Skip to content
下载《AI 应用 & AI Agent 开发新范式》电子书 了解构建 AI Agent 和 MCP Server 的一线实践Know more

Higress Configuration Parameters Guide

The following operational parameters can be configured using the --set or --values flags with the Helm command, or through the values field in the hgctl profile file.

Global Parameters

ParameterDescriptionDefault
global.ingressClassThe IngressClass parameter is used to filter which Ingress resources the Higress controller should watch. When multiple gateways are deployed in a cluster, this parameter can be used to distinguish the responsibilities of each gateway. Special values: 1. If set to “nginx”, Higress Controller will watch Ingress resources with ingress.class: nginx or no ingress class. 2. If left empty, Higress Controller will watch all Ingress resources in the Kubernetes cluster.higress
global.watchNamespaceIf not empty, Higress Controller will only watch resources in the specified namespace. When isolating business systems by Kubernetes namespaces, you can deploy an independent gateway for each namespace by limiting Higress to watch only the specified namespace.""
global.disableAlpnH2Whether to disable HTTP/2 protocol in ALPNfalse
global.enableStatusIf true, Higress Controller will update the status field of Ingress resources. To prevent overwriting the status field of Ingress objects during migration from Nginx Ingress, set this parameter to false.true
global.localSet to true if installing to a local Kubernetes cluster (e.g., Kind, Rancher Desktop)false
global.enableIstioAPIIf true, Higress Controller will also watch Istio resourcesfalse
global.enableGatewayAPIIf true, Higress Controller will also watch Gateway API resourcesfalse
global.imagePullPolicyIf you don’t want to use the default behavior, you can specify the image pull policy. Default behavior: The latest image will always be pulled with Always policy, otherwise it will be pulled with IfNotPresent.""
global.imagePullSecretsConfigure ImagePullSecrets for all ServiceAccounts, which is a list of secrets in the same namespace used to pull images for any pod that references this ServiceAccount. This must be set for any cluster configured with a private Docker Registry.[]
global.defaultUpstreamConcurrencyThresholdMaximum concurrency between a single data plane instance and a backend service (calculated independently for each service). Note that excessive concurrency may lead to high memory usage in the gateway, so adjust the data plane memory limit accordingly.10000
global.o11y.enabledIf true, the observability suite (Grafana, Prometheus, Loki, PromTail, etc.) will be installed.false
global.pvc.rwxSupportedThe RwxSupported parameter indicates whether read-write-many (RWX) volumes are supported. If set to true, it means shared volumes are supported, and multiple pods can mount the same PVC for read-write operations. If set to false, only one pod can mount the PVC for read-write operations.true
global.onlyPushRouteClusterIf true, for Kubernetes services, Higress Controller will only push services that are associated with routes.true
global.priorityClassNamePriorityClass name for Higress Controller and Higress Gateway Pods

meshConfig Parameters

ParameterDescriptionDefault
higress-core.meshConfig.enablePrometheusMergeOption to enable or disable merging Prometheus metrics. When enabled, Istio can aggregate and display metrics from multiple proxies.true
higress-core.meshConfig.rootNamespaceThe root namespace. If not specified, it defaults to “istio-system”.null
higress-core.meshConfig.trustDomainThe trust domain. Defaults to “cluster.local”. The trust domain is used for secure communication between services and for generating service certificates and JWT tokens.cluster.local

Gateway Parameters

ParameterDescriptionDefault
higress-core.gateway.replicasNumber of Higress Gateway pods.2
higress-core.gateway.rbac.enabledIf enabled, creates roles to access certificates from Gateways. Not required when using http://gateway-api.org/.true
higress-core.gateway.serviceAccount.createSpecifies whether to create a ServiceAccount.true
higress-core.gateway.serviceAccount.annotationsAnnotations to add to the ServiceAccount.{}
higress-core.gateway.serviceAccount.nameThe name of the ServiceAccount to use.""
higress-core.gateway.envEnvironment variables for the Gateway.{}
higress-core.gateway.httpPortHTTP port that Higress Gateway will listen on.80
higress-core.gateway.httpsPortHTTPS port that Higress Gateway will listen on.443
higress-core.gateway.hostNetworkWhether to use the host’s network.false
higress-core.gateway.labelsLabels to apply to all Gateway resources.{}
higress-core.gateway.annotationsAnnotations to apply to all Gateway resources.{}
higress-core.gateway.podAnnotations.prometheus.io/portPort for Prometheus monitoring.15020
higress-core.gateway.podAnnotations.prometheus.io/scrapeWhether Prometheus should monitor this Pod. If set to “true”, Prometheus will monitor the Pod.true
higress-core.gateway.podAnnotations.prometheus.io/pathThe URL path that Prometheus should use to monitor this Pod./stats/prometheus
higress-core.gateway.service.typeType of the Service.LoadBalancer
higress-core.gateway.service.loadBalancerIPIP address of the LoadBalancer.""
higress-core.gateway.service.loadBalancerSourceRangesAllowed source IP ranges for the LoadBalancer.[]
higress-core.gateway.service.annotationsAnnotations to apply to the Service.{}
higress-core.gateway.service.externalTrafficPolicyExternal traffic policy for the Service.""
higress-core.gateway.rollingMaxSurgeMaximum number of pods that can be created over the desired number of pods during a rolling update.100%
higress-core.gateway.rollingMaxUnavailableMaximum number of unavailable pods during a rolling update.25%
higress-core.gateway.resources.limits.cpuCPU limit for the gateway container.2000m
higress-core.gateway.resources.limits.memoryMemory limit for the gateway container.2048Mi
higress-core.gateway.resources.requests.cpuCPU request for the gateway container.2000m
higress-core.gateway.resources.requests.memoryMemory request for the gateway container.2048Mi
higress-core.gateway.autoscaling.enabledWhether to enable autoscaling for gateway Pods.false
higress-core.gateway.autoscaling.minReplicasMinimum number of replicas.1
higress-core.gateway.autoscaling.maxReplicasMaximum number of replicas.5
higress-core.gateway.autoscaling.targetCPUUtilizationPercentageTarget CPU utilization percentage for the HPA to maintain.80
higress-core.gateway.nodeSelectorNode selector for determining which nodes the gateway container will be deployed on.{}
higress-core.gateway.tolerationsTolerations to allow the gateway container to be scheduled on nodes with specified taints.[]
higress-core.gateway.affinityAffinity for controlling how the gateway container is scheduled in relation to other Pods or nodes.{}
higress-core.gateway.networkGatewayName or IP address of the network gateway.""

Controller Parameters

ParameterDescriptionDefault
higress-core.controller.replicasNumber of Higress Controller pods.1
higress-core.controller.envEnvironment variables for the container.{}
higress-core.controller.labelsLabels for the controller container deployment.{}
higress-core.controller.probe.httpGet.pathHealth check configuration for the container, using HTTP GET request to check the /ready path./ready
higress-core.controller.probe.httpGet.portPort for the health check configuration.8888
higress-core.controller.probe.initialDelaySecondsDelay in seconds before the first health check is performed after container startup.1
higress-core.controller.probe.periodSecondsInterval in seconds between health checks.3
higress-core.controller.probe.timeoutSecondsTimeout in seconds for the health check response.5
higress-core.controller.imagePullSecretsSecrets for pulling container images.[]
higress-core.controller.rbac.createWhether to create RBAC rules associated with this deployment.true
higress-core.controller.serviceAccount.createWhether to create a ServiceAccount.true
higress-core.controller.serviceAccount.annotationsAnnotations to add to the ServiceAccount.{}
higress-core.controller.serviceAccount.nameName of the ServiceAccount to use. If not set and create is true, the name is generated using the fullname template.""
higress-core.controller.podAnnotationsAnnotations to add to the controller container.{}
higress-core.controller.podSecurityContextSecurity context for the Pod.{}
higress-core.controller.service.typeType of the Service.ClusterIP
higress-core.controller.securityContextSecurity context for the controller container.{}
higress-core.controller.resources.requests.cpuCPU resource request for the controller.500m
higress-core.controller.resources.requests.memoryMemory resource request for the controller.2048Mi
higress-core.controller.resources.limits.cpuCPU resource limit for the controller.1000m
higress-core.controller.resources.limits.memoryMemory resource limit for the controller.2048Mi
higress-core.controller.nodeSelectorNode selector for specifying which nodes the Pod should be scheduled on.{}
higress-core.controller.tolerationsTolerations for the Pod, allowing it to tolerate specific taints on nodes.[]
higress-core.controller.affinityAffinity for the Pod, specifying how it should be scheduled in relation to nodes or groups of nodes.{}
higress-core.controller.autoscaling.enabledWhether to enable autoscaling for the Pod.false
higress-core.controller.autoscaling.minReplicasMinimum number of Pods for autoscaling.1
higress-core.autoscaling.maxReplicasMaximum number of Pods for autoscaling.5
higress-core.autoscaling.targetCPUUtilizationPercentageTarget CPU utilization percentage for autoscaling.80

Pilot Parameters

ParameterDescriptionDefault
pilot.enabledWhether to enable Pilot.true
pilot.replicaCountNumber of Pilot replicas.1
pilot.image.repositoryPilot container image repository.docker.io/istio/pilot
pilot.image.tagPilot container image tag.1.15.0
pilot.image.pullPolicyImage pull policy for the Pilot container.IfNotPresent
pilot.traceSamplingPercentage of requests that should be traced.1.0
pilot.resources.requests.cpuCPU request for the Pilot container.500m
pilot.resources.requests.memoryMemory request for the Pilot container.2048Mi
pilot.resources.limits.cpuCPU limit for the Pilot container.1000m
pilot.resources.limits.memoryMemory limit for the Pilot container.4096Mi

Additional Notes

  • For detailed configuration examples and advanced usage, refer to the official Higress documentation.
  • When modifying these parameters, ensure that your Kubernetes cluster has sufficient resources to accommodate the requested configurations.
  • For production environments, it’s recommended to set appropriate resource requests and limits based on your workload requirements.
  • Always test configuration changes in a staging environment before applying them to production.