Gluttony-Cluster/fission/helmrelease-fission.yaml
Tyler Perkins 540db5a7a2
All checks were successful
continuous-integration/drone/push Build is passing
Add all values
2023-10-16 21:51:36 -04:00

928 lines
32 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: fission
namespace: fission-ns
spec:
chart:
spec:
chart: fission-all
sourceRef:
kind: HelmRepository
name: fission
namespace: flux-system
interval: 5m
values:
## Fission chart configuration
##
## serviceType to consider while creating Fission Controller service.
## For minikube/kind, set this to NodePort, elsewhere use LoadBalancer or ClusterIP.
##
serviceType: LoadBalancer
## routerServiceType to consider while creating Fission Router service.
## For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP.
##
routerServiceType: LoadBalancer
## repository represents base repository for images used in the chart.
## Keep it empty for using existing local image
##
repository: ghcr.io
## image represents the base image fission-bundle used by multiple Fission components.
## We alter arguments to the image to run a particular component.
##
image: fission/fission-bundle
## imageTag represents the tag of the base image fission-bundle used by multiple Fission components.
## It is also used by the chart to identify version of the few more images apart from fission-bundle.
## Keep it empty for using latest tag.
##
imageTag: v1.19.0
## pullPolicy represents the pull policy to use for images in the chart.
##
pullPolicy: IfNotPresent
## imageppullsecrets
imagePullSecrets: []
## priorityClassName represents the priority class name to use for Fission components.
## Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
## executor.priorityClassName takes precedence over this value for executor.
## router.priorityClassName takes precedence over this value for router.
##
priorityClassName: ""
## terminationMessagePath is the path at which the pod termination message will be written.
## executor.terminationMessagePath takes precedence over this value for executor.
## router.terminationMessagePath takes precedence over this value for router.
##
terminationMessagePath: /dev/termination-log
## terminationMessagePolicy is the policy for the termination message.
## executor.terminationMessagePolicy takes precedence over this value for executor.
## router.terminationMessagePolicy takes precedence over this value for router.
##
terminationMessagePolicy: File
## controllerPort represents the port at which the Fission controller service should be exposed.
##
controllerPort: 31313
## routerPort represents the port at which the Fission Router service should be exposed.
##
routerPort: 31314
## defaultNamespace represents the namespace in which Fission custom resources will be created by the Fission user.
## This is different from the release namespace.
## Please consider setting `additionalFissionNamespaces` if you want more than one namespace to be used for Fission custom resources.
##
defaultNamespace: fission-service-ns
## builderNamespace represents the namespace in which Fission Builder resources will be created.
## if builderNamespace is set to empty then builder resources will be created in the same namespace as the Fission resources.
## This is different from the release namespace.
##
builderNamespace: ""
## functionNamespace represents the namespace in which Fission Function resources will be created.
## if functionNamespace is set to empty then function resources will be created in the same namespace as the Fission resources.
## This is different from the release namespace.
##
functionNamespace: ""
## Fission will watch the following namespaces along with the `defaultNamespace` for fission custom resources.
## additionalFissionNamespaces:
## - namespace1
## - namespace2
## - namespace3
additionalFissionNamespaces: []
## createNamespace decides to create namespaces by the chart.
## If set to true, functionNamespace and builderNamespace namespaces mentioned above will be created by the chart.
## Set to false if you want to create the namespaces manually.
##
createNamespace: true
## enableIstio indicates whether to enable istio integration.
##
enableIstio: false
## fetcher is a light weight component that helps in running functions.
## fetcher helps in fetching function source code/build and uploading it when function is invoked.
##
fetcher:
## image represents the image of the fetcher component.
image: fission/fetcher
## imageTag represents the tag of the image of the fetcher component.
imageTag: v1.19.0
## Fetcher is only for to downloading or uploading archive.
## Normally, you don't need to change the value here, unless necessary.
##
resource:
## cpu represents the cpu resource required by the fetcher component.
##
cpu:
requests: "10m"
## Low CPU limits will increases the function specialization time.
limits: ""
## mem represents the memory resource required by the fetcher component.
##
mem:
requests: "16Mi"
limits: ""
## executor is responsible for providing resources to your functions.
##
executor:
## executor priorityClassName
## Ref. https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
## Recommended to use system-cluster-critical for executor pods.
##
priorityClassName: ""
## terminationMessagePath is the path at which the file to which the executor will write a message upon termination.
##
terminationMessagePath: ""
## terminationMessagePolicy is the policy for the executor termination message.
##
terminationMessagePolicy: ""
## adoptExistingResources decides whether to adopt existing resources when executor restarts or Fission is redeployed.
##
adoptExistingResources: false
## podReadyTimeout represents the timeout in seconds for waiting for pod to become ready.
## This is applicable to Pool Manager executor type only.
##
podReadyTimeout: 300s
## Pod resources as:
## resources:
## limits:
## cpu: <tbd>
## memory: <tbd>
## requests:
## cpu: <tbd>
## memory: <tbd>
##
resources: {}
## Security Context
## It holds pod-level and container level security configuration.
## This is an experimental section, please verify before enabling in production.
## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
securityContext:
enabled: true
## Mark it false, if you want to stop the non root user validation
runAsNonRoot: true
fsGroup: 10001
runAsUser: 10001
runAsGroup: 10001
## Object Reaper
## objectReaperInterval (seconds) represents GLOBAL interval to run process that reaps objects after certain idle time.
## Also you can set different objectReaperInterval for specific executor type. See poolmgs/newdeploy/container section
## Default: 5 (in seconds)
##
objectReaperInterval: 5
poolmgr: {}
## objectReaperInterval specific to poolmgr executor type
##
## objectReaperInterval: 5
newdeploy: {}
## objectReaperInterval specific to newdeploy executor type
##
## objectReaperInterval: 5
container: {}
## objectReaperInterval specific to container executor type
##
## objectReaperInterval: 5
serviceAccountCheck:
## enables fission to create service account, roles and rolebinding for missing permission for builder and fetcher.
enabled: true
## indicates the time interval in minutes, after that fission will create service account, roles and rolebinding for builder and fetcher.
## interval will be applicable only if enable value is set to true.
## default timing will be 0 minutes. That means check will run only once.
## if you want to run check every 30 minutes then set interval to 30.
interval: 0
## router is responsible for routing function calls to the appropriate function.
##
router:
## router priorityClassName
## Ref. https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
## Recommended to use system-cluster-critical for router pods.
##
priorityClassName: ""
## terminationMessagePath is the path at which the file to which the router will write a message upon termination.
##
terminationMessagePath: ""
## terminationMessagePolicy is the policy for the router termination message.
##
terminationMessagePolicy: ""
## deployAsDaemonSet decides whether to deploy router as a DaemonSet or a Deployment.
##
deployAsDaemonSet: false
## replicas decides how many router pods to deploy. Only used when deployAsDaemonSet is false.
##
replicas: 1
## svcAddressMaxRetries is the max times for router to retry with a specific function service address
##
svcAddressMaxRetries: 5
## svcAddressUpdateTimeout is the timeout setting for a goroutine to wait for the update of a service entry.
##
svcAddressUpdateTimeout: 30s
## unTapServiceTimeout is the timeout used in the request context of unTapService.
## unTapService is called to free up the resources once the function invocation is done.
##
unTapServiceTimeout: 3600s
## displayAccessLog display endpoing access logs
## Please be aware of enabling logging endpoint access log, it increases
## router resource utilization when under heavy workloads.
##
displayAccessLog: false
## svcAnnotations is the annotations to be added to the service resource created for router.
##
# svcAnnotations:
# cloud.google.com/load-balancer-type: Internal
## useEncodedPath decideds to match encoded path.
## If true, "/foo%2Fbar" will match the path "/{var}";
## Otherwise, it will match the path "/foo/bar".
## For details, see: https://github.com/fission/fission/issues/1317
##
useEncodedPath: false
roundTrip:
## If true, router will disable the HTTP keep-alive which result in performance degradation.
## But it ensures that router can redirect new coming requests to new function pods.
##
## If false, router will enable transport keep-alive feature for better performance.
## However, the drawback is it takes longer to switch to newly created function pods
## if using newdeploy as executor type for function. If you want to preserve the
## performance while keeping the short switching time to new function, you can create
## an environment with short grace period by setting flag "--graceperiod" (default 360s),
## so that kubernetes will be able to reap old function pod quickly.
##
## For details, see https://github.com/fission/fission/issues/723
##
disableKeepAlive: false
## keepAliveTime is period for an active network connection to function pod.
##
keepAliveTime: 30s
## timeout is HTTP transport request timeout
##
timeout: 50ms
## The length of request timeout will multiply with timeoutExponent after each retry
##
timeoutExponent: 2
## maxRetries defines no of retries of a failed request
##
maxRetries: 10
## Extend the container specs for the core fission pods.
## Can be used to add things like affinity/tolerations/nodeSelectors/etc.
## For example:
## extraCoreComponentPodConfig:
## affinity:
## nodeAffinity:
## requiredDuringSchedulingIgnoredDuringExecution:
## nodeSelectorTerms:
## - matchExpressions:
## - key: capability
## operator: In
## values:
## - app
##
#extraCoreComponentPodConfig:
# affinity:
# tolerations:
# nodeSelector:
## Pod resources as:
## resources:
## limits:
## cpu: <tbd>
## memory: <tbd>
## requests:
## cpu: <tbd>
## memory: <tbd>
##
resources: {}
## Security Context
## It holds pod-level and container level security configuration.
## This is an experimental section, please verify before enabling in production.
## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
securityContext:
enabled: true
## Mark it false, if you want to stop the non root user validation
runAsNonRoot: true
fsGroup: 10001
runAsUser: 10001
runAsGroup: 10001
## The builder manager watches the package & environments CRD changes and manages the builds of function source code.
##
buildermgr:
## Pod resources as:
## resources:
## limits:
## cpu: <tbd>
## memory: <tbd>
## requests:
## cpu: <tbd>
## memory: <tbd>
##
resources: {}
## Security Context
## It holds pod-level and container level security configuration.
## This is an experimental section, please verify before enabling in production.
## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
securityContext:
enabled: true
## Mark it false, if you want to stop the non root user validation
runAsNonRoot: true
fsGroup: 10001
runAsUser: 10001
runAsGroup: 10001
## controller is the component that the client talks to.
## It contains CRUD APIs for functions, triggers, environments, Kubernetes event watches, etc. and proxy APIs to internal 3rd-party services.
##
controller:
enabled: true
## Pod resources as:
## resources:
## limits:
## cpu: <tbd>
## memory: <tbd>
## requests:
## cpu: <tbd>
## memory: <tbd>
##
resources: {}
## Security Context
## It holds pod-level and container level security configuration.
## This is an experimental section, please verify before enabling in production.
## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
securityContext:
enabled: true
## Mark it false, if you want to stop the non root user validation
runAsNonRoot: true
fsGroup: 10001
runAsUser: 10001
runAsGroup: 10001
## webhook is the component that validates API calls.
## It contains validation and mutation for functions, triggers, environments, Kubernetes event watches, etc.
##
webhook:
## Pod resources as:
## resources:
## limits:
## cpu: <tbd>
## memory: <tbd>
## requests:
## cpu: <tbd>
## memory: <tbd>
##
resources: {}
certManager:
enabled: false
caBundlePEM: |
crtPEM: |
keyPEM: |
## Security Context
## It holds pod-level and container level security configuration.
## This is an experimental section, please verify before enabling in production.
## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
securityContext:
enabled: true
## Mark it false, if you want to stop the non root user validation
runAsNonRoot: true
fsGroup: 10001
runAsUser: 10001
runAsGroup: 10001
## kubewatcher watches the Kubernetes API and invokes functions associated with watches, sending the watch event to the function.
##
kubewatcher:
## Pod resources as:
## resources:
## limits:
## cpu: <tbd>
## memory: <tbd>
## requests:
## cpu: <tbd>
## memory: <tbd>
##
resources: {}
## Security Context
## It holds pod-level and container level security configuration.
## This is an experimental section, please verify before enabling in production.
## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
securityContext:
enabled: true
## Mark it false, if you want to stop the non root user validation
runAsNonRoot: true
fsGroup: 10001
runAsUser: 10001
runAsGroup: 10001
## The storage service is the home for all archives of packages with sizes larger than 256KB.
##
storagesvc:
## Pod resources as:
## resources:
## limits:
## cpu: <tbd>
## memory: <tbd>
## requests:
## cpu: <tbd>
## memory: <tbd>
##
resources: {}
## Archive pruner removes archives from storage which are not referenced by any package.
archivePruner:
enabled: true
## Run prune routine at interval (in minutes)
interval: 60
## Security Context
## It holds pod-level and container level security configuration.
## This is an experimental section, please verify before enabling in production.
## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
securityContext:
enabled: true
## Mark it false, if you want to stop the non root user validation
runAsNonRoot: true
fsGroup: 10001
runAsUser: 10001
runAsGroup: 10001
## The timer works like kubernetes CronJob but instead of creating a pod to do the task
## It sends a request to router to invoke the function.
##
timer:
## Pod resources as:
## resources:
## limits:
## cpu: <tbd>
## memory: <tbd>
## requests:
## cpu: <tbd>
## memory: <tbd>
##
resources: {}
## Security Context
## It holds pod-level and container level security configuration.
## This is an experimental section, please verify before enabling in production.
## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
securityContext:
enabled: true
## Mark it false, if you want to stop the non root user validation
runAsNonRoot: true
fsGroup: 10001
runAsUser: 10001
runAsGroup: 10001
## Kafka: enable and configure the details
##
kafka:
enabled: false
## note: below link is only for reference.
## Please use the brokers link for your kafka here.
##
brokers: "broker.kafka:9092" # or your-bootstrap-server.kafka:9092/9093
## Sample config for authentication
## authentication:
## tls:
## enabled: true
## caCert: 'auth/kafka/ca.crt'
## userCert: 'auth/kafka/user.crt'
## userKey: 'auth/kafka/user.key'
##
authentication:
tls:
enabled: false
## InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name.
## Warning: Setting this to true, makes TLS susceptible to man-in-the-middle attacks
##
insecureSkipVerify: false
## path to certificate containing public key of CA authority
##
caCert: ""
## path to certificate containing public key of the user signed by CA authority
##
userCert: ""
## path to private key of the user
##
userKey: ""
## version of Kafka broker
## For 0.x it must be a string in the format
## "major.minor.veryMinor.patch" example: 0.8.2.0
## For 1.x it must be a string in the format
## "major.major.veryMinor" example: 2.0.1
## Should be >= 0.11.2.0 to enable Kafka record headers support
##
# version: "0.11.2.0"
# The following components expose Prometheus metrics and have servicemonitors in this chart (disabled by default)
# Controller, router, executor, storage svc
serviceMonitor:
enabled: false
##namespace in which you want to deploy servicemonitor
##
namespace: ""
## Map of additional labels to add to the ServiceMonitor resources
# to allow selecting specific ServiceMonitors
# in case of multiple prometheus deployments
additionalServiceMonitorLabels: {}
# release: "monitoring"
# key: "value"
# The following components expose Prometheus metrics and have podmonitors in this chart (disabled by default)
#
podMonitor:
enabled: false
##namespace in which you want to deploy podmonitor
##
namespace: ""
## Map of additional labels to add to the PodMonitor resources
# to allow selecting specific PodMonitor
# in case of multiple prometheus deployments
additionalPodMonitorLabels: {}
# release: "monitoring"
# key: "value"
## Persist data to a persistent volume.
##
persistence:
## If true, fission will create/use a Persistent Volume Claim unless storageType is set to s3
## If false, use emptyDir
##
enabled: false
## Must be set to either local or S3.
## If storateType is set(other than local), one of its backend configuration must be set as below.
##
#storageType: s3
## Sample configuration for AWS s3 storage backend
##
#s3:
# bucketName:
# subDir: <sub directory within a bucket>
# accessKeyId: <awsAccessKeyId>
# secretAccessKey:
# region: <awsRegion>
## #For Minio and other s3 compatible storage systems set endPoint property
# endPoint: <s3StorageUrl>
## A manually managed Persistent Volume Claim name
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
# existingClaim:
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 8Gi
## Extend the container specs for the core fission pods.
## Can be used to add things like affinity/tolerations/nodeSelectors/etc.
## For example:
## extraCoreComponentPodConfig:
## affinity:
## nodeAffinity:
## requiredDuringSchedulingIgnoredDuringExecution:
## nodeSelectorTerms:
## - matchExpressions:
## - key: capability
## operator: In
## values:
## - app
##
#extraCoreComponentPodConfig:
# affinity:
# tolerations:
# nodeSelector:
## Analytics let us count how many people installed fission. Set to
## false to disable analytics.
##
analytics: true
## Internally used for generating an analytics job for non-helm installs
##
analyticsNonHelmInstall: false
## Google Analytics Tracking ID
##
gaTrackingID: UA-196546703-1
## Logger config
## This would be used if influxdb is enabled
##
logger:
influxdbAdmin: "admin"
fluentdImageRepository: index.docker.io
fluentdImage: fluent/fluent-bit
fluentdImageTag: 1.8.8
## Fluent-bit writes/reads its own sqlite database to record a history of tracked
## files and a state of offsets, this is very useful to resume a state if the ser-
## vice is restarted. For Kubernetes environment with constraints like OpenShift,
## the containers are limited to write hostPath volume. Hence, we have to enable
## security context and set privileged to true.
##
enableSecurityContext: false
## Enable PodSecurityPolicies to allow privileged container
## Only required in some clusters and when enableSecurityContext is true
##
podSecurityPolicy:
enabled: false
## Configure additional capabilities
##
additionalCapabilities:
# example values for linkerd
#- NET_RAW
#- NET_ADMIN
## Enable InfluxDB
##
influxdb:
enabled: false
image: influxdb:1.8
## Allow user to override busybox image used in fluent-bit init container
##
busyboxImage: busybox
## Archive pruner is a garbage collector for archives on the fission storage service.
## This interval configures the frequency at which it runs inside the storagesvc pod.
## The value is in minutes.
##
preUpgradeChecks:
## Run pre-install/pre-upgrade checks if true
##
enabled: true
## pre-install/pre-upgrade checks live in this image
##
image: fission/pre-upgrade-checks
## pre-install/pre-upgrade checks image version
##
imageTag: v1.19.0
## Fission post-install/post-upgrade reporting live in this image
##
postInstallReportImage: fission/reporter
## If there are any pod specialization errors when a function is triggered, the error
## summary is returned as part of http response if this is set to true.
##
debugEnv: false
## Prometheus related configuration to query metrics
##
prometheus:
## please assign the prometheus service URL
## that is accessible by Fission components.
## This is mainly used to enable canary deployment.
##
serviceEndpoint: ""
canaryDeployment:
## set this flag to true if you need canary deployment feature
enabled: false
## Pod resources as:
## resources:
## limits:
## cpu: <tbd>
## memory: <tbd>
## requests:
## cpu: <tbd>
## memory: <tbd>
##
resources: {}
## Security Context
## It holds pod-level and container level security configuration.
## This is an experimental section, please verify before enabling in production.
## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
securityContext:
enabled: true
## Mark it false, if you want to stop the non root user validation
runAsNonRoot: true
fsGroup: 10001
runAsUser: 10001
runAsGroup: 10001
## Enable authentication for fission function invocation via Fission router
##
authentication:
## set this flag to true if you need authentication
## for all function invocations
## default 'false'
##
enabled: false
## authUriPath defines authentication endpoint path
## via router
## default '/auth/login'
##
authUriPath:
## authUsername is used as a username for authentication
## default 'admin'
##
authUsername: admin
## jwtSigningKey is the signing key used for
## signing the JWT token
##
jwtSigningKey: serverless
## jwtExpiryTime is the JWT expiry time
## in seconds
## default '120'
##
jwtExpiryTime:
## jwtIssuer is the issuer of JWT
## default 'fission'
##
jwtIssuer: fission
## OpenTelemetry is a set of tools for collecting, analyzing, and visualizing
## distributed tracing data across function calls.
##
openTelemetry:
## Use this flag to set the collector endpoint for OpenTelemetry.
## The variable is endpoint of the collector in the format shown below.
## otlpCollectorEndpoint: "otel-collector.observability.svc:4317"
##
otlpCollectorEndpoint: ""
## Set this flag to false if you are using secure endpoint for the collector.
##
otlpInsecure: true
## Key-value pairs to be used as headers associated with gRPC or HTTP requests to the collector.
## Eg. otlpHeaders: "key1=value1,key2=value2"
##
otlpHeaders: ""
## Supported samplers:
## always_on - Sampler that always samples spans, regardless of the parent span's sampling decision.
## always_off - Sampler that never samples spans, regardless of the parent span's sampling decision.
## traceidratio - Sampler that samples probabalistically based on rate.
## parentbased_always_on - (default if empty) Sampler that respects its parent span's sampling decision, but otherwise always samples.
## parentbased_always_off - Sampler that respects its parent span's sampling decision, but otherwise never samples.
## parentbased_traceidratio - Sampler that respects its parent span's sampling decision, but otherwise samples probabalistically based on rate.
## See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/sdk-environment-variables.md#general-sdk-configuration
##
tracesSampler: "parentbased_traceidratio"
## Each Sampler type defines its own expected input, if any.
## Currently we get trace ratio for the case of,
## 1. traceidratio
## 2. parentbased_traceidratio
## Sampling probability, a number in the [0..1] range, e.g. "0.1". Default is 0.1.
##
tracesSamplingRate: "0.1"
## Supported providers:
## tracecontext - W3C Trace Context
## baggage - W3C Baggage
## b3 - B3 Single
## b3multi - B3 Multi
## jaeger - Jaeger uber-trace-id header
## xray - AWS X-Ray (third party)
## ottrace - OpenTracing Trace (third party)
## none - No tracing
## See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/sdk-environment-variables.md#general-sdk-configuration
##
propagators: "tracecontext,baggage"
## Message Queue Trigger Kind, KEDA: enable and configuration
##
mqt_keda:
enabled: true
connector_images:
kafka:
image: fission/keda-kafka-http-connector
tag: v0.12
rabbitmq:
image: fission/keda-rabbitmq-http-connector
tag: v0.10
awskinesis:
image: fission/keda-aws-kinesis-http-connector
tag: v0.10
aws_sqs:
image: fission/keda-aws-sqs-http-connector
tag: v0.11
nats_steaming:
image: fission/keda-nats-streaming-http-connector
tag: v0.13
nats_jetstream:
image: fission/keda-nats-jetstream-http-connector
tag: v0.4
gcp_pubsub:
image: fission/keda-gcp-pubsub-http-connector
tag: v0.6
redis:
image: fission/keda-redis-http-connector
tag: v0.3
## Pod resources as:
## resources:
## limits:
## cpu: <tbd>
## memory: <tbd>
## requests:
## cpu: <tbd>
## memory: <tbd>
##
resources: {}
## Enable Pprof based profiling used mostly by Fission developers
##
pprof:
enabled: false
## Enable runtimePodSpec and add spec to your poolmgr or newdeploy pods
##
runtimePodSpec:
## Setting it false by default so that integration tests pass
##
enabled: false
## Checkout PodSpec in https://fission.io/docs/reference/crd-reference/#runtime
##
podSpec:
## Default podspec to improve security of the pods
##
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
## Enable builderPodSpec and add spec to your env builder pods
##
builderPodSpec:
## Setting it false by default so that integration tests pass
##
enabled: false
## Checkout PodSpec in https://fission.io/docs/reference/crd-reference/#builder
##
podSpec:
## Default podspec to improve security of the pods
##
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
## Enable Grafana Dashboard configmaps for auto dashboard provisioning
## If you use kube-prometheus stack for monitoring, these will get imported into grafana
grafana:
## The namespace in which grafana pod is present
namespace: monitoring
dashboards:
## Disabled by default. switch to true to deploy them
enable: false