Skip to content

Instantly share code, notes, and snippets.

@Waterdrips

Waterdrips/init.yaml

Created April 1, 2020 12:25
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Waterdrips/54471b9236f6d8c7ac60a304bb0129d0 to your computer and use it in GitHub Desktop.
Save Waterdrips/54471b9236f6d8c7ac60a304bb0129d0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
init.yaml
### Use a secret instead of a publicly accessible URL for the ACL
### of valid users.
customers_secret: true
### Enable only if using AWS ECR
enable_ecr: true
## Ingress into OpenFaaS Cloud
### Keep active if using a cluster with a LoadBalancer available.
ingress: loadbalancer
## Source Control Management
### Pick either github or gitlab
scm: github
## Slack
### You can set your own url to get an audit trail in your Slack workspace
### You can edit this after deployment if needed in the audit function
slack:
url: http://gateway.openfaas:8080/function/echo
## Enable auth:
### When enabled users must log in with a valid GitHub account and be present in the
### customers file to view any dashboard
enable_oauth: true
## Set to true to enable scaling to zero
### When enabled, all functions are included by default, to turn off add a label
### of com.openfaas.scale.zero: "false"
scale_to_zero: false
## Version of OpenFaaS Cloud from https://github.com/openfaas/openfaas-cloud/releases/
openfaas_cloud_version: 0.13.7
## Enable network policies
### Prevents functions from talking to the openfaas namespace, and to each other.
### Use the ingress address for the gateway or the external IP instead.
network_policies: false
## S3 configuration
### Build logs from buildkit are stored in S3
### Defaults to in-cluster deployment of Minio. AWS S3 is also possible
s3:
s3_url: cloud-minio.openfaas.svc.cluster.local:9000
s3_region: us-east-1
s3_tls: false
s3_bucket: pipeline
## Define the custom templates available for your users
deployment:
custom_templates:
- https://github.com/openfaas-incubator/node8-express-template.git
- https://github.com/openfaas-incubator/golang-http-template.git
- https://github.com/openfaas-incubator/node10-express-template.git
- https://github.com/openfaas-incubator/python-flask-template.git
- https://github.com/openfaas-incubator/ruby-http
## Dockerfile language support
### Use with caution, it allows any workload to be built and run
enable_dockerfile_lang: true
tls: true
tls_config:
issuer_type: "prod"
email: "example@example.com"
dns_service: route53
region: <AWS_REGION>
secrets:
- name: s3-secret-key
literals:
- name: s3-secret-key
filters:
- "default"
namespace: "openfaas-fn"
- name: s3-access-key
literals:
- name: s3-access-key
filters:
- "default"
namespace: "openfaas-fn"
- name: basic-auth
files:
- name: "basic-auth-user"
value_from: "./credentials/basic-auth-user"
- name: "basic-auth-password"
value_from: "./credentials/basic-auth-password"
filters:
- "default"
namespace: "openfaas"
- name: "payload-secret"
files:
- name: "payload-secret"
value_from: "./credentials/payload-secret"
filters:
- "default"
namespace: "openfaas"
- name: "jwt-private-key"
files:
- name: "key"
value_from: "./credentials/key"
value_command: "openssl ecparam -genkey -name prime256v1 -noout -out ./credentials/key"
filters:
- "auth"
namespace: "openfaas"
- name: "jwt-public-key"
files:
- name: "key.pub"
value_from: "./credentials/key.pub"
value_command: "openssl ec -in ./credentials/key -pubout -out ./credentials/key.pub"
filters:
- "auth"
namespace: "openfaas"
## This value is used by Github to talk to system-github-event
- name: "github-webhook-secret"
files:
- name: "github-webhook-secret"
value_from: "./credentials/github-webhook-secret"
filters:
- "scm_github"
namespace: "openfaas-fn"
# Download from GitHub App on GitHub UI or using GitHub app creation tool
- name: "private-key"
files:
- name: "private-key"
value_from: "./credentials/github-private-key.pem"
filters:
- "scm_github"
namespace: "openfaas-fn"
# OAuth client_secret
- name: "of-client-secret"
files:
- name: "of-client-secret"
value_from: "./credentials/of-client-secret"
filters:
- "auth"
namespace: "openfaas"
## Use Route 53
### Create role and download its secret access key
- name: "route53-credentials-secret"
files:
- name: "secret-access-key"
value_from: "./credentials/route53-secret-access-key"
filters:
- "route53_dns01"
namespace: "cert-manager"
# Used by Buildkit to push images to your registry
- name: "registry-secret"
files:
- name: "config.json"
value_from: "./credentials/config.json"
filters:
- "default"
namespace: "openfaas"
# Used to pull functions / images to nodes by Kubernetes
- name: "registry-pull-secret"
files:
- name: ".dockerconfigjson"
value_from: "./credentials/config.json"
namespace: "openfaas-fn"
filters:
- "default"
type: "kubernetes.io/dockerconfigjson"
# ECR credentials to push to AWS ECR
- name: "aws-ecr-credentials"
files:
- name: "credentials"
value_from: "./credentials/aws-ecr-credentials"
filters:
- "ecr"
namespace: "openfaas"
- name: "aws-ecr-createrepo-credentials"
files:
- name: "credentials"
value_from: "./credentials/aws-ecr-credentials"
filters:
- "ecr"
namespace: "openfaas-fn"
## If not using a HTTPS URL, then set a list of CUSTOMERS
- name: "of-customers"
files:
- name: "of-customers"
value_from: "./credentials/customers"
namespace: "openfaas"
filters:
- "default"
- name: "customers"
files:
- name: "customers"
value_from: "./credentials/customers"
namespace: "openfaas-fn"
filters:
- "default"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment