install/kubernetes/helm/meshery/README.md
Meshery chart for deploying Meshery
| Name | Url | |
|---|---|---|
| Meshery Authors | [email protected] |
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} | |
| annotations | object | {} | |
| env.ADAPTER_URLS | string | "meshery-istio:10000 meshery-linkerd:10001 meshery-consul:10002 meshery-kuma:10007 meshery-nginx-sm:10010 meshery-nsm:10004 meshery-app-mesh:10005 meshery-traefik-mesh:10006 meshery-cilium:10012" | Optionally, pre-configure Meshery Server with the set of Meshery Adapters used in the deployment. |
| env.EVENT | string | "mesheryLocal" | |
| env.PROVIDER | string | "Local" | Use this security-related setting to enforce selection of one and only one Provider. In this way, your Meshery deployment will only trust and only allow users to authenticate using the Provider you have configured in this setting. See the Remote Provider documentation for a description of what a Provider is. |
| env.MESHERY_SERVER_CALLBACK_URL | string | "" | Configure an OAuth callback URL for Meshery Server to use when signing into a Remote Provider and your Meshery Server instance is not directly reachable by that Remote Provider. See the Remote Provider documentation for more details. |
| env.MESHSYNC_DEFAULT_DEPLOYMENT_MODE | string | "operator" | Configure the deployment mode for Meshsync. Possible values are embedded (runs as a library inside Meshery Server process, one routine per connected Kubernetes cluster) and operator (deployed in managed k8s cluster, managed by Meshery Operator, one deployment per connected Kubernetes cluster). See the Meshsync deployment documentation for more details. |
| env.PROVIDER_BASE_URLS | string | "https://cloud.meshery.io,https://cloud.layer5.io" | Comma-separated list of Remote Provider URLs to register on this Meshery server. The first reachable provider is treated as the default. See the Remote Provider documentation for a description of what a Provider is. |
| fullnameOverride | string | "" | |
| image.pullPolicy | string | "Always" | |
| image.repository | string | "meshery/meshery" | |
| image.tag | string | "stable-latest" | |
| imagePullSecrets | list | [] | |
| ingress.annotations | object | {} | |
| ingress.enabled | bool | false | |
| ingress.hosts[0].host | string | "chart-example.local" | |
| ingress.hosts[0].paths | list | [] | |
| ingress.tls | list | [] | |
| meshery-app-mesh.enabled | bool | false | Enable to deploy this Meshery Adapter upon initial deployment. Meshery Adapters can be deployed post-installation using either Meshery CLI or UI. |
| meshery-app-mesh.fullnameOverride | string | "meshery-app-mesh" | |
| meshery-app-mesh.serviceAccountNameOverride | string | "meshery-server" | |
| meshery-cilium.enabled | bool | false | Enable to deploy this Meshery Adapter upon initial deployment. Meshery Adapters can be deployed post-installation using either Meshery CLI or UI. |
| meshery-cilium.fullnameOverride | string | "meshery-cilium" | |
| meshery-consul.enabled | bool | false | Enable to deploy this Meshery Adapter upon initial deployment. Meshery Adapters can be deployed post-installation using either Meshery CLI or UI. |
| meshery-consul.fullnameOverride | string | "meshery-consul" | |
| meshery-consul.serviceAccountNameOverride | string | "meshery-server" | |
| meshery-istio.enabled | bool | false | Enable to deploy this Meshery Adapter upon initial deployment. Meshery Adapters can be deployed post-installation using either Meshery CLI or UI. |
| meshery-istio.fullnameOverride | string | "meshery-istio" | |
| meshery-istio.serviceAccountNameOverride | string | "meshery-server" | |
| meshery-kuma.enabled | bool | false | Enable to deploy this Meshery Adapter upon initial deployment. Meshery Adapters can be deployed post-installation using either Meshery CLI or UI. |
| meshery-kuma.fullnameOverride | string | "meshery-kuma" | |
| meshery-kuma.serviceAccountNameOverride | string | "meshery-server" | |
| meshery-linkerd.enabled | bool | false | Enable to deploy this Meshery Adapter upon initial deployment. Meshery Adapters can be deployed post-installation using either Meshery CLI or UI. |
| meshery-linkerd.fullnameOverride | string | "meshery-linkerd" | |
| meshery-linkerd.serviceAccountNameOverride | string | "meshery-server" | |
| meshery-nginx-sm.enabled | bool | false | Enable to deploy this Meshery Adapter upon initial deployment. Meshery Adapters can be deployed post-installation using either Meshery CLI or UI. |
| meshery-nginx-sm.fullnameOverride | string | "meshery-nginx-sm" | |
| meshery-nginx-sm.serviceAccountNameOverride | string | "meshery-server" | |
| meshery-nsm.enabled | bool | false | Enable to deploy this Meshery Adapter upon initial deployment. Meshery Adapters can be deployed post-installation using either Meshery CLI or UI. |
| meshery-nsm.fullnameOverride | string | "meshery-nsm" | |
| meshery-nsm.serviceAccountNameOverride | string | "meshery-server" | |
| meshery-operator.enabled | bool | true | Enable to deploy this Meshery Operator upon initial deploymeent. Meshery Operator can be deployed post-installation using Meshery UI. |
| meshery-operator.fullnameOverride | string | "meshery-operator" | |
| meshery-osm.enabled | bool | false | OSM is an archived project. |
| meshery-osm.fullnameOverride | string | "meshery-osm" | |
| meshery-osm.serviceAccountNameOverride | string | "meshery-server" | |
| meshery-traefik-mesh.enabled | bool | false | Enable to deploy this Meshery Adapter upon initial deployment. Meshery Adapters can be deployed post-installation using either Meshery CLI or UI. |
| meshery-traefik-mesh.fullnameOverride | string | "meshery-traefik-mesh" | |
| meshery-traefik-mesh.serviceAccountNameOverride | string | "meshery-server" | |
| mesherygateway.enabled | bool | false | |
| mesherygateway.selector.istio | string | "ingressgateway" | |
| metadata.name | string | "meshery" | |
| metadata.namespace | string | "meshery" | |
| nameOverride | string | "" | |
| nodeSelector | object | {} | |
| podSecurityContext | object | {} | |
| probe.livenessProbe.enabled | bool | false | |
| probe.readinessProbe.enabled | bool | false | |
| rbac.nodes | bool | false | |
| replicaCount | int | 1 | |
| resources | object | {} | |
| restartPolicy | string | "Always" | |
| securityContext | object | {} | |
| service.annotations | object | {} | |
| service.port | int | 9081 | |
| service.target_port | int | 8080 | |
| service.type | string | "LoadBalancer" | |
| serviceAccount.name | string | "meshery-server" | |
| testCase.enabled | bool | false | |
| tolerations | list | [] |
helm repo add meshery https://meshery.io/charts/
helm repo update
See helm repo for command documentation.
To install the chart with the release name meshery:
helm install meshery meshery/meshery --namespace meshery --create-namespace
To upgrade an existing meshery deployment:
# Upgrade with recommended settings for upgrades
helm upgrade meshery meshery/meshery --namespace meshery -f values-upgrade.yaml --wait --timeout 10m
# Or upgrade with default settings
helm upgrade meshery meshery/meshery --namespace meshery
See HEALTHCHECKS.md for detailed information about health check configuration during upgrades.
To uninstall meshery helm release:
helm uninstall meshery --namespace meshery
Eg: For Meshery Adapter for Istio
helm install meshery meshery/meshery --set meshery-istio.enabled=true --namespace meshery --create-namespace
Meshery implements Kubernetes-compliant health check endpoints for liveness and readiness probes:
/healthz/live - Checks if Meshery server is alive and responsive/healthz/ready - Checks if Meshery is ready to accept traffic (includes capability validation)The chart includes pre-configured health checks with sensible defaults:
probe:
livenessProbe:
enabled: true
initialDelaySeconds: 80
periodSeconds: 12
failureThreshold: 4
readinessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 4
failureThreshold: 4
Check detailed health status with verbose output:
kubectl exec --namespace meshery deployment/meshery -- curl -s "http://localhost:8080/healthz/ready?verbose=1"
Example output:
[+]capabilities ok
[i]extension extension package found
healthz check passed
For specific deployment scenarios, you can customize probe settings in your values.yaml:
probe:
# Enable startup probe for slow-starting containers (Kubernetes 1.18+)
startupProbe:
enabled: true
periodSeconds: 10
failureThreshold: 30 # Allow up to 5 minutes for startup
livenessProbe:
enabled: true
initialDelaySeconds: 120 # Adjust based on your environment
periodSeconds: 15
failureThreshold: 5
readinessProbe:
enabled: true
initialDelaySeconds: 20
periodSeconds: 5
failureThreshold: 4
For comprehensive guidance on health check configuration, including:
See the detailed HEALTHCHECKS.md documentation.