diff --git a/fission/helmrelease-fission.yaml b/fission/helmrelease-fission.yaml deleted file mode 100644 index 1a5a01e..0000000 --- a/fission/helmrelease-fission.yaml +++ /dev/null @@ -1,927 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: fission - namespace: fission-ns -spec: - chart: - spec: - chart: fission-all - sourceRef: - kind: HelmRepository - name: fission - namespace: flux-system - interval: 5m - values: - ## Fission chart configuration - ## - - ## serviceType to consider while creating Fission Controller service. - ## For minikube/kind, set this to NodePort, elsewhere use LoadBalancer or ClusterIP. - ## - serviceType: LoadBalancer - - ## routerServiceType to consider while creating Fission Router service. - ## For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP. - ## - routerServiceType: LoadBalancer - - ## repository represents base repository for images used in the chart. - ## Keep it empty for using existing local image - ## - repository: ghcr.io - - ## image represents the base image fission-bundle used by multiple Fission components. - ## We alter arguments to the image to run a particular component. - ## - image: fission/fission-bundle - - ## imageTag represents the tag of the base image fission-bundle used by multiple Fission components. - ## It is also used by the chart to identify version of the few more images apart from fission-bundle. - ## Keep it empty for using latest tag. - ## - imageTag: v1.19.0 - - ## pullPolicy represents the pull policy to use for images in the chart. - ## - pullPolicy: IfNotPresent - - ## imageppullsecrets - imagePullSecrets: [] - - ## priorityClassName represents the priority class name to use for Fission components. - ## Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ - ## executor.priorityClassName takes precedence over this value for executor. - ## router.priorityClassName takes precedence over this value for router. - ## - priorityClassName: "" - - ## terminationMessagePath is the path at which the pod termination message will be written. - ## executor.terminationMessagePath takes precedence over this value for executor. - ## router.terminationMessagePath takes precedence over this value for router. - ## - terminationMessagePath: /dev/termination-log - - ## terminationMessagePolicy is the policy for the termination message. - ## executor.terminationMessagePolicy takes precedence over this value for executor. - ## router.terminationMessagePolicy takes precedence over this value for router. - ## - terminationMessagePolicy: File - - ## controllerPort represents the port at which the Fission controller service should be exposed. - ## - controllerPort: 31313 - - ## routerPort represents the port at which the Fission Router service should be exposed. - ## - routerPort: 31314 - - ## defaultNamespace represents the namespace in which Fission custom resources will be created by the Fission user. - ## This is different from the release namespace. - ## Please consider setting `additionalFissionNamespaces` if you want more than one namespace to be used for Fission custom resources. - ## - defaultNamespace: fission-service-ns - - ## builderNamespace represents the namespace in which Fission Builder resources will be created. - ## if builderNamespace is set to empty then builder resources will be created in the same namespace as the Fission resources. - ## This is different from the release namespace. - ## - builderNamespace: "" - - ## functionNamespace represents the namespace in which Fission Function resources will be created. - ## if functionNamespace is set to empty then function resources will be created in the same namespace as the Fission resources. - ## This is different from the release namespace. - ## - functionNamespace: "" - - ## Fission will watch the following namespaces along with the `defaultNamespace` for fission custom resources. - ## additionalFissionNamespaces: - ## - namespace1 - ## - namespace2 - ## - namespace3 - additionalFissionNamespaces: [] - - ## createNamespace decides to create namespaces by the chart. - ## If set to true, functionNamespace and builderNamespace namespaces mentioned above will be created by the chart. - ## Set to false if you want to create the namespaces manually. - ## - createNamespace: true - - ## enableIstio indicates whether to enable istio integration. - ## - enableIstio: false - - ## fetcher is a light weight component that helps in running functions. - ## fetcher helps in fetching function source code/build and uploading it when function is invoked. - ## - fetcher: - ## image represents the image of the fetcher component. - image: fission/fetcher - ## imageTag represents the tag of the image of the fetcher component. - imageTag: v1.19.0 - - ## Fetcher is only for to downloading or uploading archive. - ## Normally, you don't need to change the value here, unless necessary. - ## - resource: - ## cpu represents the cpu resource required by the fetcher component. - ## - cpu: - requests: "10m" - ## Low CPU limits will increases the function specialization time. - limits: "" - ## mem represents the memory resource required by the fetcher component. - ## - mem: - requests: "16Mi" - limits: "" - - ## executor is responsible for providing resources to your functions. - ## - executor: - ## executor priorityClassName - ## Ref. https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ - ## Recommended to use system-cluster-critical for executor pods. - ## - priorityClassName: "" - ## terminationMessagePath is the path at which the file to which the executor will write a message upon termination. - ## - terminationMessagePath: "" - ## terminationMessagePolicy is the policy for the executor termination message. - ## - terminationMessagePolicy: "" - ## adoptExistingResources decides whether to adopt existing resources when executor restarts or Fission is redeployed. - ## - adoptExistingResources: false - ## podReadyTimeout represents the timeout in seconds for waiting for pod to become ready. - ## This is applicable to Pool Manager executor type only. - ## - podReadyTimeout: 300s - - ## Pod resources as: - ## resources: - ## limits: - ## cpu: - ## memory: - ## requests: - ## cpu: - ## memory: - ## - resources: {} - - ## Security Context - ## It holds pod-level and container level security configuration. - ## This is an experimental section, please verify before enabling in production. - ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 - securityContext: - enabled: true - ## Mark it false, if you want to stop the non root user validation - runAsNonRoot: true - fsGroup: 10001 - runAsUser: 10001 - runAsGroup: 10001 - - ## Object Reaper - ## objectReaperInterval (seconds) represents GLOBAL interval to run process that reaps objects after certain idle time. - ## Also you can set different objectReaperInterval for specific executor type. See poolmgs/newdeploy/container section - ## Default: 5 (in seconds) - ## - objectReaperInterval: 5 - - poolmgr: {} - ## objectReaperInterval specific to poolmgr executor type - ## - ## objectReaperInterval: 5 - newdeploy: {} - ## objectReaperInterval specific to newdeploy executor type - ## - ## objectReaperInterval: 5 - container: {} - ## objectReaperInterval specific to container executor type - ## - ## objectReaperInterval: 5 - - serviceAccountCheck: - ## enables fission to create service account, roles and rolebinding for missing permission for builder and fetcher. - enabled: true - ## indicates the time interval in minutes, after that fission will create service account, roles and rolebinding for builder and fetcher. - ## interval will be applicable only if enable value is set to true. - ## default timing will be 0 minutes. That means check will run only once. - ## if you want to run check every 30 minutes then set interval to 30. - interval: 0 - ## router is responsible for routing function calls to the appropriate function. - ## - router: - ## router priorityClassName - ## Ref. https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ - ## Recommended to use system-cluster-critical for router pods. - ## - priorityClassName: "" - ## terminationMessagePath is the path at which the file to which the router will write a message upon termination. - ## - terminationMessagePath: "" - ## terminationMessagePolicy is the policy for the router termination message. - ## - terminationMessagePolicy: "" - ## deployAsDaemonSet decides whether to deploy router as a DaemonSet or a Deployment. - ## - deployAsDaemonSet: false - ## replicas decides how many router pods to deploy. Only used when deployAsDaemonSet is false. - ## - replicas: 1 - ## svcAddressMaxRetries is the max times for router to retry with a specific function service address - ## - svcAddressMaxRetries: 5 - ## svcAddressUpdateTimeout is the timeout setting for a goroutine to wait for the update of a service entry. - ## - svcAddressUpdateTimeout: 30s - ## unTapServiceTimeout is the timeout used in the request context of unTapService. - ## unTapService is called to free up the resources once the function invocation is done. - ## - unTapServiceTimeout: 3600s - ## displayAccessLog display endpoing access logs - ## Please be aware of enabling logging endpoint access log, it increases - ## router resource utilization when under heavy workloads. - ## - displayAccessLog: false - ## svcAnnotations is the annotations to be added to the service resource created for router. - ## - # svcAnnotations: - # cloud.google.com/load-balancer-type: Internal - - ## useEncodedPath decideds to match encoded path. - ## If true, "/foo%2Fbar" will match the path "/{var}"; - ## Otherwise, it will match the path "/foo/bar". - ## For details, see: https://github.com/fission/fission/issues/1317 - ## - useEncodedPath: false - - roundTrip: - ## If true, router will disable the HTTP keep-alive which result in performance degradation. - ## But it ensures that router can redirect new coming requests to new function pods. - ## - ## If false, router will enable transport keep-alive feature for better performance. - ## However, the drawback is it takes longer to switch to newly created function pods - ## if using newdeploy as executor type for function. If you want to preserve the - ## performance while keeping the short switching time to new function, you can create - ## an environment with short grace period by setting flag "--graceperiod" (default 360s), - ## so that kubernetes will be able to reap old function pod quickly. - ## - ## For details, see https://github.com/fission/fission/issues/723 - ## - disableKeepAlive: false - - ## keepAliveTime is period for an active network connection to function pod. - ## - keepAliveTime: 30s - - ## timeout is HTTP transport request timeout - ## - timeout: 50ms - - ## The length of request timeout will multiply with timeoutExponent after each retry - ## - timeoutExponent: 2 - - ## maxRetries defines no of retries of a failed request - ## - maxRetries: 10 - - ## Extend the container specs for the core fission pods. - ## Can be used to add things like affinity/tolerations/nodeSelectors/etc. - ## For example: - ## extraCoreComponentPodConfig: - ## affinity: - ## nodeAffinity: - ## requiredDuringSchedulingIgnoredDuringExecution: - ## nodeSelectorTerms: - ## - matchExpressions: - ## - key: capability - ## operator: In - ## values: - ## - app - ## - #extraCoreComponentPodConfig: - # affinity: - # tolerations: - # nodeSelector: - - ## Pod resources as: - ## resources: - ## limits: - ## cpu: - ## memory: - ## requests: - ## cpu: - ## memory: - ## - resources: {} - - ## Security Context - ## It holds pod-level and container level security configuration. - ## This is an experimental section, please verify before enabling in production. - ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 - securityContext: - enabled: true - ## Mark it false, if you want to stop the non root user validation - runAsNonRoot: true - fsGroup: 10001 - runAsUser: 10001 - runAsGroup: 10001 - - ## The builder manager watches the package & environments CRD changes and manages the builds of function source code. - ## - buildermgr: - ## Pod resources as: - ## resources: - ## limits: - ## cpu: - ## memory: - ## requests: - ## cpu: - ## memory: - ## - resources: {} - - ## Security Context - ## It holds pod-level and container level security configuration. - ## This is an experimental section, please verify before enabling in production. - ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 - securityContext: - enabled: true - ## Mark it false, if you want to stop the non root user validation - runAsNonRoot: true - fsGroup: 10001 - runAsUser: 10001 - runAsGroup: 10001 - - ## controller is the component that the client talks to. - ## It contains CRUD APIs for functions, triggers, environments, Kubernetes event watches, etc. and proxy APIs to internal 3rd-party services. - ## - controller: - enabled: true - ## Pod resources as: - ## resources: - ## limits: - ## cpu: - ## memory: - ## requests: - ## cpu: - ## memory: - ## - resources: {} - - ## Security Context - ## It holds pod-level and container level security configuration. - ## This is an experimental section, please verify before enabling in production. - ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 - securityContext: - enabled: true - ## Mark it false, if you want to stop the non root user validation - runAsNonRoot: true - fsGroup: 10001 - runAsUser: 10001 - runAsGroup: 10001 - - ## webhook is the component that validates API calls. - ## It contains validation and mutation for functions, triggers, environments, Kubernetes event watches, etc. - ## - webhook: - ## Pod resources as: - ## resources: - ## limits: - ## cpu: - ## memory: - ## requests: - ## cpu: - ## memory: - ## - resources: {} - - certManager: - enabled: false - - caBundlePEM: | - - crtPEM: | - - keyPEM: | - - - ## Security Context - ## It holds pod-level and container level security configuration. - ## This is an experimental section, please verify before enabling in production. - ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 - securityContext: - enabled: true - ## Mark it false, if you want to stop the non root user validation - runAsNonRoot: true - fsGroup: 10001 - runAsUser: 10001 - runAsGroup: 10001 - - - ## kubewatcher watches the Kubernetes API and invokes functions associated with watches, sending the watch event to the function. - ## - kubewatcher: - ## Pod resources as: - ## resources: - ## limits: - ## cpu: - ## memory: - ## requests: - ## cpu: - ## memory: - ## - resources: {} - - ## Security Context - ## It holds pod-level and container level security configuration. - ## This is an experimental section, please verify before enabling in production. - ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 - securityContext: - enabled: true - ## Mark it false, if you want to stop the non root user validation - runAsNonRoot: true - fsGroup: 10001 - runAsUser: 10001 - runAsGroup: 10001 - - ## The storage service is the home for all archives of packages with sizes larger than 256KB. - ## - storagesvc: - ## Pod resources as: - ## resources: - ## limits: - ## cpu: - ## memory: - ## requests: - ## cpu: - ## memory: - ## - resources: {} - - ## Archive pruner removes archives from storage which are not referenced by any package. - archivePruner: - enabled: true - ## Run prune routine at interval (in minutes) - interval: 60 - - ## Security Context - ## It holds pod-level and container level security configuration. - ## This is an experimental section, please verify before enabling in production. - ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 - securityContext: - enabled: true - ## Mark it false, if you want to stop the non root user validation - runAsNonRoot: true - fsGroup: 10001 - runAsUser: 10001 - runAsGroup: 10001 - - ## The timer works like kubernetes CronJob but instead of creating a pod to do the task - ## It sends a request to router to invoke the function. - ## - timer: - ## Pod resources as: - ## resources: - ## limits: - ## cpu: - ## memory: - ## requests: - ## cpu: - ## memory: - ## - resources: {} - - ## Security Context - ## It holds pod-level and container level security configuration. - ## This is an experimental section, please verify before enabling in production. - ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 - securityContext: - enabled: true - ## Mark it false, if you want to stop the non root user validation - runAsNonRoot: true - fsGroup: 10001 - runAsUser: 10001 - runAsGroup: 10001 - - ## Kafka: enable and configure the details - ## - kafka: - enabled: false - ## note: below link is only for reference. - ## Please use the brokers link for your kafka here. - ## - brokers: "broker.kafka:9092" # or your-bootstrap-server.kafka:9092/9093 - ## Sample config for authentication - ## authentication: - ## tls: - ## enabled: true - ## caCert: 'auth/kafka/ca.crt' - ## userCert: 'auth/kafka/user.crt' - ## userKey: 'auth/kafka/user.key' - ## - authentication: - tls: - enabled: false - ## InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name. - ## Warning: Setting this to true, makes TLS susceptible to man-in-the-middle attacks - ## - insecureSkipVerify: false - ## path to certificate containing public key of CA authority - ## - caCert: "" - ## path to certificate containing public key of the user signed by CA authority - ## - userCert: "" - ## path to private key of the user - ## - userKey: "" - - ## version of Kafka broker - ## For 0.x it must be a string in the format - ## "major.minor.veryMinor.patch" example: 0.8.2.0 - ## For 1.x it must be a string in the format - ## "major.major.veryMinor" example: 2.0.1 - ## Should be >= 0.11.2.0 to enable Kafka record headers support - ## - # version: "0.11.2.0" - - # The following components expose Prometheus metrics and have servicemonitors in this chart (disabled by default) - # Controller, router, executor, storage svc - serviceMonitor: - enabled: false - ##namespace in which you want to deploy servicemonitor - ## - namespace: "" - ## Map of additional labels to add to the ServiceMonitor resources - # to allow selecting specific ServiceMonitors - # in case of multiple prometheus deployments - additionalServiceMonitorLabels: {} - # release: "monitoring" - # key: "value" - - # The following components expose Prometheus metrics and have podmonitors in this chart (disabled by default) - # - podMonitor: - enabled: false - ##namespace in which you want to deploy podmonitor - ## - namespace: "" - ## Map of additional labels to add to the PodMonitor resources - # to allow selecting specific PodMonitor - # in case of multiple prometheus deployments - additionalPodMonitorLabels: {} - # release: "monitoring" - # key: "value" - - ## Persist data to a persistent volume. - ## - persistence: - ## If true, fission will create/use a Persistent Volume Claim unless storageType is set to s3 - ## If false, use emptyDir - ## - enabled: false - - ## Must be set to either local or S3. - ## If storateType is set(other than local), one of its backend configuration must be set as below. - ## - #storageType: s3 - - ## Sample configuration for AWS s3 storage backend - ## - #s3: - # bucketName: - # subDir: - # accessKeyId: - # secretAccessKey: - # region: - ## #For Minio and other s3 compatible storage systems set endPoint property - # endPoint: - - ## A manually managed Persistent Volume Claim name - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - # existingClaim: - - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - - accessMode: ReadWriteOnce - size: 8Gi - - ## Extend the container specs for the core fission pods. - ## Can be used to add things like affinity/tolerations/nodeSelectors/etc. - ## For example: - ## extraCoreComponentPodConfig: - ## affinity: - ## nodeAffinity: - ## requiredDuringSchedulingIgnoredDuringExecution: - ## nodeSelectorTerms: - ## - matchExpressions: - ## - key: capability - ## operator: In - ## values: - ## - app - ## - #extraCoreComponentPodConfig: - # affinity: - # tolerations: - # nodeSelector: - - ## Analytics let us count how many people installed fission. Set to - ## false to disable analytics. - ## - analytics: true - - ## Internally used for generating an analytics job for non-helm installs - ## - analyticsNonHelmInstall: false - - ## Google Analytics Tracking ID - ## - gaTrackingID: UA-196546703-1 - - ## Logger config - ## This would be used if influxdb is enabled - ## - logger: - influxdbAdmin: "admin" - fluentdImageRepository: index.docker.io - fluentdImage: fluent/fluent-bit - fluentdImageTag: 1.8.8 - - ## Fluent-bit writes/reads it’s own sqlite database to record a history of tracked - ## files and a state of offsets, this is very useful to resume a state if the ser- - ## vice is restarted. For Kubernetes environment with constraints like OpenShift, - ## the containers are limited to write hostPath volume. Hence, we have to enable - ## security context and set privileged to true. - ## - enableSecurityContext: false - - ## Enable PodSecurityPolicies to allow privileged container - ## Only required in some clusters and when enableSecurityContext is true - ## - podSecurityPolicy: - enabled: false - - ## Configure additional capabilities - ## - additionalCapabilities: - # example values for linkerd - #- NET_RAW - #- NET_ADMIN - - ## Enable InfluxDB - ## - influxdb: - enabled: false - image: influxdb:1.8 - - ## Allow user to override busybox image used in fluent-bit init container - ## - busyboxImage: busybox - - ## Archive pruner is a garbage collector for archives on the fission storage service. - ## This interval configures the frequency at which it runs inside the storagesvc pod. - ## The value is in minutes. - ## - - preUpgradeChecks: - ## Run pre-install/pre-upgrade checks if true - ## - enabled: true - ## pre-install/pre-upgrade checks live in this image - ## - image: fission/pre-upgrade-checks - ## pre-install/pre-upgrade checks image version - ## - imageTag: v1.19.0 - - ## Fission post-install/post-upgrade reporting live in this image - ## - postInstallReportImage: fission/reporter - - ## If there are any pod specialization errors when a function is triggered, the error - ## summary is returned as part of http response if this is set to true. - ## - debugEnv: false - - ## Prometheus related configuration to query metrics - ## - prometheus: - ## please assign the prometheus service URL - ## that is accessible by Fission components. - ## This is mainly used to enable canary deployment. - ## - serviceEndpoint: "" - - - canaryDeployment: - ## set this flag to true if you need canary deployment feature - enabled: false - - ## Pod resources as: - ## resources: - ## limits: - ## cpu: - ## memory: - ## requests: - ## cpu: - ## memory: - ## - resources: {} - - ## Security Context - ## It holds pod-level and container level security configuration. - ## This is an experimental section, please verify before enabling in production. - ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 - securityContext: - enabled: true - ## Mark it false, if you want to stop the non root user validation - runAsNonRoot: true - fsGroup: 10001 - runAsUser: 10001 - runAsGroup: 10001 - - ## Enable authentication for fission function invocation via Fission router - ## - authentication: - ## set this flag to true if you need authentication - ## for all function invocations - ## default 'false' - ## - enabled: false - ## authUriPath defines authentication endpoint path - ## via router - ## default '/auth/login' - ## - authUriPath: - ## authUsername is used as a username for authentication - ## default 'admin' - ## - authUsername: admin - ## jwtSigningKey is the signing key used for - ## signing the JWT token - ## - jwtSigningKey: serverless - ## jwtExpiryTime is the JWT expiry time - ## in seconds - ## default '120' - ## - jwtExpiryTime: - ## jwtIssuer is the issuer of JWT - ## default 'fission' - ## - jwtIssuer: fission - - ## OpenTelemetry is a set of tools for collecting, analyzing, and visualizing - ## distributed tracing data across function calls. - ## - openTelemetry: - ## Use this flag to set the collector endpoint for OpenTelemetry. - ## The variable is endpoint of the collector in the format shown below. - ## otlpCollectorEndpoint: "otel-collector.observability.svc:4317" - ## - otlpCollectorEndpoint: "" - ## Set this flag to false if you are using secure endpoint for the collector. - ## - otlpInsecure: true - ## Key-value pairs to be used as headers associated with gRPC or HTTP requests to the collector. - ## Eg. otlpHeaders: "key1=value1,key2=value2" - ## - otlpHeaders: "" - ## Supported samplers: - ## always_on - Sampler that always samples spans, regardless of the parent span's sampling decision. - ## always_off - Sampler that never samples spans, regardless of the parent span's sampling decision. - ## traceidratio - Sampler that samples probabalistically based on rate. - ## parentbased_always_on - (default if empty) Sampler that respects its parent span's sampling decision, but otherwise always samples. - ## parentbased_always_off - Sampler that respects its parent span's sampling decision, but otherwise never samples. - ## parentbased_traceidratio - Sampler that respects its parent span's sampling decision, but otherwise samples probabalistically based on rate. - ## See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/sdk-environment-variables.md#general-sdk-configuration - ## - tracesSampler: "parentbased_traceidratio" - ## Each Sampler type defines its own expected input, if any. - ## Currently we get trace ratio for the case of, - ## 1. traceidratio - ## 2. parentbased_traceidratio - ## Sampling probability, a number in the [0..1] range, e.g. "0.1". Default is 0.1. - ## - tracesSamplingRate: "0.1" - ## Supported providers: - ## tracecontext - W3C Trace Context - ## baggage - W3C Baggage - ## b3 - B3 Single - ## b3multi - B3 Multi - ## jaeger - Jaeger uber-trace-id header - ## xray - AWS X-Ray (third party) - ## ottrace - OpenTracing Trace (third party) - ## none - No tracing - ## See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/sdk-environment-variables.md#general-sdk-configuration - ## - propagators: "tracecontext,baggage" - - ## Message Queue Trigger Kind, KEDA: enable and configuration - ## - mqt_keda: - enabled: true - connector_images: - kafka: - image: fission/keda-kafka-http-connector - tag: v0.12 - rabbitmq: - image: fission/keda-rabbitmq-http-connector - tag: v0.10 - awskinesis: - image: fission/keda-aws-kinesis-http-connector - tag: v0.10 - aws_sqs: - image: fission/keda-aws-sqs-http-connector - tag: v0.11 - nats_steaming: - image: fission/keda-nats-streaming-http-connector - tag: v0.13 - nats_jetstream: - image: fission/keda-nats-jetstream-http-connector - tag: v0.4 - gcp_pubsub: - image: fission/keda-gcp-pubsub-http-connector - tag: v0.6 - redis: - image: fission/keda-redis-http-connector - tag: v0.3 - - ## Pod resources as: - ## resources: - ## limits: - ## cpu: - ## memory: - ## requests: - ## cpu: - ## memory: - ## - resources: {} - - ## Enable Pprof based profiling used mostly by Fission developers - ## - pprof: - enabled: false - - ## Enable runtimePodSpec and add spec to your poolmgr or newdeploy pods - ## - runtimePodSpec: - - ## Setting it false by default so that integration tests pass - ## - enabled: false - - ## Checkout PodSpec in https://fission.io/docs/reference/crd-reference/#runtime - ## - podSpec: - - ## Default podspec to improve security of the pods - ## - securityContext: - fsGroup: 10001 - runAsGroup: 10001 - runAsNonRoot: true - runAsUser: 10001 - - ## Enable builderPodSpec and add spec to your env builder pods - ## - builderPodSpec: - - ## Setting it false by default so that integration tests pass - ## - enabled: false - - ## Checkout PodSpec in https://fission.io/docs/reference/crd-reference/#builder - ## - podSpec: - - ## Default podspec to improve security of the pods - ## - securityContext: - fsGroup: 10001 - runAsGroup: 10001 - runAsNonRoot: true - runAsUser: 10001 - - - ## Enable Grafana Dashboard configmaps for auto dashboard provisioning - ## If you use kube-prometheus stack for monitoring, these will get imported into grafana - grafana: - ## The namespace in which grafana pod is present - namespace: monitoring - dashboards: - ## Disabled by default. switch to true to deploy them - enable: false - -