From a217c0dcd5434d0c6a32555dfee90c1abecdde8c Mon Sep 17 00:00:00 2001 From: Tyler Perkins Date: Mon, 16 Oct 2023 22:03:09 -0400 Subject: [PATCH] Add back chart --- fission/helmrelease-fission.yaml | 927 +++++++++++++++++++++++++++++++ 1 file changed, 927 insertions(+) create mode 100644 fission/helmrelease-fission.yaml diff --git a/fission/helmrelease-fission.yaml b/fission/helmrelease-fission.yaml new file mode 100644 index 0000000..1a5a01e --- /dev/null +++ b/fission/helmrelease-fission.yaml @@ -0,0 +1,927 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: fission + namespace: fission-ns +spec: + chart: + spec: + chart: fission-all + sourceRef: + kind: HelmRepository + name: fission + namespace: flux-system + interval: 5m + values: + ## Fission chart configuration + ## + + ## serviceType to consider while creating Fission Controller service. + ## For minikube/kind, set this to NodePort, elsewhere use LoadBalancer or ClusterIP. + ## + serviceType: LoadBalancer + + ## routerServiceType to consider while creating Fission Router service. + ## For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP. + ## + routerServiceType: LoadBalancer + + ## repository represents base repository for images used in the chart. + ## Keep it empty for using existing local image + ## + repository: ghcr.io + + ## image represents the base image fission-bundle used by multiple Fission components. + ## We alter arguments to the image to run a particular component. + ## + image: fission/fission-bundle + + ## imageTag represents the tag of the base image fission-bundle used by multiple Fission components. + ## It is also used by the chart to identify version of the few more images apart from fission-bundle. + ## Keep it empty for using latest tag. + ## + imageTag: v1.19.0 + + ## pullPolicy represents the pull policy to use for images in the chart. + ## + pullPolicy: IfNotPresent + + ## imageppullsecrets + imagePullSecrets: [] + + ## priorityClassName represents the priority class name to use for Fission components. + ## Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ + ## executor.priorityClassName takes precedence over this value for executor. + ## router.priorityClassName takes precedence over this value for router. + ## + priorityClassName: "" + + ## terminationMessagePath is the path at which the pod termination message will be written. + ## executor.terminationMessagePath takes precedence over this value for executor. + ## router.terminationMessagePath takes precedence over this value for router. + ## + terminationMessagePath: /dev/termination-log + + ## terminationMessagePolicy is the policy for the termination message. + ## executor.terminationMessagePolicy takes precedence over this value for executor. + ## router.terminationMessagePolicy takes precedence over this value for router. + ## + terminationMessagePolicy: File + + ## controllerPort represents the port at which the Fission controller service should be exposed. + ## + controllerPort: 31313 + + ## routerPort represents the port at which the Fission Router service should be exposed. + ## + routerPort: 31314 + + ## defaultNamespace represents the namespace in which Fission custom resources will be created by the Fission user. + ## This is different from the release namespace. + ## Please consider setting `additionalFissionNamespaces` if you want more than one namespace to be used for Fission custom resources. + ## + defaultNamespace: fission-service-ns + + ## builderNamespace represents the namespace in which Fission Builder resources will be created. + ## if builderNamespace is set to empty then builder resources will be created in the same namespace as the Fission resources. + ## This is different from the release namespace. + ## + builderNamespace: "" + + ## functionNamespace represents the namespace in which Fission Function resources will be created. + ## if functionNamespace is set to empty then function resources will be created in the same namespace as the Fission resources. + ## This is different from the release namespace. + ## + functionNamespace: "" + + ## Fission will watch the following namespaces along with the `defaultNamespace` for fission custom resources. + ## additionalFissionNamespaces: + ## - namespace1 + ## - namespace2 + ## - namespace3 + additionalFissionNamespaces: [] + + ## createNamespace decides to create namespaces by the chart. + ## If set to true, functionNamespace and builderNamespace namespaces mentioned above will be created by the chart. + ## Set to false if you want to create the namespaces manually. + ## + createNamespace: true + + ## enableIstio indicates whether to enable istio integration. + ## + enableIstio: false + + ## fetcher is a light weight component that helps in running functions. + ## fetcher helps in fetching function source code/build and uploading it when function is invoked. + ## + fetcher: + ## image represents the image of the fetcher component. + image: fission/fetcher + ## imageTag represents the tag of the image of the fetcher component. + imageTag: v1.19.0 + + ## Fetcher is only for to downloading or uploading archive. + ## Normally, you don't need to change the value here, unless necessary. + ## + resource: + ## cpu represents the cpu resource required by the fetcher component. + ## + cpu: + requests: "10m" + ## Low CPU limits will increases the function specialization time. + limits: "" + ## mem represents the memory resource required by the fetcher component. + ## + mem: + requests: "16Mi" + limits: "" + + ## executor is responsible for providing resources to your functions. + ## + executor: + ## executor priorityClassName + ## Ref. https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ + ## Recommended to use system-cluster-critical for executor pods. + ## + priorityClassName: "" + ## terminationMessagePath is the path at which the file to which the executor will write a message upon termination. + ## + terminationMessagePath: "" + ## terminationMessagePolicy is the policy for the executor termination message. + ## + terminationMessagePolicy: "" + ## adoptExistingResources decides whether to adopt existing resources when executor restarts or Fission is redeployed. + ## + adoptExistingResources: false + ## podReadyTimeout represents the timeout in seconds for waiting for pod to become ready. + ## This is applicable to Pool Manager executor type only. + ## + podReadyTimeout: 300s + + ## Pod resources as: + ## resources: + ## limits: + ## cpu: + ## memory: + ## requests: + ## cpu: + ## memory: + ## + resources: {} + + ## Security Context + ## It holds pod-level and container level security configuration. + ## This is an experimental section, please verify before enabling in production. + ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 + securityContext: + enabled: true + ## Mark it false, if you want to stop the non root user validation + runAsNonRoot: true + fsGroup: 10001 + runAsUser: 10001 + runAsGroup: 10001 + + ## Object Reaper + ## objectReaperInterval (seconds) represents GLOBAL interval to run process that reaps objects after certain idle time. + ## Also you can set different objectReaperInterval for specific executor type. See poolmgs/newdeploy/container section + ## Default: 5 (in seconds) + ## + objectReaperInterval: 5 + + poolmgr: {} + ## objectReaperInterval specific to poolmgr executor type + ## + ## objectReaperInterval: 5 + newdeploy: {} + ## objectReaperInterval specific to newdeploy executor type + ## + ## objectReaperInterval: 5 + container: {} + ## objectReaperInterval specific to container executor type + ## + ## objectReaperInterval: 5 + + serviceAccountCheck: + ## enables fission to create service account, roles and rolebinding for missing permission for builder and fetcher. + enabled: true + ## indicates the time interval in minutes, after that fission will create service account, roles and rolebinding for builder and fetcher. + ## interval will be applicable only if enable value is set to true. + ## default timing will be 0 minutes. That means check will run only once. + ## if you want to run check every 30 minutes then set interval to 30. + interval: 0 + ## router is responsible for routing function calls to the appropriate function. + ## + router: + ## router priorityClassName + ## Ref. https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ + ## Recommended to use system-cluster-critical for router pods. + ## + priorityClassName: "" + ## terminationMessagePath is the path at which the file to which the router will write a message upon termination. + ## + terminationMessagePath: "" + ## terminationMessagePolicy is the policy for the router termination message. + ## + terminationMessagePolicy: "" + ## deployAsDaemonSet decides whether to deploy router as a DaemonSet or a Deployment. + ## + deployAsDaemonSet: false + ## replicas decides how many router pods to deploy. Only used when deployAsDaemonSet is false. + ## + replicas: 1 + ## svcAddressMaxRetries is the max times for router to retry with a specific function service address + ## + svcAddressMaxRetries: 5 + ## svcAddressUpdateTimeout is the timeout setting for a goroutine to wait for the update of a service entry. + ## + svcAddressUpdateTimeout: 30s + ## unTapServiceTimeout is the timeout used in the request context of unTapService. + ## unTapService is called to free up the resources once the function invocation is done. + ## + unTapServiceTimeout: 3600s + ## displayAccessLog display endpoing access logs + ## Please be aware of enabling logging endpoint access log, it increases + ## router resource utilization when under heavy workloads. + ## + displayAccessLog: false + ## svcAnnotations is the annotations to be added to the service resource created for router. + ## + # svcAnnotations: + # cloud.google.com/load-balancer-type: Internal + + ## useEncodedPath decideds to match encoded path. + ## If true, "/foo%2Fbar" will match the path "/{var}"; + ## Otherwise, it will match the path "/foo/bar". + ## For details, see: https://github.com/fission/fission/issues/1317 + ## + useEncodedPath: false + + roundTrip: + ## If true, router will disable the HTTP keep-alive which result in performance degradation. + ## But it ensures that router can redirect new coming requests to new function pods. + ## + ## If false, router will enable transport keep-alive feature for better performance. + ## However, the drawback is it takes longer to switch to newly created function pods + ## if using newdeploy as executor type for function. If you want to preserve the + ## performance while keeping the short switching time to new function, you can create + ## an environment with short grace period by setting flag "--graceperiod" (default 360s), + ## so that kubernetes will be able to reap old function pod quickly. + ## + ## For details, see https://github.com/fission/fission/issues/723 + ## + disableKeepAlive: false + + ## keepAliveTime is period for an active network connection to function pod. + ## + keepAliveTime: 30s + + ## timeout is HTTP transport request timeout + ## + timeout: 50ms + + ## The length of request timeout will multiply with timeoutExponent after each retry + ## + timeoutExponent: 2 + + ## maxRetries defines no of retries of a failed request + ## + maxRetries: 10 + + ## Extend the container specs for the core fission pods. + ## Can be used to add things like affinity/tolerations/nodeSelectors/etc. + ## For example: + ## extraCoreComponentPodConfig: + ## affinity: + ## nodeAffinity: + ## requiredDuringSchedulingIgnoredDuringExecution: + ## nodeSelectorTerms: + ## - matchExpressions: + ## - key: capability + ## operator: In + ## values: + ## - app + ## + #extraCoreComponentPodConfig: + # affinity: + # tolerations: + # nodeSelector: + + ## Pod resources as: + ## resources: + ## limits: + ## cpu: + ## memory: + ## requests: + ## cpu: + ## memory: + ## + resources: {} + + ## Security Context + ## It holds pod-level and container level security configuration. + ## This is an experimental section, please verify before enabling in production. + ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 + securityContext: + enabled: true + ## Mark it false, if you want to stop the non root user validation + runAsNonRoot: true + fsGroup: 10001 + runAsUser: 10001 + runAsGroup: 10001 + + ## The builder manager watches the package & environments CRD changes and manages the builds of function source code. + ## + buildermgr: + ## Pod resources as: + ## resources: + ## limits: + ## cpu: + ## memory: + ## requests: + ## cpu: + ## memory: + ## + resources: {} + + ## Security Context + ## It holds pod-level and container level security configuration. + ## This is an experimental section, please verify before enabling in production. + ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 + securityContext: + enabled: true + ## Mark it false, if you want to stop the non root user validation + runAsNonRoot: true + fsGroup: 10001 + runAsUser: 10001 + runAsGroup: 10001 + + ## controller is the component that the client talks to. + ## It contains CRUD APIs for functions, triggers, environments, Kubernetes event watches, etc. and proxy APIs to internal 3rd-party services. + ## + controller: + enabled: true + ## Pod resources as: + ## resources: + ## limits: + ## cpu: + ## memory: + ## requests: + ## cpu: + ## memory: + ## + resources: {} + + ## Security Context + ## It holds pod-level and container level security configuration. + ## This is an experimental section, please verify before enabling in production. + ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 + securityContext: + enabled: true + ## Mark it false, if you want to stop the non root user validation + runAsNonRoot: true + fsGroup: 10001 + runAsUser: 10001 + runAsGroup: 10001 + + ## webhook is the component that validates API calls. + ## It contains validation and mutation for functions, triggers, environments, Kubernetes event watches, etc. + ## + webhook: + ## Pod resources as: + ## resources: + ## limits: + ## cpu: + ## memory: + ## requests: + ## cpu: + ## memory: + ## + resources: {} + + certManager: + enabled: false + + caBundlePEM: | + + crtPEM: | + + keyPEM: | + + + ## Security Context + ## It holds pod-level and container level security configuration. + ## This is an experimental section, please verify before enabling in production. + ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 + securityContext: + enabled: true + ## Mark it false, if you want to stop the non root user validation + runAsNonRoot: true + fsGroup: 10001 + runAsUser: 10001 + runAsGroup: 10001 + + + ## kubewatcher watches the Kubernetes API and invokes functions associated with watches, sending the watch event to the function. + ## + kubewatcher: + ## Pod resources as: + ## resources: + ## limits: + ## cpu: + ## memory: + ## requests: + ## cpu: + ## memory: + ## + resources: {} + + ## Security Context + ## It holds pod-level and container level security configuration. + ## This is an experimental section, please verify before enabling in production. + ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 + securityContext: + enabled: true + ## Mark it false, if you want to stop the non root user validation + runAsNonRoot: true + fsGroup: 10001 + runAsUser: 10001 + runAsGroup: 10001 + + ## The storage service is the home for all archives of packages with sizes larger than 256KB. + ## + storagesvc: + ## Pod resources as: + ## resources: + ## limits: + ## cpu: + ## memory: + ## requests: + ## cpu: + ## memory: + ## + resources: {} + + ## Archive pruner removes archives from storage which are not referenced by any package. + archivePruner: + enabled: true + ## Run prune routine at interval (in minutes) + interval: 60 + + ## Security Context + ## It holds pod-level and container level security configuration. + ## This is an experimental section, please verify before enabling in production. + ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 + securityContext: + enabled: true + ## Mark it false, if you want to stop the non root user validation + runAsNonRoot: true + fsGroup: 10001 + runAsUser: 10001 + runAsGroup: 10001 + + ## The timer works like kubernetes CronJob but instead of creating a pod to do the task + ## It sends a request to router to invoke the function. + ## + timer: + ## Pod resources as: + ## resources: + ## limits: + ## cpu: + ## memory: + ## requests: + ## cpu: + ## memory: + ## + resources: {} + + ## Security Context + ## It holds pod-level and container level security configuration. + ## This is an experimental section, please verify before enabling in production. + ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 + securityContext: + enabled: true + ## Mark it false, if you want to stop the non root user validation + runAsNonRoot: true + fsGroup: 10001 + runAsUser: 10001 + runAsGroup: 10001 + + ## Kafka: enable and configure the details + ## + kafka: + enabled: false + ## note: below link is only for reference. + ## Please use the brokers link for your kafka here. + ## + brokers: "broker.kafka:9092" # or your-bootstrap-server.kafka:9092/9093 + ## Sample config for authentication + ## authentication: + ## tls: + ## enabled: true + ## caCert: 'auth/kafka/ca.crt' + ## userCert: 'auth/kafka/user.crt' + ## userKey: 'auth/kafka/user.key' + ## + authentication: + tls: + enabled: false + ## InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name. + ## Warning: Setting this to true, makes TLS susceptible to man-in-the-middle attacks + ## + insecureSkipVerify: false + ## path to certificate containing public key of CA authority + ## + caCert: "" + ## path to certificate containing public key of the user signed by CA authority + ## + userCert: "" + ## path to private key of the user + ## + userKey: "" + + ## version of Kafka broker + ## For 0.x it must be a string in the format + ## "major.minor.veryMinor.patch" example: 0.8.2.0 + ## For 1.x it must be a string in the format + ## "major.major.veryMinor" example: 2.0.1 + ## Should be >= 0.11.2.0 to enable Kafka record headers support + ## + # version: "0.11.2.0" + + # The following components expose Prometheus metrics and have servicemonitors in this chart (disabled by default) + # Controller, router, executor, storage svc + serviceMonitor: + enabled: false + ##namespace in which you want to deploy servicemonitor + ## + namespace: "" + ## Map of additional labels to add to the ServiceMonitor resources + # to allow selecting specific ServiceMonitors + # in case of multiple prometheus deployments + additionalServiceMonitorLabels: {} + # release: "monitoring" + # key: "value" + + # The following components expose Prometheus metrics and have podmonitors in this chart (disabled by default) + # + podMonitor: + enabled: false + ##namespace in which you want to deploy podmonitor + ## + namespace: "" + ## Map of additional labels to add to the PodMonitor resources + # to allow selecting specific PodMonitor + # in case of multiple prometheus deployments + additionalPodMonitorLabels: {} + # release: "monitoring" + # key: "value" + + ## Persist data to a persistent volume. + ## + persistence: + ## If true, fission will create/use a Persistent Volume Claim unless storageType is set to s3 + ## If false, use emptyDir + ## + enabled: false + + ## Must be set to either local or S3. + ## If storateType is set(other than local), one of its backend configuration must be set as below. + ## + #storageType: s3 + + ## Sample configuration for AWS s3 storage backend + ## + #s3: + # bucketName: + # subDir: + # accessKeyId: + # secretAccessKey: + # region: + ## #For Minio and other s3 compatible storage systems set endPoint property + # endPoint: + + ## A manually managed Persistent Volume Claim name + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## + # existingClaim: + + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + accessMode: ReadWriteOnce + size: 8Gi + + ## Extend the container specs for the core fission pods. + ## Can be used to add things like affinity/tolerations/nodeSelectors/etc. + ## For example: + ## extraCoreComponentPodConfig: + ## affinity: + ## nodeAffinity: + ## requiredDuringSchedulingIgnoredDuringExecution: + ## nodeSelectorTerms: + ## - matchExpressions: + ## - key: capability + ## operator: In + ## values: + ## - app + ## + #extraCoreComponentPodConfig: + # affinity: + # tolerations: + # nodeSelector: + + ## Analytics let us count how many people installed fission. Set to + ## false to disable analytics. + ## + analytics: true + + ## Internally used for generating an analytics job for non-helm installs + ## + analyticsNonHelmInstall: false + + ## Google Analytics Tracking ID + ## + gaTrackingID: UA-196546703-1 + + ## Logger config + ## This would be used if influxdb is enabled + ## + logger: + influxdbAdmin: "admin" + fluentdImageRepository: index.docker.io + fluentdImage: fluent/fluent-bit + fluentdImageTag: 1.8.8 + + ## Fluent-bit writes/reads it’s own sqlite database to record a history of tracked + ## files and a state of offsets, this is very useful to resume a state if the ser- + ## vice is restarted. For Kubernetes environment with constraints like OpenShift, + ## the containers are limited to write hostPath volume. Hence, we have to enable + ## security context and set privileged to true. + ## + enableSecurityContext: false + + ## Enable PodSecurityPolicies to allow privileged container + ## Only required in some clusters and when enableSecurityContext is true + ## + podSecurityPolicy: + enabled: false + + ## Configure additional capabilities + ## + additionalCapabilities: + # example values for linkerd + #- NET_RAW + #- NET_ADMIN + + ## Enable InfluxDB + ## + influxdb: + enabled: false + image: influxdb:1.8 + + ## Allow user to override busybox image used in fluent-bit init container + ## + busyboxImage: busybox + + ## Archive pruner is a garbage collector for archives on the fission storage service. + ## This interval configures the frequency at which it runs inside the storagesvc pod. + ## The value is in minutes. + ## + + preUpgradeChecks: + ## Run pre-install/pre-upgrade checks if true + ## + enabled: true + ## pre-install/pre-upgrade checks live in this image + ## + image: fission/pre-upgrade-checks + ## pre-install/pre-upgrade checks image version + ## + imageTag: v1.19.0 + + ## Fission post-install/post-upgrade reporting live in this image + ## + postInstallReportImage: fission/reporter + + ## If there are any pod specialization errors when a function is triggered, the error + ## summary is returned as part of http response if this is set to true. + ## + debugEnv: false + + ## Prometheus related configuration to query metrics + ## + prometheus: + ## please assign the prometheus service URL + ## that is accessible by Fission components. + ## This is mainly used to enable canary deployment. + ## + serviceEndpoint: "" + + + canaryDeployment: + ## set this flag to true if you need canary deployment feature + enabled: false + + ## Pod resources as: + ## resources: + ## limits: + ## cpu: + ## memory: + ## requests: + ## cpu: + ## memory: + ## + resources: {} + + ## Security Context + ## It holds pod-level and container level security configuration. + ## This is an experimental section, please verify before enabling in production. + ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1 + securityContext: + enabled: true + ## Mark it false, if you want to stop the non root user validation + runAsNonRoot: true + fsGroup: 10001 + runAsUser: 10001 + runAsGroup: 10001 + + ## Enable authentication for fission function invocation via Fission router + ## + authentication: + ## set this flag to true if you need authentication + ## for all function invocations + ## default 'false' + ## + enabled: false + ## authUriPath defines authentication endpoint path + ## via router + ## default '/auth/login' + ## + authUriPath: + ## authUsername is used as a username for authentication + ## default 'admin' + ## + authUsername: admin + ## jwtSigningKey is the signing key used for + ## signing the JWT token + ## + jwtSigningKey: serverless + ## jwtExpiryTime is the JWT expiry time + ## in seconds + ## default '120' + ## + jwtExpiryTime: + ## jwtIssuer is the issuer of JWT + ## default 'fission' + ## + jwtIssuer: fission + + ## OpenTelemetry is a set of tools for collecting, analyzing, and visualizing + ## distributed tracing data across function calls. + ## + openTelemetry: + ## Use this flag to set the collector endpoint for OpenTelemetry. + ## The variable is endpoint of the collector in the format shown below. + ## otlpCollectorEndpoint: "otel-collector.observability.svc:4317" + ## + otlpCollectorEndpoint: "" + ## Set this flag to false if you are using secure endpoint for the collector. + ## + otlpInsecure: true + ## Key-value pairs to be used as headers associated with gRPC or HTTP requests to the collector. + ## Eg. otlpHeaders: "key1=value1,key2=value2" + ## + otlpHeaders: "" + ## Supported samplers: + ## always_on - Sampler that always samples spans, regardless of the parent span's sampling decision. + ## always_off - Sampler that never samples spans, regardless of the parent span's sampling decision. + ## traceidratio - Sampler that samples probabalistically based on rate. + ## parentbased_always_on - (default if empty) Sampler that respects its parent span's sampling decision, but otherwise always samples. + ## parentbased_always_off - Sampler that respects its parent span's sampling decision, but otherwise never samples. + ## parentbased_traceidratio - Sampler that respects its parent span's sampling decision, but otherwise samples probabalistically based on rate. + ## See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/sdk-environment-variables.md#general-sdk-configuration + ## + tracesSampler: "parentbased_traceidratio" + ## Each Sampler type defines its own expected input, if any. + ## Currently we get trace ratio for the case of, + ## 1. traceidratio + ## 2. parentbased_traceidratio + ## Sampling probability, a number in the [0..1] range, e.g. "0.1". Default is 0.1. + ## + tracesSamplingRate: "0.1" + ## Supported providers: + ## tracecontext - W3C Trace Context + ## baggage - W3C Baggage + ## b3 - B3 Single + ## b3multi - B3 Multi + ## jaeger - Jaeger uber-trace-id header + ## xray - AWS X-Ray (third party) + ## ottrace - OpenTracing Trace (third party) + ## none - No tracing + ## See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/sdk-environment-variables.md#general-sdk-configuration + ## + propagators: "tracecontext,baggage" + + ## Message Queue Trigger Kind, KEDA: enable and configuration + ## + mqt_keda: + enabled: true + connector_images: + kafka: + image: fission/keda-kafka-http-connector + tag: v0.12 + rabbitmq: + image: fission/keda-rabbitmq-http-connector + tag: v0.10 + awskinesis: + image: fission/keda-aws-kinesis-http-connector + tag: v0.10 + aws_sqs: + image: fission/keda-aws-sqs-http-connector + tag: v0.11 + nats_steaming: + image: fission/keda-nats-streaming-http-connector + tag: v0.13 + nats_jetstream: + image: fission/keda-nats-jetstream-http-connector + tag: v0.4 + gcp_pubsub: + image: fission/keda-gcp-pubsub-http-connector + tag: v0.6 + redis: + image: fission/keda-redis-http-connector + tag: v0.3 + + ## Pod resources as: + ## resources: + ## limits: + ## cpu: + ## memory: + ## requests: + ## cpu: + ## memory: + ## + resources: {} + + ## Enable Pprof based profiling used mostly by Fission developers + ## + pprof: + enabled: false + + ## Enable runtimePodSpec and add spec to your poolmgr or newdeploy pods + ## + runtimePodSpec: + + ## Setting it false by default so that integration tests pass + ## + enabled: false + + ## Checkout PodSpec in https://fission.io/docs/reference/crd-reference/#runtime + ## + podSpec: + + ## Default podspec to improve security of the pods + ## + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + + ## Enable builderPodSpec and add spec to your env builder pods + ## + builderPodSpec: + + ## Setting it false by default so that integration tests pass + ## + enabled: false + + ## Checkout PodSpec in https://fission.io/docs/reference/crd-reference/#builder + ## + podSpec: + + ## Default podspec to improve security of the pods + ## + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + + + ## Enable Grafana Dashboard configmaps for auto dashboard provisioning + ## If you use kube-prometheus stack for monitoring, these will get imported into grafana + grafana: + ## The namespace in which grafana pod is present + namespace: monitoring + dashboards: + ## Disabled by default. switch to true to deploy them + enable: false + +