2021-12-12 22:27:04 +00:00
|
|
|
# Include{groups}
|
|
|
|
portals:
|
2022-02-24 18:15:06 +00:00
|
|
|
open:
|
2021-12-12 22:27:04 +00:00
|
|
|
protocols:
|
|
|
|
- "$kubernetes-resource_configmap_portal_protocol"
|
|
|
|
host:
|
|
|
|
- "$kubernetes-resource_configmap_portal_host"
|
|
|
|
ports:
|
|
|
|
- "$kubernetes-resource_configmap_portal_port"
|
|
|
|
questions:
|
|
|
|
- variable: portal
|
|
|
|
group: "Container Image"
|
|
|
|
label: "Configure Portal Button"
|
|
|
|
schema:
|
|
|
|
type: dict
|
|
|
|
hidden: true
|
|
|
|
attrs:
|
|
|
|
- variable: enabled
|
|
|
|
label: "Enable"
|
|
|
|
description: "enable the portal button"
|
|
|
|
schema:
|
|
|
|
hidden: true
|
|
|
|
editable: false
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
# Include{global}
|
|
|
|
|
|
|
|
- variable: controller
|
|
|
|
group: "Controller"
|
|
|
|
label: ""
|
|
|
|
schema:
|
2022-01-21 00:35:59 +00:00
|
|
|
additional_attrs: true
|
2021-12-12 22:27:04 +00:00
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: advanced
|
|
|
|
label: "Show Advanced Controller Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: type
|
|
|
|
description: "Please specify type of workload to deploy"
|
|
|
|
label: "(Advanced) Controller Type"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "deployment"
|
|
|
|
required: true
|
|
|
|
enum:
|
|
|
|
- value: "deployment"
|
|
|
|
description: "Deployment"
|
|
|
|
- value: "statefulset"
|
|
|
|
description: "Statefulset"
|
|
|
|
- value: "daemonset"
|
|
|
|
description: "Daemonset"
|
|
|
|
- variable: replicas
|
|
|
|
description: "Number of desired pod replicas"
|
|
|
|
label: "Desired Replicas"
|
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
default: 1
|
|
|
|
required: true
|
|
|
|
- variable: strategy
|
|
|
|
description: "Please specify type of workload to deploy"
|
|
|
|
label: "(Advanced) Update Strategy"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "Recreate"
|
|
|
|
required: true
|
|
|
|
enum:
|
|
|
|
- value: "Recreate"
|
|
|
|
description: "Recreate: Kill existing pods before creating new ones"
|
|
|
|
- value: "RollingUpdate"
|
|
|
|
description: "RollingUpdate: Create new pods and then kill old ones"
|
|
|
|
- value: "OnDelete"
|
|
|
|
description: "(Legacy) OnDelete: ignore .spec.template changes"
|
|
|
|
# Include{controllerExpert}
|
|
|
|
|
|
|
|
- variable: env
|
|
|
|
group: "Container Configuration"
|
|
|
|
label: "Image Environment"
|
|
|
|
schema:
|
2022-01-21 00:35:59 +00:00
|
|
|
additional_attrs: true
|
2021-12-12 22:27:04 +00:00
|
|
|
type: dict
|
|
|
|
attrs:
|
2022-06-23 16:28:57 +00:00
|
|
|
- variable: generalsettings
|
|
|
|
label: "General Settings"
|
2021-12-12 22:27:04 +00:00
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
2022-06-23 16:28:57 +00:00
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_FORBIDDEN_NOTE_IDS
|
|
|
|
label: "CMD_FORBIDDEN_NOTE_IDS"
|
|
|
|
description: "disallow creation of notes, even if allowFreeUrl or CMD_ALLOW_FREEURL is true"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "robots.txt, favicon.ico, api, build, css, docs, fonts, js, uploads, vendor, views"
|
|
|
|
- variable: CMD_IMAGE_UPLOAD_TYPE
|
|
|
|
label: "CMD_IMAGE_UPLOAD_TYPE"
|
|
|
|
description: "Where to upload images."
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "filesystem"
|
|
|
|
enum:
|
|
|
|
- value: "filesystem"
|
|
|
|
description: "filesystem"
|
|
|
|
- value: "imgur"
|
|
|
|
description: "imgur"
|
|
|
|
- value: "s3"
|
|
|
|
description: "s3"
|
|
|
|
- value: "minio"
|
|
|
|
description: "minio"
|
|
|
|
- value: "azure"
|
|
|
|
description: "azure"
|
|
|
|
- value: "lutim"
|
|
|
|
description: "lutim"
|
|
|
|
- variable: CMD_SOURCE_URL
|
|
|
|
label: "CMD_SOURCE_URL"
|
|
|
|
description: "Provides the link to the source code of HedgeDoc on the entry page"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_TOOBUSY_LAG
|
|
|
|
label: "CMD_TOOBUSY_LAG"
|
|
|
|
description: "CPU time for one event loop tick until node throttles connections. (milliseconds)"
|
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
default: 70
|
|
|
|
- variable: CMD_ALLOW_GRAVATAR
|
|
|
|
label: "CMD_ALLOW_GRAVATAR"
|
|
|
|
description: "Set to false to disable Libravatar as profile picture source on your instance."
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: httpsettings
|
|
|
|
label: "HTTP Settings"
|
2021-12-12 22:27:04 +00:00
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
2022-06-23 16:28:57 +00:00
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_DOMAIN
|
|
|
|
label: "CMD_DOMAIN"
|
|
|
|
description: "Domain name (eg. hedgedoc.org)"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_PROTOCOL_USESSL
|
|
|
|
label: "CMD_PROTOCOL_USESSL"
|
|
|
|
description: "Set to use SSL protocol for resources path (only applied when domain is set)"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
- variable: CMD_URL_ADDPORT
|
|
|
|
label: "CMD_URL_ADDPORT"
|
|
|
|
description: "Set to add port on callback URL (ports 80 or 443 won't be applied) (only applied when domain is set)"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
- variable: CMD_ALLOW_ORIGIN
|
|
|
|
label: "CMD_ALLOW_ORIGIN"
|
|
|
|
description: "Domain name whitelist (use comma to separate)"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "localhost"
|
|
|
|
- variable: websecsettings
|
|
|
|
label: "Web Security Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_HSTS_ENABLE
|
|
|
|
label: "CMD_HSTS_ENABLE"
|
|
|
|
description: "Set to enable HSTS if HTTPS is also enabled"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: CMD_HSTS_INCLUDE_SUBDOMAINS
|
|
|
|
label: "CMD_HSTS_INCLUDE_SUBDOMAINS"
|
|
|
|
description: "Set to include subdomains in HSTS"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: CMD_HSTS_MAX_AGE
|
|
|
|
label: "CMD_HSTS_MAX_AGE"
|
|
|
|
description: "Max duration in seconds to tell clients to keep HSTS status"
|
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
default: 31536000
|
|
|
|
- variable: CMD_HSTS_PRELOAD
|
|
|
|
label: "CMD_HSTS_PRELOAD"
|
|
|
|
description: "Whether to allow preloading of the site's HSTS status"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: CMD_CSP_ENABLE
|
|
|
|
label: "CMD_CSP_ENABLE"
|
|
|
|
description: "Whether to apply a Content-Security-Policy header to responses"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: CMD_CSP_ADD_DISQUS
|
|
|
|
label: "CMD_CSP_ADD_DISQUS"
|
|
|
|
description: "Enable to allow users to add Disqus comments to their notes or presentations."
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
- variable: CMD_CSP_ADD_GOOGLE_ANALYTICS
|
|
|
|
label: "CMD_CSP_ADD_GOOGLE_ANALYTICS"
|
|
|
|
description: "Enable to allow users to add Google Analytics to their notes."
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
- variable: CMD_CSP_REPORTURI
|
|
|
|
label: "CMD_CSP_REPORTURI"
|
|
|
|
description: "Allows to add a URL for CSP reports in case of violations."
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_CSP_ALLOW_FRAMING
|
|
|
|
label: "CMD_CSP_ALLOW_FRAMING"
|
|
|
|
description: "Disable to disallow embedding of the instance via iframe."
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: CMD_CSP_ALLOW_PDF_EMBED
|
|
|
|
label: "CMD_CSP_ALLOW_PDF_EMBED"
|
|
|
|
description: "Disable to disallow embedding PDFs."
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: CMD_COOKIE_POLICY
|
|
|
|
label: "CMD_COOKIE_POLICY"
|
|
|
|
description: "Set a SameSite policy whether cookies are send from cross-origin"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "lax"
|
|
|
|
enum:
|
|
|
|
- value: "lax"
|
|
|
|
description: "lax"
|
|
|
|
- value: "strict"
|
|
|
|
description: "strict"
|
|
|
|
- value: "none"
|
|
|
|
description: "none"
|
|
|
|
- variable: userprivillegesettings
|
|
|
|
label: "Users and Privileges Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_ALLOW_ANONYMOUS
|
|
|
|
label: "CMD_ALLOW_ANONYMOUS"
|
|
|
|
description: "Set to allow anonymous usage"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
- variable: CMD_ALLOW_ANONYMOUS_EDITS
|
|
|
|
label: "CMD_ALLOW_ANONYMOUS_EDITS"
|
|
|
|
description: "If allowAnonymous is false: allow users to select freely permission, allowing guests to edit existing notes"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
- variable: CMD_ALLOW_FREEURL
|
|
|
|
label: "CMD_ALLOW_FREEURL"
|
|
|
|
description: "Set to allow new note creation by accessing a nonexistent note URL"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
- variable: CMD_REQUIRE_FREEURL_AUTHENTICATION
|
|
|
|
label: "CMD_REQUIRE_FREEURL_AUTHENTICATION"
|
|
|
|
description: "Set to require authentication for FreeURL mode style note creation"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: CMD_DEFAULT_PERMISSION
|
|
|
|
label: "CMD_DEFAULT_PERMISSION"
|
|
|
|
description: "Set notes default permission (only applied on signed-in users)"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "editable"
|
|
|
|
enum:
|
|
|
|
- value: "editable"
|
|
|
|
description: "editable"
|
|
|
|
- value: "freely"
|
|
|
|
description: "freely"
|
|
|
|
- value: "limited"
|
|
|
|
description: "limited"
|
|
|
|
- value: "locked"
|
|
|
|
description: "locked"
|
|
|
|
- value: "protected"
|
|
|
|
description: "protected"
|
|
|
|
- value: "private"
|
|
|
|
description: "private"
|
|
|
|
- variable: CMD_SESSION_LIFE
|
|
|
|
label: "CMD_SESSION_LIFE"
|
|
|
|
description: "Cookie session life time in milliseconds."
|
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
default: 1209600000
|
|
|
|
- variable: loginsettings
|
|
|
|
label: "Login Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_EMAIL
|
|
|
|
label: "CMD_EMAIL"
|
|
|
|
description: "Set to allow email sign-in"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: CMD_ALLOW_EMAIL_REGISTER
|
|
|
|
label: "CMD_ALLOW_EMAIL_REGISTER"
|
|
|
|
description: "Set to allow registration of new accounts using an email address."
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: dropboxsettings
|
|
|
|
label: "Dropbox Login Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_DROPBOX_CLIENTID
|
|
|
|
label: "CMD_DROPBOX_CLIENTID"
|
|
|
|
description: "Dropbox API client id"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_DROPBOX_CLIENTSECRET
|
|
|
|
label: "CMD_DROPBOX_CLIENTSECRET"
|
|
|
|
description: "Dropbox API client secret"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: facebooksettings
|
|
|
|
label: "Facebook Login Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_FACEBOOK_CLIENTID
|
|
|
|
label: "CMD_FACEBOOK_CLIENTID"
|
|
|
|
description: "Facebook API client id"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_FACEBOOK_CLIENTSECRET
|
|
|
|
label: "CMD_FACEBOOK_CLIENTSECRET"
|
|
|
|
description: "Facebook API client secret"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: githubsettings
|
|
|
|
label: "Github Login Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_GITHUB_CLIENTID
|
|
|
|
label: "CMD_GITHUB_CLIENTID"
|
|
|
|
description: "Github API client id"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_GITHUB_CLIENTSECRET
|
|
|
|
label: "CMD_GITHUB_CLIENTSECRET"
|
|
|
|
description: "Github API client secret"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: gitlabsettings
|
|
|
|
label: "GitLab Login Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_GITLAB_SCOPE
|
|
|
|
label: "CMD_GITLAB_SCOPE"
|
|
|
|
description: "GitLab API requested scope"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "api"
|
|
|
|
enum:
|
|
|
|
- value: "api"
|
|
|
|
description: "api"
|
|
|
|
- value: "read_user"
|
|
|
|
description: "read_user"
|
|
|
|
- variable: CMD_GITLAB_BASEURL
|
|
|
|
label: "CMD_GITLAB_BASEURL"
|
|
|
|
description: "GitLab authentication endpoint"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_GITLAB_CLIENTID
|
|
|
|
label: "CMD_GITLAB_CLIENTID"
|
|
|
|
description: "GitLab API client id"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_GITLAB_CLIENTSECRET
|
|
|
|
label: "CMD_GITLAB_CLIENTSECRET"
|
|
|
|
description: "GitLab API client secret"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_GITLAB_VERSION
|
|
|
|
label: "CMD_GITLAB_VERSION"
|
|
|
|
description: "GitLab API version"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "v4"
|
|
|
|
enum:
|
|
|
|
- value: "v4"
|
|
|
|
description: "v4"
|
|
|
|
- value: "v3"
|
|
|
|
description: "v3"
|
|
|
|
- variable: googlesettings
|
|
|
|
label: "Google Login Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_GOOGLE_CLIENTID
|
|
|
|
label: "CMD_GOOGLE_CLIENTID"
|
|
|
|
description: "Google API client id"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_GOOGLE_CLIENTSECRET
|
|
|
|
label: "CMD_GOOGLE_CLIENTSECRET"
|
|
|
|
description: "Google API client secret"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_GOOGLE_HOSTEDDOMAIN
|
|
|
|
label: "CMD_GOOGLE_HOSTEDDOMAIN"
|
|
|
|
description: "Provided only if the user belongs to a hosted domain"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: twittersettings
|
|
|
|
label: "Twitter Login Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_TWITTER_CONSUMERKEY
|
|
|
|
label: "CMD_TWITTER_CONSUMERKEY"
|
|
|
|
description: "Twitter API consumer key"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_TWITTER_CONSUMERSECRET
|
|
|
|
label: "CMD_TWITTER_CONSUMERSECRET"
|
|
|
|
description: "Twitter API consumer secret"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: mattermostsettings
|
|
|
|
label: "Mattermost Login Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_MATTERMOST_BASEURL
|
|
|
|
label: "CMD_MATTERMOST_BASEURL"
|
|
|
|
description: "Mattermost authentication endpoint for versions below 5.0"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_MATTERMOST_CLIENTID
|
|
|
|
label: "CMD_MATTERMOST_CLIENTID"
|
|
|
|
description: "Mattermost API client id"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_MATTERMOST_CLIENTSECRET
|
|
|
|
label: "CMD_MATTERMOST_CLIENTSECRET"
|
|
|
|
description: "Mattermost API client secret"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: oauthsettings
|
|
|
|
label: "OAuth2 Login Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_OAUTH2_USER_PROFILE_URL
|
|
|
|
label: "CMD_OAUTH2_USER_PROFILE_URL"
|
|
|
|
description: "Where to retrieve information about a user after successful login"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
|
|
|
|
label: "CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR"
|
|
|
|
description: "Where to find the username in the JSON from the user profile URL"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR
|
|
|
|
label: "CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR"
|
|
|
|
description: "Where to find the display-name in the JSON from the user profile URL"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR
|
|
|
|
label: "CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR"
|
|
|
|
description: "Where to find the email address in the JSON from the user profile URL"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_OAUTH2_USER_PROFILE_ID_ATTR
|
|
|
|
label: "CMD_OAUTH2_USER_PROFILE_ID_ATTR"
|
|
|
|
description: "Where to find the dedicated user ID (optional, overrides CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR)"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_OAUTH2_TOKEN_URL
|
|
|
|
label: "CMD_OAUTH2_TOKEN_URL"
|
|
|
|
description: "Sometimes called token endpoint, please refer to the documentation of your OAuth2 provider"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_OAUTH2_AUTHORIZATION_URL
|
|
|
|
label: "CMD_OAUTH2_AUTHORIZATION_URL"
|
|
|
|
description: "Authorization URL of your provider, please refer to the documentation of your OAuth2 provider"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_OAUTH2_CLIENT_ID
|
|
|
|
label: "CMD_OAUTH2_CLIENT_ID"
|
|
|
|
description: "You will get this from your OAuth2 provider when you register HedgeDoc as OAuth2-client"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_OAUTH2_CLIENT_SECRET
|
|
|
|
label: "CMD_OAUTH2_CLIENT_SECRET"
|
|
|
|
description: "You will get this from your OAuth2 provider when you register HedgeDoc as OAuth2-client"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_OAUTH2_PROVIDERNAME
|
|
|
|
label: "CMD_OAUTH2_PROVIDERNAME"
|
|
|
|
description: "Optional name to be displayed at login form indicating the oAuth2 provider"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_OAUTH2_SCOPE
|
|
|
|
label: "CMD_OAUTH2_SCOPE"
|
|
|
|
description: "Scope to request for OIDC (OpenID Connect) providers"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_OAUTH2_ROLES_CLAIM
|
|
|
|
label: "CMD_OAUTH2_ROLES_CLAIM"
|
|
|
|
description: "ID token claim, which is supposed to provide an array of strings of roles"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_OAUTH2_ACCESS_ROLE
|
|
|
|
label: "CMD_OAUTH2_ACCESS_ROLE"
|
|
|
|
description: "The role which should be included in the ID token roles claim to grant access"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: ldapsettings
|
|
|
|
label: "LDAP Login Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_LDAP_URL
|
|
|
|
label: "CMD_LDAP_URL"
|
|
|
|
description: "URL of LDAP server"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_LDAP_BINDDN
|
|
|
|
label: "CMD_LDAP_BINDDN"
|
|
|
|
description: "bindDn for LDAP access"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_LDAP_BINDCREDENTIALS
|
|
|
|
label: "CMD_LDAP_BINDCREDENTIALS"
|
|
|
|
description: "bindCredentials for LDAP access"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_LDAP_SEARCHBASE
|
|
|
|
label: "CMD_LDAP_SEARCHBASE"
|
|
|
|
description: "LDAP directory to begin search from"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_LDAP_SEARCHFILTER
|
|
|
|
label: "CMD_LDAP_SEARCHFILTER"
|
|
|
|
description: "LDAP filter to search with"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_LDAP_SEARCHATTRIBUTES
|
|
|
|
label: "CMD_LDAP_SEARCHATTRIBUTES"
|
|
|
|
description: "LDAP attributes to search with (use comma to separate)"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_LDAP_USERIDFIELD
|
|
|
|
label: "CMD_LDAP_USERIDFIELD"
|
|
|
|
description: "The LDAP field which is used uniquely identify a user on HedgeDoc"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_LDAP_USERNAMEFIELD
|
|
|
|
label: "CMD_LDAP_USERNAMEFIELD"
|
|
|
|
description: "The LDAP field which is used as the username on HedgeDoc"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_LDAP_TLS_CA
|
|
|
|
label: "CMD_LDAP_TLS_CA"
|
|
|
|
description: "Root CA for LDAP TLS in PEM format (use comma to separate)"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_LDAP_PROVIDERNAME
|
|
|
|
label: "CMD_LDAP_PROVIDERNAME"
|
|
|
|
description: "CMD_LDAP_PROVIDERNAME"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: samlsettings
|
|
|
|
label: "SAML Login Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_SAML_IDPSSOURL
|
|
|
|
label: "CMD_SAML_IDPSSOURL"
|
|
|
|
description: "Authentication endpoint of IdP. for details"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_SAML_IDPCERT
|
|
|
|
label: "CMD_SAML_IDPCERT"
|
|
|
|
description: "Certificate file path of IdP in PEM format"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_SAML_CLIENTCERT
|
|
|
|
label: "CMD_SAML_CLIENTCERT"
|
|
|
|
description: "Certificate file path for the client in PEM format"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_SAML_ISSUER
|
|
|
|
label: "CMD_SAML_ISSUER"
|
|
|
|
description: "Issuer to supply to identity provider"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT
|
|
|
|
label: "CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT"
|
|
|
|
description: "True to allow any authentication method, false restricts to password authentication"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
- variable: CMD_SAML_IDENTIFIERFORMAT
|
|
|
|
label: "CMD_SAML_IDENTIFIERFORMAT"
|
|
|
|
description: "Name identifier format"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
|
|
|
|
- variable: CMD_SAML_GROUPATTRIBUTE
|
|
|
|
label: "CMD_SAML_GROUPATTRIBUTE"
|
|
|
|
description: "Attribute name for group list"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_SAML_REQUIREDGROUPS
|
|
|
|
label: "CMD_SAML_REQUIREDGROUPS"
|
|
|
|
description: "Group names that allowed (use vertical bar to separate)"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_SAML_EXTERNALGROUPS
|
|
|
|
label: "CMD_SAML_EXTERNALGROUPS"
|
|
|
|
description: "Group names that not allowed (use vertical bar to separate) "
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_SAML_ATTRIBUTE_ID
|
|
|
|
label: "CMD_SAML_ATTRIBUTE_ID"
|
|
|
|
description: "Attribute map for id"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_SAML_ATTRIBUTE_USERNAME
|
|
|
|
label: "CMD_SAML_ATTRIBUTE_USERNAME"
|
|
|
|
description: "Attribute map for username"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_SAML_ATTRIBUTE_EMAIL
|
|
|
|
label: "CMD_SAML_ATTRIBUTE_EMAIL"
|
|
|
|
description: "Attribute map for email"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_SAML_PROVIDERNAME
|
|
|
|
label: "CMD_SAML_PROVIDERNAME"
|
|
|
|
description: "Optional name to be displayed at login form indicating the SAML provider"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: amazonsettings
|
|
|
|
label: "Amazon S3 Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_S3_ACCESS_KEY_ID
|
|
|
|
label: "CMD_S3_ACCESS_KEY_ID"
|
|
|
|
description: "AWS access key id"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_S3_SECRET_ACCESS_KEY
|
|
|
|
label: "CMD_S3_SECRET_ACCESS_KEY"
|
|
|
|
description: "AWS secret key"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_S3_REGION
|
|
|
|
label: "CMD_S3_REGION"
|
|
|
|
description: "AWS S3 region"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_S3_BUCKET
|
|
|
|
label: "CMD_S3_BUCKET"
|
|
|
|
description: "AWS S3 bucket name"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_S3_ENDPOINT
|
|
|
|
label: "CMD_S3_ENDPOINT "
|
|
|
|
description: "S3 API endpoint if you don't use AWS name"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: azuresettings
|
|
|
|
label: "Azure Blob Storage Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_AZURE_CONNECTION_STRING
|
|
|
|
label: "CMD_AZURE_CONNECTION_STRING"
|
|
|
|
description: "Azure Blob Storage connection string"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_AZURE_CONTAINER
|
|
|
|
label: "CMD_AZURE_CONTAINER"
|
|
|
|
description: "Azure Blob Storage container name (automatically created if non existent)"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: miniosettings
|
|
|
|
label: "Minio Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_MINIO_ACCESS_KEY
|
|
|
|
label: "CMD_MINIO_ACCESS_KEY"
|
|
|
|
description: "Minio access key"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_MINIO_SECRET_KEY
|
|
|
|
label: "CMD_MINIO_SECRET_KEY"
|
|
|
|
description: "Minio secret key"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_MINIO_ENDPOINT
|
|
|
|
label: "CMD_MINIO_ENDPOINT"
|
|
|
|
description: "Address of your Minio endpoint/instance"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_MINIO_PORT
|
|
|
|
label: "CMD_MINIO_ACCESS_KEY"
|
|
|
|
description: "Port that is used for your Minio instance"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: CMD_MINIO_SECURE
|
|
|
|
label: "CMD_MINIO_SECURE"
|
|
|
|
description: "If set to true HTTPS is used for Minio"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: imgursettings
|
|
|
|
label: "Imgur Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_IMGUR_CLIENTID
|
|
|
|
label: "CMD_IMGUR_CLIENTID"
|
|
|
|
description: "Imgur API client id"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
private: true
|
|
|
|
default: ""
|
|
|
|
- variable: lutimsettings
|
|
|
|
label: "Lutim Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: CMD_LUTIM_URL
|
|
|
|
label: "CMD_LUTIM_URL"
|
|
|
|
description: "When CMD_IMAGE_UPLOAD_TYPE is set to lutim, you can setup the lutim url"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: ""
|
|
|
|
- variable: logsettings
|
|
|
|
label: "Logs Settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: DEBUG
|
|
|
|
label: "DEBUG"
|
|
|
|
description: "Set debug mode, show more logs"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
- variable: CMD_LOGLEVEL
|
|
|
|
label: "CMD_LOGLEVEL"
|
|
|
|
description: "Defines what kind of logs are provided to stdout."
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "info"
|
|
|
|
enum:
|
|
|
|
- value: "info"
|
|
|
|
description: "info"
|
|
|
|
- value: "warn"
|
|
|
|
description: "warn"
|
|
|
|
- value: "error"
|
|
|
|
description: "error"
|
|
|
|
- value: "verbose"
|
|
|
|
description: "verbose"
|
|
|
|
- value: "debug"
|
|
|
|
description: "debug"
|
|
|
|
|
2021-12-12 22:27:04 +00:00
|
|
|
# Include{containerConfig}
|
|
|
|
|
|
|
|
- variable: service
|
|
|
|
group: "Networking and Services"
|
|
|
|
label: "Configure Service(s)"
|
|
|
|
schema:
|
2022-01-21 00:35:59 +00:00
|
|
|
additional_attrs: true
|
2021-12-12 22:27:04 +00:00
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: main
|
|
|
|
label: "Main Service"
|
|
|
|
description: "The Primary service on which the healthcheck runs, often the webUI"
|
|
|
|
schema:
|
2022-01-21 00:35:59 +00:00
|
|
|
additional_attrs: true
|
2021-12-12 22:27:04 +00:00
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
# Include{serviceSelector}
|
|
|
|
- variable: main
|
|
|
|
label: "Main Service Port Configuration"
|
|
|
|
schema:
|
2022-01-21 00:35:59 +00:00
|
|
|
additional_attrs: true
|
2021-12-12 22:27:04 +00:00
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: port
|
|
|
|
label: "Port"
|
|
|
|
description: "This port exposes the container port on the service"
|
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
default: 10132
|
|
|
|
required: true
|
|
|
|
- variable: advanced
|
|
|
|
label: "Show Advanced settings"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: enabled
|
|
|
|
label: "Enable the port"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: protocol
|
|
|
|
label: "Port Type"
|
|
|
|
schema:
|
|
|
|
type: string
|
|
|
|
default: "HTTP"
|
|
|
|
enum:
|
|
|
|
- value: HTTP
|
|
|
|
description: "HTTP"
|
|
|
|
- value: "HTTPS"
|
|
|
|
description: "HTTPS"
|
|
|
|
- value: TCP
|
|
|
|
description: "TCP"
|
|
|
|
- value: "UDP"
|
|
|
|
description: "UDP"
|
|
|
|
- variable: nodePort
|
|
|
|
label: "Node Port (Optional)"
|
|
|
|
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
min: 9000
|
|
|
|
max: 65535
|
|
|
|
- variable: targetPort
|
|
|
|
label: "Target Port"
|
|
|
|
description: "The internal(!) port on the container the Application runs on"
|
|
|
|
schema:
|
|
|
|
type: int
|
2022-06-23 16:28:57 +00:00
|
|
|
default: 10132
|
2021-12-12 22:27:04 +00:00
|
|
|
|
|
|
|
- variable: serviceexpert
|
|
|
|
group: "Networking and Services"
|
|
|
|
label: "Show Expert Config"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: hostNetwork
|
|
|
|
group: "Networking and Services"
|
|
|
|
label: "Host-Networking (Complicated)"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
|
|
|
|
# Include{serviceExpert}
|
|
|
|
|
|
|
|
# Include{serviceList}
|
|
|
|
|
2022-06-23 16:28:57 +00:00
|
|
|
- variable: persistence
|
|
|
|
label: "Integrated Persistent Storage"
|
|
|
|
description: "Integrated Persistent Storage"
|
|
|
|
group: "Storage and Persistence"
|
|
|
|
schema:
|
|
|
|
additional_attrs: true
|
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: uploads
|
|
|
|
label: "App Uploads Storage"
|
|
|
|
description: "Stores the Application Uploads."
|
|
|
|
schema:
|
|
|
|
additional_attrs: true
|
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
# Include{persistenceBasic}
|
|
|
|
# Include{persistenceAdvanced}
|
|
|
|
|
2021-12-12 22:27:04 +00:00
|
|
|
# Include{persistenceList}
|
|
|
|
|
|
|
|
- variable: ingress
|
|
|
|
label: ""
|
|
|
|
group: "Ingress"
|
|
|
|
schema:
|
2022-01-21 00:35:59 +00:00
|
|
|
additional_attrs: true
|
2021-12-12 22:27:04 +00:00
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: main
|
|
|
|
label: "Main Ingress"
|
|
|
|
schema:
|
2022-01-21 00:35:59 +00:00
|
|
|
additional_attrs: true
|
2021-12-12 22:27:04 +00:00
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
# Include{ingressDefault}
|
|
|
|
|
|
|
|
# Include{ingressTLS}
|
|
|
|
|
|
|
|
# Include{ingressTraefik}
|
|
|
|
|
|
|
|
# Include{ingressExpert}
|
|
|
|
|
|
|
|
# Include{ingressList}
|
|
|
|
|
2022-03-03 14:04:31 +00:00
|
|
|
# Include{security}
|
|
|
|
|
2021-12-12 22:27:04 +00:00
|
|
|
- variable: advancedSecurity
|
|
|
|
label: "Show Advanced Security Settings"
|
|
|
|
group: "Security and Permissions"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
show_subquestions_if: true
|
|
|
|
subquestions:
|
|
|
|
- variable: securityContext
|
|
|
|
label: "Security Context"
|
|
|
|
schema:
|
2022-01-21 00:35:59 +00:00
|
|
|
additional_attrs: true
|
2021-12-12 22:27:04 +00:00
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: privileged
|
|
|
|
label: "Privileged mode"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
- variable: readOnlyRootFilesystem
|
|
|
|
label: "ReadOnly Root Filesystem"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
- variable: allowPrivilegeEscalation
|
|
|
|
label: "Allow Privilege Escalation"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
- variable: runAsNonRoot
|
|
|
|
label: "runAsNonRoot"
|
|
|
|
schema:
|
|
|
|
type: boolean
|
2022-06-23 16:28:57 +00:00
|
|
|
default: true
|
2022-01-13 11:18:20 +00:00
|
|
|
# Include{securityContextAdvanced}
|
2021-12-12 22:27:04 +00:00
|
|
|
|
|
|
|
- variable: podSecurityContext
|
|
|
|
group: "Security and Permissions"
|
|
|
|
label: "Pod Security Context"
|
|
|
|
schema:
|
2022-01-21 00:35:59 +00:00
|
|
|
additional_attrs: true
|
2021-12-12 22:27:04 +00:00
|
|
|
type: dict
|
|
|
|
attrs:
|
|
|
|
- variable: runAsUser
|
|
|
|
label: "runAsUser"
|
|
|
|
description: "The UserID of the user running the application"
|
|
|
|
schema:
|
|
|
|
type: int
|
2022-06-23 16:28:57 +00:00
|
|
|
default: 568
|
2021-12-12 22:27:04 +00:00
|
|
|
- variable: runAsGroup
|
|
|
|
label: "runAsGroup"
|
2022-04-20 07:35:54 +00:00
|
|
|
description: "The groupID this App of the user running the application"
|
2021-12-12 22:27:04 +00:00
|
|
|
schema:
|
|
|
|
type: int
|
2022-06-23 16:28:57 +00:00
|
|
|
default: 568
|
2021-12-12 22:27:04 +00:00
|
|
|
- variable: fsGroup
|
|
|
|
label: "fsGroup"
|
|
|
|
description: "The group that should own ALL storage."
|
|
|
|
schema:
|
|
|
|
type: int
|
|
|
|
default: 568
|
2022-01-13 11:18:20 +00:00
|
|
|
# Include{podSecurityContextAdvanced}
|
2021-12-12 22:27:04 +00:00
|
|
|
|
|
|
|
# Include{resources}
|
|
|
|
|
|
|
|
# Include{advanced}
|
|
|
|
|
|
|
|
# Include{addons}
|