2778 lines
119 KiB
YAML
2778 lines
119 KiB
YAML
groups:
|
|
- name: Container Image
|
|
description: Image to be used for container
|
|
- name: General Settings
|
|
description: General Deployment Settings
|
|
- name: App Configuration
|
|
description: App Specific Config Options
|
|
- name: Networking and Services
|
|
description: Configure Network and Services for Container
|
|
- name: Storage and Persistence
|
|
description: Persist and Share Data that is Separate from the Container
|
|
- name: Ingress
|
|
description: Ingress Configuration
|
|
- name: Security and Permissions
|
|
description: Configure Security Context and Permissions
|
|
- name: Resources and Devices
|
|
description: "Specify Resources/Devices to be Allocated to Workload"
|
|
- name: Middlewares
|
|
description: Traefik Middlewares
|
|
- name: Metrics
|
|
description: Metrics
|
|
- name: VPN
|
|
description: VPN
|
|
- name: Addons
|
|
description: Addon Configuration
|
|
- name: Advanced
|
|
description: Advanced Configuration
|
|
- name: Documentation
|
|
description: Documentation
|
|
portals:
|
|
open:
|
|
protocols:
|
|
- "$kubernetes-resource_configmap_portal_protocol"
|
|
host:
|
|
- "$kubernetes-resource_configmap_portal_host"
|
|
ports:
|
|
- "$kubernetes-resource_configmap_portal_port"
|
|
questions:
|
|
- variable: global
|
|
label: Global Settings
|
|
group: "General Settings"
|
|
schema:
|
|
type: dict
|
|
hidden: true
|
|
attrs:
|
|
- variable: isSCALE
|
|
label: Flag this is SCALE
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
hidden: true
|
|
- variable: controller
|
|
group: "General Settings"
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: replicas
|
|
description: Number of desired pod replicas
|
|
label: Desired Replicas
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 1
|
|
- variable: customextraargs
|
|
group: "General Settings"
|
|
label: "Extra Args"
|
|
description: "Do not click this unless you know what you are doing"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: extraArgs
|
|
label: Extra Args
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: arg
|
|
label: Arg
|
|
schema:
|
|
type: string
|
|
- variable: TZ
|
|
label: Timezone
|
|
group: "General Settings"
|
|
schema:
|
|
type: string
|
|
default: "Etc/UTC"
|
|
$ref:
|
|
- "definitions/timezone"
|
|
- variable: envList
|
|
label: Extra Environment Variables
|
|
description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
|
|
group: "General Settings"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: envItem
|
|
label: Environment Variable
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: Name
|
|
schema:
|
|
type: string
|
|
- variable: value
|
|
label: Value
|
|
schema:
|
|
type: string
|
|
- variable: domain
|
|
group: "App Configuration"
|
|
label: "Domain"
|
|
description: "The highest domain level possible, for example: domain.com when using app.domain.com"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: default_redirection_url
|
|
group: "App Configuration"
|
|
label: "Default Redirection Url"
|
|
description: "If user tries to authenticate without any referer, this is used"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: theme
|
|
group: "App Configuration"
|
|
label: "Theme"
|
|
schema:
|
|
type: string
|
|
default: "auto"
|
|
enum:
|
|
- value: "auto"
|
|
description: "auto"
|
|
- value: "light"
|
|
description: "light"
|
|
- value: "grey"
|
|
description: "grey"
|
|
- value: "dark"
|
|
description: "dark"
|
|
- variable: log
|
|
group: "App Configuration"
|
|
label: "Log Configuration "
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: level
|
|
label: "Log Level"
|
|
schema:
|
|
type: string
|
|
default: "info"
|
|
enum:
|
|
- value: "info"
|
|
description: "info"
|
|
- value: "debug"
|
|
description: "debug"
|
|
- value: "trace"
|
|
description: "trace"
|
|
- variable: format
|
|
label: "Log Format"
|
|
schema:
|
|
type: string
|
|
default: "text"
|
|
enum:
|
|
- value: "json"
|
|
description: "json"
|
|
- value: "text"
|
|
description: "text"
|
|
- variable: totp
|
|
group: "App Configuration"
|
|
label: "TOTP Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: issuer
|
|
label: "Issuer"
|
|
description: "The issuer name displayed in the Authenticator application of your choice"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: period
|
|
label: "Period"
|
|
description: "The period in seconds a one-time password is current for"
|
|
schema:
|
|
type: int
|
|
default: 30
|
|
- variable: skew
|
|
label: "skew"
|
|
description: "Controls number of one-time passwords either side of the current one that are valid."
|
|
schema:
|
|
type: int
|
|
default: 1
|
|
- variable: duo_api
|
|
group: "App Configuration"
|
|
label: "DUO API Configuration"
|
|
description: "Parameters used to contact the Duo API."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: hostname
|
|
label: "Hostname"
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: integration_key
|
|
label: "integration_key"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: plain_api_key
|
|
label: "plain_api_key"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: session
|
|
group: "App Configuration"
|
|
label: "Session Provider"
|
|
description: "The session cookies identify the user once logged in."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: "Cookie Name"
|
|
description: "The name of the session cookie."
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "authelia_session"
|
|
- variable: same_site
|
|
label: "SameSite Value"
|
|
description: "Sets the Cookie SameSite value"
|
|
schema:
|
|
type: string
|
|
default: "lax"
|
|
enum:
|
|
- value: "lax"
|
|
description: "lax"
|
|
- value: "strict"
|
|
description: "strict"
|
|
- variable: expiration
|
|
label: "Expiration Time"
|
|
description: "The time in seconds before the cookie expires and session is reset."
|
|
schema:
|
|
type: string
|
|
default: "1h"
|
|
required: true
|
|
- variable: inactivity
|
|
label: "Inactivity Time"
|
|
description: "The inactivity time in seconds before the session is reset."
|
|
schema:
|
|
type: string
|
|
default: "5m"
|
|
required: true
|
|
- variable: inactivity
|
|
label: "Remember-Me duration"
|
|
description: "The remember me duration"
|
|
schema:
|
|
type: string
|
|
default: "5M"
|
|
required: true
|
|
- variable: regulation
|
|
group: "App Configuration"
|
|
label: "Regulation Configuration"
|
|
description: "his mechanism prevents attackers from brute forcing the first factor."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: max_retries
|
|
label: "Maximum Retries"
|
|
description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation."
|
|
schema:
|
|
type: int
|
|
default: 3
|
|
- variable: find_time
|
|
label: "Find Time"
|
|
description: "The time range during which the user can attempt login before being banned."
|
|
schema:
|
|
type: string
|
|
default: "2m"
|
|
required: true
|
|
- variable: ban_time
|
|
label: "Ban Duration"
|
|
description: "The length of time before a banned user can login again"
|
|
schema:
|
|
type: string
|
|
default: "5m"
|
|
required: true
|
|
- variable: authentication_backend
|
|
group: "App Configuration"
|
|
label: "Authentication Backend Provider"
|
|
description: "sed for verifying user passwords and retrieve information such as email address and groups users belong to."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: disable_reset_password
|
|
label: "Disable Reset Password"
|
|
description: "Disable both the HTML element and the API for reset password functionality"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: refresh_interval
|
|
label: "Reset Interval"
|
|
description: "The amount of time to wait before we refresh data from the authentication backend"
|
|
schema:
|
|
type: string
|
|
default: "5m"
|
|
required: true
|
|
- variable: ldap
|
|
label: "LDAP backend configuration"
|
|
description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: implementation
|
|
label: "Implementation"
|
|
description: "The LDAP implementation, this affects elements like the attribute utilised for resetting a password"
|
|
schema:
|
|
type: string
|
|
default: "custom"
|
|
enum:
|
|
- value: "activedirectory"
|
|
description: "activedirectory"
|
|
- value: "custom"
|
|
description: "custom"
|
|
- variable: url
|
|
label: "URL"
|
|
description: "The url to the ldap server. Format: <scheme>://<address>[:<port>]"
|
|
schema:
|
|
type: string
|
|
default: "ldap://openldap.default.svc.cluster.local"
|
|
required: true
|
|
- variable: timeout
|
|
label: "Connection Timeout"
|
|
schema:
|
|
type: string
|
|
default: "5s"
|
|
required: true
|
|
- variable: start_tls
|
|
label: "Start TLS"
|
|
description: "Use StartTLS with the LDAP connection"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: tls
|
|
label: "TLS Settings"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: server_name
|
|
label: "Server Name"
|
|
description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: skip_verify
|
|
label: "Skip Certificate Verification"
|
|
description: "Skip verifying the server certificate (to allow a self-signed certificate)"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: minimum_version
|
|
label: "Minimum TLS version"
|
|
description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
|
|
schema:
|
|
type: string
|
|
default: "TLS1.2"
|
|
enum:
|
|
- value: "TLS1.0"
|
|
description: "TLS1.0"
|
|
- value: "TLS1.1"
|
|
description: "TLS1.1"
|
|
- value: "TLS1.2"
|
|
description: "TLS1.2"
|
|
- value: "TLS1.3"
|
|
description: "TLS1.3"
|
|
- variable: base_dn
|
|
label: "Base DN"
|
|
description: "The base dn for every LDAP query."
|
|
schema:
|
|
type: string
|
|
default: "DC=example,DC=com"
|
|
required: true
|
|
- variable: username_attribute
|
|
label: "Username Attribute"
|
|
description: "The attribute holding the username of the user"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: additional_users_dn
|
|
label: "Additional Users DN"
|
|
description: "An additional dn to define the scope to all users."
|
|
schema:
|
|
type: string
|
|
default: "OU=Users"
|
|
required: true
|
|
- variable: users_filter
|
|
label: "Users Filter"
|
|
description: "The groups filter used in search queries to find the groups of the user."
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: additional_groups_dn
|
|
label: "Additional Groups DN"
|
|
description: "An additional dn to define the scope of groups."
|
|
schema:
|
|
type: string
|
|
default: "OU=Groups"
|
|
required: true
|
|
- variable: groups_filter
|
|
label: "Groups Filter"
|
|
description: "The groups filter used in search queries to find the groups of the user."
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: group_name_attribute
|
|
label: "Group name Attribute"
|
|
description: "The attribute holding the name of the group"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: mail_attribute
|
|
label: "Mail Attribute"
|
|
description: "The attribute holding the primary mail address of the user"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: display_name_attribute
|
|
label: "Display Name Attribute"
|
|
description: "he attribute holding the display name of the user. This will be used to greet an authenticated user."
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: user
|
|
label: "Admin User"
|
|
description: "The username of the admin user used to connect to LDAP."
|
|
schema:
|
|
type: string
|
|
default: "CN=Authelia,DC=example,DC=com"
|
|
required: true
|
|
- variable: plain_password
|
|
label: "Password"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: file
|
|
label: "File backend configuration"
|
|
description: "With this backend, the users database is stored in a file which is updated when users reset their passwords."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: path
|
|
label: "Path"
|
|
schema:
|
|
type: string
|
|
default: "/config/users_database.yml"
|
|
required: true
|
|
- variable: password
|
|
label: "Password Settings"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: algorithm
|
|
label: "Algorithm"
|
|
schema:
|
|
type: string
|
|
default: "argon2id"
|
|
enum:
|
|
- value: "argon2id"
|
|
description: "argon2id"
|
|
- value: "sha512"
|
|
description: "sha512"
|
|
- variable: iterations
|
|
label: "Iterations"
|
|
schema:
|
|
type: int
|
|
default: 1
|
|
required: true
|
|
- variable: key_length
|
|
label: "Key Length"
|
|
schema:
|
|
type: int
|
|
default: 32
|
|
required: true
|
|
- variable: salt_length
|
|
label: "Salt Length"
|
|
schema:
|
|
type: int
|
|
default: 16
|
|
required: true
|
|
- variable: memory
|
|
label: "Memory"
|
|
schema:
|
|
type: int
|
|
default: 1024
|
|
required: true
|
|
- variable: parallelism
|
|
label: "Parallelism"
|
|
schema:
|
|
type: int
|
|
default: 8
|
|
required: true
|
|
- variable: notifier
|
|
group: "App Configuration"
|
|
label: "Notifier Configuration"
|
|
description: "otifications are sent to users when they require a password reset, a u2f registration or a TOTP registration."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: disable_startup_check
|
|
label: "Disable Startup Check"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: filesystem
|
|
label: "Filesystem Provider"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: filename
|
|
label: "File Path"
|
|
schema:
|
|
type: string
|
|
default: "/config/notification.txt"
|
|
required: true
|
|
- variable: smtp
|
|
label: "SMTP Provider"
|
|
description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: host
|
|
label: "Host"
|
|
schema:
|
|
type: string
|
|
default: "smtp.mail.svc.cluster.local"
|
|
required: true
|
|
- variable: port
|
|
label: "Port"
|
|
schema:
|
|
type: int
|
|
default: 25
|
|
required: true
|
|
- variable: timeout
|
|
label: "Timeout"
|
|
schema:
|
|
type: string
|
|
default: "5s"
|
|
required: true
|
|
- variable: username
|
|
label: "Username"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: plain_password
|
|
label: "Password"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: sender
|
|
label: "Sender"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: identifier
|
|
label: "Identifier"
|
|
description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost."
|
|
schema:
|
|
type: string
|
|
default: "localhost"
|
|
required: true
|
|
- variable: subject
|
|
label: "Subject"
|
|
description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier"
|
|
schema:
|
|
type: string
|
|
default: "[Authelia] {title}"
|
|
required: true
|
|
- variable: startup_check_address
|
|
label: "Startup Check Address"
|
|
description: "This address is used during the startup check to verify the email configuration is correct."
|
|
schema:
|
|
type: string
|
|
default: "test@authelia.com"
|
|
required: true
|
|
- variable: disable_require_tls
|
|
label: "Disable Require TLS"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: disable_html_emails
|
|
label: "Disable HTML emails"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: tls
|
|
label: "TLS Settings"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: server_name
|
|
label: "Server Name"
|
|
description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: skip_verify
|
|
label: "Skip Certificate Verification"
|
|
description: "Skip verifying the server certificate (to allow a self-signed certificate)"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: minimum_version
|
|
label: "Minimum TLS version"
|
|
description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
|
|
schema:
|
|
type: string
|
|
default: "TLS1.2"
|
|
enum:
|
|
- value: "TLS1.0"
|
|
description: "TLS1.0"
|
|
- value: "TLS1.1"
|
|
description: "TLS1.1"
|
|
- value: "TLS1.2"
|
|
description: "TLS1.2"
|
|
- value: "TLS1.3"
|
|
description: "TLS1.3"
|
|
- variable: access_control
|
|
group: "App Configuration"
|
|
label: "Access Control Configuration"
|
|
description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: default_policy
|
|
label: "Default Policy"
|
|
description: "Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'."
|
|
schema:
|
|
type: string
|
|
default: "two_factor"
|
|
enum:
|
|
- value: "bypass"
|
|
description: "bypass"
|
|
- value: "one_factor"
|
|
description: "one_factor"
|
|
- value: "two_factor"
|
|
description: "two_factor"
|
|
- value: "deny"
|
|
description: "deny"
|
|
- variable: networks
|
|
label: "Networks"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: networkItem
|
|
label: "Network Item"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: "Name"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: networks
|
|
label: "Networks"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: network
|
|
label: "network"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: rules
|
|
label: "Rules"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: rulesItem
|
|
label: "Rule"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: domain
|
|
label: "Domains"
|
|
description: "defines which domain or set of domains the rule applies to."
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: domainEntry
|
|
label: "Domain"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: policy
|
|
label: "Policy"
|
|
description: "The policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'."
|
|
schema:
|
|
type: string
|
|
default: "two_factor"
|
|
enum:
|
|
- value: "bypass"
|
|
description: "bypass"
|
|
- value: "one_factor"
|
|
description: "one_factor"
|
|
- value: "two_factor"
|
|
description: "two_factor"
|
|
- value: "deny"
|
|
description: "deny"
|
|
- variable: subject
|
|
label: "Subject"
|
|
description: "defines the subject to apply authorizations to. This parameter is optional and matching any user if not provided"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: subjectitem
|
|
label: "Subject"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: networks
|
|
label: "Networks"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: network
|
|
label: "Network"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: resources
|
|
label: "Resources"
|
|
description: "is a list of regular expressions that matches a set of resources to apply the policy to"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: resource
|
|
label: "Resource"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: service
|
|
group: Networking and Services
|
|
label: Configure Service(s)
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: main
|
|
label: "Main Service"
|
|
description: "The Primary service on which the healthcheck runs, often the webUI"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable the Service
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
hidden: true
|
|
- variable: type
|
|
label: Service Type
|
|
description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
|
|
schema:
|
|
type: string
|
|
default: LoadBalancer
|
|
enum:
|
|
- value: LoadBalancer
|
|
description: LoadBalancer (Expose Ports)
|
|
- value: ClusterIP
|
|
description: ClusterIP (Do Not Expose Ports)
|
|
- value: Simple
|
|
description: Deprecated CHANGE THIS
|
|
- variable: loadBalancerIP
|
|
label: LoadBalancer IP
|
|
description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
|
|
schema:
|
|
show_if: [["type", "=", "LoadBalancer"]]
|
|
type: string
|
|
default: ""
|
|
- variable: ports
|
|
label: "Service's Port(s) Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: main
|
|
label: "Main Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 9091
|
|
required: true
|
|
- variable: serviceexpert
|
|
group: Networking and Services
|
|
label: Show Expert Config
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: hostNetwork
|
|
group: Networking and Services
|
|
label: Host-Networking (Complicated)
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: externalInterfaces
|
|
description: Add External Interfaces
|
|
label: Add external Interfaces
|
|
group: Networking
|
|
schema:
|
|
type: list
|
|
items:
|
|
- variable: interfaceConfiguration
|
|
description: Interface Configuration
|
|
label: Interface Configuration
|
|
schema:
|
|
type: dict
|
|
$ref:
|
|
- "normalize/interfaceConfiguration"
|
|
attrs:
|
|
- variable: hostInterface
|
|
description: Please Specify Host Interface
|
|
label: Host Interface
|
|
schema:
|
|
type: string
|
|
required: true
|
|
$ref:
|
|
- "definitions/interface"
|
|
- variable: ipam
|
|
description: Define how IP Address will be managed
|
|
label: IP Address Management
|
|
schema:
|
|
type: dict
|
|
required: true
|
|
attrs:
|
|
- variable: type
|
|
description: Specify type for IPAM
|
|
label: IPAM Type
|
|
schema:
|
|
type: string
|
|
required: true
|
|
enum:
|
|
- value: dhcp
|
|
description: Use DHCP
|
|
- value: static
|
|
description: Use Static IP
|
|
show_subquestions_if: static
|
|
subquestions:
|
|
- variable: staticIPConfigurations
|
|
label: Static IP Addresses
|
|
schema:
|
|
type: list
|
|
items:
|
|
- variable: staticIP
|
|
label: Static IP
|
|
schema:
|
|
type: ipaddr
|
|
cidr: true
|
|
- variable: staticRoutes
|
|
label: Static Routes
|
|
schema:
|
|
type: list
|
|
items:
|
|
- variable: staticRouteConfiguration
|
|
label: Static Route Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: destination
|
|
label: Destination
|
|
schema:
|
|
type: ipaddr
|
|
cidr: true
|
|
required: true
|
|
- variable: gateway
|
|
label: Gateway
|
|
schema:
|
|
type: ipaddr
|
|
cidr: false
|
|
required: true
|
|
- variable: serviceList
|
|
label: Add Manual Custom Services
|
|
group: Networking and Services
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: serviceListEntry
|
|
label: Custom Service
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable the service
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
hidden: true
|
|
- variable: name
|
|
label: Name
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: type
|
|
label: Service Type
|
|
description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
|
|
schema:
|
|
type: string
|
|
default: LoadBalancer
|
|
enum:
|
|
- value: LoadBalancer
|
|
description: LoadBalancer (Expose Ports)
|
|
- value: ClusterIP
|
|
description: ClusterIP (Do Not Expose Ports)
|
|
- value: Simple
|
|
description: Deprecated CHANGE THIS
|
|
- variable: loadBalancerIP
|
|
label: LoadBalancer IP
|
|
description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
|
|
schema:
|
|
show_if: [["type", "=", "LoadBalancer"]]
|
|
type: string
|
|
default: ""
|
|
- variable: advancedsvcset
|
|
label: Show Advanced Service Settings
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: externalIPs
|
|
label: "External IP's"
|
|
description: "External IP's"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: externalIP
|
|
label: External IP
|
|
schema:
|
|
type: string
|
|
- variable: ipFamilyPolicy
|
|
label: IP Family Policy
|
|
description: Specify the IP Policy
|
|
schema:
|
|
type: string
|
|
default: SingleStack
|
|
enum:
|
|
- value: SingleStack
|
|
description: SingleStack
|
|
- value: PreferDualStack
|
|
description: PreferDualStack
|
|
- value: RequireDualStack
|
|
description: RequireDualStack
|
|
- variable: ipFamilies
|
|
label: IP Families
|
|
description: (Advanced) The IP Families that should be used
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: ipFamily
|
|
label: IP Family
|
|
schema:
|
|
type: string
|
|
- variable: portsList
|
|
label: Additional Service Ports
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: portsListEntry
|
|
label: Custom ports
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable the Port
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
hidden: true
|
|
- variable: name
|
|
label: Port Name
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: protocol
|
|
label: Port Type
|
|
schema:
|
|
type: string
|
|
default: TCP
|
|
enum:
|
|
- value: HTTP
|
|
description: HTTP
|
|
- value: HTTPS
|
|
description: HTTPS
|
|
- value: TCP
|
|
description: TCP
|
|
- value: UDP
|
|
description: UDP
|
|
- variable: targetPort
|
|
label: Target Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
required: true
|
|
- variable: port
|
|
label: Container Port
|
|
schema:
|
|
type: int
|
|
required: true
|
|
- variable: persistence
|
|
label: Integrated Persistent Storage
|
|
description: Integrated Persistent Storage
|
|
group: Storage and Persistence
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: config
|
|
label: "App Config Storage"
|
|
description: "Stores the Application Configuration."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: type
|
|
label: Type of Storage
|
|
description: Sets the persistence type, Anything other than PVC could break rollback!
|
|
schema:
|
|
type: string
|
|
default: pvc
|
|
enum:
|
|
- value: pvc
|
|
description: PVC
|
|
- value: hostPath
|
|
description: Host Path
|
|
- value: emptyDir
|
|
description: emptyDir
|
|
- value: nfs
|
|
description: NFS Share
|
|
- variable: server
|
|
label: NFS Server
|
|
schema:
|
|
show_if: [["type", "=", "nfs"]]
|
|
type: string
|
|
default: ""
|
|
- variable: path
|
|
label: Path on NFS Server
|
|
schema:
|
|
show_if: [["type", "=", "nfs"]]
|
|
type: string
|
|
default: ""
|
|
- variable: setPermissions
|
|
label: Automatic Permissions
|
|
description: Automatically set permissions on install
|
|
schema:
|
|
show_if: [["type", "=", "hostPath"]]
|
|
type: boolean
|
|
default: false
|
|
- variable: readOnly
|
|
label: Read Only
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: hostPath
|
|
label: Host Path
|
|
description: Path inside the container the storage is mounted
|
|
schema:
|
|
show_if: [["type", "=", "hostPath"]]
|
|
type: hostpath
|
|
- variable: medium
|
|
label: EmptyDir Medium
|
|
schema:
|
|
show_if: [["type", "=", "emptyDir"]]
|
|
type: string
|
|
default: ""
|
|
enum:
|
|
- value: ""
|
|
description: Default
|
|
- value: Memory
|
|
description: Memory
|
|
- variable: size
|
|
label: Size quotum of Storage (Do NOT REDUCE after installation)
|
|
description: This value can ONLY be INCREASED after the installation
|
|
schema:
|
|
show_if: [["type", "=", "pvc"]]
|
|
type: string
|
|
default: 256Gi
|
|
- variable: persistenceList
|
|
label: Additional App Storage
|
|
group: Storage and Persistence
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: persistenceListEntry
|
|
label: Custom Storage
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable the storage
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
hidden: true
|
|
- variable: type
|
|
label: Type of Storage
|
|
description: Sets the persistence type, Anything other than PVC could break rollback!
|
|
schema:
|
|
type: string
|
|
default: hostPath
|
|
enum:
|
|
- value: pvc
|
|
description: PVC
|
|
- value: hostPath
|
|
description: Host Path
|
|
- value: emptyDir
|
|
description: emptyDir
|
|
- value: nfs
|
|
description: NFS Share
|
|
- variable: server
|
|
label: NFS Server
|
|
schema:
|
|
show_if: [["type", "=", "nfs"]]
|
|
type: string
|
|
default: ""
|
|
- variable: path
|
|
label: Path on NFS Server
|
|
schema:
|
|
show_if: [["type", "=", "nfs"]]
|
|
type: string
|
|
default: ""
|
|
- variable: setPermissions
|
|
label: Automatic Permissions
|
|
description: Automatically set permissions on install
|
|
schema:
|
|
show_if: [["type", "=", "hostPath"]]
|
|
type: boolean
|
|
default: false
|
|
- variable: readOnly
|
|
label: Read Only
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: hostPath
|
|
label: Host Path
|
|
description: Path inside the container the storage is mounted
|
|
schema:
|
|
show_if: [["type", "=", "hostPath"]]
|
|
type: hostpath
|
|
- variable: mountPath
|
|
label: Mount Path
|
|
description: Path inside the container the storage is mounted
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
|
|
- variable: medium
|
|
label: EmptyDir Medium
|
|
schema:
|
|
show_if: [["type", "=", "emptyDir"]]
|
|
type: string
|
|
default: ""
|
|
enum:
|
|
- value: ""
|
|
description: Default
|
|
- value: Memory
|
|
description: Memory
|
|
- variable: size
|
|
label: Size Quotum of Storage
|
|
schema:
|
|
show_if: [["type", "=", "pvc"]]
|
|
type: string
|
|
default: 256Gi
|
|
- variable: ingress
|
|
label: ""
|
|
group: Ingress
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: main
|
|
label: "Main Ingress"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable Ingress
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: hosts
|
|
label: Hosts
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: hostEntry
|
|
label: Host
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: host
|
|
label: HostName
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: paths
|
|
label: Paths
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: pathEntry
|
|
label: Host
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: path
|
|
label: Path
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "/"
|
|
- variable: pathType
|
|
label: Path Type
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: Prefix
|
|
- variable: clusterIssuer
|
|
label: clusterIssuer
|
|
description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: tls
|
|
label: TLS-Settings
|
|
schema:
|
|
type: list
|
|
show_if: [["clusterIssuer", "=", ""]]
|
|
default: []
|
|
items:
|
|
- variable: tlsEntry
|
|
label: Host
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: hosts
|
|
label: Certificate Hosts
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: host
|
|
label: Host
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
|
|
- variable: clusterIssuer
|
|
label: Use Cert-Manager clusterIssuer
|
|
description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: scaleCert
|
|
label: Use TrueNAS SCALE Certificate (Deprecated)
|
|
schema:
|
|
show_if: [["clusterIssuer", "=", ""]]
|
|
type: int
|
|
$ref:
|
|
- "definitions/certificate"
|
|
- variable: secretName
|
|
label: Use Custom Secret (Advanced)
|
|
schema:
|
|
show_if: [["clusterIssuer", "=", ""]]
|
|
type: string
|
|
default: ""
|
|
- variable: entrypoint
|
|
label: (Advanced) Traefik Entrypoint
|
|
description: Entrypoint used by Traefik when using Traefik as Ingress Provider
|
|
schema:
|
|
type: string
|
|
default: websecure
|
|
required: true
|
|
- variable: ingressClassName
|
|
label: (Advanced/Optional) IngressClass Name
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: middlewares
|
|
label: Traefik Middlewares
|
|
description: Add previously created Traefik Middlewares to this Ingress
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: name
|
|
label: Name
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: ingressList
|
|
label: Add Manual Custom Ingresses
|
|
group: Ingress
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: ingressListEntry
|
|
label: Custom Ingress
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable Ingress
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
hidden: true
|
|
- variable: name
|
|
label: Name
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: ingressClassName
|
|
label: IngressClass Name
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: hosts
|
|
label: Hosts
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: hostEntry
|
|
label: Host
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: host
|
|
label: HostName
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: paths
|
|
label: Paths
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: pathEntry
|
|
label: Host
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: path
|
|
label: Path
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "/"
|
|
- variable: pathType
|
|
label: Path Type
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: Prefix
|
|
- variable: service
|
|
label: Linked Service
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: Service Name
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: port
|
|
label: Service Port
|
|
schema:
|
|
type: int
|
|
- variable: clusterIssuer
|
|
label: clusterIssuer
|
|
description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: tls
|
|
label: TLS-Settings
|
|
schema:
|
|
type: list
|
|
default: []
|
|
show_if: [["clusterIssuer", "=", ""]]
|
|
items:
|
|
- variable: tlsEntry
|
|
label: Host
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: hosts
|
|
label: Certificate Hosts
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: host
|
|
label: Host
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: clusterIssuer
|
|
label: Use Cert-Manager clusterIssuer
|
|
description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: scaleCert
|
|
label: Use TrueNAS SCALE Certificate (Deprecated)
|
|
schema:
|
|
show_if: [["clusterIssuer", "=", ""]]
|
|
type: int
|
|
$ref:
|
|
- "definitions/certificate"
|
|
- variable: secretName
|
|
label: Use Custom Secret (Advanced)
|
|
schema:
|
|
type: string
|
|
show_if: [["clusterIssuer", "=", ""]]
|
|
default: ""
|
|
- variable: entrypoint
|
|
label: Traefik Entrypoint
|
|
description: Entrypoint used by Traefik when using Traefik as Ingress Provider
|
|
schema:
|
|
type: string
|
|
default: websecure
|
|
required: true
|
|
- variable: middlewares
|
|
label: Traefik Middlewares
|
|
description: Add previously created Traefik Middlewares to this Ingress
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: name
|
|
label: Name
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: security
|
|
label: Container Security Settings
|
|
group: Security and Permissions
|
|
schema:
|
|
type: dict
|
|
additional_attrs: true
|
|
attrs:
|
|
- variable: editsecurity
|
|
label: Change PUID / UMASK values
|
|
description: By enabling this you override default set values.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: PUID
|
|
label: Process User ID - PUID
|
|
description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
- variable: UMASK
|
|
label: UMASK
|
|
description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
|
|
schema:
|
|
type: string
|
|
default: "002"
|
|
- variable: advancedSecurity
|
|
label: Show Advanced Security Settings
|
|
group: Security and Permissions
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: securityContext
|
|
label: Security Context
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: privileged
|
|
label: "Privileged mode"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: readOnlyRootFilesystem
|
|
label: "ReadOnly Root Filesystem"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allowPrivilegeEscalation
|
|
label: "Allow Privilege Escalation"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: runAsNonRoot
|
|
label: "runAsNonRoot"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: podSecurityContext
|
|
group: Security and Permissions
|
|
label: Pod Security Context
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: runAsUser
|
|
label: "runAsUser"
|
|
description: "The UserID of the user running the application"
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
- variable: runAsGroup
|
|
label: "runAsGroup"
|
|
description: "The groupID this App of the user running the application"
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
- variable: fsGroup
|
|
label: "fsGroup"
|
|
description: "The group that should own ALL storage."
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
- variable: fsGroupChangePolicy
|
|
label: "When should we take ownership?"
|
|
schema:
|
|
type: string
|
|
default: OnRootMismatch
|
|
enum:
|
|
- value: OnRootMismatch
|
|
description: OnRootMismatch
|
|
- value: Always
|
|
description: Always
|
|
- variable: supplementalGroups
|
|
label: Supplemental Groups
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: supplementalGroupsEntry
|
|
label: Supplemental Group
|
|
schema:
|
|
type: int
|
|
- variable: resources
|
|
group: Resources and Devices
|
|
label: "Resource Limits"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: limits
|
|
label: Advanced Limit Resource Consumption
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: cpu
|
|
label: CPU
|
|
description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
|
|
schema:
|
|
type: string
|
|
default: 4000m
|
|
valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
|
|
- variable: memory
|
|
label: RAM
|
|
description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
|
|
schema:
|
|
type: string
|
|
default: 8Gi
|
|
valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
|
|
- variable: requests
|
|
label: "Minimum Resources Required (request)"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
hidden: true
|
|
attrs:
|
|
- variable: cpu
|
|
label: CPU
|
|
description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
|
|
schema:
|
|
type: string
|
|
default: 10m
|
|
hidden: true
|
|
valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
|
|
- variable: memory
|
|
label: "RAM"
|
|
description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
|
|
schema:
|
|
type: string
|
|
default: 50Mi
|
|
hidden: true
|
|
valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
|
|
- variable: deviceList
|
|
label: Mount USB Devices
|
|
group: Resources and Devices
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: deviceListEntry
|
|
label: Device
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable the Storage
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: type
|
|
label: (Advanced) Type of Storage
|
|
description: Sets the persistence type
|
|
schema:
|
|
type: string
|
|
default: hostPath
|
|
hidden: true
|
|
- variable: readOnly
|
|
label: readOnly
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: hostPath
|
|
label: Host Device Path
|
|
description: Path to the device on the host system
|
|
schema:
|
|
type: path
|
|
- variable: mountPath
|
|
label: Container Device Path
|
|
description: Path inside the container the device is mounted
|
|
schema:
|
|
type: string
|
|
default: "/dev/ttyACM0"
|
|
# Specify GPU configuration
|
|
- variable: scaleGPU
|
|
label: GPU Configuration
|
|
group: Resources and Devices
|
|
schema:
|
|
type: dict
|
|
$ref:
|
|
- "definitions/gpuConfiguration"
|
|
attrs: []
|
|
# - variable: horizontalPodAutoscaler
|
|
# group: Advanced
|
|
# label: (Advanced) Horizontal Pod Autoscaler
|
|
# schema:
|
|
# type: list
|
|
# default: []
|
|
# items:
|
|
# - variable: hpaEntry
|
|
# label: HPA Entry
|
|
# schema:
|
|
# additional_attrs: true
|
|
# type: dict
|
|
# attrs:
|
|
# - variable: name
|
|
# label: Name
|
|
# schema:
|
|
# type: string
|
|
# required: true
|
|
# default: ""
|
|
# - variable: enabled
|
|
# label: Enabled
|
|
# schema:
|
|
# type: boolean
|
|
# default: false
|
|
# show_subquestions_if: true
|
|
# subquestions:
|
|
# - variable: target
|
|
# label: Target
|
|
# description: Deployment name, Defaults to Main Deployment
|
|
# schema:
|
|
# type: string
|
|
# default: ""
|
|
# - variable: minReplicas
|
|
# label: Minimum Replicas
|
|
# schema:
|
|
# type: int
|
|
# default: 1
|
|
# - variable: maxReplicas
|
|
# label: Maximum Replicas
|
|
# schema:
|
|
# type: int
|
|
# default: 5
|
|
# - variable: targetCPUUtilizationPercentage
|
|
# label: Target CPU Utilization Percentage
|
|
# schema:
|
|
# type: int
|
|
# default: 80
|
|
# - variable: targetMemoryUtilizationPercentage
|
|
# label: Target Memory Utilization Percentage
|
|
# schema:
|
|
# type: int
|
|
# default: 80
|
|
- variable: networkPolicy
|
|
group: Advanced
|
|
label: (Advanced) Network Policy
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: netPolicyEntry
|
|
label: Network Policy Entry
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: Name
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: enabled
|
|
label: Enabled
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: policyType
|
|
label: Policy Type
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
enum:
|
|
- value: ""
|
|
description: Default
|
|
- value: ingress
|
|
description: Ingress
|
|
- value: egress
|
|
description: Egress
|
|
- value: ingress-egress
|
|
description: Ingress and Egress
|
|
- variable: egress
|
|
label: Egress
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: egressEntry
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: to
|
|
label: To
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: toEntry
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: ipBlock
|
|
label: IP Block
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: cidr
|
|
label: CIDR
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: except
|
|
label: Except
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: exceptint
|
|
label: ""
|
|
schema:
|
|
type: string
|
|
- variable: namespaceSelector
|
|
label: Namespace Selector
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: matchExpressions
|
|
label: Match Expressions
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: expressionEntry
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: key
|
|
label: Key
|
|
schema:
|
|
type: string
|
|
- variable: operator
|
|
label: Operator
|
|
schema:
|
|
type: string
|
|
default: TCP
|
|
enum:
|
|
- value: In
|
|
description: In
|
|
- value: NotIn
|
|
description: NotIn
|
|
- value: Exists
|
|
description: Exists
|
|
- value: DoesNotExist
|
|
description: DoesNotExist
|
|
- variable: values
|
|
label: Values
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: value
|
|
label: ""
|
|
schema:
|
|
type: string
|
|
- variable: podSelector
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: matchExpressions
|
|
label: Match Expressions
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: expressionEntry
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: key
|
|
label: Key
|
|
schema:
|
|
type: string
|
|
- variable: operator
|
|
label: Operator
|
|
schema:
|
|
type: string
|
|
default: TCP
|
|
enum:
|
|
- value: In
|
|
description: In
|
|
- value: NotIn
|
|
description: NotIn
|
|
- value: Exists
|
|
description: Exists
|
|
- value: DoesNotExist
|
|
description: DoesNotExist
|
|
- variable: values
|
|
label: Values
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: value
|
|
label: ""
|
|
schema:
|
|
type: string
|
|
- variable: ports
|
|
label: Ports
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: portsEntry
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
schema:
|
|
type: int
|
|
- variable: endPort
|
|
label: End Port
|
|
schema:
|
|
type: int
|
|
- variable: protocol
|
|
label: Protocol
|
|
schema:
|
|
type: string
|
|
default: TCP
|
|
enum:
|
|
- value: TCP
|
|
description: TCP
|
|
- value: UDP
|
|
description: UDP
|
|
- value: SCTP
|
|
description: SCTP
|
|
- variable: ingress
|
|
label: Ingress
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: ingressEntry
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: from
|
|
label: From
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: fromEntry
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: ipBlock
|
|
label: IP Block
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: cidr
|
|
label: CIDR
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: except
|
|
label: Except
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: exceptint
|
|
label: ""
|
|
schema:
|
|
type: string
|
|
- variable: namespaceSelector
|
|
label: Namespace Selector
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: matchExpressions
|
|
label: Match Expressions
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: expressionEntry
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: key
|
|
label: Key
|
|
schema:
|
|
type: string
|
|
- variable: operator
|
|
label: Operator
|
|
schema:
|
|
type: string
|
|
default: TCP
|
|
enum:
|
|
- value: In
|
|
description: In
|
|
- value: NotIn
|
|
description: NotIn
|
|
- value: Exists
|
|
description: Exists
|
|
- value: DoesNotExist
|
|
description: DoesNotExist
|
|
- variable: values
|
|
label: Values
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: value
|
|
label: ""
|
|
schema:
|
|
type: string
|
|
- variable: podSelector
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: matchExpressions
|
|
label: Match Expressions
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: expressionEntry
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: key
|
|
label: Key
|
|
schema:
|
|
type: string
|
|
- variable: operator
|
|
label: Operator
|
|
schema:
|
|
type: string
|
|
default: TCP
|
|
enum:
|
|
- value: In
|
|
description: In
|
|
- value: NotIn
|
|
description: NotIn
|
|
- value: Exists
|
|
description: Exists
|
|
- value: DoesNotExist
|
|
description: DoesNotExist
|
|
- variable: values
|
|
label: Values
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: value
|
|
label: ""
|
|
schema:
|
|
type: string
|
|
- variable: ports
|
|
label: Ports
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: portsEntry
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
schema:
|
|
type: int
|
|
- variable: endPort
|
|
label: End Port
|
|
schema:
|
|
type: int
|
|
- variable: protocol
|
|
label: Protocol
|
|
schema:
|
|
type: string
|
|
default: TCP
|
|
enum:
|
|
- value: TCP
|
|
description: TCP
|
|
- value: UDP
|
|
description: UDP
|
|
- value: SCTP
|
|
description: SCTP
|
|
- variable: addons
|
|
group: Addons
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: codeserver
|
|
label: Codeserver
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enabled
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: git
|
|
label: Git Settings
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: deployKey
|
|
description: Raw SSH Private Key
|
|
label: Deploy Key
|
|
schema:
|
|
type: string
|
|
- variable: deployKeyBase64
|
|
description: Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence
|
|
label: Deploy Key Base64
|
|
schema:
|
|
type: string
|
|
- variable: service
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: type
|
|
label: Service Type
|
|
description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
|
|
schema:
|
|
type: string
|
|
default: LoadBalancer
|
|
enum:
|
|
- value: NodePort
|
|
description: Deprecated CHANGE THIS
|
|
- value: ClusterIP
|
|
description: ClusterIP
|
|
- value: LoadBalancer
|
|
description: LoadBalancer
|
|
- variable: loadBalancerIP
|
|
label: LoadBalancer IP
|
|
description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
|
|
schema:
|
|
show_if: [["type", "=", "LoadBalancer"]]
|
|
type: string
|
|
default: ""
|
|
- variable: advancedsvcset
|
|
label: Show Advanced Service Settings
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: externalIPs
|
|
label: "External IP's"
|
|
description: "External IP's"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: externalIP
|
|
label: External IP
|
|
schema:
|
|
type: string
|
|
- variable: ipFamilyPolicy
|
|
label: IP Family Policy
|
|
description: Specify the IP Policy
|
|
schema:
|
|
type: string
|
|
default: SingleStack
|
|
enum:
|
|
- value: SingleStack
|
|
description: SingleStack
|
|
- value: PreferDualStack
|
|
description: PreferDualStack
|
|
- value: RequireDualStack
|
|
description: RequireDualStack
|
|
- variable: ipFamilies
|
|
label: IP Families
|
|
description: (Advanced) The IP Families that should be used
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: ipFamily
|
|
label: IP Family
|
|
schema:
|
|
type: string
|
|
- variable: ports
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: codeserver
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
schema:
|
|
type: int
|
|
default: 36107
|
|
- variable: nodePort
|
|
description: Leave Empty to Disable
|
|
label: nodePort DEPRECATED
|
|
schema:
|
|
type: int
|
|
default: 36107
|
|
- variable: envList
|
|
label: Codeserver Environment Variables
|
|
schema:
|
|
type: list
|
|
show_if: [["type", "!=", "disabled"]]
|
|
default: []
|
|
items:
|
|
- variable: envItem
|
|
label: Environment Variable
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: Name
|
|
schema:
|
|
type: string
|
|
required: true
|
|
- variable: value
|
|
label: Value
|
|
schema:
|
|
type: string
|
|
required: true
|
|
- variable: vpn
|
|
label: VPN
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: type
|
|
label: Type
|
|
schema:
|
|
type: string
|
|
default: disabled
|
|
enum:
|
|
- value: disabled
|
|
description: disabled
|
|
- value: openvpn
|
|
description: OpenVPN
|
|
- value: wireguard
|
|
description: Wireguard
|
|
- value: tailscale
|
|
description: Tailscale
|
|
- variable: openvpn
|
|
label: OpenVPN Settings
|
|
schema:
|
|
type: dict
|
|
show_if: [["type", "=", "openvpn"]]
|
|
attrs:
|
|
- variable: username
|
|
label: Authentication Username (Optional)
|
|
description: Authentication Username, Optional
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: password
|
|
label: Authentication Password
|
|
description: Authentication Credentials
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: tailscale
|
|
label: Tailscale Settings
|
|
schema:
|
|
type: dict
|
|
show_if: [["type", "=", "tailscale"]]
|
|
attrs:
|
|
- variable: authkey
|
|
label: Authentication Key
|
|
description: Provide an auth key to automatically authenticate the node as your user account.
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: auth_once
|
|
label: Auth Once
|
|
description: Only attempt to log in if not already logged in.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: accept_dns
|
|
label: Accept DNS
|
|
description: Accept DNS configuration from the admin console.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: userspace
|
|
label: Userspace
|
|
description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: routes
|
|
label: Routes
|
|
description: Expose physical subnet routes to your entire Tailscale network.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: dest_ip
|
|
label: Destination IP
|
|
description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: sock5_server
|
|
label: Sock5 Server
|
|
description: The address on which to listen for SOCKS5 proxying into the tailscale net.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: outbound_http_proxy_listen
|
|
label: Outbound HTTP Proxy Listen
|
|
description: The address on which to listen for HTTP proxying into the tailscale net.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: extra_args
|
|
label: Extra Args
|
|
description: Extra Args
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: daemon_extra_args
|
|
label: Tailscale Daemon Extra Args
|
|
description: Tailscale Daemon Extra Args
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: killSwitch
|
|
label: Enable Killswitch
|
|
schema:
|
|
type: boolean
|
|
show_if: [["type", "!=", "disabled"]]
|
|
default: true
|
|
- variable: excludedNetworks_IPv4
|
|
label: Killswitch Excluded IPv4 networks
|
|
description: List of Killswitch Excluded IPv4 Addresses
|
|
schema:
|
|
type: list
|
|
show_if: [["type", "!=", "disabled"]]
|
|
default: []
|
|
items:
|
|
- variable: networkv4
|
|
label: IPv4 Network
|
|
schema:
|
|
type: string
|
|
required: true
|
|
- variable: excludedNetworks_IPv6
|
|
label: Killswitch Excluded IPv6 networks
|
|
description: "List of Killswitch Excluded IPv6 Addresses"
|
|
schema:
|
|
type: list
|
|
show_if: [["type", "!=", "disabled"]]
|
|
default: []
|
|
items:
|
|
- variable: networkv6
|
|
label: IPv6 Network
|
|
schema:
|
|
type: string
|
|
required: true
|
|
- variable: configFile
|
|
label: VPN Config File Location
|
|
schema:
|
|
type: dict
|
|
show_if: [["type", "!=", "disabled"]]
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enabled
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
hidden: true
|
|
- variable: type
|
|
label: Type
|
|
schema:
|
|
type: string
|
|
default: hostPath
|
|
hidden: true
|
|
- variable: hostPathType
|
|
label: hostPathType
|
|
schema:
|
|
type: string
|
|
default: File
|
|
hidden: true
|
|
- variable: noMount
|
|
label: noMount
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
hidden: true
|
|
- variable: hostPath
|
|
label: Full Path to File
|
|
description: "Path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: envList
|
|
label: VPN Environment Variables
|
|
schema:
|
|
type: list
|
|
show_if: [["type", "!=", "disabled"]]
|
|
default: []
|
|
items:
|
|
- variable: envItem
|
|
label: Environment Variable
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: Name
|
|
schema:
|
|
type: string
|
|
required: true
|
|
- variable: value
|
|
label: Value
|
|
schema:
|
|
type: string
|
|
required: true
|
|
- variable: docs
|
|
group: Documentation
|
|
label: Please read the documentation at https://truecharts.org
|
|
description: Please read the documentation at
|
|
<br /><a href="https://truecharts.org">https://truecharts.org</a>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: confirmDocs
|
|
label: I have checked the documentation
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: donateNag
|
|
group: Documentation
|
|
label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
|
|
description: Please consider supporting TrueCharts, see
|
|
<br /><a href="https://truecharts.org/sponsor">https://truecharts.org/sponsor</a>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: confirmDonate
|
|
label: I have considered donating
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
hidden: true
|
|
- variable: identity_providers
|
|
group: "Advanced"
|
|
label: "Authelia Identity Providers (BETA)"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: oidc
|
|
label: "OpenID Connect(BETA)"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "enabled"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: access_token_lifespan
|
|
label: "Access Token Lifespan"
|
|
schema:
|
|
type: string
|
|
default: "1h"
|
|
required: true
|
|
- variable: authorize_code_lifespan
|
|
label: "Authorize Code Lifespan"
|
|
schema:
|
|
type: string
|
|
default: "1m"
|
|
required: true
|
|
- variable: id_token_lifespan
|
|
label: "ID Token Lifespan"
|
|
schema:
|
|
type: string
|
|
default: "1h"
|
|
required: true
|
|
- variable: refresh_token_lifespan
|
|
label: "Refresh Token Lifespan"
|
|
schema:
|
|
type: string
|
|
default: "90m"
|
|
required: true
|
|
- variable: enable_client_debug_messages
|
|
label: "Enable Client Debug Messages"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: clients
|
|
label: "Clients"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: clientEntry
|
|
label: "Client"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: id
|
|
label: "ID/Name"
|
|
description: "The ID is the OpenID Connect ClientID which is used to link an application to a configuration."
|
|
schema:
|
|
type: string
|
|
default: "myapp"
|
|
required: true
|
|
- variable: description
|
|
label: "Description"
|
|
description: "The description to show to users when they end up on the consent screen. Defaults to the ID above."
|
|
schema:
|
|
type: string
|
|
default: "My Application"
|
|
required: true
|
|
- variable: secret
|
|
label: "Secret"
|
|
description: "The client secret is a shared secret between Authelia and the consumer of this client."
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: public
|
|
label: "public"
|
|
description: "Sets the client to public. This should typically not be set, please see the documentation for usage."
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: authorization_policy
|
|
label: "Authorization Policy"
|
|
description: "The policy to require for this client; one_factor or two_factor."
|
|
schema:
|
|
type: string
|
|
default: "two_factor"
|
|
enum:
|
|
- value: "one_factor"
|
|
description: "one_factor"
|
|
- value: "two_factor"
|
|
description: "two_factor"
|
|
- variable: consent_mode
|
|
label: "Consent Mode"
|
|
description: "Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.)"
|
|
schema:
|
|
type: string
|
|
default: "auto"
|
|
enum:
|
|
- value: "auto"
|
|
description: "auto"
|
|
- value: "explicit"
|
|
description: "explicit"
|
|
- value: "implicit"
|
|
description: "implicit"
|
|
- variable: userinfo_signing_algorithm
|
|
label: "Userinfo Signing Algorithm"
|
|
description: "The algorithm used to sign userinfo endpoint responses for this client, either none or RS256."
|
|
schema:
|
|
type: string
|
|
default: "none"
|
|
enum:
|
|
- value: "none"
|
|
description: "none"
|
|
- value: "RS256"
|
|
description: "RS256"
|
|
- variable: audience
|
|
label: "Audience"
|
|
description: "Audience this client is allowed to request."
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: audienceEntry
|
|
label: ""
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: scopes
|
|
label: "Scopes"
|
|
description: "Scopes this client is allowed to request."
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: ScopeEntry
|
|
label: "Scope"
|
|
schema:
|
|
type: string
|
|
default: "openid"
|
|
required: true
|
|
- variable: redirect_uris
|
|
label: "redirect_uris"
|
|
description: "Redirect URI's specifies a list of valid case-sensitive callbacks for this client."
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: uriEntry
|
|
label: "Url"
|
|
schema:
|
|
type: string
|
|
default: "https://oidc.example.com/oauth2/callback"
|
|
required: true
|
|
- variable: grant_types
|
|
description: "Grant Types configures which grants this client can obtain."
|
|
label: "grant_types"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: grantEntry
|
|
label: "Grant"
|
|
schema:
|
|
type: string
|
|
default: "refresh_token"
|
|
required: true
|
|
- variable: response_types
|
|
description: "Response Types configures which responses this client can be sent."
|
|
label: "response_types"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: responseEntry
|
|
label: "type"
|
|
schema:
|
|
type: string
|
|
default: "code"
|
|
required: true
|
|
- variable: response_modes
|
|
description: "Response Modes configures which response modes this client supports."
|
|
label: "response_modes"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: modeEntry
|
|
label: "Mode"
|
|
schema:
|
|
type: string
|
|
default: "form_post"
|
|
required: true
|