functionNamespace: openfaas-fn  # Default namespace for functions

async: true

exposeServices: true
serviceType: NodePort
httpProbe: true               # Setting to true will use HTTP for readiness and liveness probe on the OpenFaaS system Pods (incompatible with Istio < 1.1.5)
rbac: true
clusterRole: false            # Set to true to have OpenFaaS administrate multiple namespaces
createCRDs: true

# create pod security policies for OpenFaaS control plane
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
psp: false
securityContext: true
basic_auth: true
generateBasicAuth: false

# image pull policy for openfaas components, can change to `IfNotPresent` in offline env
openfaasImagePullPolicy: "Always"

gatewayExternal:
  annotations: {}

gateway:
  image: openfaas/gateway:0.20.2
  readTimeout : "65s"
  writeTimeout : "65s"
  upstreamTimeout : "60s"  # Must be smaller than read/write_timeout
  replicas: 1
  scaleFromZero: true
  # change the port when creating multiple releases in the same baremetal cluster
  nodePort: 31112
  maxIdleConns: 1024
  maxIdleConnsPerHost: 1024
  directFunctions: false
  # Custom logs provider url. For example openfaas-loki would be
  # "http://ofloki-openfaas-loki.openfaas:9191/"
  logsProviderURL: ""
  resources:
    requests:
      memory: "120Mi"
      cpu: "50m"

basicAuthPlugin:
  image: openfaas/basic-auth-plugin:0.20.1
  replicas: 1
  resources:
    requests:
      memory: "50Mi"
      cpu: "20m"

oauth2Plugin:
  enabled: false
  provider: "" # Leave blank, or put "azure"
  license: "example"
  insecureTLS: false
  scopes: "openid profile email"
  jwksURL: https://example.eu.auth0.com/.well-known/jwks.json
  tokenURL: https://example.eu.auth0.com/oauth/token
  audience: https://example.eu.auth0.com/api/v2/
  authorizeURL: https://example.eu.auth0.com/authorize
  welcomePageURL: https://gw.oauth.example.com
  cookieDomain: ".oauth.example.com"
  baseHost: "http://auth.oauth.example.com"
  clientSecret: SECRET
  clientID: ID
  resources:
    requests:
      memory: "120Mi"
      cpu: "50m"
  replicas: 1
  image: openfaas/openfaas-oidc-plugin:0.3.7
  securityContext: true

faasnetes:
  image: ghcr.io/openfaas/faas-netes:0.12.12
  readTimeout : "60s"
  writeTimeout : "60s"
  imagePullPolicy : "Always"    # Image pull policy for deployed functions
  httpProbe: true               # Setting to true will use HTTP for readiness and liveness probe on Pods (incompatible with Istio < 1.1.5)
  setNonRootUser: false
  readinessProbe:
    initialDelaySeconds: 2
    timeoutSeconds: 1           # Tuned-in to run checks early and quickly to support fast cold-start from zero replicas
    periodSeconds: 2            # Reduce to 1 for a faster cold-start, increase higher for lower-CPU usage
  livenessProbe:
    initialDelaySeconds: 2
    timeoutSeconds: 1
    periodSeconds: 2           # Reduce to 1 for a faster cold-start, increase higher for lower-CPU usage
  resources:
    requests:
      memory: "120Mi"
      cpu: "50m"

# replaces faas-netes with openfaas-operator
operator:
  image: ghcr.io/openfaas/faas-netes:0.12.12
  create: false
  # set this to false when creating multiple releases in the same cluster
  # must be true for the first one only
  createCRD: true
  resources:
    requests:
      memory: "120Mi"
      cpu: "50m"

queueWorker:
  image: openfaas/queue-worker:0.11.2
  # Control HA of queue-worker
  replicas: 1
  # Control the concurrent invocations
  maxInflight: 1
  gatewayInvoke: true
  queueGroup: "faas"
  ackWait : "60s"
  resources:
    requests:
      memory: "120Mi"
      cpu: "50m"

# monitoring and auto-scaling components
# both components
prometheus:
  image: prom/prometheus:v2.11.0
  create: true
  resources:
    requests:
      memory: "512Mi"

alertmanager:
  image: prom/alertmanager:v0.18.0
  create: true
  resources:
    requests:
      memory: "25Mi"
    limits:
      memory: "50Mi"

# async provider
nats:
  channel: "faas-request"
  external:
    clusterName: ""
    enabled: false
    host: ""
    port: ""
  image: nats-streaming:0.17.0
  enableMonitoring: false
  metrics:
    enabled: false
    image: synadia/prometheus-nats-exporter:0.6.2 
  resources:
    requests:
      memory: "120Mi"

# ingress configuration
ingress:
  enabled: false
  # Used to create Ingress record (should be used with exposeServices: false).
  hosts:
    - host: gateway.openfaas.local  # Replace with gateway.example.com if public-facing
      serviceName: gateway
      servicePort: 8080
      path: /
  annotations:
    kubernetes.io/ingress.class: nginx
  tls:
    # Secrets must be manually created in the namespace.

# ingressOperator (optional) – component to have specific FQDN and TLS for Functions
# https://github.com/openfaas-incubator/ingress-operator
ingressOperator:
  image: openfaas/ingress-operator:0.6.6
  replicas: 1
  create: false
  resources:
    requests:
      memory: "25Mi"

# faas-idler configuration
faasIdler:
  image: openfaas/faas-idler:0.4.0
  replicas: 1
  create: true
  inactivityDuration: 30m               # If a function is inactive for 15 minutes, it may be scaled to zero
  reconcileInterval: 2m                 # The interval between each attempt to scale functions to zero
  dryRun: true                          # Set to false to enable the idler to apply changes and scale to zero
  resources:
    requests:
      memory: "64Mi"

nodeSelector:
  beta.kubernetes.io/arch: amd64

tolerations: []

affinity: {}

kubernetesDNSDomain: cluster.local

istio:
  mtls: false