charts/fission-all/values.yaml

## Fission chart configuration
##

## serviceType to consider while creating Fission Controller service.
## For minikube/kind, set this to NodePort, elsewhere use LoadBalancer or ClusterIP.
##
serviceType: ClusterIP

## routerServiceType to consider while creating Fission Router service.
## For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP.
##
routerServiceType: LoadBalancer

## repository represents base repository for images used in the chart.
## Keep it empty for using existing local image
##
repository: ghcr.io

## image represents the base image fission-bundle used by multiple Fission components.
## We alter arguments to the image to run a particular component.
##
image: fission/fission-bundle

## imageTag represents the tag of the base image fission-bundle used by multiple Fission components.
## It is also used by the chart to identify version of the few more images apart from fission-bundle.
## Keep it empty for using latest tag.
##
imageTag: v1.19.0-rc2

## pullPolicy represents the pull policy to use for images in the chart.
##
pullPolicy: IfNotPresent

## imageppullsecrets 
imagePullSecrets: []

## priorityClassName represents the priority class name to use for Fission components.
## Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
## executor.priorityClassName takes precedence over this value for executor.
## router.priorityClassName takes precedence over this value for router.
##
priorityClassName: ""

## terminationMessagePath is the path at which the pod termination message will be written.
## executor.terminationMessagePath takes precedence over this value for executor.
## router.terminationMessagePath takes precedence over this value for router.
##
terminationMessagePath: /dev/termination-log

## terminationMessagePolicy is the policy for the termination message.
## executor.terminationMessagePolicy takes precedence over this value for executor.
## router.terminationMessagePolicy takes precedence over this value for router.
##
terminationMessagePolicy: File

## controllerPort represents the port at which the Fission controller service should be exposed.
##
controllerPort: 31313

## routerPort represents the port at which the Fission Router service should be exposed.
##
routerPort: 31314

## defaultNamespace represents the namespace in which Fission custom resources will be created by the Fission user.
## This is different from the release namespace.
## Please consider setting `additionalFissionNamespaces` if you want more than one namespace to be used for Fission custom resources.
##
defaultNamespace: default

## builderNamespace represents the namespace in which Fission Builder resources will be created.
## if builderNamespace is set to empty then builder resources will be created in the same namespace as the Fission resources.
## This is different from the release namespace.
##
builderNamespace: ""

## functionNamespace represents the namespace in which Fission Function resources will be created.
## if functionNamespace is set to empty then function resources will be created in the same namespace as the Fission resources.
## This is different from the release namespace.
##
functionNamespace: ""

## Fission will watch the following namespaces along with the `defaultNamespace` for fission custom resources.
## additionalFissionNamespaces: 
## - namespace1
## - namespace2
## - namespace3
additionalFissionNamespaces: []

## createNamespace decides to create namespaces by the chart.
## If set to true, functionNamespace and builderNamespace namespaces mentioned above will be created by the chart.
## Set to false if you want to create the namespaces manually.
##
createNamespace: true

## enableIstio indicates whether to enable istio integration.
##
enableIstio: false

## fetcher is a light weight component that helps in running functions.
## fetcher helps in fetching function source code/build and uploading it when function is invoked.
##
fetcher:
  ## image represents the image of the fetcher component.
  image: fission/fetcher
  ## imageTag represents the tag of the image of the fetcher component.
  imageTag: v1.19.0-rc2

  ## Fetcher is only for to downloading or uploading archive.
  ## Normally, you don't need to change the value here, unless necessary.
  ##
  resource:
    ## cpu represents the cpu resource required by the fetcher component.
    ##
    cpu:
      requests: "10m"
      ## Low CPU limits will increases the function specialization time.
      limits: ""
    ## mem represents the memory resource required by the fetcher component.
    ##
    mem:
      requests: "16Mi"
      limits: ""

## executor is responsible for providing resources to your functions.
##
executor:
  ## executor priorityClassName
  ## Ref. https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
  ## Recommended to use system-cluster-critical for executor pods.
  ##
  priorityClassName: ""
  ## terminationMessagePath is the path at which the file to which the executor will write a message upon termination.
  ##
  terminationMessagePath: ""
  ## terminationMessagePolicy is the policy for the executor termination message.
  ##
  terminationMessagePolicy: ""
  ## adoptExistingResources decides whether to adopt existing resources when executor restarts or Fission is redeployed.
  ##
  adoptExistingResources: false
  ## podReadyTimeout represents the timeout in seconds for waiting for pod to become ready.
  ## This is applicable to Pool Manager executor type only.
  ##
  podReadyTimeout: 300s
  
  ## Pod resources as:
  ##  resources:
  ##    limits:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##    requests:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##
  resources: {}

  ## Security Context
  ## It holds pod-level and container level security configuration.
  ## This is an experimental section, please verify before enabling in production.
  ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
  securityContext:
    enabled: true
    ## Mark it false, if you want to stop the non root user validation
    runAsNonRoot: true
    fsGroup: 10001
    runAsUser: 10001
    runAsGroup: 10001

  ## Object Reaper
  ## objectReaperInterval (seconds) represents GLOBAL interval to run process that reaps objects after certain idle time.
  ## Also you can set different objectReaperInterval for specific executor type. See poolmgs/newdeploy/container section
  ## Default: 5 (in seconds)
  ##
  objectReaperInterval: 5

  poolmgr: {}
    ## objectReaperInterval specific to poolmgr executor type
    ##
    ## objectReaperInterval: 5
  newdeploy: {}
    ## objectReaperInterval specific to newdeploy  executor type
    ##
    ## objectReaperInterval: 5
  container: {}
    ## objectReaperInterval specific to container executor type
    ##
    ## objectReaperInterval: 5

  serviceAccountCheck:
    ## enables fission to create service account, roles and rolebinding for missing permission for builder and fetcher.
    enabled: true
    ## indicates the time interval in minutes, after that fission will create service account, roles and rolebinding for builder and fetcher.
    ## interval will be applicable only if enable value is set to true.
    ## default timing will be 0 minutes. That means check will run only once.
    ## if you want to run check every 30 minutes then set interval to 30.
    interval: 0
## router is responsible for routing function calls to the appropriate function.
##
router:
  ## router priorityClassName
  ## Ref. https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
  ## Recommended to use system-cluster-critical for router pods.
  ##
  priorityClassName: ""
  ## terminationMessagePath is the path at which the file to which the router will write a message upon termination.
  ##
  terminationMessagePath: ""
  ## terminationMessagePolicy is the policy for the router termination message.
  ##
  terminationMessagePolicy: ""
  ## deployAsDaemonSet decides whether to deploy router as a DaemonSet or a Deployment.
  ##
  deployAsDaemonSet: false
  ## replicas decides how many router pods to deploy. Only used when deployAsDaemonSet is false.
  ##
  replicas: 1
  ## svcAddressMaxRetries is the max times for router to retry with a specific function service address
  ##
  svcAddressMaxRetries: 5
  ## svcAddressUpdateTimeout is the timeout setting for a goroutine to wait for the update of a service entry.
  ##
  svcAddressUpdateTimeout: 30s
  ## unTapServiceTimeout is the timeout used in the request context of unTapService.
  ## unTapService is called to free up the resources once the function invocation is done.
  ##
  unTapServiceTimeout: 3600s
  ## displayAccessLog display endpoing access logs
  ## Please be aware of enabling logging endpoint access log, it increases
  ## router resource utilization when under heavy workloads.
  ##
  displayAccessLog: false
  ## svcAnnotations is the annotations to be added to the service resource created for router.
  ##
  # svcAnnotations:
  #   cloud.google.com/load-balancer-type: Internal

  ## useEncodedPath decideds to match encoded path.
  ## If true, "/foo%2Fbar" will match the path "/{var}";
  ## Otherwise, it will match the path "/foo/bar".
  ## For details, see: https://github.com/fission/fission/issues/1317
  ##
  useEncodedPath: false

  roundTrip:
    ## If true, router will disable the HTTP keep-alive which result in performance degradation.
    ## But it ensures that router can redirect new coming requests to new function pods.
    ##
    ## If false, router will enable transport keep-alive feature for better performance.
    ## However, the drawback is it takes longer to switch to newly created function pods
    ## if using newdeploy as executor type for function. If you want to preserve the
    ## performance while keeping the short switching time to new function, you can create
    ## an environment with short grace period by setting flag "--graceperiod" (default 360s),
    ## so that kubernetes will be able to reap old function pod quickly.
    ##
    ## For details, see https://github.com/fission/fission/issues/723
    ##
    disableKeepAlive: false

    ## keepAliveTime is period for an active network connection to function pod.
    ##
    keepAliveTime: 30s

    ## timeout is HTTP transport request timeout
    ##
    timeout: 50ms

    ## The length of request timeout will multiply with timeoutExponent after each retry
    ##
    timeoutExponent: 2

    ## maxRetries defines no of retries of a failed request
    ##
    maxRetries: 10

  ## Extend the container specs for the core fission pods.
  ## Can be used to add things like affinity/tolerations/nodeSelectors/etc.
  ## For example:
  ## extraCoreComponentPodConfig:
  ##   affinity:
  ##     nodeAffinity:
  ##       requiredDuringSchedulingIgnoredDuringExecution:
  ##         nodeSelectorTerms:
  ##           - matchExpressions:
  ##             - key: capability
  ##               operator: In
  ##               values:
  ##                 - app
  ##
  #extraCoreComponentPodConfig:
  #  affinity:
  #  tolerations:
  #  nodeSelector:

  ## Pod resources as:
  ##  resources:
  ##    limits:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##    requests:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##
  resources: {}

  ## Security Context
  ## It holds pod-level and container level security configuration.
  ## This is an experimental section, please verify before enabling in production.
  ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
  securityContext:
    enabled: true
    ## Mark it false, if you want to stop the non root user validation
    runAsNonRoot: true
    fsGroup: 10001
    runAsUser: 10001
    runAsGroup: 10001

## The builder manager watches the package & environments CRD changes and manages the builds of function source code.
## 
buildermgr:
  ## Pod resources as:
  ##  resources:
  ##    limits:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##    requests:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##
  resources: {}

  ## Security Context
  ## It holds pod-level and container level security configuration.
  ## This is an experimental section, please verify before enabling in production.
  ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
  securityContext:
    enabled: true
    ## Mark it false, if you want to stop the non root user validation
    runAsNonRoot: true
    fsGroup: 10001
    runAsUser: 10001
    runAsGroup: 10001

## controller is the component that the client talks to.
## It contains CRUD APIs for functions, triggers, environments, Kubernetes event watches, etc. and proxy APIs to internal 3rd-party services.
##
controller:
  enabled: false
  ## Pod resources as:
  ##  resources:
  ##    limits:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##    requests:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##
  resources: {}

  ## Security Context
  ## It holds pod-level and container level security configuration.
  ## This is an experimental section, please verify before enabling in production.
  ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
  securityContext:
    enabled: true
    ## Mark it false, if you want to stop the non root user validation
    runAsNonRoot: true
    fsGroup: 10001
    runAsUser: 10001
    runAsGroup: 10001 

## webhook is the component that validates API calls.
## It contains validation and mutation for functions, triggers, environments, Kubernetes event watches, etc. 
##
webhook:
  ## Pod resources as:
  ##  resources:
  ##    limits:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##    requests:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##
  resources: {}

  certManager:
    enabled: false

  caBundlePEM: |

  crtPEM: |

  keyPEM: |


  ## Security Context
  ## It holds pod-level and container level security configuration.
  ## This is an experimental section, please verify before enabling in production.
  ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
  securityContext:
    enabled: true
    ## Mark it false, if you want to stop the non root user validation
    runAsNonRoot: true
    fsGroup: 10001
    runAsUser: 10001
    runAsGroup: 10001


## kubewatcher watches the Kubernetes API and invokes functions associated with watches, sending the watch event to the function.
##
kubewatcher:
  ## Pod resources as:
  ##  resources:
  ##    limits:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##    requests:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##
  resources: {}

  ## Security Context
  ## It holds pod-level and container level security configuration.
  ## This is an experimental section, please verify before enabling in production.
  ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
  securityContext:
    enabled: true
    ## Mark it false, if you want to stop the non root user validation
    runAsNonRoot: true
    fsGroup: 10001
    runAsUser: 10001
    runAsGroup: 10001

## The storage service is the home for all archives of packages with sizes larger than 256KB.
##
storagesvc:
  ## Pod resources as:
  ##  resources:
  ##    limits:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##    requests:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##
  resources: {}

  ## Archive pruner removes archives from storage which are not referenced by any package.
  archivePruner:
    enabled: true
    ## Run prune routine at interval (in minutes)
    interval: 60

  ## Security Context
  ## It holds pod-level and container level security configuration.
  ## This is an experimental section, please verify before enabling in production.
  ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
  securityContext:
    enabled: true
    ## Mark it false, if you want to stop the non root user validation
    runAsNonRoot: true
    fsGroup: 10001
    runAsUser: 10001
    runAsGroup: 10001

## The timer works like kubernetes CronJob but instead of creating a pod to do the task
## It sends a request to router to invoke the function.
##
timer:
  ## Pod resources as:
  ##  resources:
  ##    limits:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##    requests:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##
  resources: {}

  ## Security Context
  ## It holds pod-level and container level security configuration.
  ## This is an experimental section, please verify before enabling in production.
  ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
  securityContext:
    enabled: true
    ## Mark it false, if you want to stop the non root user validation
    runAsNonRoot: true
    fsGroup: 10001
    runAsUser: 10001
    runAsGroup: 10001

## Kafka: enable and configure the details
##
kafka:
  enabled: false
  ## note: below link is only for reference.
  ## Please use the brokers link for your kafka here.
  ##
  brokers: "broker.kafka:9092" # or your-bootstrap-server.kafka:9092/9093
  ## Sample config for authentication
  ## authentication:
  ##   tls:
  ##     enabled: true
  ##     caCert: 'auth/kafka/ca.crt'
  ##     userCert: 'auth/kafka/user.crt'
  ##     userKey: 'auth/kafka/user.key'
  ##
  authentication:
    tls:
      enabled: false
      ## InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name.
      ## Warning: Setting this to true, makes TLS susceptible to man-in-the-middle attacks
      ##
      insecureSkipVerify: false
      ## path to certificate containing public key of CA authority
      ##
      caCert: ""
      ## path to certificate containing public key of the user signed by CA authority
      ##
      userCert: ""
      ## path to private key of the user
      ##
      userKey: ""

  ## version of Kafka broker
  ## For 0.x it must be a string in the format
  ## "major.minor.veryMinor.patch" example: 0.8.2.0
  ## For 1.x it must be a string in the format
  ## "major.major.veryMinor" example: 2.0.1
  ## Should be >= 0.11.2.0 to enable Kafka record headers support
  ##
  # version: "0.11.2.0"

# The following components expose Prometheus metrics and have servicemonitors in this chart (disabled by default)
# Controller, router, executor, storage svc
serviceMonitor:
  enabled: false
  ##namespace in which you want to deploy servicemonitor
  ##
  namespace: ""
  ## Map of additional labels to add to the ServiceMonitor resources
  #  to allow selecting specific ServiceMonitors
  #  in case of multiple prometheus deployments
  additionalServiceMonitorLabels: {}
  #  release: "monitoring"
  #  key: "value"

# The following components expose Prometheus metrics and have podmonitors in this chart (disabled by default)
# 
podMonitor:
  enabled: false
  ##namespace in which you want to deploy podmonitor
  ##
  namespace: ""
  ## Map of additional labels to add to the PodMonitor resources
  #  to allow selecting specific PodMonitor
  #  in case of multiple prometheus deployments
  additionalPodMonitorLabels: {}
  #  release: "monitoring"
  #  key: "value"

## Persist data to a persistent volume.
##
persistence:
  ## If true, fission will create/use a Persistent Volume Claim unless storageType is set to s3
  ## If false, use emptyDir
  ##
  enabled: true

  ## Must be set to either local or S3.
  ## If storateType is set(other than local), one of its backend configuration must be set as below.
  ##
  #storageType: local | s3

  ## Sample configuration for AWS s3 storage backend
  ##
  # s3:
  #   bucketName: <awsBucketName>
  #   subDir: <sub directory within a bucket>
  #   accessKeyId: <awsAccessKeyId>
  #   secretAccessKey: <awsSecretAccessKey>
  #   region: <awsRegion>
  ## For Minio and other s3 compatible storage systems set endPoint property
  #   endPoint: <s3StorageUrl>
  
  ## A manually managed Persistent Volume Claim name
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  ##
  # existingClaim:

  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner. (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  # storageClass: "-"

  accessMode: ReadWriteOnce
  size: 8Gi

## Extend the container specs for the core fission pods.
## Can be used to add things like affinity/tolerations/nodeSelectors/etc.
## For example:
## extraCoreComponentPodConfig:
##   affinity:
##     nodeAffinity:
##       requiredDuringSchedulingIgnoredDuringExecution:
##         nodeSelectorTerms:
##           - matchExpressions:
##             - key: capability
##               operator: In
##               values:
##                 - app
##
#extraCoreComponentPodConfig:
#  affinity:
#  tolerations:
#  nodeSelector:

## Analytics let us count how many people installed fission. Set to
## false to disable analytics.
##
analytics: true

## Internally used for generating an analytics job for non-helm installs
##
analyticsNonHelmInstall: false

## Google Analytics Tracking ID
##
gaTrackingID: UA-196546703-1

## Logger config
## This would be used if influxdb is enabled
##
logger:
  influxdbAdmin: "admin"
  fluentdImageRepository: index.docker.io
  fluentdImage: fluent/fluent-bit
  fluentdImageTag: 1.8.8

  ## Fluent-bit writes/reads it’s own sqlite database to record a history of tracked
  ## files and a state of offsets, this is very useful to resume a state if the ser-
  ## vice is restarted. For Kubernetes environment with constraints like OpenShift,
  ## the containers are limited to write hostPath volume. Hence, we have to enable
  ## security context and set privileged to true.
  ##
  enableSecurityContext: false

  ## Enable PodSecurityPolicies to allow privileged container
  ## Only required in some clusters and when enableSecurityContext is true
  ##
  podSecurityPolicy:
    enabled: false

    ## Configure additional capabilities
    ##
    additionalCapabilities:
    # example values for linkerd
    #- NET_RAW
    #- NET_ADMIN

## Enable InfluxDB
##
influxdb:
  enabled: false
  image: influxdb:1.8

## Allow user to override busybox image used in fluent-bit init container
##
busyboxImage: busybox

## Archive pruner is a garbage collector for archives on the fission storage service.
## This interval configures the frequency at which it runs inside the storagesvc pod.
## The value is in minutes.
##

preUpgradeChecks:
  ## Run pre-install/pre-upgrade checks if true
  ##
  enabled: true
  ## pre-install/pre-upgrade checks live in this image
  ##
  image: fission/pre-upgrade-checks
  ## pre-install/pre-upgrade checks image version
  ##
  imageTag: v1.19.0-rc2

## Fission post-install/post-upgrade reporting live in this image
##
postInstallReportImage: fission/reporter

## If there are any pod specialization errors when a function is triggered, the error
## summary is returned as part of http response if this is set to true.
##
debugEnv: false

## Prometheus related configuration to query metrics
##
prometheus:
  ## please assign the prometheus service URL
  ## that is accessible by Fission components.
  ## This is mainly used to enable canary deployment.
  ##
  serviceEndpoint: ""


canaryDeployment:
## set this flag to true if you need canary deployment feature
  enabled: false

  ## Pod resources as:
  ##  resources:
  ##    limits:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##    requests:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##
  resources: {}

  ## Security Context
  ## It holds pod-level and container level security configuration.
  ## This is an experimental section, please verify before enabling in production.
  ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
  securityContext:
    enabled: true
    ## Mark it false, if you want to stop the non root user validation
    runAsNonRoot: true
    fsGroup: 10001
    runAsUser: 10001
    runAsGroup: 10001

## Enable authentication for fission function invocation via Fission router
##
authentication:
  ## set this flag to true if you need authentication
  ## for all function invocations
  ## default 'false'
  ##
  enabled: false
  ## authUriPath defines authentication endpoint path
  ## via router
  ## default '/auth/login'
  ##
  authUriPath:
  ## authUsername is used as a username for authentication
  ## default 'admin'
  ##
  authUsername: admin
  ## jwtSigningKey is the signing key used for
  ## signing the JWT token
  ##
  jwtSigningKey: serverless
  ## jwtExpiryTime is the JWT expiry time
  ## in seconds
  ## default '120'
  ##
  jwtExpiryTime: 
  ## jwtIssuer is the issuer of JWT
  ## default 'fission'
  ##
  jwtIssuer: fission

## OpenTelemetry is a set of tools for collecting, analyzing, and visualizing
## distributed tracing data across function calls.
##
openTelemetry:
  ## Use this flag to set the collector endpoint for OpenTelemetry.
  ## The variable is endpoint of the collector in the format shown below.
  ## otlpCollectorEndpoint: "otel-collector.observability.svc:4317"
  ##
  otlpCollectorEndpoint: ""
  ## Set this flag to false if you are using secure endpoint for the collector.
  ##
  otlpInsecure: true
  ## Key-value pairs to be used as headers associated with gRPC or HTTP requests to the collector.
  ## Eg. otlpHeaders: "key1=value1,key2=value2"
  ##
  otlpHeaders: ""
  ## Supported samplers:
  ## always_on - Sampler that always samples spans, regardless of the parent span's sampling decision.
  ## always_off - Sampler that never samples spans, regardless of the parent span's sampling decision.
  ## traceidratio - Sampler that samples probabalistically based on rate.
  ## parentbased_always_on - (default if empty) Sampler that respects its parent span's sampling decision, but otherwise always samples.
  ## parentbased_always_off - Sampler that respects its parent span's sampling decision, but otherwise never samples.
  ## parentbased_traceidratio - Sampler that respects its parent span's sampling decision, but otherwise samples probabalistically based on rate.
  ## See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/sdk-environment-variables.md#general-sdk-configuration
  ##
  tracesSampler: "parentbased_traceidratio"
  ## Each Sampler type defines its own expected input, if any.
  ## Currently we get trace ratio for the case of,
  ## 1. traceidratio
  ## 2. parentbased_traceidratio
  ## Sampling probability, a number in the [0..1] range, e.g. "0.1". Default is 0.1.
  ##
  tracesSamplingRate: "0.1"
  ## Supported providers:
  ## tracecontext - W3C Trace Context
  ## baggage - W3C Baggage
  ## b3 - B3 Single
  ## b3multi - B3 Multi
  ## jaeger - Jaeger uber-trace-id header
  ## xray - AWS X-Ray (third party)
  ## ottrace - OpenTracing Trace (third party)
  ## none - No tracing
  ## See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/sdk-environment-variables.md#general-sdk-configuration
  ##
  propagators: "tracecontext,baggage"

## Message Queue Trigger Kind, KEDA: enable and configuration
##
mqt_keda:
  enabled: true
  connector_images:
    kafka:
      image: fission/keda-kafka-http-connector
      tag: v0.11
    rabbitmq:
      image: fission/keda-rabbitmq-http-connector
      tag: v0.10
    awskinesis:
      image: fission/keda-aws-kinesis-http-connector
      tag: v0.10
    aws_sqs:
      image: fission/keda-aws-sqs-http-connector
      tag: v0.10
    nats_steaming:
      image: fission/keda-nats-streaming-http-connector
      tag: v0.12
    nats_jetstream:
      image: fission/keda-nats-jetstream-http-connector
      tag: v0.2
    gcp_pubsub:
      image: fission/keda-gcp-pubsub-http-connector
      tag: v0.5
    redis:
      image: fission/keda-redis-http-connector
      tag: v0.3

  ## Pod resources as:
  ##  resources:
  ##    limits:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##    requests:
  ##      cpu: <tbd>
  ##      memory: <tbd>
  ##
  resources: {}

## Enable Pprof based profiling used mostly by Fission developers
##
pprof:
  enabled: false

## Enable runtimePodSpec and add spec to your poolmgr or newdeploy pods
##
runtimePodSpec:

  ## Setting it false by default so that integration tests pass
  ##
  enabled: false
  
  ## Checkout PodSpec in https://fission.io/docs/reference/crd-reference/#runtime
  ##
  podSpec:

    ## Default podspec to improve security of the pods
    ##
    securityContext:
      fsGroup: 10001
      runAsGroup: 10001
      runAsNonRoot: true
      runAsUser: 10001

## Enable builderPodSpec and add spec to your env builder pods
##
builderPodSpec:

  ## Setting it false by default so that integration tests pass
  ##
  enabled: false

  ## Checkout PodSpec in https://fission.io/docs/reference/crd-reference/#builder
  ##
  podSpec:

    ## Default podspec to improve security of the pods
    ##
    securityContext:
      fsGroup: 10001
      runAsGroup: 10001
      runAsNonRoot: true
      runAsUser: 10001


## Enable Grafana Dashboard configmaps for auto dashboard provisioning
## If you use kube-prometheus stack for monitoring, these will get imported into grafana
grafana:
  ## The namespace in which grafana pod is present
  namespace: monitoring
  dashboards:
    ## Disabled by default. switch to true to deploy them
    enable: false