groups: - name: "Container Image" description: "Image to be used for container" - name: "Controller" description: "Configure workload deployment" - name: "Container Configuration" description: "additional container configuration" - name: "App Configuration" description: "App specific config options" - name: "Networking and Services" description: "Configure Network and Services for container" - name: "Storage and Persistence" description: "Persist and share data that is separate from the container" - name: "Ingress" description: "Ingress Configuration" - name: "Security and Permissions" description: "Configure security context and permissions" - name: "Resources and Devices" description: "Specify resources/devices to be allocated to workload" - name: "Advanced" description: "Advanced Configuration" portals: web_portal: protocols: - "$kubernetes-resource_configmap_portal_protocol" host: - "$kubernetes-resource_configmap_portal_host" ports: - "$kubernetes-resource_configmap_portal_port" questions: - variable: portal group: "Container Image" label: "Configure Portal Button" schema: type: dict hidden: true attrs: - variable: enabled label: "Enable" description: "enable the portal button" schema: hidden: true editable: false type: boolean default: true - variable: controller group: "Controller" label: "" schema: type: dict attrs: - variable: type description: "Please specify type of workload to deploy" label: "(Advanced) Controller Type" schema: type: string default: "deployment" required: true enum: - value: "deployment" description: "Deployment" - value: "statefulset" description: "Statefulset" - value: "daemonset" description: "Daemonset" - variable: replicas description: "Number of desired pod replicas" label: "Desired Replicas" schema: type: int default: 1 required: true - variable: strategy description: "Please specify type of workload to deploy" label: "(Advanced) Update Strategy" schema: type: string default: "Recreate" required: true enum: - value: "Recreate" description: "Recreate: Kill existing pods before creating new ones" - value: "RollingUpdate" description: "RollingUpdate: Create new pods and then kill old ones" - value: "OnDelete" description: "(Legacy) OnDelete: ignore .spec.template changes" - variable: env group: "Container Configuration" label: "Image Environment" schema: type: dict attrs: - variable: TZ label: "Timezone" schema: type: string default: "Etc/UTC" $ref: - "definitions/timezone" - variable: UMASK label: "UMASK" description: "Sets the UMASK env var for LinuxServer.io (compatible) containers" schema: type: string default: "002" # Configure Enviroment Variables - variable: envList label: "Image environment" group: "Container Configuration" schema: type: list default: [] items: - variable: envItem label: "Environment Variable" schema: type: dict attrs: - variable: name label: "Name" schema: type: string - variable: value label: "Value" schema: type: string - variable: domain group: "App Configuration" label: "Domain" description: "The highest domain level possible, for example: domain.com when using app.domain.com" schema: type: string default: "" required: true - variable: default_redirection_url group: "App Configuration" label: "Default Redirection Url" description: "If user tries to authenticate without any referer, this is used" schema: type: string default: "" required: false - variable: theme group: "App Configuration" label: "Theme" schema: type: string default: "light" enum: - value: "light" description: "info" - value: "gray" description: "gray" - value: "dark" description: "dark" - variable: log group: "App Configuration" label: "Log Configuration " schema: type: dict attrs: - variable: level label: "Log Level" schema: type: string default: "info" enum: - value: "info" description: "info" - value: "debug" description: "debug" - value: "trace" description: "trace" - variable: format label: "Log Format" schema: type: string default: "text" enum: - value: "json" description: "json" - value: "text" description: "text" - variable: totp group: "App Configuration" label: "TOTP Configuration" schema: type: dict attrs: - variable: issuer label: "Issuer" description: "The issuer name displayed in the Authenticator application of your choice" schema: type: string default: "" - variable: period label: "Period" description: "The period in seconds a one-time password is current for" schema: type: int default: 30 - variable: skew label: "skew" description: "Controls number of one-time passwords either side of the current one that are valid." schema: type: int default: 1 - variable: duo_api group: "App Configuration" label: "DUO API Configuration" description: "Parameters used to contact the Duo API." schema: type: dict attrs: - variable: enabled label: "Enable" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: hostname label: "Hostname" schema: type: string required: true default: "" - variable: integration_key label: "integration_key" schema: type: string defaults: "" required: true - variable: plain_api_key label: "plain_api_key" schema: type: string defaults: "" required: true - variable: session group: "App Configuration" label: "Session Provider" description: "The session cookies identify the user once logged in." schema: type: dict attrs: - variable: name label: "Cookie Name" description: "The name of the session cookie." schema: type: string required: true default: "authelia_session" - variable: same_site label: "SameSite Value" description: "Sets the Cookie SameSite value" schema: type: string default: "lax" enum: - value: "lax" description: "lax" - value: "strict" description: "strict" - variable: expiration label: "Expiration Time" description: "The time in seconds before the cookie expires and session is reset." schema: type: string defaults: "1h" required: true - variable: inactivity label: "Inactivity Time" description: "The inactivity time in seconds before the session is reset." schema: type: string defaults: "5m" required: true - variable: inactivity label: "Remember-Me duration" description: "The remember me duration" schema: type: string defaults: "5M" required: true - variable: regulation group: "App Configuration" label: "Regulation Configuration" description: "his mechanism prevents attackers from brute forcing the first factor." schema: type: dict attrs: - variable: max_retries label: "Maximum Retries" description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation." schema: type: int default: 3 - variable: find_time label: "Find Time" description: "The time range during which the user can attempt login before being banned." schema: type: string defaults: "2m" required: true - variable: ban_time label: "Ban Duration" description: "The length of time before a banned user can login again" schema: type: string defaults: "5m" required: true - variable: authentication_backend group: "App Configuration" label: "Authentication Backend Provider" description: "sed for verifying user passwords and retrieve information such as email address and groups users belong to." schema: type: dict attrs: - variable: disable_reset_password label: "Disable Reset Password" description: "Disable both the HTML element and the API for reset password functionality" schema: type: boolean default: false - variable: refresh_interval label: "Reset Interval" description: "The amount of time to wait before we refresh data from the authentication backend" schema: type: string defaults: "5m" required: true - variable: ldap label: "LDAP backend configuration" description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to" schema: type: dict attrs: - variable: enabled label: "Enable" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: implementation label: "Implementation" description: "The LDAP implementation, this affects elements like the attribute utilised for resetting a password" schema: type: string default: "custom" enum: - value: "activedirectory" description: "activedirectory" - value: "custom" description: "custom" - variable: url label: "URL" description: "The url to the ldap server. Format: ://
[:]" schema: type: string default: "ldap://openldap.default.svc.cluster.local" required: true - variable: timeout label: "Connection Timeout" schema: type: string default: "5s" required: true - variable: start_tls label: "Start TLS" description: "Use StartTLS with the LDAP connection" schema: type: boolean default: false - variable: tls label: "TLS Settings" schema: type: dict attrs: - variable: server_name label: "Server Name" description: "Server Name for certificate validation (in case it's not set correctly in the URL)." schema: type: string default: "" - variable: skip_verify label: "Skip Certificate Verification" description: "Skip verifying the server certificate (to allow a self-signed certificate)" schema: type: boolean default: false - variable: minimum_version label: "Minimum TLS version" description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS." schema: type: string default: "TLS1.2" enum: - value: "TLS1.0" description: "TLS1.0" - value: "TLS1.1" description: "TLS1.1" - value: "TLS1.2" description: "TLS1.2" - value: "TLS1.3" description: "TLS1.3" - variable: base_dn label: "Base DN" description: "The base dn for every LDAP query." schema: type: string defaults: "DC=example,DC=com" required: true - variable: username_attribute label: "Username Attribute" description: "The attribute holding the username of the user" schema: type: string defaults: "" required: true - variable: additional_users_dn label: "Additional Users DN" description: "An additional dn to define the scope to all users." schema: type: string defaults: "OU=Users" required: true - variable: users_filter label: "Users Filter" description: "The groups filter used in search queries to find the groups of the user." schema: type: string defaults: "" required: true - variable: additional_groups_dn label: "Additional Groups DN" description: "An additional dn to define the scope of groups." schema: type: string defaults: "OU=Groups" required: true - variable: groups_filter label: "Groups Filter" description: "The groups filter used in search queries to find the groups of the user." schema: type: string defaults: "" required: true - variable: group_name_attribute label: "Group name Attribute" description: "The attribute holding the name of the group" schema: type: string defaults: "" required: true - variable: mail_attribute label: "Mail Attribute" description: "The attribute holding the primary mail address of the user" schema: type: string defaults: "" required: true - variable: display_name_attribute label: "Display Name Attribute" description: "he attribute holding the display name of the user. This will be used to greet an authenticated user." schema: type: string defaults: "" - variable: user label: "Admin User" description: "The username of the admin user used to connect to LDAP." schema: type: string defaults: "CN=Authelia,DC=example,DC=com" required: true - variable: plain_password label: "Password" schema: type: string defaults: "" required: true - variable: file label: "File backend configuration" description: "With this backend, the users database is stored in a file which is updated when users reset their passwords." schema: type: dict attrs: - variable: enabled label: "Enable" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: path label: "Path" schema: type: string defaults: "/config/users_database.yml" required: true - variable: password label: "Password Settings" schema: type: dict attrs: - variable: algorithm label: "Algorithm" schema: type: string default: "argon2id" enum: - value: "argon2id" description: "argon2id" - value: "sha512" description: "sha512" - variable: iterations label: "Iterations" schema: type: int default: 1 required: true - variable: key_length label: "Key Length" schema: type: int default: 32 required: true - variable: salt_length label: "Salt Length" schema: type: int default: 16 required: true - variable: memory label: "Memory" schema: type: int default: 1024 required: true - variable: parallelism label: "Parallelism" schema: type: int default: 8 required: true - variable: notifier group: "App Configuration" label: "Notifier Configuration" description: "otifications are sent to users when they require a password reset, a u2f registration or a TOTP registration." schema: type: dict attrs: - variable: disable_startup_check label: "Disable Startup Check" schema: type: boolean default: false - variable: filesystem label: "Filesystem Provider" schema: type: dict attrs: - variable: enabled label: "Enable" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: filename label: "File Path" schema: type: string defaults: "/config/notification.txt" required: true - variable: smtp label: "SMTP Provider" description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate." schema: type: dict attrs: - variable: enabled label: "Enable" schema: type: boolean default: true show_subquestions_if: true subquestions: - variable: host label: "Host" schema: type: string defaults: "smtp.mail.svc.cluster.local" required: true - variable: port label: "Port" schema: type: int defaults: 25 required: true - variable: timeout label: "Timeout" schema: type: string defaults: "5s" required: true - variable: username label: "Username" schema: type: string defaults: "" required: true - variable: plain_password label: "Password" schema: type: string defaults: "" required: true - variable: sender label: "Sender" schema: type: string defaults: "" required: true - variable: identifier label: "Identifier" description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost." schema: type: string defaults: "localhost" required: true - variable: subject label: "Subject" description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier" schema: type: string defaults: "[Authelia] {title}" required: true - variable: startup_check_address label: "Startup Check Address" description: "This address is used during the startup check to verify the email configuration is correct." schema: type: string defaults: "test@authelia.com" required: true - variable: disable_require_tls label: "Disable Require TLS" schema: type: boolean default: false - variable: disable_html_emails label: "Disable HTML emails" schema: type: boolean default: false - variable: tls label: "TLS Settings" schema: type: dict attrs: - variable: server_name label: "Server Name" description: "Server Name for certificate validation (in case it's not set correctly in the URL)." schema: type: string default: "" - variable: skip_verify label: "Skip Certificate Verification" description: "Skip verifying the server certificate (to allow a self-signed certificate)" schema: type: boolean default: false - variable: minimum_version label: "Minimum TLS version" description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS." schema: type: string default: "TLS1.2" enum: - value: "TLS1.0" description: "TLS1.0" - value: "TLS1.1" description: "TLS1.1" - value: "TLS1.2" description: "TLS1.2" - value: "TLS1.3" description: "TLS1.3" - variable: access_control group: "App Configuration" label: "Access Control Configuration" description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users." schema: type: dict attrs: - variable: default_policy label: "Default Policy" description: "Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'." schema: type: string default: "two_factor" enum: - value: "bypass" description: "bypass" - value: "one_factor" description: "one_factor" - value: "two_factor" description: "two_factor" - value: "deny" description: "deny" - variable: networks label: "Networks" schema: type: list default: [] items: - variable: networkItem label: "Network Item" schema: type: dict attrs: - variable: name label: "Name" schema: type: string default: "" required: true - variable: networks label: "Networks" schema: type: list default: [] items: - variable: network label: "network" schema: type: string default: "" required: true - variable: rules label: "Rules" schema: type: list default: [] items: - variable: rulesItem label: "Rule" schema: type: dict attrs: - variable: domain label: "Domain" description: "defines which domain or set of domains the rule applies to." schema: type: string default: "" required: true - variable: policy label: "Policy" description: "The policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'." schema: type: string default: "two_factor" enum: - value: "bypass" description: "bypass" - value: "one_factor" description: "one_factor" - value: "two_factor" description: "two_factor" - value: "deny" description: "two_factor" - variable: subject label: "Subject" description: "defines the subject to apply authorizations to. This parameter is optional and matching any user if not provided" schema: type: list default: [] items: - variable: subjectitem label: "Subject" schema: type: string default: "" required: true - variable: networks label: "Networks" schema: type: list default: [] items: - variable: network label: "Network" schema: type: string default: "" required: true - variable: resources label: "Resources" description: "is a list of regular expressions that matches a set of resources to apply the policy to" schema: type: list default: [] items: - variable: resource label: "Resource" schema: type: string default: "" required: true - variable: hostNetwork group: "Networking and Services" label: "Enable Host Networking" schema: type: boolean default: false - variable: service group: "Networking and Services" label: "Configure Service(s)" schema: type: dict attrs: - variable: main label: "Main Service" description: "The Primary service on which the healthcheck runs, often the webUI" schema: type: dict attrs: - variable: enabled label: "Enable the service" schema: type: boolean default: true hidden: true - variable: type label: "Service Type" description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" schema: type: string default: "NodePort" enum: - value: "NodePort" description: "NodePort" - value: "ClusterIP" description: "ClusterIP" - value: "LoadBalancer" description: "LoadBalancer" - variable: loadBalancerIP label: "LoadBalancer IP" description: "LoadBalancerIP" schema: show_if: [["type", "=", "LoadBalancer"]] type: string default: "" - variable: externalIPs label: "External IP's" description: "External IP's" schema: show_if: [["type", "=", "LoadBalancer"]] type: list default: [] items: - variable: externalIP label: "External IP" schema: type: string - variable: ports label: "Service's Port(s) Configuration" schema: type: dict attrs: - variable: main label: "Main Service Port Configuration" schema: type: dict attrs: - variable: enabled label: "Enable the port" schema: type: boolean default: true hidden: true - variable: protocol label: "Port Type" schema: type: string default: "HTTP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: port label: "Container Port" schema: type: int default: 9091 editable: false hidden: true - variable: targetport label: "Target Port" description: "This port exposes the container port on the service" schema: type: int default: 9091 editable: true required: true - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort" schema: type: int min: 9000 max: 65535 default: 36000 required: true - variable: persistence label: "Integrated Persistent Storage" description: "Integrated Persistent Storage" group: "Storage and Persistence" schema: type: dict attrs: - variable: config label: "App Config Storage" description: "Stores the Application Configuration." schema: type: dict attrs: - variable: enabled label: "Enable the storage" schema: type: boolean default: true - variable: type label: "(Advanced) Type of Storage" description: "Sets the persistence type" schema: type: string default: "pvc" enum: - value: "pvc" description: "pvc" - value: "emptyDir" description: "emptyDir" - value: "hostPath" description: "hostPath" - variable: storageClass label: "(Advanced) storageClass" description: " Warning: Anything other than SCALE-ZFS will break rollback!" schema: show_if: [["type", "=", "pvc"]] type: string default: "SCALE-ZFS" - variable: setPermissions label: "Automatic Permissions" description: "Automatically set permissions on install" schema: show_if: [["type", "=", "hostPath"]] type: boolean default: true - variable: readOnly label: "readOnly" schema: type: boolean default: false - variable: hostPath label: "hostPath" description: "Path inside the container the storage is mounted" schema: show_if: [["type", "=", "hostPath"]] type: hostpath - variable: hostPathType label: "hostPath Type" schema: show_if: [["type", "=", "hostPath"]] type: string default: "" enum: - value: "" description: "Default" - value: "DirectoryOrCreate" description: "DirectoryOrCreate" - value: "Directory" description: "Directory" - value: "FileOrCreate" description: "FileOrCreate" - value: "File" description: "File" - value: "Socket" description: "Socket" - value: "CharDevice" description: "CharDevice" - value: "BlockDevice" description: "BlockDevice" - variable: mountPath label: "mountPath" description: "Path inside the container the storage is mounted" schema: type: string default: "/config" hidden: true - variable: medium label: "EmptyDir Medium" schema: show_if: [["type", "=", "emptyDir"]] type: string default: "" enum: - value: "" description: "Default" - value: "Memory" description: "Memory" - variable: accessMode label: "Access Mode (Advanced)" description: "Allow or disallow multiple PVC's writhing to the same PV" schema: show_if: [["type", "=", "pvc"]] type: string default: "ReadWriteOnce" enum: - value: "ReadWriteOnce" description: "ReadWriteOnce" - value: "ReadOnlyMany" description: "ReadOnlyMany" - value: "ReadWriteMany" description: "ReadWriteMany" - variable: size label: "Size quotum of storage" schema: show_if: [["type", "=", "pvc"]] type: string default: "100Gi" - variable: persistenceList label: "Additional app storage" group: "Storage and Persistence" schema: type: list default: [] items: - variable: persistenceListEntry label: "Custom Storage" schema: type: dict attrs: - variable: enabled label: "Enable the storage" schema: type: boolean default: true - variable: type label: "(Advanced) Type of Storage" description: "Sets the persistence type" schema: type: string default: "hostPath" enum: - value: "pvc" description: "pvc" - value: "emptyDir" description: "emptyDir" - value: "hostPath" description: "hostPath" - variable: storageClass label: "(Advanced) storageClass" description: " Warning: Anything other than SCALE-ZFS will break rollback!" schema: show_if: [["type", "=", "pvc"]] type: string default: "SCALE-ZFS" - variable: setPermissions label: "Automatic Permissions" description: "Automatically set permissions on install" schema: show_if: [["type", "=", "hostPath"]] type: boolean default: true - variable: readOnly label: "readOnly" schema: type: boolean default: false - variable: hostPath label: "hostPath" description: "Path inside the container the storage is mounted" schema: show_if: [["type", "=", "hostPath"]] type: hostpath - variable: hostPathType label: "hostPath Type" schema: show_if: [["type", "=", "hostPath"]] type: string default: "" enum: - value: "" description: "Default" - value: "DirectoryOrCreate" description: "DirectoryOrCreate" - value: "Directory" description: "Directory" - value: "FileOrCreate" description: "FileOrCreate" - value: "File" description: "File" - value: "Socket" description: "Socket" - value: "CharDevice" description: "CharDevice" - value: "BlockDevice" description: "BlockDevice" - variable: mountPath label: "mountPath" description: "Path inside the container the storage is mounted" schema: type: string required: true default: "" - variable: medium label: "EmptyDir Medium" schema: show_if: [["type", "=", "emptyDir"]] type: string default: "" enum: - value: "" description: "Default" - value: "Memory" description: "Memory" - variable: accessMode label: "Access Mode (Advanced)" description: "Allow or disallow multiple PVC's writhing to the same PVC" schema: show_if: [["type", "=", "pvc"]] type: string default: "ReadWriteOnce" enum: - value: "ReadWriteOnce" description: "ReadWriteOnce" - value: "ReadOnlyMany" description: "ReadOnlyMany" - value: "ReadWriteMany" description: "ReadWriteMany" - variable: size label: "Size quotum of storage" schema: show_if: [["type", "=", "pvc"]] type: string default: "100Gi" - variable: ingress label: "" group: "Ingress" schema: type: dict attrs: - variable: main label: "Main Ingress" schema: type: dict attrs: - variable: enabled label: "Enable Ingress" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: hosts label: "Hosts" schema: type: list default: [] items: - variable: hostEntry label: "Host" schema: type: dict attrs: - variable: host label: "HostName" schema: type: string default: "" required: true - variable: paths label: "Paths" schema: type: list default: [] items: - variable: pathEntry label: "Host" schema: type: dict attrs: - variable: path label: "path" schema: type: string required: true default: "/" - variable: pathType label: "pathType" schema: type: string required: true default: "Prefix" - variable: tls label: "TLS-Settings" schema: type: list default: [] items: - variable: tlsEntry label: "Host" schema: type: dict attrs: - variable: hosts label: "Certificate Hosts" schema: type: list default: [] items: - variable: host label: "Host" schema: type: string default: "" required: true - variable: scaleCert label: "Select TrueNAS SCALE Certificate" schema: type: int $ref: - "definitions/certificate" - variable: entrypoint label: "Traefik Entrypoint" description: "Entrypoint used by Traefik when using Traefik as Ingress Provider" schema: type: string default: "websecure" required: true - variable: middlewares label: "Traefik Middlewares" description: "Add previously created Traefik Middlewares to this Ingress" schema: type: list default: [] items: - variable: name label: "Name" schema: type: string default: "" required: true - variable: securityContext group: "Security and Permissions" label: "Security Context" schema: type: dict attrs: - variable: privileged label: "Privileged mode" schema: type: boolean default: false - variable: readOnlyRootFilesystem label: "ReadOnly Root Filesystem" schema: type: boolean default: true - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: type: boolean default: false - variable: podSecurityContext group: "Security and Permissions" label: "Pod Security Context" schema: type: dict attrs: - variable: runAsNonRoot label: "runAsNonRoot" schema: type: boolean default: true - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 568 - variable: runAsGroup label: "runAsGroup" description: The groupID this App of the user running the application" schema: type: int default: 568 - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage." schema: type: int default: 568 - variable: supplementalGroups label: "When should we take ownership?" schema: type: list default: [] items: - variable: supplementalGroupsEntry label: "When should we take ownership?" schema: type: int - variable: fsGroupChangePolicy label: "When should we take ownership?" schema: type: string default: "OnRootMismatch" enum: - value: "OnRootMismatch" description: "OnRootMismatch" - value: "Always" description: "Always" - variable: resources group: "Resources and Devices" label: "" schema: type: dict attrs: - variable: limits label: "Advanced Limit Resource Consumption" schema: type: dict attrs: - variable: cpu label: "CPU" schema: type: string default: "2000m" - variable: memory label: "Memory RAM" schema: type: string default: "2Gi" - variable: requests label: "Advanced Request minimum resources required" schema: type: dict attrs: - variable: cpu label: "CPU" schema: type: string default: "10m" - variable: memory label: "Memory RAM" schema: type: string default: "50Mi"