1391 lines
52 KiB
YAML
1391 lines
52 KiB
YAML
|
groups:
|
||
|
- name: "Container Image"
|
||
|
description: "Image to be used for container"
|
||
|
- name: "Controller"
|
||
|
description: "Configure workload deployment"
|
||
|
- name: "Container Configuration"
|
||
|
description: "additional container configuration"
|
||
|
- name: "App Configuration"
|
||
|
description: "App specific config options"
|
||
|
- name: "Networking and Services"
|
||
|
description: "Configure Network and Services for container"
|
||
|
- name: "Storage and Persistence"
|
||
|
description: "Persist and share data that is separate from the container"
|
||
|
- name: "Ingress"
|
||
|
description: "Ingress Configuration"
|
||
|
- name: "Security and Permissions"
|
||
|
description: "Configure security context and permissions"
|
||
|
- name: "Resources and Devices"
|
||
|
description: "Specify resources/devices to be allocated to workload"
|
||
|
- name: "Advanced"
|
||
|
description: "Advanced Configuration"
|
||
|
portals:
|
||
|
web_portal:
|
||
|
protocols:
|
||
|
- "$kubernetes-resource_configmap_portal_protocol"
|
||
|
host:
|
||
|
- "$kubernetes-resource_configmap_portal_host"
|
||
|
ports:
|
||
|
- "$kubernetes-resource_configmap_portal_port"
|
||
|
questions:
|
||
|
- variable: portal
|
||
|
group: "Container Image"
|
||
|
label: "Configure Portal Button"
|
||
|
schema:
|
||
|
type: dict
|
||
|
hidden: true
|
||
|
attrs:
|
||
|
- variable: enabled
|
||
|
label: "Enable"
|
||
|
description: "enable the portal button"
|
||
|
schema:
|
||
|
hidden: true
|
||
|
editable: false
|
||
|
type: boolean
|
||
|
default: true
|
||
|
- variable: controller
|
||
|
group: "Controller"
|
||
|
label: ""
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: type
|
||
|
description: "Please specify type of workload to deploy"
|
||
|
label: "(Advanced) Controller Type"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "deployment"
|
||
|
required: true
|
||
|
enum:
|
||
|
- value: "deployment"
|
||
|
description: "Deployment"
|
||
|
- value: "statefulset"
|
||
|
description: "Statefulset"
|
||
|
- value: "daemonset"
|
||
|
description: "Daemonset"
|
||
|
- variable: replicas
|
||
|
description: "Number of desired pod replicas"
|
||
|
label: "Desired Replicas"
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 1
|
||
|
required: true
|
||
|
- variable: strategy
|
||
|
description: "Please specify type of workload to deploy"
|
||
|
label: "(Advanced) Update Strategy"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "Recreate"
|
||
|
required: true
|
||
|
enum:
|
||
|
- value: "Recreate"
|
||
|
description: "Recreate: Kill existing pods before creating new ones"
|
||
|
- value: "RollingUpdate"
|
||
|
description: "RollingUpdate: Create new pods and then kill old ones"
|
||
|
- value: "OnDelete"
|
||
|
description: "(Legacy) OnDelete: ignore .spec.template changes"
|
||
|
|
||
|
|
||
|
- variable: env
|
||
|
group: "Container Configuration"
|
||
|
label: "Image Environment"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: TZ
|
||
|
label: "Timezone"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "Etc/UTC"
|
||
|
$ref:
|
||
|
- "definitions/timezone"
|
||
|
- variable: UMASK
|
||
|
label: "UMASK"
|
||
|
description: "Sets the UMASK env var for LinuxServer.io (compatible) containers"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "002"
|
||
|
# Configure Enviroment Variables
|
||
|
- variable: envList
|
||
|
label: "Image environment"
|
||
|
group: "Container Configuration"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: envItem
|
||
|
label: "Environment Variable"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: name
|
||
|
label: "Name"
|
||
|
schema:
|
||
|
type: string
|
||
|
- variable: value
|
||
|
label: "Value"
|
||
|
schema:
|
||
|
type: string
|
||
|
|
||
|
- variable: domain
|
||
|
group: "App Configuration"
|
||
|
label: "Domain"
|
||
|
description: "The highest domain level possible, for example: domain.com when using app.domain.com"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
required: true
|
||
|
|
||
|
- variable: default_redirection_url
|
||
|
group: "App Configuration"
|
||
|
label: "Default Redirection Url"
|
||
|
description: "If user tries to authenticate without any referer, this is used"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
required: false
|
||
|
|
||
|
- variable: theme
|
||
|
group: "App Configuration"
|
||
|
label: "Theme"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "light"
|
||
|
enum:
|
||
|
- value: "light"
|
||
|
description: "info"
|
||
|
- value: "gray"
|
||
|
description: "gray"
|
||
|
- value: "dark"
|
||
|
description: "dark"
|
||
|
|
||
|
- variable: log
|
||
|
group: "App Configuration"
|
||
|
label: "Log Configuration "
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: level
|
||
|
label: "Log Level"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "info"
|
||
|
enum:
|
||
|
- value: "info"
|
||
|
description: "info"
|
||
|
- value: "debug"
|
||
|
description: "debug"
|
||
|
- value: "trace"
|
||
|
description: "trace"
|
||
|
- variable: format
|
||
|
label: "Log Format"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "text"
|
||
|
enum:
|
||
|
- value: "json"
|
||
|
description: "json"
|
||
|
- value: "text"
|
||
|
description: "text"
|
||
|
|
||
|
- variable: totp
|
||
|
group: "App Configuration"
|
||
|
label: "TOTP Configuration"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: issuer
|
||
|
label: "Issuer"
|
||
|
description: "The issuer name displayed in the Authenticator application of your choice"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
- variable: period
|
||
|
label: "Period"
|
||
|
description: "The period in seconds a one-time password is current for"
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 30
|
||
|
- variable: skew
|
||
|
label: "skew"
|
||
|
description: "Controls number of one-time passwords either side of the current one that are valid."
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 1
|
||
|
|
||
|
- variable: duo_api
|
||
|
group: "App Configuration"
|
||
|
label: "DUO API Configuration"
|
||
|
description: "Parameters used to contact the Duo API."
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: enabled
|
||
|
label: "Enable"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
show_subquestions_if: true
|
||
|
subquestions:
|
||
|
- variable: hostname
|
||
|
label: "Hostname"
|
||
|
schema:
|
||
|
type: string
|
||
|
required: true
|
||
|
default: ""
|
||
|
|
||
|
- variable: integration_key
|
||
|
label: "integration_key"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: ""
|
||
|
required: true
|
||
|
- variable: plain_api_key
|
||
|
label: "plain_api_key"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: ""
|
||
|
required: true
|
||
|
|
||
|
- variable: session
|
||
|
group: "App Configuration"
|
||
|
label: "Session Provider"
|
||
|
description: "The session cookies identify the user once logged in."
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: name
|
||
|
label: "Cookie Name"
|
||
|
description: "The name of the session cookie."
|
||
|
schema:
|
||
|
type: string
|
||
|
required: true
|
||
|
default: "authelia_session"
|
||
|
- variable: same_site
|
||
|
label: "SameSite Value"
|
||
|
description: "Sets the Cookie SameSite value"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "lax"
|
||
|
enum:
|
||
|
- value: "lax"
|
||
|
description: "lax"
|
||
|
- value: "strict"
|
||
|
description: "strict"
|
||
|
- variable: expiration
|
||
|
label: "Expiration Time"
|
||
|
description: "The time in seconds before the cookie expires and session is reset."
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "1h"
|
||
|
required: true
|
||
|
- variable: inactivity
|
||
|
label: "Inactivity Time"
|
||
|
description: "The inactivity time in seconds before the session is reset."
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "5m"
|
||
|
required: true
|
||
|
- variable: inactivity
|
||
|
label: "Remember-Me duration"
|
||
|
description: "The remember me duration"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "5M"
|
||
|
required: true
|
||
|
|
||
|
- variable: regulation
|
||
|
group: "App Configuration"
|
||
|
label: "Regulation Configuration"
|
||
|
description: "his mechanism prevents attackers from brute forcing the first factor."
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: max_retries
|
||
|
label: "Maximum Retries"
|
||
|
description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation."
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 3
|
||
|
- variable: find_time
|
||
|
label: "Find Time"
|
||
|
description: "The time range during which the user can attempt login before being banned."
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "2m"
|
||
|
required: true
|
||
|
- variable: ban_time
|
||
|
label: "Ban Duration"
|
||
|
description: "The length of time before a banned user can login again"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "5m"
|
||
|
required: true
|
||
|
|
||
|
|
||
|
- variable: authentication_backend
|
||
|
group: "App Configuration"
|
||
|
label: "Authentication Backend Provider"
|
||
|
description: "sed for verifying user passwords and retrieve information such as email address and groups users belong to."
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: disable_reset_password
|
||
|
label: "Disable Reset Password"
|
||
|
description: "Disable both the HTML element and the API for reset password functionality"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
- variable: refresh_interval
|
||
|
label: "Reset Interval"
|
||
|
description: "The amount of time to wait before we refresh data from the authentication backend"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "5m"
|
||
|
required: true
|
||
|
- variable: ldap
|
||
|
label: "LDAP backend configuration"
|
||
|
description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: enabled
|
||
|
label: "Enable"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
show_subquestions_if: true
|
||
|
subquestions:
|
||
|
- variable: implementation
|
||
|
label: "Implementation"
|
||
|
description: "The LDAP implementation, this affects elements like the attribute utilised for resetting a password"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "custom"
|
||
|
enum:
|
||
|
- value: "activedirectory"
|
||
|
description: "activedirectory"
|
||
|
- value: "custom"
|
||
|
description: "custom"
|
||
|
- variable: url
|
||
|
label: "URL"
|
||
|
description: "The url to the ldap server. Format: <scheme>://<address>[:<port>]"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "ldap://openldap.default.svc.cluster.local"
|
||
|
required: true
|
||
|
- variable: timeout
|
||
|
label: "Connection Timeout"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "5s"
|
||
|
required: true
|
||
|
- variable: start_tls
|
||
|
label: "Start TLS"
|
||
|
description: "Use StartTLS with the LDAP connection"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
- variable: tls
|
||
|
label: "TLS Settings"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: server_name
|
||
|
label: "Server Name"
|
||
|
description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
- variable: skip_verify
|
||
|
label: "Skip Certificate Verification"
|
||
|
description: "Skip verifying the server certificate (to allow a self-signed certificate)"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
- variable: minimum_version
|
||
|
label: "Minimum TLS version"
|
||
|
description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "TLS1.2"
|
||
|
enum:
|
||
|
- value: "TLS1.0"
|
||
|
description: "TLS1.0"
|
||
|
- value: "TLS1.1"
|
||
|
description: "TLS1.1"
|
||
|
- value: "TLS1.2"
|
||
|
description: "TLS1.2"
|
||
|
- value: "TLS1.3"
|
||
|
description: "TLS1.3"
|
||
|
- variable: base_dn
|
||
|
label: "Base DN"
|
||
|
description: "The base dn for every LDAP query."
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "DC=example,DC=com"
|
||
|
required: true
|
||
|
- variable: username_attribute
|
||
|
label: "Username Attribute"
|
||
|
description: "The attribute holding the username of the user"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: ""
|
||
|
required: true
|
||
|
- variable: additional_users_dn
|
||
|
label: "Additional Users DN"
|
||
|
description: "An additional dn to define the scope to all users."
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "OU=Users"
|
||
|
required: true
|
||
|
- variable: users_filter
|
||
|
label: "Users Filter"
|
||
|
description: "The groups filter used in search queries to find the groups of the user."
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: ""
|
||
|
required: true
|
||
|
- variable: additional_groups_dn
|
||
|
label: "Additional Groups DN"
|
||
|
description: "An additional dn to define the scope of groups."
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "OU=Groups"
|
||
|
required: true
|
||
|
- variable: groups_filter
|
||
|
label: "Groups Filter"
|
||
|
description: "The groups filter used in search queries to find the groups of the user."
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: ""
|
||
|
required: true
|
||
|
- variable: group_name_attribute
|
||
|
label: "Group name Attribute"
|
||
|
description: "The attribute holding the name of the group"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: ""
|
||
|
required: true
|
||
|
- variable: mail_attribute
|
||
|
label: "Mail Attribute"
|
||
|
description: "The attribute holding the primary mail address of the user"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: ""
|
||
|
required: true
|
||
|
- variable: display_name_attribute
|
||
|
label: "Display Name Attribute"
|
||
|
description: "he attribute holding the display name of the user. This will be used to greet an authenticated user."
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: ""
|
||
|
- variable: user
|
||
|
label: "Admin User"
|
||
|
description: "The username of the admin user used to connect to LDAP."
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "CN=Authelia,DC=example,DC=com"
|
||
|
required: true
|
||
|
- variable: plain_password
|
||
|
label: "Password"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: ""
|
||
|
required: true
|
||
|
- variable: file
|
||
|
label: "File backend configuration"
|
||
|
description: "With this backend, the users database is stored in a file which is updated when users reset their passwords."
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: enabled
|
||
|
label: "Enable"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
show_subquestions_if: true
|
||
|
subquestions:
|
||
|
- variable: path
|
||
|
label: "Path"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "/config/users_database.yml"
|
||
|
required: true
|
||
|
- variable: password
|
||
|
label: "Password Settings"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: algorithm
|
||
|
label: "Algorithm"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "argon2id"
|
||
|
enum:
|
||
|
- value: "argon2id"
|
||
|
description: "argon2id"
|
||
|
- value: "sha512"
|
||
|
description: "sha512"
|
||
|
- variable: iterations
|
||
|
label: "Iterations"
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 1
|
||
|
required: true
|
||
|
- variable: key_length
|
||
|
label: "Key Length"
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 32
|
||
|
required: true
|
||
|
- variable: salt_length
|
||
|
label: "Salt Length"
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 16
|
||
|
required: true
|
||
|
- variable: memory
|
||
|
label: "Memory"
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 1024
|
||
|
required: true
|
||
|
- variable: parallelism
|
||
|
label: "Parallelism"
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 8
|
||
|
required: true
|
||
|
|
||
|
|
||
|
- variable: notifier
|
||
|
group: "App Configuration"
|
||
|
label: "Notifier Configuration"
|
||
|
description: "otifications are sent to users when they require a password reset, a u2f registration or a TOTP registration."
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: disable_startup_check
|
||
|
label: "Disable Startup Check"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
- variable: filesystem
|
||
|
label: "Filesystem Provider"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: enabled
|
||
|
label: "Enable"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
show_subquestions_if: true
|
||
|
subquestions:
|
||
|
- variable: filename
|
||
|
label: "File Path"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "/config/notification.txt"
|
||
|
required: true
|
||
|
- variable: smtp
|
||
|
label: "SMTP Provider"
|
||
|
description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate."
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: enabled
|
||
|
label: "Enable"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: true
|
||
|
show_subquestions_if: true
|
||
|
subquestions:
|
||
|
- variable: host
|
||
|
label: "Host"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "smtp.mail.svc.cluster.local"
|
||
|
required: true
|
||
|
- variable: port
|
||
|
label: "Port"
|
||
|
schema:
|
||
|
type: int
|
||
|
defaults: 25
|
||
|
required: true
|
||
|
- variable: timeout
|
||
|
label: "Timeout"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "5s"
|
||
|
required: true
|
||
|
- variable: username
|
||
|
label: "Username"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: ""
|
||
|
required: true
|
||
|
- variable: plain_password
|
||
|
label: "Password"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: ""
|
||
|
required: true
|
||
|
- variable: sender
|
||
|
label: "Sender"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: ""
|
||
|
required: true
|
||
|
- variable: identifier
|
||
|
label: "Identifier"
|
||
|
description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost."
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "localhost"
|
||
|
required: true
|
||
|
- variable: subject
|
||
|
label: "Subject"
|
||
|
description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier"
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "[Authelia] {title}"
|
||
|
required: true
|
||
|
- variable: startup_check_address
|
||
|
label: "Startup Check Address"
|
||
|
description: "This address is used during the startup check to verify the email configuration is correct."
|
||
|
schema:
|
||
|
type: string
|
||
|
defaults: "test@authelia.com"
|
||
|
required: true
|
||
|
- variable: disable_require_tls
|
||
|
label: "Disable Require TLS"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
- variable: disable_html_emails
|
||
|
label: "Disable HTML emails"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
- variable: tls
|
||
|
label: "TLS Settings"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: server_name
|
||
|
label: "Server Name"
|
||
|
description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
- variable: skip_verify
|
||
|
label: "Skip Certificate Verification"
|
||
|
description: "Skip verifying the server certificate (to allow a self-signed certificate)"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
- variable: minimum_version
|
||
|
label: "Minimum TLS version"
|
||
|
description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "TLS1.2"
|
||
|
enum:
|
||
|
- value: "TLS1.0"
|
||
|
description: "TLS1.0"
|
||
|
- value: "TLS1.1"
|
||
|
description: "TLS1.1"
|
||
|
- value: "TLS1.2"
|
||
|
description: "TLS1.2"
|
||
|
- value: "TLS1.3"
|
||
|
description: "TLS1.3"
|
||
|
- variable: access_control
|
||
|
group: "App Configuration"
|
||
|
label: "Access Control Configuration"
|
||
|
description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users."
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: default_policy
|
||
|
label: "Default Policy"
|
||
|
description: "Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'."
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "two_factor"
|
||
|
enum:
|
||
|
- value: "bypass"
|
||
|
description: "bypass"
|
||
|
- value: "one_factor"
|
||
|
description: "one_factor"
|
||
|
- value: "two_factor"
|
||
|
description: "two_factor"
|
||
|
- value: "deny"
|
||
|
description: "deny"
|
||
|
|
||
|
- variable: networks
|
||
|
label: "Networks"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: networkItem
|
||
|
label: "Network Item"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: name
|
||
|
label: "Name"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
required: true
|
||
|
- variable: networks
|
||
|
label: "Networks"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: network
|
||
|
label: "network"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
required: true
|
||
|
|
||
|
- variable: rules
|
||
|
label: "Rules"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: rulesItem
|
||
|
label: "Rule"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: domain
|
||
|
label: "Domain"
|
||
|
description: "defines which domain or set of domains the rule applies to."
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
required: true
|
||
|
- variable: policy
|
||
|
label: "Policy"
|
||
|
description: "The policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'."
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "two_factor"
|
||
|
enum:
|
||
|
- value: "bypass"
|
||
|
description: "bypass"
|
||
|
- value: "one_factor"
|
||
|
description: "one_factor"
|
||
|
- value: "two_factor"
|
||
|
description: "two_factor"
|
||
|
- value: "deny"
|
||
|
description: "two_factor"
|
||
|
- variable: subject
|
||
|
label: "Subject"
|
||
|
description: "defines the subject to apply authorizations to. This parameter is optional and matching any user if not provided"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: subjectitem
|
||
|
label: "Subject"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
required: true
|
||
|
- variable: networks
|
||
|
label: "Networks"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: network
|
||
|
label: "Network"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
required: true
|
||
|
- variable: resources
|
||
|
label: "Resources"
|
||
|
description: "is a list of regular expressions that matches a set of resources to apply the policy to"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: resource
|
||
|
label: "Resource"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
required: true
|
||
|
|
||
|
- variable: hostNetwork
|
||
|
group: "Networking and Services"
|
||
|
label: "Enable Host Networking"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
|
||
|
- variable: service
|
||
|
group: "Networking and Services"
|
||
|
label: "Configure Service(s)"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: main
|
||
|
label: "Main Service"
|
||
|
description: "The Primary service on which the healthcheck runs, often the webUI"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: enabled
|
||
|
label: "Enable the service"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: true
|
||
|
hidden: true
|
||
|
- variable: type
|
||
|
label: "Service Type"
|
||
|
description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "NodePort"
|
||
|
enum:
|
||
|
- value: "NodePort"
|
||
|
description: "NodePort"
|
||
|
- value: "ClusterIP"
|
||
|
description: "ClusterIP"
|
||
|
- value: "LoadBalancer"
|
||
|
description: "LoadBalancer"
|
||
|
- variable: loadBalancerIP
|
||
|
label: "LoadBalancer IP"
|
||
|
description: "LoadBalancerIP"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "LoadBalancer"]]
|
||
|
type: string
|
||
|
default: ""
|
||
|
- variable: externalIPs
|
||
|
label: "External IP's"
|
||
|
description: "External IP's"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "LoadBalancer"]]
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: externalIP
|
||
|
label: "External IP"
|
||
|
schema:
|
||
|
type: string
|
||
|
- variable: ports
|
||
|
label: "Service's Port(s) Configuration"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: main
|
||
|
label: "Main Service Port Configuration"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: enabled
|
||
|
label: "Enable the port"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: true
|
||
|
hidden: true
|
||
|
- variable: protocol
|
||
|
label: "Port Type"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "HTTP"
|
||
|
enum:
|
||
|
- value: HTTP
|
||
|
description: "HTTP"
|
||
|
- value: "HTTPS"
|
||
|
description: "HTTPS"
|
||
|
- value: TCP
|
||
|
description: "TCP"
|
||
|
- value: "UDP"
|
||
|
description: "UDP"
|
||
|
- variable: port
|
||
|
label: "Container Port"
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 9091
|
||
|
editable: false
|
||
|
hidden: true
|
||
|
- variable: targetport
|
||
|
label: "Target Port"
|
||
|
description: "This port exposes the container port on the service"
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 9091
|
||
|
editable: true
|
||
|
required: true
|
||
|
- variable: nodePort
|
||
|
label: "Node Port (Optional)"
|
||
|
description: "This port gets exposed to the node. Only considered when service type is NodePort"
|
||
|
schema:
|
||
|
type: int
|
||
|
min: 9000
|
||
|
max: 65535
|
||
|
default: 36000
|
||
|
required: true
|
||
|
|
||
|
- variable: persistence
|
||
|
label: "Integrated Persistent Storage"
|
||
|
description: "Integrated Persistent Storage"
|
||
|
group: "Storage and Persistence"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: config
|
||
|
label: "App Config Storage"
|
||
|
description: "Stores the Application Configuration."
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: enabled
|
||
|
label: "Enable the storage"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: true
|
||
|
- variable: type
|
||
|
label: "(Advanced) Type of Storage"
|
||
|
description: "Sets the persistence type"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "pvc"
|
||
|
enum:
|
||
|
- value: "pvc"
|
||
|
description: "pvc"
|
||
|
- value: "emptyDir"
|
||
|
description: "emptyDir"
|
||
|
- value: "hostPath"
|
||
|
description: "hostPath"
|
||
|
- variable: storageClass
|
||
|
label: "(Advanced) storageClass"
|
||
|
description: " Warning: Anything other than SCALE-ZFS will break rollback!"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "pvc"]]
|
||
|
type: string
|
||
|
default: "SCALE-ZFS"
|
||
|
- variable: setPermissions
|
||
|
label: "Automatic Permissions"
|
||
|
description: "Automatically set permissions on install"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "hostPath"]]
|
||
|
type: boolean
|
||
|
default: true
|
||
|
- variable: readOnly
|
||
|
label: "readOnly"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
- variable: hostPath
|
||
|
label: "hostPath"
|
||
|
description: "Path inside the container the storage is mounted"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "hostPath"]]
|
||
|
type: hostpath
|
||
|
- variable: hostPathType
|
||
|
label: "hostPath Type"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "hostPath"]]
|
||
|
type: string
|
||
|
default: ""
|
||
|
enum:
|
||
|
- value: ""
|
||
|
description: "Default"
|
||
|
- value: "DirectoryOrCreate"
|
||
|
description: "DirectoryOrCreate"
|
||
|
- value: "Directory"
|
||
|
description: "Directory"
|
||
|
- value: "FileOrCreate"
|
||
|
description: "FileOrCreate"
|
||
|
- value: "File"
|
||
|
description: "File"
|
||
|
- value: "Socket"
|
||
|
description: "Socket"
|
||
|
- value: "CharDevice"
|
||
|
description: "CharDevice"
|
||
|
- value: "BlockDevice"
|
||
|
description: "BlockDevice"
|
||
|
- variable: mountPath
|
||
|
label: "mountPath"
|
||
|
description: "Path inside the container the storage is mounted"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "/config"
|
||
|
hidden: true
|
||
|
- variable: medium
|
||
|
label: "EmptyDir Medium"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "emptyDir"]]
|
||
|
type: string
|
||
|
default: ""
|
||
|
enum:
|
||
|
- value: ""
|
||
|
description: "Default"
|
||
|
- value: "Memory"
|
||
|
description: "Memory"
|
||
|
- variable: accessMode
|
||
|
label: "Access Mode (Advanced)"
|
||
|
description: "Allow or disallow multiple PVC's writhing to the same PV"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "pvc"]]
|
||
|
type: string
|
||
|
default: "ReadWriteOnce"
|
||
|
enum:
|
||
|
- value: "ReadWriteOnce"
|
||
|
description: "ReadWriteOnce"
|
||
|
- value: "ReadOnlyMany"
|
||
|
description: "ReadOnlyMany"
|
||
|
- value: "ReadWriteMany"
|
||
|
description: "ReadWriteMany"
|
||
|
- variable: size
|
||
|
label: "Size quotum of storage"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "pvc"]]
|
||
|
type: string
|
||
|
default: "100Gi"
|
||
|
|
||
|
- variable: persistenceList
|
||
|
label: "Additional app storage"
|
||
|
group: "Storage and Persistence"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: persistenceListEntry
|
||
|
label: "Custom Storage"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: enabled
|
||
|
label: "Enable the storage"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: true
|
||
|
- variable: type
|
||
|
label: "(Advanced) Type of Storage"
|
||
|
description: "Sets the persistence type"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "hostPath"
|
||
|
enum:
|
||
|
- value: "pvc"
|
||
|
description: "pvc"
|
||
|
- value: "emptyDir"
|
||
|
description: "emptyDir"
|
||
|
- value: "hostPath"
|
||
|
description: "hostPath"
|
||
|
- variable: storageClass
|
||
|
label: "(Advanced) storageClass"
|
||
|
description: " Warning: Anything other than SCALE-ZFS will break rollback!"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "pvc"]]
|
||
|
type: string
|
||
|
default: "SCALE-ZFS"
|
||
|
- variable: setPermissions
|
||
|
label: "Automatic Permissions"
|
||
|
description: "Automatically set permissions on install"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "hostPath"]]
|
||
|
type: boolean
|
||
|
default: true
|
||
|
- variable: readOnly
|
||
|
label: "readOnly"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
- variable: hostPath
|
||
|
label: "hostPath"
|
||
|
description: "Path inside the container the storage is mounted"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "hostPath"]]
|
||
|
type: hostpath
|
||
|
- variable: hostPathType
|
||
|
label: "hostPath Type"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "hostPath"]]
|
||
|
type: string
|
||
|
default: ""
|
||
|
enum:
|
||
|
- value: ""
|
||
|
description: "Default"
|
||
|
- value: "DirectoryOrCreate"
|
||
|
description: "DirectoryOrCreate"
|
||
|
- value: "Directory"
|
||
|
description: "Directory"
|
||
|
- value: "FileOrCreate"
|
||
|
description: "FileOrCreate"
|
||
|
- value: "File"
|
||
|
description: "File"
|
||
|
- value: "Socket"
|
||
|
description: "Socket"
|
||
|
- value: "CharDevice"
|
||
|
description: "CharDevice"
|
||
|
- value: "BlockDevice"
|
||
|
description: "BlockDevice"
|
||
|
- variable: mountPath
|
||
|
label: "mountPath"
|
||
|
description: "Path inside the container the storage is mounted"
|
||
|
schema:
|
||
|
type: string
|
||
|
required: true
|
||
|
default: ""
|
||
|
- variable: medium
|
||
|
label: "EmptyDir Medium"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "emptyDir"]]
|
||
|
type: string
|
||
|
default: ""
|
||
|
enum:
|
||
|
- value: ""
|
||
|
description: "Default"
|
||
|
- value: "Memory"
|
||
|
description: "Memory"
|
||
|
- variable: accessMode
|
||
|
label: "Access Mode (Advanced)"
|
||
|
description: "Allow or disallow multiple PVC's writhing to the same PVC"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "pvc"]]
|
||
|
type: string
|
||
|
default: "ReadWriteOnce"
|
||
|
enum:
|
||
|
- value: "ReadWriteOnce"
|
||
|
description: "ReadWriteOnce"
|
||
|
- value: "ReadOnlyMany"
|
||
|
description: "ReadOnlyMany"
|
||
|
- value: "ReadWriteMany"
|
||
|
description: "ReadWriteMany"
|
||
|
- variable: size
|
||
|
label: "Size quotum of storage"
|
||
|
schema:
|
||
|
show_if: [["type", "=", "pvc"]]
|
||
|
type: string
|
||
|
default: "100Gi"
|
||
|
|
||
|
- variable: ingress
|
||
|
label: ""
|
||
|
group: "Ingress"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: main
|
||
|
label: "Main Ingress"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: enabled
|
||
|
label: "Enable Ingress"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
show_subquestions_if: true
|
||
|
subquestions:
|
||
|
- variable: hosts
|
||
|
label: "Hosts"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: hostEntry
|
||
|
label: "Host"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: host
|
||
|
label: "HostName"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
required: true
|
||
|
- variable: paths
|
||
|
label: "Paths"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: pathEntry
|
||
|
label: "Host"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: path
|
||
|
label: "path"
|
||
|
schema:
|
||
|
type: string
|
||
|
required: true
|
||
|
default: "/"
|
||
|
- variable: pathType
|
||
|
label: "pathType"
|
||
|
schema:
|
||
|
type: string
|
||
|
required: true
|
||
|
default: "Prefix"
|
||
|
- variable: tls
|
||
|
label: "TLS-Settings"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: tlsEntry
|
||
|
label: "Host"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: hosts
|
||
|
label: "Certificate Hosts"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: host
|
||
|
label: "Host"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
required: true
|
||
|
- variable: scaleCert
|
||
|
label: "Select TrueNAS SCALE Certificate"
|
||
|
schema:
|
||
|
type: int
|
||
|
$ref:
|
||
|
- "definitions/certificate"
|
||
|
- variable: entrypoint
|
||
|
label: "Traefik Entrypoint"
|
||
|
description: "Entrypoint used by Traefik when using Traefik as Ingress Provider"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "websecure"
|
||
|
required: true
|
||
|
- variable: middlewares
|
||
|
label: "Traefik Middlewares"
|
||
|
description: "Add previously created Traefik Middlewares to this Ingress"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: name
|
||
|
label: "Name"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: ""
|
||
|
required: true
|
||
|
|
||
|
- variable: securityContext
|
||
|
group: "Security and Permissions"
|
||
|
label: "Security Context"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: privileged
|
||
|
label: "Privileged mode"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
- variable: readOnlyRootFilesystem
|
||
|
label: "ReadOnly Root Filesystem"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: true
|
||
|
- variable: allowPrivilegeEscalation
|
||
|
label: "Allow Privilege Escalation"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
|
||
|
- variable: podSecurityContext
|
||
|
group: "Security and Permissions"
|
||
|
label: "Pod Security Context"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: runAsNonRoot
|
||
|
label: "runAsNonRoot"
|
||
|
schema:
|
||
|
type: boolean
|
||
|
default: true
|
||
|
- variable: runAsUser
|
||
|
label: "runAsUser"
|
||
|
description: "The UserID of the user running the application"
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 568
|
||
|
- variable: runAsGroup
|
||
|
label: "runAsGroup"
|
||
|
description: The groupID this App of the user running the application"
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 568
|
||
|
- variable: fsGroup
|
||
|
label: "fsGroup"
|
||
|
description: "The group that should own ALL storage."
|
||
|
schema:
|
||
|
type: int
|
||
|
default: 568
|
||
|
- variable: supplementalGroups
|
||
|
label: "When should we take ownership?"
|
||
|
schema:
|
||
|
type: list
|
||
|
default: []
|
||
|
items:
|
||
|
- variable: supplementalGroupsEntry
|
||
|
label: "When should we take ownership?"
|
||
|
schema:
|
||
|
type: int
|
||
|
- variable: fsGroupChangePolicy
|
||
|
label: "When should we take ownership?"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "OnRootMismatch"
|
||
|
enum:
|
||
|
- value: "OnRootMismatch"
|
||
|
description: "OnRootMismatch"
|
||
|
- value: "Always"
|
||
|
description: "Always"
|
||
|
- variable: resources
|
||
|
group: "Resources and Devices"
|
||
|
label: ""
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: limits
|
||
|
label: "Advanced Limit Resource Consumption"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: cpu
|
||
|
label: "CPU"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "2000m"
|
||
|
- variable: memory
|
||
|
label: "Memory RAM"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "2Gi"
|
||
|
- variable: requests
|
||
|
label: "Advanced Request minimum resources required"
|
||
|
schema:
|
||
|
type: dict
|
||
|
attrs:
|
||
|
- variable: cpu
|
||
|
label: "CPU"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "10m"
|
||
|
- variable: memory
|
||
|
label: "Memory RAM"
|
||
|
schema:
|
||
|
type: string
|
||
|
default: "50Mi"
|