forked from openfaas/faas-netes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
326 lines (286 loc) · 10.1 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
functionNamespace: openfaas-fn # Default namespace for functions
# Contact us via https://www.openfaas.com/support to purchase a license
openfaasPro: false
httpProbe: true # Setting to true will use HTTP for readiness and liveness probe on the OpenFaaS core components
clusterRole: false # Set to true for multiple namespaces, pro scaler and CPU/RAM metrics in OpenFaaS REST API
createCRDs: true # Set to false if applying CRDs in another way
basic_auth: true # Authentication for core components, no good reason to disable this
rbac: true # Kubernetes RBAC, no good reason to disable this
generateBasicAuth: true # Set to false if applying credentials separately from the chart, otherwise set to true
securityContext: true
exposeServices: true
serviceType: NodePort # serviceType for OpenFaaS gateway
async: true # No known reason to disable this, kept for legacy reasons
queueMode: "" # Set to `jetstream` to run the async system backed by NATS JetStream. By default the async system uses NATS Streaming
# create pod security policies for OpenFaaS control plane
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
psp: false
# image pull policy for openfaas components, can change to `IfNotPresent` in offline env
openfaasImagePullPolicy: "Always"
# openfaasPro components, which require openfaasPro=true
# clusterRole is also recommended for collecting CPU/RAM metrics for Pro add-ons
# OpenFaaS Pro
## Advanced auto-scaler for scaling functions on RPS, CPU and in-flight requests
## Includes: scale to zero
autoscaler:
image: ghcr.io/openfaasltd/autoscaler:0.2.9
replicas: 1
enabled: true
resources:
requests:
memory: "128Mi"
limits:
memory: "256Mi"
# When disableHorizontalScaling is set to true, then the autoscaler will
# only scale to zero, without scaling replicas between the defined Min and Max
# count for the function
disableHorizontalScaling: false
# OpenFaaS Pro
## To use with port-forwarding, set publicURL to
## http://127.0.0.1
dashboard:
image: ghcr.io/openfaasltd/openfaas-dashboard:0.2.1
publicURL: https://dashboard.example.com
# Name of signing key secret for sessions.
# Leave blank for development, see https://docs.openfaas.com/openfaas-pro/dashboard/ for production and staging.
signingKeySecret: ""
replicas: 1
enabled: false
resources:
requests:
memory: "128Mi"
limits:
memory: "256Mi"
# OpenFaaS Pro
## faasIdler is the original scale to zero feature, but must
## now be set "enabled=false" when using the new autoscaler
## since it handles scaling to zero
faasIdler:
image: ghcr.io/openfaasltd/faas-idler:0.5.3
replicas: 1
enabled: false
inactivityDuration: 3m # If a function is inactive for 15 minutes, it may be scaled to zero
reconcileInterval: 2m # The interval between each attempt to scale functions to zero
readOnly: false # When set to true, no functions are scaled to zero
writeDebug: false # Write additional debug information
resources:
requests:
memory: "64Mi"
# OpenFaaS Pro
## OIDC plugin for authentication on the OpenFaaS REST API
oidcAuthPlugin:
enabled: false
verbose: false # debug setting
provider: "" # Put "azure" if using Azure as a provider, leave blank for any other provider.
insecureTLS: false
scopes: "openid profile email"
openidURL: "https://example.eu.auth0.com/.well-known/openid-configuration"
audience: https://example.eu.auth0.com/api/v2/
welcomePageURL: https://gateway.openfaas.example.com
cookieDomain: ".openfaas.example.com"
baseHost: "https://auth.openfaas.example.com"
clientSecret: ""
clientID: ""
resources:
requests:
memory: "120Mi"
cpu: "50m"
replicas: 1
image: ghcr.io/openfaasltd/openfaas-oidc-plugin:0.5.5
securityContext: true
gatewayPro:
image: ghcr.io/openfaasltd/gateway:0.2.13
gateway:
image: ghcr.io/openfaas/gateway:0.26.3
readTimeout: "65s"
writeTimeout: "65s"
upstreamTimeout: "60s" # Must be smaller than read/write_timeout
replicas: 1
scaleFromZero: true
# change the port when creating multiple releases in the same baremetal cluster
nodePort: 31112
maxIdleConns: 1024
maxIdleConnsPerHost: 1024
directFunctions: false
# Custom logs provider url. For example openfaas-loki would be
# "http://ofloki-openfaas-loki.openfaas:9191/"
logsProviderURL: ""
# Set to true for Istio users as a workaround for:
# https://github.com/openfaas/faas/issues/1721
probeFunctions: false
# See the HPA rule from the Customer Community
# https://github.com/openfaas/openfaas-pro/blob/master/gateway-hpa.yaml
resources:
requests:
memory: "120Mi"
cpu: "50m"
readinessProbe:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
livenessProbe:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
faasnetesPro:
image: ghcr.io/openfaasltd/faas-netes:0.2.8
operatorPro:
image: ghcr.io/openfaasltd/faas-netes:0.2.8
faasnetes:
image: ghcr.io/openfaas/faas-netes:0.16.7
imagePullPolicy: "Always" # Image pull policy for deployed functions
httpProbe: true # Setting to true will use HTTP for readiness and liveness probe on function pods
setNonRootUser: false # It's recommended to set this to "true", but test your images before committing to it
readinessProbe:
initialDelaySeconds: 2
timeoutSeconds: 1 # Tuned-in to run checks early and quickly to support fast cold-start from zero replicas
periodSeconds: 2 # Reduce to 1 for a faster cold-start, increase higher for lower-CPU usage
livenessProbe:
initialDelaySeconds: 2
timeoutSeconds: 1
periodSeconds: 2 # Reduce to 1 for a faster cold-start, increase higher for lower-CPU usage
resources:
requests:
memory: "120Mi"
cpu: "50m"
operator:
image: ghcr.io/openfaas/faas-netes:0.16.7
create: false
resources:
requests:
memory: "120Mi"
cpu: "50m"
# The values for jetstreamQueueWorker are merged with those under
# the "queueWorkerPro" and "queueWorker" section
#
# Enable automatically when nats.queueMode is set to "jetstream"
jetstreamQueueWorker:
image: ghcr.io/openfaasltd/jetstream-queue-worker:0.3.6
durableName: "faas-workers"
# Configure the max waiting pulls for the queue-worker JetStream consumer.
# The value should be at least max_inflight * replicas.
# Note that this value can not be updated once the consumer is created.
maxWaiting: 512
logs:
debug: false
format: "console"
# OpenFaaS Pro
# The values for queueWorkerPro are merged with those under
# the "queueWorker" section
#
# To deploy additional named queues, see the "queue-worker"
# chart
#
# Enabled automatically when openfaasPro is set to true
queueWorkerPro:
image: ghcr.io/openfaasltd/queue-worker:0.2.2
maxRetryAttempts: "10"
maxRetryWait: "120s"
initialRetryWait: "10s"
# 408 Request Timeout message
# 429 Too Many Requests
# 500 Internal Server Error
# 502 Bad Gateway
# 503 Service Unavailable
# 504 Gateway Timeout
httpRetryCodes: "408,429,500,502,503,504"
insecureTLS: false
printRequestBody: false
printResponseBody: false
# Control the concurrent invocations
maxInflight: 50
# Community Edition, maxInflight is 1
# Name of shared queue is "faas-request"
queueWorker:
image: ghcr.io/openfaas/queue-worker:0.13.3
# Control HA of queue-worker
replicas: 1
queueGroup: "faas"
ackWait: "60s"
resources:
requests:
memory: "120Mi"
cpu: "50m"
# monitoring and auto-scaling components
# both components
prometheus:
image: prom/prometheus:v2.43.0
create: true
resources:
requests:
memory: "512Mi"
annotations: {}
alertmanager:
image: prom/alertmanager:v0.25.0
create: true
resources:
requests:
memory: "25Mi"
limits:
memory: "50Mi"
stan:
# Image used for the NATS Streaming when using the deprecated
# support in the Community Edition (CE)
image: nats-streaming:0.25.3
# NATS (required for async)
nats:
channel: "faas-request"
# Stream replication is set to 1 by default. This is only recommended for development.
# For production a value of at least 3 is recommended for NATS JetStream to be resilient.
# See https://github.com/openfaas/openfaas-pro/blob/master/jetstream.md
streamReplication: 1
external:
clusterName: ""
enabled: false
host: ""
port: ""
# The version of NATS Core used with OpenFaaS Pro and JetStream
image: nats:2.9.15
enableMonitoring: false
metrics:
# Should stay off by default because the exporter is not multi-arch (yet)
enabled: false
image: natsio/prometheus-nats-exporter:0.10.1
resources:
requests:
memory: "120Mi"
# ingress configuration
ingress:
enabled: false
## For k8s >= 1.18 you need to specify the pathType
## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
#pathType: ImplementationSpecific
# Used to create Ingress record (should be used with exposeServices: false).
hosts:
- host: gateway.openfaas.local # Replace with gateway.example.com if public-facing
serviceName: gateway
servicePort: 8080
path: /
annotations:
kubernetes.io/ingress.class: nginx
tls:
# Secrets must be manually created in the namespace.
## You can specify the ingress controller by using the ingressClassName
#ingressClassName: nginx
# ingressOperator (optional) – component to have specific FQDN and TLS for Functions
# https://github.com/openfaas-incubator/ingress-operator
ingressOperator:
image: ghcr.io/openfaas/ingress-operator:0.8.0
replicas: 1
create: false
resources:
requests:
memory: "25Mi"
nodeSelector: {}
tolerations: []
affinity: {}
kubernetesDNSDomain: cluster.local
istio:
mtls: false
gatewayExternal:
annotations: {}
k8sVersionOverride: "" # Allow kubeVersion to be overridden for the ingress creation