forked from openfaas/ofc-bootstrap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
example.init.yaml
329 lines (282 loc) · 9.08 KB
/
example.init.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
secrets:
### Generated secrets (do not edit)
- name: s3-secret-key
literals:
- name: s3-secret-key
filters:
- "default"
namespace: "openfaas-fn"
- name: s3-access-key
literals:
- name: s3-access-key
filters:
- "default"
namespace: "openfaas-fn"
- name: basic-auth
literals:
- name: basic-auth-user
value: admin
- name: basic-auth-password
value: ""
filters:
- "default"
namespace: "openfaas"
- name: "payload-secret"
literals:
- name: payload-secret
value: ""
filters:
- "default"
namespace: "openfaas"
- name: "jwt-private-key"
files:
- name: "key"
value_from: "./tmp/key"
value_command: "openssl ecparam -genkey -name prime256v1 -noout -out ./tmp/key"
filters:
- "auth"
namespace: "openfaas"
- name: "jwt-public-key"
files:
- name: "key.pub"
value_from: "./tmp/key.pub"
value_command: "openssl ec -in ./tmp/key -pubout -out ./tmp/key.pub"
filters:
- "auth"
namespace: "openfaas"
### User-input
### In this section, you must populate all your secrets or secret file-locations
### and your desired configuration.
### For more information see: https://github.com/openfaas/openfaas-cloud/tree/master/docs
## This value is used by Github to talk to system-github-event, the password will be
## generated if left blank. Alternatively, you can enter a password here of your own.
## Enter it into the GitHub App's UI.
- name: "github-webhook-secret"
literals:
- name: "github-webhook-secret"
value: ""
filters:
- "scm_github"
namespace: "openfaas-fn"
# Download from GitHub App on GitHub UI
- name: "private-key"
files:
- name: "private-key"
value_from: "~/Downloads/private-key.pem"
filters:
- "scm_github"
namespace: "openfaas-fn"
# Populate your OAuth client_secret
- name: "of-client-secret"
literals:
- name: of-client-secret
value: "79163355e553b477957d977b0b8addd3c42ff52d"
filters:
- "auth"
namespace: "openfaas"
# Enter your GitLab Webhook secret and API token
- name: "gitlab-webhook-secret"
literals:
- name: "gitlab-webhook-secret"
value: ""
filters:
- "scm_gitlab"
namespace: "openfaas-fn"
- name: "gitlab-api-token"
literals:
- name: "gitlab-api-token"
value: "token"
filters:
- "scm_gitlab"
namespace: "openfaas-fn"
# DNS Service Account secret for DNS01 (wildcard) challenge
## Use DigitalOcean
### Create a Personal Access Token and save it into a file, with no new-lines
- name: "digitalocean-dns"
files:
- name: "access-token"
value_from: "~/Downloads/do-access-token"
filters:
- "do_dns01"
namespace: "cert-manager"
## Use Google Cloud DNS
### Create a service account for DNS management and export it
- name: "clouddns-service-account"
files:
- name: "service-account.json"
value_from: "~/Downloads/service-account.json"
filters:
- "gcp_dns01"
namespace: "cert-manager"
## Use Route 53
### Create role and download its secret access key
- name: "route53-credentials-secret"
files:
- name: "secret-access-key"
value_from: "~/Downloads/route53-secret-access-key"
filters:
- "route53_dns01"
namespace: "cert-manager"
## Use Cloudflare
### Create role and download its secret access key
- name: "cloudflare-api-key-secret"
files:
- name: "api-key"
value_from: "~/Downloads/cloudflare-secret-access-key"
filters:
- "cloudflare_dns01"
namespace: "cert-manager"
# Used by Buildkit to push images to your registry
- name: "registry-secret"
files:
- name: "config.json"
value_from: "./credentials/config.json"
filters:
- "default"
namespace: "openfaas"
# Used to pull functions / images to nodes by Kubernetes
- name: "registry-pull-secret"
files:
- name: ".dockerconfigjson"
value_from: "./credentials/config.json"
namespace: "openfaas-fn"
filters:
- "default"
type: "kubernetes.io/dockerconfigjson"
# ECR credentials to push to AWS ECR
## Make sure you do not use your admin account in ~/.aws/credentials, but a
## new user with ECR power-user permissions only.
- name: "aws-ecr-credentials"
files:
- name: "credentials"
value_from: "~/.aws/credentials"
filters:
- "ecr"
namespace: "openfaas"
- name: "aws-ecr-createrepo-credentials"
files:
- name: "credentials"
value_from: "~/.aws/credentials"
filters:
- "ecr"
namespace: "openfaas-fn"
## If not using a HTTPS URL, then set a list of CUSTOMERS
- name: "of-customers"
literals:
- name: "of-customers"
value_from: "/dev/null"
namespace: "openfaas"
filters:
- "default"
- name: "customers"
literals:
- name: "customers"
value_from: "/dev/null"
namespace: "openfaas-fn"
filters:
- "default"
### Docker registry
#### This can be any cluster accessible by your cluster. To populate the file
#### run `docker login` with "store in keychain" turned off in Docker Desktop.
#### This can also be your private registry
#### Format: registry/username/ - i.e. replace ofctest with your login
registry: docker.io/ofctest/
### Use a secret instead of a publicly accessible URL for the ACL
### of valid users.
customers_secret: false
### Enable only if using AWS ECR
enable_ecr: false
### Change if your using ECR
ecr_config:
### The region to use for ECR
ecr_region: "eu-central-1"
### Your root DNS domain name, this can be a sub-domain i.e. staging.o6s.io / prod.o6s.io
root_domain: "myfaas.club"
## Ingress into OpenFaaS Cloud
### Keep active if using a cluster with a LoadBalancer available.
ingress: loadbalancer
### Uncomment if using on-premises or a host/cloud without a loadbalancer
# ingress: host
## Define the custom templates available for your users
### If needed edit the git-tar Deployment after running the tool
deployment:
custom_templates:
- "https://github.com/openfaas-incubator/node8-express-template.git"
- "https://github.com/openfaas-incubator/golang-http-template.git"
- "https://github.com/openfaas-incubator/node10-express-template.git"
- "https://github.com/openfaas-incubator/python-flask-template.git"
- "https://github.com/openfaas-incubator/ruby-http"
## Source Control Management
### Pick either github or gitlab
scm: github
# scm: gitlab
## Populate from GitHub App
github:
app_id: "24304"
## GitLab
### Public URL for your GitLab instance with a trailing slash
gitlab:
gitlab_instance: "https://gitlab.o6s.io/"
## Enable auth:
### When enabled users must log in with a valid GitHub account and be present in the
### customers file to view any dashboard
enable_oauth: false
## Populate from OAuth App
oauth:
client_id: clientid
## For GitLab put your OAuth provider base URL
# oauth_provider_base_url: "https://gitlab.o6s.io"
## For GitHub leave blank
oauth_provider_base_url: ""
## Slack
### You can set your own url to get an audit trail in your Slack workspace
### You can edit this after deployment if needed in the audit function
slack:
url: http://gateway.openfaas:8080/function/echo
### Users allowed to access your OpenFaaS Cloud
#### ACL for your users, it must be a raw text file or GitHub RAW URL
#### At time of writing this _must_ be a public repo URL
customers_url: "https://raw.githubusercontent.com/openfaas/openfaas-cloud/master/CUSTOMERS"
## S3 configuration
### Build logs from buildkit are stored in S3
### Defaults to in-cluster deployment of Minio. AWS S3 is also possible
s3:
s3_url: cloud-minio.openfaas.svc.cluster.local:9000
s3_region: us-east-1
s3_tls: false
s3_bucket: pipeline
## TLS
tls: false
tls_config:
# issuer_type: "prod"
issuer_type: "staging"
email: "your@email.com"
## Select DNS web service between Amazon Route 53 (route53) and Google Cloud DNS (clouddns)
# by uncommenting the required option
### DigitalOcean
dns_service: digitalocean
### Google Cloud DNS
# dns_service: clouddns
# project_id: "my-openfaas-cloud"
### AWS Route53
# dns_service: route53
# region: us-east-1
# access_key_id: ASYAKIUJE8AYRQQ7DU3M
### Cloudflare
# dns_service: cloudflare
## Dockerfile language support
### Use with caution, it allows any workload to be built and run
enable_dockerfile_lang: false
## Set to true to enable scaling to zero
### When enabled, all functions are included by default, to turn off add a label
### of com.openfaas.scale.zero: "false"
scale_to_zero: false
## Enable network policies
### Prevents functions from talking to the openfaas namespace, and to each other.
### Use the ingress address for the gateway or the external IP instead.
network_policies: false
## Branch that OpenFaaS Cloud will build and deploy
## You should change this if you want a different branch to be built and deployed instead of master
build_branch: master
## Version of OpenFaaS Cloud from https://github.com/openfaas/openfaas-cloud/releases/
openfaas_cloud_version: 0.13.1