2022-12-18 19:30:51 +00:00
|
|
|
# Include{groups}
|
|
|
|
|
portals: {}
|
|
|
|
|
questions:
|
|
|
|
|
# Include{global}
|
|
|
|
|
# Include{controller}
|
|
|
|
|
# Include{replicas}
|
|
|
|
|
# Include{replica1}
|
|
|
|
|
# Include{controllerExpertExtraArgs}
|
|
|
|
|
- variable: snowflake
|
|
|
|
|
group: App Configuration
|
|
|
|
|
label: Snowflake Proxy Configuration
|
|
|
|
|
schema:
|
|
|
|
|
additional_attrs: true
|
|
|
|
|
type: dict
|
|
|
|
|
attrs:
|
|
|
|
|
- variable: allow_non_tls_relay
|
|
|
|
|
label: Allow Non TLS Relay
|
|
|
|
|
description: Allow relay without tls encryption
|
|
|
|
|
schema:
|
|
|
|
|
type: boolean
|
|
|
|
|
default: false
|
|
|
|
|
- variable: allowed_relay_hostname_pattern
|
|
|
|
|
label: Allow Relay Hostname pattern
|
|
|
|
|
description: A pattern to specify allowed hostname pattern for relay URL.
|
|
|
|
|
schema:
|
|
|
|
|
type: string
|
|
|
|
|
required: true
|
|
|
|
|
default: snowflake.torproject.net$
|
|
|
|
|
- variable: broker
|
|
|
|
|
label: Broker
|
|
|
|
|
description: Broker URL
|
|
|
|
|
schema:
|
|
|
|
|
type: string
|
|
|
|
|
required: true
|
|
|
|
|
default: https://snowflake-broker.torproject.net/
|
|
|
|
|
- variable: capacity
|
|
|
|
|
label: Capacity
|
|
|
|
|
description: Maximum concurrent clients (0 for unlimited)
|
|
|
|
|
schema:
|
|
|
|
|
type: int
|
|
|
|
|
required: true
|
|
|
|
|
default: 0
|
|
|
|
|
- variable: ephemeral_ports_range
|
|
|
|
|
label: Ephemeral Ports Range
|
|
|
|
|
description: ICE UDP ephemeral ports range in format ("30000:60000")
|
|
|
|
|
schema:
|
|
|
|
|
type: string
|
|
|
|
|
default: "59999:60000"
|
|
|
|
|
- variable: keep_local_addresses
|
|
|
|
|
label: Keep Local Addresses
|
|
|
|
|
description: Keep local LAN address ICE candidates
|
|
|
|
|
schema:
|
|
|
|
|
type: boolean
|
|
|
|
|
default: false
|
|
|
|
|
- variable: nat_retest_interval
|
|
|
|
|
label: NAT Retest Interval
|
|
|
|
|
description: The time interval in second before NAT type is retested, 0s disables retest. Valid time units are s, m, h.
|
|
|
|
|
schema:
|
|
|
|
|
type: string
|
|
|
|
|
required: true
|
|
|
|
|
default: 24h0m0s
|
|
|
|
|
- variable: relay
|
|
|
|
|
label: Relay
|
|
|
|
|
description: Websocket Relay URL
|
|
|
|
|
schema:
|
|
|
|
|
type: string
|
|
|
|
|
required: true
|
|
|
|
|
default: wss://snowflake.bamsoftware.com/
|
|
|
|
|
- variable: stun
|
|
|
|
|
label: Stun
|
|
|
|
|
description: STUN URL
|
|
|
|
|
schema:
|
|
|
|
|
type: string
|
|
|
|
|
required: true
|
|
|
|
|
default: stun:stun.stunprotocol.org:3478
|
|
|
|
|
- variable: summary_interval
|
|
|
|
|
label: Summary Interval
|
|
|
|
|
description: The time interval to output summary, 0s disables summaries. Valid time units are s, m, h.
|
|
|
|
|
schema:
|
|
|
|
|
type: string
|
|
|
|
|
required: true
|
|
|
|
|
default: 1h0m0s
|
|
|
|
|
- variable: unsafe_logging
|
|
|
|
|
label: Unsafe Logging
|
|
|
|
|
description: Prevent logs from being scrubbed
|
|
|
|
|
schema:
|
|
|
|
|
type: boolean
|
|
|
|
|
default: false
|
|
|
|
|
- variable: verbose
|
|
|
|
|
label: Verbose
|
|
|
|
|
description: Increase log verbosity
|
|
|
|
|
schema:
|
|
|
|
|
type: boolean
|
|
|
|
|
default: false
|
|
|
|
|
- variable: log
|
|
|
|
|
label: Log
|
|
|
|
|
description: Log Filename
|
|
|
|
|
schema:
|
|
|
|
|
type: string
|
|
|
|
|
default: ""
|
|
|
|
|
# Include{containerConfig}
|
|
|
|
|
# Include{serviceExpertRoot}
|
|
|
|
|
default: true
|
|
|
|
|
# Include{serviceList}
|
|
|
|
|
# Include{persistenceList}
|
|
|
|
|
# Include{security}
|
|
|
|
|
# Include{securityContextAdvancedRoot}
|
|
|
|
|
- variable: privileged
|
|
|
|
|
label: Privileged mode
|
|
|
|
|
schema:
|
|
|
|
|
type: boolean
|
|
|
|
|
default: false
|
|
|
|
|
- variable: readOnlyRootFilesystem
|
|
|
|
|
label: ReadOnly Root Filesystem
|
|
|
|
|
schema:
|
|
|
|
|
type: boolean
|
|
|
|
|
default: true
|
|
|
|
|
- variable: allowPrivilegeEscalation
|
|
|
|
|
label: Allow Privilege Escalation
|
|
|
|
|
schema:
|
|
|
|
|
type: boolean
|
|
|
|
|
default: false
|
|
|
|
|
- variable: runAsNonRoot
|
|
|
|
|
label: runAsNonRoot
|
|
|
|
|
schema:
|
|
|
|
|
type: boolean
|
2022-12-18 20:30:37 +00:00
|
|
|
default: true
|
2022-12-18 19:30:51 +00:00
|
|
|
# Include{podSecurityContextRoot}
|
|
|
|
|
- variable: runAsUser
|
|
|
|
|
label: runAsUser
|
|
|
|
|
description: The UserID of the user running the application
|
|
|
|
|
schema:
|
|
|
|
|
type: int
|
2022-12-18 20:30:37 +00:00
|
|
|
default: 1000
|
2022-12-18 19:30:51 +00:00
|
|
|
- variable: runAsGroup
|
|
|
|
|
label: runAsGroup
|
|
|
|
|
description: The groupID this App of the user running the application
|
|
|
|
|
schema:
|
|
|
|
|
type: int
|
2022-12-18 20:30:37 +00:00
|
|
|
default: 1000
|
2022-12-18 19:30:51 +00:00
|
|
|
- variable: fsGroup
|
|
|
|
|
label: fsGroup
|
|
|
|
|
description: The group that should own ALL storage.
|
|
|
|
|
schema:
|
|
|
|
|
type: int
|
|
|
|
|
default: 568
|
|
|
|
|
# Include{podSecurityContextAdvanced}
|
|
|
|
|
# Include{resources}
|
|
|
|
|
# Include{advanced}
|
|
|
|
|
# Include{addons}
|
|
|
|
|
# Include{codeserver}
|
|
|
|
|
# Include{vpn}
|
|
|
|
|
# Include{documentation}
|
