Skip to content

Instantly share code, notes, and snippets.

@stefanprodan
Last active October 1, 2018 06:33
Show Gist options
  • Save stefanprodan/fc8d7ef8f4af3d0d81a9f28ff8c6edcb to your computer and use it in GitHub Desktop.
Save stefanprodan/fc8d7ef8f4af3d0d81a9f28ff8c6edcb to your computer and use it in GitHub Desktop.
OpenFaaS GKE
apiVersion: openfaas.com/v1alpha2
kind: Function
metadata:
name: certinfo
spec:
name: certinfo
image: stefanprodan/certinfo:latest
labels:
com.openfaas.scale.min: "2"
com.openfaas.scale.max: "12"
com.openfaas.scale.factor: "4"
limits:
cpu: "1000m"
memory: "128Mi"
requests:
cpu: "10m"
memory: "64Mi"
constraints:
- "cloud.google.com/gke-preemptible=true"
k8s_version=$(gcloud container get-server-config --format=json | jq -r '.validNodeVersions[0]')
gcloud container clusters create openfaas \
--cluster-version=${k8s_version} \
--zone=europe-west3-a \
--num-nodes=2 \
--machine-type=n1-standard-1 \
--no-enable-cloud-logging \
--disk-size=30 \
--enable-autorepair \
--enable-network-policy \
--scopes=gke-default,compute-rw,storage-rw
gcloud container node-pools create fn-pool \
--cluster=openfaas \
--preemptible \
--node-version=${k8s_version} \
--zone=europe-west3-a \
--num-nodes=1 \
--enable-autoscaling --min-nodes=2 --max-nodes=4 \
--machine-type=n1-highcpu-4 \
--disk-size=30 \
--enable-autorepair \
--scopes=gke-default
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: email@example.com
http01: {}
privateKeySecretRef:
name: letsencrypt-cert
server: https://acme-v02.api.letsencrypt.org/directory
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: openfaas-stg
namespace: openfaas-stg
spec:
policyTypes:
- Ingress
podSelector: {}
ingress:
- from:
- namespaceSelector:
matchLabels:
access: openfaas-system
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: openfaas-stg-fn
namespace: openfaas-stg-fn
spec:
policyTypes:
- Ingress
podSelector: {}
ingress:
- from:
- namespaceSelector:
matchLabels:
role: openfaas-system
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: openfaas-prod
namespace: openfaas-prod
spec:
policyTypes:
- Ingress
podSelector: {}
ingress:
- from:
- namespaceSelector:
matchLabels:
access: openfaas-system
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: openfaas-prod-fn
namespace: openfaas-prod-fn
spec:
policyTypes:
- Ingress
podSelector: {}
ingress:
- from:
- namespaceSelector:
matchLabels:
role: openfaas-system
apiVersion: v1
kind: Namespace
metadata:
name: openfaas-stg
labels:
role: openfaas-system
access: openfaas-system
---
apiVersion: v1
kind: Namespace
metadata:
name: openfaas-stg-fn
---
apiVersion: v1
kind: Namespace
metadata:
name: openfaas-prod
labels:
role: openfaas-system
access: openfaas-system
---
apiVersion: v1
kind: Namespace
metadata:
name: openfaas-prod-fn
functionNamespace: openfaas-prod-fn
exposeServices: false
basic_auth: true
operator:
create: true
createCRD: false
gateway:
replicas: 2
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "contour"
certmanager.k8s.io/cluster-issuer: "letsencrypt"
contour.heptio.com/request-timeout: "30s"
contour.heptio.com/num-retries: "3"
contour.heptio.com/retry-on: "gateway-error"
hosts:
- host: openfaas.example.com
serviceName: gateway
servicePort: 8080
path: /
tls:
- secretName: openfaas-cert
hosts:
- openfaas.example.com
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cloud.google.com/gke-preemptible
operator: DoesNotExist
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app: gateway
release: openfaas-prod
topologyKey: kubernetes.io/hostname
functionNamespace: openfaas-stg-fn
exposeServices: false
basic_auth: true
operator:
create: true
createCRD: true
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "contour"
certmanager.k8s.io/cluster-issuer: "letsencrypt"
contour.heptio.com/request-timeout: "30s"
contour.heptio.com/num-retries: "3"
contour.heptio.com/retry-on: "gateway-error"
hosts:
- host: openfaas-stg.example.com
serviceName: gateway
servicePort: 8080
path: /
tls:
- secretName: openfaas-cert
hosts:
- openfaas-stg.example.com
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cloud.google.com/gke-preemptible
operator: DoesNotExist
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment