secrets:
  ### Generated secrets (do not edit)
  - name: s3-secret-key
    literals:
      - name: s3-secret-key
    filters:
      - "default"
    namespace: "openfaas-fn"
  - name: s3-access-key
    literals:
      - name: s3-access-key
    filters:
      - "default"
    namespace: "openfaas-fn"
  - name: basic-auth
    literals:
      - name: basic-auth-user
        value: admin
      - name: basic-auth-password
        value: ""
    filters:
      - "default"
    namespace: "openfaas"
  - name: "payload-secret"
    literals:
      - name: payload-secret
        value: ""
    filters:
      - "default"
    namespace: "openfaas"
  - name: "jwt-private-key"
    files:
      - name: "key"
        value_from: "./tmp/key"
        value_command: "openssl ecparam -genkey -name prime256v1 -noout -out ./tmp/key"
    filters:
      - "auth"
    namespace: "openfaas"
  - name: "jwt-public-key"
    files:
      - name: "key.pub"
        value_from: "./tmp/key.pub"
        value_command: "openssl ec -in ./tmp/key -pubout -out ./tmp/key.pub"
    filters:
      - "auth"
    namespace: "openfaas"

  ### User-input
  ### In this section, you must populate all your secrets or secret file-locations
  ### and your desired configuration.
  ### For more information see: https://github.com/openfaas/openfaas-cloud/tree/master/docs

  ## This value is used by Github to talk to system-github-event, the password will be
  ## generated if left blank. Alternatively, you can enter a password here of your own.
  ## Enter it into the GitHub App's UI.
  - name: "github-webhook-secret"
    literals:
      - name: "github-webhook-secret"
        value: ""
    filters:
      - "scm_github"
    namespace: "openfaas-fn"

  # Download from GitHub App on GitHub UI
  - name: "private-key"
    files:
      - name: "private-key"
        value_from: "~/Downloads/private-key.pem"
    filters:
      - "scm_github"
    namespace: "openfaas-fn"
  # Populate your OAuth client_secret
  - name: "of-client-secret"
    literals:
      - name: of-client-secret
        value: "79163355e553b477957d977b0b8addd3c42ff52d"
    filters:
      - "auth"
    namespace: "openfaas"

  # Enter your GitLab Webhook secret and API token
  - name: "gitlab-webhook-secret"
    literals:
      - name: "gitlab-webhook-secret"
        value: ""
    filters:
      - "scm_gitlab"
    namespace: "openfaas-fn"
  - name: "gitlab-api-token"
    literals:
      - name: "gitlab-api-token"
        value: "token"
    filters:
      - "scm_gitlab"
    namespace: "openfaas-fn"

 # DNS Service Account secret for DNS01 (wildcard) challenge

  ## Use DigitalOcean
  ### Create a Personal Access Token and save it into a file, with no new-lines
  - name: "digitalocean-dns"
    files:
      - name: "access-token"
        value_from: "~/Downloads/do-access-token"
    filters:
      - "do_dns01"
    namespace: "cert-manager"

  ## Use Google Cloud DNS
  ### Create a service account for DNS management and export it
  - name: "clouddns-service-account"
    files:
      - name: "service-account.json"
        value_from: "~/Downloads/service-account.json"
    filters:
      - "gcp_dns01"
    namespace: "cert-manager"

  ## Use Route 53
  ### Create role and download its secret access key
  - name: "route53-credentials-secret"
    files:
      - name: "secret-access-key"
        value_from: "~/Downloads/route53-secret-access-key"
    filters:
      - "route53_dns01"
    namespace: "cert-manager"

  ## Use Cloudflare
  ### Create role and download its secret access key
  - name: "cloudflare-api-key-secret"
    files:
      - name: "api-key"
        value_from: "~/Downloads/cloudflare-secret-access-key"
    filters:
      - "cloudflare_dns01"
    namespace: "cert-manager"

  # Used by Buildkit to push images to your registry
  - name: "registry-secret"
    files:
      - name: "config.json"
        value_from: "./credentials/config.json"
    filters:
      - "default"
    namespace: "openfaas"

  # Used to pull functions / images to nodes by Kubernetes
  - name: "registry-pull-secret"
    files:
      - name: ".dockerconfigjson"
        value_from: "./credentials/config.json"
    namespace: "openfaas-fn"
    filters:
      - "default"
    type: "kubernetes.io/dockerconfigjson"

    # ECR credentials to push to AWS ECR
    ## Make sure you do not use your admin account in ~/.aws/credentials, but a
    ## new user with ECR power-user permissions only.
  - name: "aws-ecr-credentials"
    files:
      - name: "credentials"
        value_from: "~/.aws/credentials"
    filters:
      - "ecr"
    namespace: "openfaas"

  - name: "aws-ecr-createrepo-credentials"
    files:
      - name: "credentials"
        value_from: "~/.aws/credentials"
    filters:
      - "ecr"
    namespace: "openfaas-fn"

## If not using a HTTPS URL, then set a list of CUSTOMERS
## To use this set "value_from" to a real file path, and put in a list (each item on a new line) of usernames, without other whitespace
  - name: "of-customers"
    files:
      - name: "of-customers"
        value_from: "/dev/null"
    namespace: "openfaas"
    filters:
      - "default"
  - name: "customers"
    files:
      - name: "customers"
        value_from: "/dev/null"
    namespace: "openfaas-fn"
    filters:
      - "default"

### Docker registry
#### This can be any cluster accessible by your cluster. To populate the file
#### run `docker login` with "store in keychain" turned off in Docker Desktop.
#### This can also be your private registry
#### Format: registry/username/ - i.e. replace ofctest with your login

registry: docker.io/ofctest/

### Use a secret instead of a publicly accessible URL for the ACL
### of valid users.
customers_secret: false

### Enable only if using AWS ECR
enable_ecr: false

### Change if your using ECR
ecr_config:
  ### The region to use for ECR
  ecr_region: "eu-central-1"

### Your root DNS domain name, this can be a sub-domain i.e. staging.o6s.io / prod.o6s.io
root_domain: "myfaas.club"

## Ingress into OpenFaaS Cloud

### Keep active if using a cluster with a LoadBalancer available.
ingress: loadbalancer

### Uncomment if using on-premises or a host/cloud without a loadbalancer
# ingress: host

## Define the custom templates available for your users
### If needed edit the git-tar Deployment after running the tool
deployment:
  custom_templates:
    - "https://github.com/openfaas-incubator/golang-http-template.git"
    - "https://github.com/openfaas-incubator/node10-express-template.git"
    - "https://github.com/openfaas-incubator/python-flask-template.git"
    - "https://github.com/openfaas-incubator/ruby-http"

## Source Control Management
### Pick either github or gitlab
scm: github
# scm: gitlab

## Populate from GitHub App
github:
  app_id: "24304"
  public_link: "https://github.com/apps/o6s-io"

## GitLab
### Public URL for your GitLab instance with a trailing slash
gitlab:
  gitlab_instance: "https://gitlab.o6s.io/"


## Enable auth:
### When enabled users must log in with a valid GitHub account and be present in the
### customers file to view any dashboard
enable_oauth: false

## Populate from OAuth App
oauth:
  client_id: clientid

  ## For GitLab put your OAuth provider base URL
  # oauth_provider_base_url: "https://gitlab.o6s.io"

  ## For GitHub leave blank
  oauth_provider_base_url: ""

## Slack
### You can set your own url to get an audit trail in your Slack workspace
### You can edit this after deployment if needed in the audit function
slack:
  url: http://gateway.openfaas:8080/function/echo

### Users allowed to access your OpenFaaS Cloud
#### ACL for your users, it must be a raw text file or GitHub RAW URL
#### At time of writing this _must_ be a public repo URL
customers_url: "https://raw.githubusercontent.com/openfaas/openfaas-cloud/master/CUSTOMERS"

##  S3 configuration
### Build logs from buildkit are stored in S3
### Defaults to in-cluster deployment of Minio. AWS S3 is also possible
s3:
  s3_url: minio.openfaas.svc.cluster.local:9000
  s3_region: us-east-1
  s3_tls: false
  s3_bucket: pipeline

## TLS
tls: false
tls_config:
  # issuer_type: "prod"

  issuer_type: "staging"
  email: "your@email.com"

  ## Select DNS web service between Amazon Route 53 (route53) and Google Cloud DNS (clouddns)
  # by uncommenting the required option

  ### DigitalOcean
  dns_service: digitalocean

  ### Google Cloud DNS
  # dns_service: clouddns
  # project_id: "my-openfaas-cloud"

  ### AWS Route53
  # dns_service: route53
  # region: us-east-1
  # access_key_id: ASYAKIUJE8AYRQQ7DU3M

  ### Cloudflare
  # dns_service: cloudflare

## Dockerfile language support
### Use with caution, it allows any workload to be built and run
enable_dockerfile_lang: false

## Set to true to enable scaling to zero
### When enabled, all functions are included by default, to turn off add a label
### of com.openfaas.scale.zero: "false"
scale_to_zero: false

## Enable network policies
### Prevents functions from talking to the openfaas namespace, and to each other.
### Use the ingress address for the gateway or the external IP instead.
network_policies: false

## Branch that OpenFaaS Cloud will build and deploy
## You should change this if you want a different branch to be built and deployed instead of master
build_branch: master

## This setting, if true, will install the openfaas ingress-operator using the openfaas-fn namespace
## for finding functions, creating Ingress records in the openfaas namespace
ingress_operator: false

## Version of OpenFaaS Cloud from https://github.com/openfaas/openfaas-cloud/releases/
### Usage: release tag, a SHA or branch name
openfaas_cloud_version: 0.14.6

## This setting, if true, will deploy OpenFaaS and use the OpenFaaS operator CRD controller, 
## default uses faas-netes as the Kubernetes controller
openfaas_operator: false