Created
April 1, 2020 12:25
-
-
Save Waterdrips/54471b9236f6d8c7ac60a304bb0129d0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Use a secret instead of a publicly accessible URL for the ACL | |
### of valid users. | |
customers_secret: true | |
### Enable only if using AWS ECR | |
enable_ecr: true | |
## Ingress into OpenFaaS Cloud | |
### Keep active if using a cluster with a LoadBalancer available. | |
ingress: loadbalancer | |
## Source Control Management | |
### Pick either github or gitlab | |
scm: github | |
## Slack | |
### You can set your own url to get an audit trail in your Slack workspace | |
### You can edit this after deployment if needed in the audit function | |
slack: | |
url: http://gateway.openfaas:8080/function/echo | |
## Enable auth: | |
### When enabled users must log in with a valid GitHub account and be present in the | |
### customers file to view any dashboard | |
enable_oauth: true | |
## Set to true to enable scaling to zero | |
### When enabled, all functions are included by default, to turn off add a label | |
### of com.openfaas.scale.zero: "false" | |
scale_to_zero: false | |
## Version of OpenFaaS Cloud from https://github.com/openfaas/openfaas-cloud/releases/ | |
openfaas_cloud_version: 0.13.7 | |
## Enable network policies | |
### Prevents functions from talking to the openfaas namespace, and to each other. | |
### Use the ingress address for the gateway or the external IP instead. | |
network_policies: false | |
## S3 configuration | |
### Build logs from buildkit are stored in S3 | |
### Defaults to in-cluster deployment of Minio. AWS S3 is also possible | |
s3: | |
s3_url: cloud-minio.openfaas.svc.cluster.local:9000 | |
s3_region: us-east-1 | |
s3_tls: false | |
s3_bucket: pipeline | |
## Define the custom templates available for your users | |
deployment: | |
custom_templates: | |
- https://github.com/openfaas-incubator/node8-express-template.git | |
- https://github.com/openfaas-incubator/golang-http-template.git | |
- https://github.com/openfaas-incubator/node10-express-template.git | |
- https://github.com/openfaas-incubator/python-flask-template.git | |
- https://github.com/openfaas-incubator/ruby-http | |
## Dockerfile language support | |
### Use with caution, it allows any workload to be built and run | |
enable_dockerfile_lang: true | |
tls: true | |
tls_config: | |
issuer_type: "prod" | |
email: "example@example.com" | |
dns_service: route53 | |
region: <AWS_REGION> | |
secrets: | |
- name: s3-secret-key | |
literals: | |
- name: s3-secret-key | |
filters: | |
- "default" | |
namespace: "openfaas-fn" | |
- name: s3-access-key | |
literals: | |
- name: s3-access-key | |
filters: | |
- "default" | |
namespace: "openfaas-fn" | |
- name: basic-auth | |
files: | |
- name: "basic-auth-user" | |
value_from: "./credentials/basic-auth-user" | |
- name: "basic-auth-password" | |
value_from: "./credentials/basic-auth-password" | |
filters: | |
- "default" | |
namespace: "openfaas" | |
- name: "payload-secret" | |
files: | |
- name: "payload-secret" | |
value_from: "./credentials/payload-secret" | |
filters: | |
- "default" | |
namespace: "openfaas" | |
- name: "jwt-private-key" | |
files: | |
- name: "key" | |
value_from: "./credentials/key" | |
value_command: "openssl ecparam -genkey -name prime256v1 -noout -out ./credentials/key" | |
filters: | |
- "auth" | |
namespace: "openfaas" | |
- name: "jwt-public-key" | |
files: | |
- name: "key.pub" | |
value_from: "./credentials/key.pub" | |
value_command: "openssl ec -in ./credentials/key -pubout -out ./credentials/key.pub" | |
filters: | |
- "auth" | |
namespace: "openfaas" | |
## This value is used by Github to talk to system-github-event | |
- name: "github-webhook-secret" | |
files: | |
- name: "github-webhook-secret" | |
value_from: "./credentials/github-webhook-secret" | |
filters: | |
- "scm_github" | |
namespace: "openfaas-fn" | |
# Download from GitHub App on GitHub UI or using GitHub app creation tool | |
- name: "private-key" | |
files: | |
- name: "private-key" | |
value_from: "./credentials/github-private-key.pem" | |
filters: | |
- "scm_github" | |
namespace: "openfaas-fn" | |
# OAuth client_secret | |
- name: "of-client-secret" | |
files: | |
- name: "of-client-secret" | |
value_from: "./credentials/of-client-secret" | |
filters: | |
- "auth" | |
namespace: "openfaas" | |
## Use Route 53 | |
### Create role and download its secret access key | |
- name: "route53-credentials-secret" | |
files: | |
- name: "secret-access-key" | |
value_from: "./credentials/route53-secret-access-key" | |
filters: | |
- "route53_dns01" | |
namespace: "cert-manager" | |
# Used by Buildkit to push images to your registry | |
- name: "registry-secret" | |
files: | |
- name: "config.json" | |
value_from: "./credentials/config.json" | |
filters: | |
- "default" | |
namespace: "openfaas" | |
# Used to pull functions / images to nodes by Kubernetes | |
- name: "registry-pull-secret" | |
files: | |
- name: ".dockerconfigjson" | |
value_from: "./credentials/config.json" | |
namespace: "openfaas-fn" | |
filters: | |
- "default" | |
type: "kubernetes.io/dockerconfigjson" | |
# ECR credentials to push to AWS ECR | |
- name: "aws-ecr-credentials" | |
files: | |
- name: "credentials" | |
value_from: "./credentials/aws-ecr-credentials" | |
filters: | |
- "ecr" | |
namespace: "openfaas" | |
- name: "aws-ecr-createrepo-credentials" | |
files: | |
- name: "credentials" | |
value_from: "./credentials/aws-ecr-credentials" | |
filters: | |
- "ecr" | |
namespace: "openfaas-fn" | |
## If not using a HTTPS URL, then set a list of CUSTOMERS | |
- name: "of-customers" | |
files: | |
- name: "of-customers" | |
value_from: "./credentials/customers" | |
namespace: "openfaas" | |
filters: | |
- "default" | |
- name: "customers" | |
files: | |
- name: "customers" | |
value_from: "./credentials/customers" | |
namespace: "openfaas-fn" | |
filters: | |
- "default" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment