204 lines
5.4 KiB
YAML
204 lines
5.4 KiB
YAML
functionNamespace: openfaas-fn # Default namespace for functions
|
||
|
||
async: true
|
||
|
||
exposeServices: true
|
||
serviceType: NodePort
|
||
httpProbe: true # Setting to true will use HTTP for readiness and liveness probe on the OpenFaaS system Pods (incompatible with Istio < 1.1.5)
|
||
rbac: true
|
||
clusterRole: false # Set to true to have OpenFaaS administrate multiple namespaces
|
||
createCRDs: true
|
||
|
||
# create pod security policies for OpenFaaS control plane
|
||
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
||
psp: false
|
||
securityContext: true
|
||
basic_auth: true
|
||
generateBasicAuth: false
|
||
|
||
# image pull policy for openfaas components, can change to `IfNotPresent` in offline env
|
||
openfaasImagePullPolicy: "Always"
|
||
|
||
gatewayExternal:
|
||
annotations: {}
|
||
|
||
gateway:
|
||
image: openfaas/gateway:0.20.2
|
||
readTimeout : "65s"
|
||
writeTimeout : "65s"
|
||
upstreamTimeout : "60s" # Must be smaller than read/write_timeout
|
||
replicas: 1
|
||
scaleFromZero: true
|
||
# change the port when creating multiple releases in the same baremetal cluster
|
||
nodePort: 31112
|
||
maxIdleConns: 1024
|
||
maxIdleConnsPerHost: 1024
|
||
directFunctions: false
|
||
# Custom logs provider url. For example openfaas-loki would be
|
||
# "http://ofloki-openfaas-loki.openfaas:9191/"
|
||
logsProviderURL: ""
|
||
resources:
|
||
requests:
|
||
memory: "120Mi"
|
||
cpu: "50m"
|
||
|
||
basicAuthPlugin:
|
||
image: openfaas/basic-auth-plugin:0.20.1
|
||
replicas: 1
|
||
resources:
|
||
requests:
|
||
memory: "50Mi"
|
||
cpu: "20m"
|
||
|
||
oauth2Plugin:
|
||
enabled: false
|
||
provider: "" # Leave blank, or put "azure"
|
||
license: "example"
|
||
insecureTLS: false
|
||
scopes: "openid profile email"
|
||
jwksURL: https://example.eu.auth0.com/.well-known/jwks.json
|
||
tokenURL: https://example.eu.auth0.com/oauth/token
|
||
audience: https://example.eu.auth0.com/api/v2/
|
||
authorizeURL: https://example.eu.auth0.com/authorize
|
||
welcomePageURL: https://gw.oauth.example.com
|
||
cookieDomain: ".oauth.example.com"
|
||
baseHost: "http://auth.oauth.example.com"
|
||
clientSecret: SECRET
|
||
clientID: ID
|
||
resources:
|
||
requests:
|
||
memory: "120Mi"
|
||
cpu: "50m"
|
||
replicas: 1
|
||
image: openfaas/openfaas-oidc-plugin:0.3.7
|
||
securityContext: true
|
||
|
||
faasnetes:
|
||
image: ghcr.io/openfaas/faas-netes:0.12.12
|
||
readTimeout : "60s"
|
||
writeTimeout : "60s"
|
||
imagePullPolicy : "Always" # Image pull policy for deployed functions
|
||
httpProbe: true # Setting to true will use HTTP for readiness and liveness probe on Pods (incompatible with Istio < 1.1.5)
|
||
setNonRootUser: false
|
||
readinessProbe:
|
||
initialDelaySeconds: 2
|
||
timeoutSeconds: 1 # Tuned-in to run checks early and quickly to support fast cold-start from zero replicas
|
||
periodSeconds: 2 # Reduce to 1 for a faster cold-start, increase higher for lower-CPU usage
|
||
livenessProbe:
|
||
initialDelaySeconds: 2
|
||
timeoutSeconds: 1
|
||
periodSeconds: 2 # Reduce to 1 for a faster cold-start, increase higher for lower-CPU usage
|
||
resources:
|
||
requests:
|
||
memory: "120Mi"
|
||
cpu: "50m"
|
||
|
||
# replaces faas-netes with openfaas-operator
|
||
operator:
|
||
image: ghcr.io/openfaas/faas-netes:0.12.12
|
||
create: false
|
||
# set this to false when creating multiple releases in the same cluster
|
||
# must be true for the first one only
|
||
createCRD: true
|
||
resources:
|
||
requests:
|
||
memory: "120Mi"
|
||
cpu: "50m"
|
||
|
||
queueWorker:
|
||
image: openfaas/queue-worker:0.11.2
|
||
# Control HA of queue-worker
|
||
replicas: 1
|
||
# Control the concurrent invocations
|
||
maxInflight: 1
|
||
gatewayInvoke: true
|
||
queueGroup: "faas"
|
||
ackWait : "60s"
|
||
resources:
|
||
requests:
|
||
memory: "120Mi"
|
||
cpu: "50m"
|
||
|
||
# monitoring and auto-scaling components
|
||
# both components
|
||
prometheus:
|
||
image: prom/prometheus:v2.11.0
|
||
create: true
|
||
resources:
|
||
requests:
|
||
memory: "512Mi"
|
||
|
||
alertmanager:
|
||
image: prom/alertmanager:v0.18.0
|
||
create: true
|
||
resources:
|
||
requests:
|
||
memory: "25Mi"
|
||
limits:
|
||
memory: "50Mi"
|
||
|
||
# async provider
|
||
nats:
|
||
channel: "faas-request"
|
||
external:
|
||
clusterName: ""
|
||
enabled: false
|
||
host: ""
|
||
port: ""
|
||
image: nats-streaming:0.17.0
|
||
enableMonitoring: false
|
||
metrics:
|
||
enabled: false
|
||
image: synadia/prometheus-nats-exporter:0.6.2
|
||
resources:
|
||
requests:
|
||
memory: "120Mi"
|
||
|
||
# ingress configuration
|
||
ingress:
|
||
enabled: false
|
||
# Used to create Ingress record (should be used with exposeServices: false).
|
||
hosts:
|
||
- host: gateway.openfaas.local # Replace with gateway.example.com if public-facing
|
||
serviceName: gateway
|
||
servicePort: 8080
|
||
path: /
|
||
annotations:
|
||
kubernetes.io/ingress.class: nginx
|
||
tls:
|
||
# Secrets must be manually created in the namespace.
|
||
|
||
# ingressOperator (optional) – component to have specific FQDN and TLS for Functions
|
||
# https://github.com/openfaas-incubator/ingress-operator
|
||
ingressOperator:
|
||
image: openfaas/ingress-operator:0.6.6
|
||
replicas: 1
|
||
create: false
|
||
resources:
|
||
requests:
|
||
memory: "25Mi"
|
||
|
||
# faas-idler configuration
|
||
faasIdler:
|
||
image: openfaas/faas-idler:0.4.0
|
||
replicas: 1
|
||
create: true
|
||
inactivityDuration: 30m # If a function is inactive for 15 minutes, it may be scaled to zero
|
||
reconcileInterval: 2m # The interval between each attempt to scale functions to zero
|
||
dryRun: true # Set to false to enable the idler to apply changes and scale to zero
|
||
resources:
|
||
requests:
|
||
memory: "64Mi"
|
||
|
||
nodeSelector:
|
||
beta.kubernetes.io/arch: amd64
|
||
|
||
tolerations: []
|
||
|
||
affinity: {}
|
||
|
||
kubernetesDNSDomain: cluster.local
|
||
|
||
istio:
|
||
mtls: false
|