forked from openfaas/faas-netes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
217 lines (187 loc) · 5.6 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
functionNamespace: openfaas-fn # Default namespace for functions
# See https://www.openfaas.com/support for more
openfaasPRO: false
exposeServices: true
async: true
serviceType: NodePort
httpProbe: true # Setting to true will use HTTP for readiness and liveness probe on the OpenFaaS system Pods (incompatible with Istio < 1.1.5)
rbac: true
clusterRole: false # Set to true to have OpenFaaS administrate multiple namespaces
createCRDs: true
# create pod security policies for OpenFaaS control plane
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
psp: false
securityContext: true
basic_auth: true
generateBasicAuth: false
# image pull policy for openfaas components, can change to `IfNotPresent` in offline env
openfaasImagePullPolicy: "Always"
# openfaasPRO components, which require openfaasPRO=true
oidcAuthPlugin:
enabled: false
provider: "" # Leave blank, or put "azure"
license: "example"
insecureTLS: false
scopes: "openid profile email"
jwksURL: https://example.eu.auth0.com/.well-known/jwks.json
tokenURL: https://example.eu.auth0.com/oauth/token
audience: https://example.eu.auth0.com/api/v2/
authorizeURL: https://example.eu.auth0.com/authorize
welcomePageURL: https://gw.oauth.example.com
cookieDomain: ".oauth.example.com"
baseHost: "http://auth.oauth.example.com"
clientSecret: SECRET
clientID: ID
resources:
requests:
memory: "120Mi"
cpu: "50m"
replicas: 1
image: openfaas/openfaas-oidc-plugin:0.3.7
securityContext: true
# Requires openfaasPRO=true
# scale-to-zero feature
faasIdler:
image: ghcr.io/openfaas/faas-idler-pro:0.4.2
replicas: 1
create: true
inactivityDuration: 30m # If a function is inactive for 15 minutes, it may be scaled to zero
reconcileInterval: 2m # The interval between each attempt to scale functions to zero
readOnly: true # When set to true, no functions are scaled to zero
resources:
requests:
memory: "64Mi"
## OSS components
gateway:
image: ghcr.io/openfaas/gateway:0.20.7
readTimeout : "65s"
writeTimeout : "65s"
upstreamTimeout : "60s" # Must be smaller than read/write_timeout
replicas: 1
scaleFromZero: true
# change the port when creating multiple releases in the same baremetal cluster
nodePort: 31112
maxIdleConns: 1024
maxIdleConnsPerHost: 1024
directFunctions: false
# Custom logs provider url. For example openfaas-loki would be
# "http://ofloki-openfaas-loki.openfaas:9191/"
logsProviderURL: ""
resources:
requests:
memory: "120Mi"
cpu: "50m"
basicAuthPlugin:
image: openfaas/basic-auth-plugin:0.20.1
replicas: 1
resources:
requests:
memory: "50Mi"
cpu: "20m"
faasnetes:
image: ghcr.io/openfaas/faas-netes:0.12.15
readTimeout : "60s"
writeTimeout : "60s"
imagePullPolicy : "Always" # Image pull policy for deployed functions
httpProbe: true # Setting to true will use HTTP for readiness and liveness probe on Pods (incompatible with Istio < 1.1.5)
setNonRootUser: false
readinessProbe:
initialDelaySeconds: 2
timeoutSeconds: 1 # Tuned-in to run checks early and quickly to support fast cold-start from zero replicas
periodSeconds: 2 # Reduce to 1 for a faster cold-start, increase higher for lower-CPU usage
livenessProbe:
initialDelaySeconds: 2
timeoutSeconds: 1
periodSeconds: 2 # Reduce to 1 for a faster cold-start, increase higher for lower-CPU usage
resources:
requests:
memory: "120Mi"
cpu: "50m"
# replaces faas-netes with openfaas-operator
operator:
image: ghcr.io/openfaas/faas-netes:0.12.15
create: false
# set this to false when creating multiple releases in the same cluster
# must be true for the first one only
createCRD: true
resources:
requests:
memory: "120Mi"
cpu: "50m"
queueWorker:
image: openfaas/queue-worker:0.11.2
# Control HA of queue-worker
replicas: 1
# Control the concurrent invocations
maxInflight: 1
gatewayInvoke: true
queueGroup: "faas"
ackWait : "60s"
resources:
requests:
memory: "120Mi"
cpu: "50m"
# monitoring and auto-scaling components
# both components
prometheus:
image: prom/prometheus:v2.11.0
create: true
resources:
requests:
memory: "512Mi"
annotations: {}
alertmanager:
image: prom/alertmanager:v0.18.0
create: true
resources:
requests:
memory: "25Mi"
limits:
memory: "50Mi"
# async provider
nats:
channel: "faas-request"
external:
clusterName: ""
enabled: false
host: ""
port: ""
image: nats-streaming:0.17.0
enableMonitoring: false
metrics:
enabled: false
image: synadia/prometheus-nats-exporter:0.6.2
resources:
requests:
memory: "120Mi"
# ingress configuration
ingress:
enabled: false
# Used to create Ingress record (should be used with exposeServices: false).
hosts:
- host: gateway.openfaas.local # Replace with gateway.example.com if public-facing
serviceName: gateway
servicePort: 8080
path: /
annotations:
kubernetes.io/ingress.class: nginx
tls:
# Secrets must be manually created in the namespace.
# ingressOperator (optional) – component to have specific FQDN and TLS for Functions
# https://github.com/openfaas-incubator/ingress-operator
ingressOperator:
image: openfaas/ingress-operator:0.6.6
replicas: 1
create: false
resources:
requests:
memory: "25Mi"
nodeSelector:
beta.kubernetes.io/arch: amd64
tolerations: []
affinity: {}
kubernetesDNSDomain: cluster.local
istio:
mtls: false
gatewayExternal:
annotations: {}