2023-02-19 20:54:23 +00:00
|
|
|
# Include{groups}
|
|
|
|
questions:
|
|
|
|
# Include{global}
|
2023-03-01 07:55:51 +00:00
|
|
|
# Include{workload}
|
|
|
|
# Include{workloadDeployment}
|
|
|
|
# Include{replicas1}
|
|
|
|
# Include{podSpec}
|
|
|
|
# Include{containerMain}
|
|
|
|
# Include{containerBasic}
|
|
|
|
# Include{containerAdvanced}
|
2023-09-10 08:15:19 +00:00
|
|
|
# Include{containerConfig}
|
|
|
|
# Include{podOptions}
|
2023-02-19 20:54:23 +00:00
|
|
|
- variable: tfaAppOptions
|
|
|
|
group: App Configuration
|
|
|
|
label: Application Options
|
|
|
|
schema:
|
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: secret
|
|
|
|
label: Secret
|
|
|
|
description: Mandatory, can be any string.
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
required: true
|
|
|
|
private: true
|
|
|
|
- variable: port
|
|
|
|
label: Port
|
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
default: 4181
|
|
|
|
- variable: logLevel
|
|
|
|
label: Log level
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: warn
|
|
|
|
enum:
|
|
|
|
- value: trace
|
|
|
|
description: Trace (most detailed)
|
|
|
|
- value: debug
|
|
|
|
description: Debug
|
|
|
|
- value: info
|
|
|
|
description: Information
|
|
|
|
- value: warn
|
|
|
|
description: Warning
|
|
|
|
- value: error
|
|
|
|
description: Error
|
|
|
|
- value: fatal
|
|
|
|
description: Fatal
|
|
|
|
- value: panic
|
|
|
|
description: Panic (least detailed)
|
|
|
|
- variable: logFormat
|
|
|
|
label: Log format
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: text
|
|
|
|
enum:
|
|
|
|
- value: text
|
|
|
|
description: Text
|
|
|
|
- value: json
|
|
|
|
description: JSON
|
|
|
|
- value: pretty
|
|
|
|
description: Pretty
|
|
|
|
- variable: tfaAuthOptions
|
|
|
|
group: App Configuration
|
|
|
|
label: Auth Options
|
|
|
|
schema:
|
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: authHost
|
|
|
|
label: Auth host
|
|
|
|
description: Single host to use when returning from 3rd party auth.
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
- variable: urlPath
|
|
|
|
label: Callback URL Path
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "/_oauth"
|
|
|
|
- variable: defaultAction
|
|
|
|
label: Default action
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: auth
|
|
|
|
enum:
|
|
|
|
- value: auth
|
|
|
|
description: Authenticate
|
|
|
|
- value: allow
|
|
|
|
description: Allow (do not require authentication)
|
|
|
|
- variable: defaultProvider
|
|
|
|
label: Default provider
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: google
|
|
|
|
enum:
|
|
|
|
- value: google
|
|
|
|
description: Google Provider
|
|
|
|
- value: oidc
|
|
|
|
description: OIDC Provider
|
|
|
|
- value: generic-oauth
|
|
|
|
description: Generic OAuth2 Provider
|
|
|
|
- variable: domain
|
|
|
|
label: Domains
|
|
|
|
description: Only allow given email domains.
|
|
|
|
schema:
|
|
|
|
type: list
|
|
|
|
default: []
|
|
|
|
items:
|
|
|
|
- variable: allowedDomain
|
|
|
|
label: Host
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
required: true
|
|
|
|
- variable: whitelist
|
|
|
|
label: Whitelist
|
|
|
|
description: Only allow given email addresses.
|
|
|
|
schema:
|
|
|
|
type: list
|
|
|
|
default: []
|
|
|
|
items:
|
|
|
|
- variable: allowedEmail
|
|
|
|
label: Host
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
required: true
|
|
|
|
- variable: rules
|
|
|
|
label: Rules
|
|
|
|
description: Additional rules in rule.<name>.<param>=<value> format.
|
|
|
|
schema:
|
|
|
|
type: list
|
|
|
|
default: []
|
|
|
|
items:
|
|
|
|
- variable: rule
|
|
|
|
label: Rule
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
required: true
|
|
|
|
- variable: logoutRedirect
|
|
|
|
label: Logout redirect
|
|
|
|
description: URL to redirect to following logout.
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
- variable: tfaCookieOptions
|
|
|
|
group: App Configuration
|
|
|
|
label: Cookie Options
|
|
|
|
schema:
|
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: cookieDomain
|
|
|
|
label: Cookie domain hosts
|
|
|
|
schema:
|
|
|
|
type: list
|
|
|
|
default: []
|
|
|
|
items:
|
|
|
|
- variable: cookieDomainHost
|
|
|
|
label: Host
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
required: true
|
|
|
|
- variable: cookieName
|
|
|
|
label: Cookie name
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "_forward_auth"
|
|
|
|
- variable: csrfCookieName
|
|
|
|
label: CSRF cookie name
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "_forward_auth_csrf"
|
|
|
|
- variable: lifetime
|
|
|
|
label: Lifetime
|
|
|
|
description: Lifetime in seconds.
|
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
default: 43200
|
|
|
|
- variable: insecureCookie
|
|
|
|
label: Use insecure cookies
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
- variable: tfaGoogleOptions
|
|
|
|
group: App Configuration
|
|
|
|
label: Google Provider
|
|
|
|
schema:
|
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: clientId
|
|
|
|
label: Client ID
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
- variable: clientSecret
|
|
|
|
label: Client Secret
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
- variable: prompt
|
|
|
|
label: Prompt
|
|
|
|
description: Space separated list of OpenID prompt options.
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
- variable: tfaOidcOptions
|
|
|
|
group: App Configuration
|
|
|
|
label: OIDC Provider
|
|
|
|
schema:
|
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: issuerUrl
|
|
|
|
label: Issuer URL
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
- variable: clientId
|
|
|
|
label: Client ID
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
- variable: clientSecret
|
|
|
|
label: Client Secret
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
- variable: resource
|
|
|
|
label: Resource
|
|
|
|
description: Optional resource indicator.
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
- variable: tfaOauthOptions
|
|
|
|
group: App Configuration
|
|
|
|
label: Generic OAuth2 Provider
|
|
|
|
schema:
|
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: authUrl
|
|
|
|
label: Auth/Login URL
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
- variable: tokenUrl
|
|
|
|
label: Token URL
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
- variable: userUrl
|
|
|
|
label: User URL
|
|
|
|
description: URL used to retrieve user info.
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
- variable: clientId
|
|
|
|
label: Client ID
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
- variable: clientSecret
|
|
|
|
label: Client Secret
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
- variable: scopes
|
|
|
|
label: Scopes
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: profile, email
|
|
|
|
- variable: tokenStyle
|
|
|
|
label: Token style
|
|
|
|
description: How token is presented when querying the User URL
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: header
|
|
|
|
enum:
|
|
|
|
- value: header
|
|
|
|
description: Header
|
|
|
|
- value: query
|
|
|
|
description: Query
|
|
|
|
- variable: resource
|
|
|
|
label: Resource
|
|
|
|
description: Optional resource indicator.
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
# Include{serviceRoot}
|
2023-09-10 08:15:19 +00:00
|
|
|
# Include{serviceMain}
|
|
|
|
# Include{serviceSelectorLoadBalancer}
|
2023-05-03 06:50:07 +00:00
|
|
|
# Include{serviceSelectorExtras}
|
2023-02-19 20:54:23 +00:00
|
|
|
- variable: main
|
|
|
|
label: "Main Service Port Configuration"
|
|
|
|
schema:
|
2023-09-10 08:15:19 +00:00
|
|
|
additional_attrs: true
|
2023-02-19 20:54:23 +00:00
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: port
|
|
|
|
label: "Port"
|
|
|
|
description: "This port exposes the container port on the service"
|
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
default: 4181
|
|
|
|
required: true
|
|
|
|
# Include{serviceExpertRoot}
|
|
|
|
# Include{serviceExpert}
|
|
|
|
# Include{serviceList}
|
2023-09-10 08:15:19 +00:00
|
|
|
# Include{persistenceRoot}
|
|
|
|
- variable: config
|
|
|
|
label: "App Config Storage"
|
|
|
|
description: "Stores the Application Configuration."
|
|
|
|
schema:
|
|
|
|
additional_attrs: true
|
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
# Include{persistenceBasic}
|
|
|
|
# Include{persistenceList}
|
2023-02-19 20:54:23 +00:00
|
|
|
# Include{ingressRoot}
|
|
|
|
- variable: main
|
|
|
|
label: "Main Ingress"
|
|
|
|
schema:
|
2023-09-10 08:15:19 +00:00
|
|
|
additional_attrs: true
|
2023-02-19 20:54:23 +00:00
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
# Include{ingressDefault}
|
2023-05-28 10:32:51 +00:00
|
|
|
# Include{ingressAdvanced}
|
2023-02-19 20:54:23 +00:00
|
|
|
# Include{ingressList}
|
2023-05-03 08:09:43 +00:00
|
|
|
# Include{securityContextRoot}
|
2023-03-01 08:30:36 +00:00
|
|
|
- variable: runAsUser
|
|
|
|
label: "runAsUser"
|
|
|
|
description: "The UserID of the user running the application"
|
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
default: 568
|
2023-05-03 08:09:43 +00:00
|
|
|
- variable: runAsGroup
|
|
|
|
label: "runAsGroup"
|
2023-09-10 08:15:19 +00:00
|
|
|
description: "The groupID this App of the user running the application"
|
2023-05-03 08:09:43 +00:00
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
default: 568
|
2023-03-01 08:30:36 +00:00
|
|
|
# Include{securityContextContainer}
|
|
|
|
# Include{securityContextAdvanced}
|
|
|
|
# Include{securityContextPod}
|
2023-04-30 09:08:59 +00:00
|
|
|
- variable: fsGroup
|
2023-03-01 08:30:36 +00:00
|
|
|
label: "fsGroup"
|
|
|
|
description: "The group that should own ALL storage."
|
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
default: 568
|
2023-02-19 20:54:23 +00:00
|
|
|
# Include{resources}
|
|
|
|
# Include{advanced}
|
|
|
|
# Include{addons}
|
|
|
|
# Include{codeserver}
|
2023-03-01 08:30:36 +00:00
|
|
|
# Include{netshoot}
|
2023-02-19 20:54:23 +00:00
|
|
|
# Include{vpn}
|
2023-09-10 08:15:19 +00:00
|
|
|
# Include{documentation}
|