for the gateway

Type: object

Path: gateway

enabled

Specifies whether the gateway should be enabled

Default: false

Type: boolean

Path: gateway.enabled

replicas

Number of replicas for the gateway

Default: 1

Type: number

Path: gateway.replicas

hostAliases

hostAliases to add

Default: []

Type: list

Path: gateway.hostAliases

autoscaling

- ip: 1.2.3.4
hostnames:
- domain.tld

Type: object

Path: gateway.autoscaling

enabled

Enable autoscaling for the gateway

Default: false

Type: boolean

Path: gateway.autoscaling.enabled

minReplicas

Minimum autoscaling replicas for the gateway

Default: 1

Type: number

Path: gateway.autoscaling.minReplicas

maxReplicas

Maximum autoscaling replicas for the gateway

Default: 3

Type: number

Path: gateway.autoscaling.maxReplicas

behavior

Autoscaling behavior configuration for the gateway

Default: {}

Type: string

Path: gateway.autoscaling.behavior

targetCPUUtilizationPercentage

Target CPU utilisation percentage for the gateway

Default: 60

Type: number

Path: gateway.autoscaling.targetCPUUtilizationPercentage

targetMemoryUtilizationPercentage

Target memory utilisation percentage for the gateway

Default: None

Type: null

Path: gateway.autoscaling.targetMemoryUtilizationPercentage

verboseLogging

Enable logging of 2xx and 3xx HTTP requests

Default: true

Type: boolean

Path: gateway.verboseLogging

image

Type: object

Path: gateway.image

registry

The Docker registry for the gateway image. Overrides `global.image.registry`

Default: null

Type: string

Path: gateway.image.registry

pullSecrets

Optional list of imagePullSecrets. Overrides `global.image.pullSecrets`

Default: []

Type: list

Path: gateway.image.pullSecrets

repository

The gateway image repository

Default: nginxinc/nginx-unprivileged

Type: string

Path: gateway.image.repository

tag

The gateway image tag

Default: 1.19-alpine

Type: string

Path: gateway.image.tag

pullPolicy

The gateway image pull policy

Default: IfNotPresent

Type: string

Path: gateway.image.pullPolicy

priorityClassName

The name of the PriorityClass for gateway pods

Default: null

Type: string

Path: gateway.priorityClassName

podLabels

Labels for gateway pods

Default: {}

Type: string

Path: gateway.podLabels

podAnnotations

Annotations for gateway pods

Default: {}

Type: string

Path: gateway.podAnnotations

extraArgs

Additional CLI args for the gateway

Default: []

Type: list

Path: gateway.extraArgs

extraEnv

Environment variables to add to the gateway pods

Default: []

Type: list

Path: gateway.extraEnv

extraEnvFrom

Environment variables from secrets or configmaps to add to the gateway pods

Default: []

Type: list

Path: gateway.extraEnvFrom

extraVolumes

Volumes to add to the gateway pods

Default: []

Type: list

Path: gateway.extraVolumes

extraVolumeMounts

Volume mounts to add to the gateway pods

Default: []

Type: list

Path: gateway.extraVolumeMounts

resources

Resource requests and limits for the gateway

Default: {}

Type: string

Path: gateway.resources

terminationGracePeriodSeconds

Grace period to allow the gateway to shutdown before it is killed

Default: 30

Type: number

Path: gateway.terminationGracePeriodSeconds

topologySpreadConstraints

topologySpread for gateway pods. Passed through `tpl` and, thus, to be configured as string
@default -- Defaults to allow skew no more then 1 node per AZ

Default: 

- maxSkew: 1
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
{{- include "deep.selectorLabels" (dict "ctx" . "component" "gateway") | nindent 6 }}

Type: string

Path: gateway.topologySpreadConstraints

affinity

Affinity for gateway pods. Passed through `tpl` and, thus, to be configured as string
@default -- Hard node and soft zone anti-affinity

Default: 

podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
{{- include "deep.selectorLabels" (dict "ctx" . "component" "gateway") | nindent 10 }}
topologyKey: kubernetes.io/hostname
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
{{- include "deep.selectorLabels" (dict "ctx" . "component" "gateway") | nindent 12 }}
topologyKey: topology.kubernetes.io/zone

Type: string

Path: gateway.affinity

nodeSelector

Node selector for gateway pods

Default: {}

Type: string

Path: gateway.nodeSelector

tolerations

Tolerations for gateway pods

Default: []

Type: list

Path: gateway.tolerations

service

Gateway service configuration

Type: object

Path: gateway.service

port

Port of the gateway service

Default: 80

Type: number

Path: gateway.service.port

type

Type of the gateway service

Default: ClusterIP

Type: string

Path: gateway.service.type

clusterIP

ClusterIP of the gateway service

Default: null

Type: string

Path: gateway.service.clusterIP

nodePort

Node port if service type is NodePort

Default: null

Type: string

Path: gateway.service.nodePort

loadBalancerIP

Load balancer IPO address if service type is LoadBalancer

Default: null

Type: string

Path: gateway.service.loadBalancerIP

annotations

Annotations for the gateway service

Default: {}

Type: string

Path: gateway.service.annotations

labels

Labels for gateway service

Default: {}

Type: string

Path: gateway.service.labels

additionalPorts

Additional ports to be opneed on gateway service (e.g. for RPC connections)

Default: {}

Type: string

Path: gateway.service.additionalPorts

traefik

config for using traefik 'IngressRoute'

Type: object

Path: gateway.traefik

apiVersion

Default: traefik.containo.us/v1alpha1

Type: string

Path: gateway.traefik.apiVersion

enabled

Specified whether an IngressRoute should be created

Default: false

Type: boolean

Path: gateway.traefik.enabled

host

Default: gateway.deep.example.com

Type: string

Path: gateway.traefik.host

entryPoints

Specify the entry points for traefik

Type: list

Path: gateway.traefik.entryPoints

0

Default: websecure

Type: string

Path: gateway.traefik.entryPoints.0

routes

Type: list

Path: gateway.traefik.routes

0

Type: object

Path: gateway.traefik.routes.0

match

Default: Host({{ .Values.gateway.traefik.host }}) && PathPrefix(/deepproto.proto)

Type: string

Path: gateway.traefik.routes.0.match

kind

Default: Rule

Type: string

Path: gateway.traefik.routes.0.kind

services

Type: list

Path: gateway.traefik.routes.0.services

0

Type: object

Path: gateway.traefik.routes.0.services.0

name

Default: '{{ include "deep.fullname" . }}-distributor'

Type: string

Path: gateway.traefik.routes.0.services.0.name

port

Default: 43315

Type: number

Path: gateway.traefik.routes.0.services.0.port

scheme

Default: h2c

Type: string

Path: gateway.traefik.routes.0.services.0.scheme

1

Type: object

Path: gateway.traefik.routes.1

match

Default: Host({{ .Values.gateway.traefik.host }})

Type: string

Path: gateway.traefik.routes.1.match

kind

Default: Rule

Type: string

Path: gateway.traefik.routes.1.kind

services

Type: list

Path: gateway.traefik.routes.1.services

0

Type: object

Path: gateway.traefik.routes.1.services.0

name

Default: '{{ include "deep.fullname" . }}-gateway'

Type: string

Path: gateway.traefik.routes.1.services.0.name

port

Default: 80

Type: number

Path: gateway.traefik.routes.1.services.0.port

ingress

Gateway ingress configuration

Type: object

Path: gateway.ingress

enabled

Specifies whether an ingress for the gateway should be created

Default: false

Type: boolean

Path: gateway.ingress.enabled

annotations

Ingress Class Name. MAY be required for Kubernetes versions >= 1.18
ingressClassName: nginx
Annotations for the gateway ingress

Default: {}

Type: string

Path: gateway.ingress.annotations

hosts

Hosts configuration for the gateway ingress

Type: list

Path: gateway.ingress.hosts

0

Type: object

Path: gateway.ingress.hosts.0

host

Default: gateway.deep.example.com

Type: string

Path: gateway.ingress.hosts.0.host

paths

Type: list

Path: gateway.ingress.hosts.0.paths

0

Type: object

Path: gateway.ingress.hosts.0.paths.0

path

Default: /

Type: string

Path: gateway.ingress.hosts.0.paths.0.path

pathType
pathType (e.g. ImplementationSpecific, Prefix, .. etc.) might also be required by some Ingress Controllers

Default: Prefix

Type: string

Path: gateway.ingress.hosts.0.paths.0.pathType

tls

TLS configuration for the gateway ingress

Type: list

Path: gateway.ingress.tls

0

Type: object

Path: gateway.ingress.tls.0

secretName

Default: deep-gateway-tls

Type: string

Path: gateway.ingress.tls.0.secretName

hosts

Type: list

Path: gateway.ingress.tls.0.hosts

0

Default: gateway.deep.example.com

Type: string

Path: gateway.ingress.tls.0.hosts.0

basicAuth

Basic auth configuration

Type: object

Path: gateway.basicAuth

enabled

Enables basic authentication for the gateway

Default: false

Type: boolean

Path: gateway.basicAuth.enabled

username

The basic auth username for the gateway

Default: null

Type: string

Path: gateway.basicAuth.username

password

The basic auth password for the gateway

Default: null

Type: string

Path: gateway.basicAuth.password

htpasswd

Uses the specified username and password to compute a htpasswd using Sprig's `htpasswd` function.
The value is templated using `tpl`. Override this to use a custom htpasswd, e.g. in case the default causes
high CPU load.

Default: 

{{ htpasswd (required "'gateway.basicAuth.username' is required" .Values.gateway.basicAuth.username) (required "'gateway.basicAuth.password' is required" .Values.gateway.basicAuth.password) }}

Type: string

Path: gateway.basicAuth.htpasswd

existingSecret

Existing basic auth secret to use. Must contain '.htpasswd'

Default: null

Type: string

Path: gateway.basicAuth.existingSecret

readinessProbe

Configures the readiness probe for the gateway

Type: object

Path: gateway.readinessProbe

httpGet

Type: object

Path: gateway.readinessProbe.httpGet

path

Default: /

Type: string

Path: gateway.readinessProbe.httpGet.path

port

Default: http-metrics

Type: string

Path: gateway.readinessProbe.httpGet.port

initialDelaySeconds

Default: 15

Type: number

Path: gateway.readinessProbe.initialDelaySeconds

timeoutSeconds

Default: 1

Type: number

Path: gateway.readinessProbe.timeoutSeconds

nginxConfig

Type: object

Path: gateway.nginxConfig

includeStatus

Default: false

Type: boolean

Path: gateway.nginxConfig.includeStatus

statusConfig

Default: 

location ^~ /status {
proxy_pass http://{{ include "deep.resourceName" (dict "ctx" . "component" "query-frontend") }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;
}

Type: string

Path: gateway.nginxConfig.statusConfig

logFormat

NGINX log format

Default: 

main '$remote_addr - $remote_user [$time_local]  $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

Type: string

Path: gateway.nginxConfig.logFormat

serverSnippet

Allows appending custom configuration to the server block

Default: ''

Type: string

Path: gateway.nginxConfig.serverSnippet

httpSnippet

Allows appending custom configuration to the http block

Default: ''

Type: string

Path: gateway.nginxConfig.httpSnippet

resolver

Allows overriding the DNS resolver address nginx will use

Default: ''

Type: string

Path: gateway.nginxConfig.resolver

file

Config file contents for Nginx. Passed through the `tpl` function to allow templating
@default -- See values.yaml

Default: 

worker_processes  5;  ## Default: 1
error_log  /dev/stderr;
pid        /tmp/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections  4096;  ## Default: 1024
}
http {
client_body_temp_path /tmp/client_temp;
proxy_temp_path       /tmp/proxy_temp_path;
fastcgi_temp_path     /tmp/fastcgi_temp;
uwsgi_temp_path       /tmp/uwsgi_temp;
scgi_temp_path        /tmp/scgi_temp;
proxy_http_version    1.1;
default_type application/octet-stream;
log_format   {{ .Values.gateway.nginxConfig.logFormat }}
{{- if .Values.gateway.verboseLogging }}
access_log   /dev/stderr  main;
{{- else }}
map $status $loggable {
~^[23]  0;
default 1;
}
access_log   /dev/stderr  main  if=$loggable;
{{- end }}
sendfile     on;
tcp_nopush   on;
{{- if .Values.gateway.nginxConfig.resolver }}
resolver {{ .Values.gateway.nginxConfig.resolver }};
{{- else }}
resolver {{ .Values.global.dnsService }}.{{ .Values.global.dnsNamespace }}.svc.{{ .Values.global.clusterDomain }};
{{- end }}
{{- with .Values.gateway.nginxConfig.httpSnippet }}
{{ . | nindent 2 }}
{{- end }}
server {
listen             8080;
{{- if .Values.gateway.basicAuth.enabled }}
auth_basic           "deep";
auth_basic_user_file /etc/nginx/secrets/.htpasswd;
{{- end }}
location = / {
return 200 'OK';
auth_basic off;
}
location ^~ /api {
proxy_pass       http://{{ include "deep.resourceName" (dict "ctx" . "component" "query-frontend") }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;
}
location = /flush {
proxy_pass       http://{{ include "deep.resourceName" (dict "ctx" . "component" "ingester") }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;
}
location = /shutdown {
proxy_pass       http://{{ include "deep.resourceName" (dict "ctx" . "component" "ingester") }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;
}
location = /distributor/ring {
proxy_pass       http://{{ include "deep.resourceName" (dict "ctx" . "component" "distributor") }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;
}
location = /ingester/ring {
proxy_pass       http://{{ include "deep.resourceName" (dict "ctx" . "component" "distributor") }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;
}
location = /compactor/ring {
proxy_pass       http://{{ include "deep.resourceName" (dict "ctx" . "component" "compactor") }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;
}
location = /tracepoint/ring {
proxy_pass       http://{{ include "deep.resourceName" (dict "ctx" . "component" "tracepoint-api") }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri;
}
{{- if .Values.gateway.nginxConfig.includeStatus }}
{{ tpl .Values.gateway.nginxConfig.statusConfig . | nindent 4 }}
{{- end }}
{{- with .Values.gateway.nginxConfig.serverSnippet }}
{{ . | nindent 4 }}
{{- end }}
}
}

Type: string

Path: gateway.nginxConfig.file