feat(hedgedoc): BREAKING CHANGE switch to official image (#2958)
* feat(hedgedoc): switch to official image * lint * whoops * l-int * hm * aha * correct key * argh.. * cleanup perms * update img ref
This commit is contained in:
parent
eb8bfb6edd
commit
5b06d88b54
|
@ -1,7 +1,7 @@
|
|||
apiVersion: v2
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
name: hedgedoc
|
||||
version: 3.0.5
|
||||
version: 4.0.0
|
||||
appVersion: "1.9.3"
|
||||
description: HedgeDoc lets you create real-time collaborative markdown notes.
|
||||
type: application
|
||||
|
@ -16,10 +16,10 @@ dependencies:
|
|||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 10.1.1
|
||||
- condition: mariadb.enabled
|
||||
name: mariadb
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://charts.truecharts.org/
|
||||
version: 3.0.14
|
||||
version: 8.0.13
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
|
|
|
@ -83,24 +83,822 @@ questions:
|
|||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: CMD_DOMAIN
|
||||
label: "CMD_DOMAIN"
|
||||
description: "CMD_DOMAIN"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_PROTOCOL_USESSL
|
||||
label: "CMD_PROTOCOL_USESSL"
|
||||
description: "CMD_PROTOCOL_USESSL"
|
||||
- variable: generalsettings
|
||||
label: "General Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CMD_URL_ADDPORT
|
||||
label: "CMD_URL_ADDPORT"
|
||||
description: "CMD_URL_ADDPORT"
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_FORBIDDEN_NOTE_IDS
|
||||
label: "CMD_FORBIDDEN_NOTE_IDS"
|
||||
description: "disallow creation of notes, even if allowFreeUrl or CMD_ALLOW_FREEURL is true"
|
||||
schema:
|
||||
type: string
|
||||
default: "robots.txt, favicon.ico, api, build, css, docs, fonts, js, uploads, vendor, views"
|
||||
- variable: CMD_IMAGE_UPLOAD_TYPE
|
||||
label: "CMD_IMAGE_UPLOAD_TYPE"
|
||||
description: "Where to upload images."
|
||||
schema:
|
||||
type: string
|
||||
default: "filesystem"
|
||||
enum:
|
||||
- value: "filesystem"
|
||||
description: "filesystem"
|
||||
- value: "imgur"
|
||||
description: "imgur"
|
||||
- value: "s3"
|
||||
description: "s3"
|
||||
- value: "minio"
|
||||
description: "minio"
|
||||
- value: "azure"
|
||||
description: "azure"
|
||||
- value: "lutim"
|
||||
description: "lutim"
|
||||
- variable: CMD_SOURCE_URL
|
||||
label: "CMD_SOURCE_URL"
|
||||
description: "Provides the link to the source code of HedgeDoc on the entry page"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_TOOBUSY_LAG
|
||||
label: "CMD_TOOBUSY_LAG"
|
||||
description: "CPU time for one event loop tick until node throttles connections. (milliseconds)"
|
||||
schema:
|
||||
type: int
|
||||
default: 70
|
||||
- variable: CMD_ALLOW_GRAVATAR
|
||||
label: "CMD_ALLOW_GRAVATAR"
|
||||
description: "Set to false to disable Libravatar as profile picture source on your instance."
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: httpsettings
|
||||
label: "HTTP Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_DOMAIN
|
||||
label: "CMD_DOMAIN"
|
||||
description: "Domain name (eg. hedgedoc.org)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_PROTOCOL_USESSL
|
||||
label: "CMD_PROTOCOL_USESSL"
|
||||
description: "Set to use SSL protocol for resources path (only applied when domain is set)"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CMD_URL_ADDPORT
|
||||
label: "CMD_URL_ADDPORT"
|
||||
description: "Set to add port on callback URL (ports 80 or 443 won't be applied) (only applied when domain is set)"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CMD_ALLOW_ORIGIN
|
||||
label: "CMD_ALLOW_ORIGIN"
|
||||
description: "Domain name whitelist (use comma to separate)"
|
||||
schema:
|
||||
type: string
|
||||
default: "localhost"
|
||||
- variable: websecsettings
|
||||
label: "Web Security Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_HSTS_ENABLE
|
||||
label: "CMD_HSTS_ENABLE"
|
||||
description: "Set to enable HSTS if HTTPS is also enabled"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: CMD_HSTS_INCLUDE_SUBDOMAINS
|
||||
label: "CMD_HSTS_INCLUDE_SUBDOMAINS"
|
||||
description: "Set to include subdomains in HSTS"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: CMD_HSTS_MAX_AGE
|
||||
label: "CMD_HSTS_MAX_AGE"
|
||||
description: "Max duration in seconds to tell clients to keep HSTS status"
|
||||
schema:
|
||||
type: int
|
||||
default: 31536000
|
||||
- variable: CMD_HSTS_PRELOAD
|
||||
label: "CMD_HSTS_PRELOAD"
|
||||
description: "Whether to allow preloading of the site's HSTS status"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: CMD_CSP_ENABLE
|
||||
label: "CMD_CSP_ENABLE"
|
||||
description: "Whether to apply a Content-Security-Policy header to responses"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: CMD_CSP_ADD_DISQUS
|
||||
label: "CMD_CSP_ADD_DISQUS"
|
||||
description: "Enable to allow users to add Disqus comments to their notes or presentations."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CMD_CSP_ADD_GOOGLE_ANALYTICS
|
||||
label: "CMD_CSP_ADD_GOOGLE_ANALYTICS"
|
||||
description: "Enable to allow users to add Google Analytics to their notes."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CMD_CSP_REPORTURI
|
||||
label: "CMD_CSP_REPORTURI"
|
||||
description: "Allows to add a URL for CSP reports in case of violations."
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_CSP_ALLOW_FRAMING
|
||||
label: "CMD_CSP_ALLOW_FRAMING"
|
||||
description: "Disable to disallow embedding of the instance via iframe."
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: CMD_CSP_ALLOW_PDF_EMBED
|
||||
label: "CMD_CSP_ALLOW_PDF_EMBED"
|
||||
description: "Disable to disallow embedding PDFs."
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: CMD_COOKIE_POLICY
|
||||
label: "CMD_COOKIE_POLICY"
|
||||
description: "Set a SameSite policy whether cookies are send from cross-origin"
|
||||
schema:
|
||||
type: string
|
||||
default: "lax"
|
||||
enum:
|
||||
- value: "lax"
|
||||
description: "lax"
|
||||
- value: "strict"
|
||||
description: "strict"
|
||||
- value: "none"
|
||||
description: "none"
|
||||
- variable: userprivillegesettings
|
||||
label: "Users and Privileges Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_ALLOW_ANONYMOUS
|
||||
label: "CMD_ALLOW_ANONYMOUS"
|
||||
description: "Set to allow anonymous usage"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CMD_ALLOW_ANONYMOUS_EDITS
|
||||
label: "CMD_ALLOW_ANONYMOUS_EDITS"
|
||||
description: "If allowAnonymous is false: allow users to select freely permission, allowing guests to edit existing notes"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CMD_ALLOW_FREEURL
|
||||
label: "CMD_ALLOW_FREEURL"
|
||||
description: "Set to allow new note creation by accessing a nonexistent note URL"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CMD_REQUIRE_FREEURL_AUTHENTICATION
|
||||
label: "CMD_REQUIRE_FREEURL_AUTHENTICATION"
|
||||
description: "Set to require authentication for FreeURL mode style note creation"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: CMD_DEFAULT_PERMISSION
|
||||
label: "CMD_DEFAULT_PERMISSION"
|
||||
description: "Set notes default permission (only applied on signed-in users)"
|
||||
schema:
|
||||
type: string
|
||||
default: "editable"
|
||||
enum:
|
||||
- value: "editable"
|
||||
description: "editable"
|
||||
- value: "freely"
|
||||
description: "freely"
|
||||
- value: "limited"
|
||||
description: "limited"
|
||||
- value: "locked"
|
||||
description: "locked"
|
||||
- value: "protected"
|
||||
description: "protected"
|
||||
- value: "private"
|
||||
description: "private"
|
||||
- variable: CMD_SESSION_LIFE
|
||||
label: "CMD_SESSION_LIFE"
|
||||
description: "Cookie session life time in milliseconds."
|
||||
schema:
|
||||
type: int
|
||||
default: 1209600000
|
||||
- variable: loginsettings
|
||||
label: "Login Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_EMAIL
|
||||
label: "CMD_EMAIL"
|
||||
description: "Set to allow email sign-in"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: CMD_ALLOW_EMAIL_REGISTER
|
||||
label: "CMD_ALLOW_EMAIL_REGISTER"
|
||||
description: "Set to allow registration of new accounts using an email address."
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: dropboxsettings
|
||||
label: "Dropbox Login Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_DROPBOX_CLIENTID
|
||||
label: "CMD_DROPBOX_CLIENTID"
|
||||
description: "Dropbox API client id"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_DROPBOX_CLIENTSECRET
|
||||
label: "CMD_DROPBOX_CLIENTSECRET"
|
||||
description: "Dropbox API client secret"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: facebooksettings
|
||||
label: "Facebook Login Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_FACEBOOK_CLIENTID
|
||||
label: "CMD_FACEBOOK_CLIENTID"
|
||||
description: "Facebook API client id"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_FACEBOOK_CLIENTSECRET
|
||||
label: "CMD_FACEBOOK_CLIENTSECRET"
|
||||
description: "Facebook API client secret"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: githubsettings
|
||||
label: "Github Login Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_GITHUB_CLIENTID
|
||||
label: "CMD_GITHUB_CLIENTID"
|
||||
description: "Github API client id"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_GITHUB_CLIENTSECRET
|
||||
label: "CMD_GITHUB_CLIENTSECRET"
|
||||
description: "Github API client secret"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: gitlabsettings
|
||||
label: "GitLab Login Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_GITLAB_SCOPE
|
||||
label: "CMD_GITLAB_SCOPE"
|
||||
description: "GitLab API requested scope"
|
||||
schema:
|
||||
type: string
|
||||
default: "api"
|
||||
enum:
|
||||
- value: "api"
|
||||
description: "api"
|
||||
- value: "read_user"
|
||||
description: "read_user"
|
||||
- variable: CMD_GITLAB_BASEURL
|
||||
label: "CMD_GITLAB_BASEURL"
|
||||
description: "GitLab authentication endpoint"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_GITLAB_CLIENTID
|
||||
label: "CMD_GITLAB_CLIENTID"
|
||||
description: "GitLab API client id"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_GITLAB_CLIENTSECRET
|
||||
label: "CMD_GITLAB_CLIENTSECRET"
|
||||
description: "GitLab API client secret"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_GITLAB_VERSION
|
||||
label: "CMD_GITLAB_VERSION"
|
||||
description: "GitLab API version"
|
||||
schema:
|
||||
type: string
|
||||
default: "v4"
|
||||
enum:
|
||||
- value: "v4"
|
||||
description: "v4"
|
||||
- value: "v3"
|
||||
description: "v3"
|
||||
- variable: googlesettings
|
||||
label: "Google Login Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_GOOGLE_CLIENTID
|
||||
label: "CMD_GOOGLE_CLIENTID"
|
||||
description: "Google API client id"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_GOOGLE_CLIENTSECRET
|
||||
label: "CMD_GOOGLE_CLIENTSECRET"
|
||||
description: "Google API client secret"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_GOOGLE_HOSTEDDOMAIN
|
||||
label: "CMD_GOOGLE_HOSTEDDOMAIN"
|
||||
description: "Provided only if the user belongs to a hosted domain"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: twittersettings
|
||||
label: "Twitter Login Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_TWITTER_CONSUMERKEY
|
||||
label: "CMD_TWITTER_CONSUMERKEY"
|
||||
description: "Twitter API consumer key"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_TWITTER_CONSUMERSECRET
|
||||
label: "CMD_TWITTER_CONSUMERSECRET"
|
||||
description: "Twitter API consumer secret"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: mattermostsettings
|
||||
label: "Mattermost Login Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_MATTERMOST_BASEURL
|
||||
label: "CMD_MATTERMOST_BASEURL"
|
||||
description: "Mattermost authentication endpoint for versions below 5.0"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_MATTERMOST_CLIENTID
|
||||
label: "CMD_MATTERMOST_CLIENTID"
|
||||
description: "Mattermost API client id"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_MATTERMOST_CLIENTSECRET
|
||||
label: "CMD_MATTERMOST_CLIENTSECRET"
|
||||
description: "Mattermost API client secret"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: oauthsettings
|
||||
label: "OAuth2 Login Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_OAUTH2_USER_PROFILE_URL
|
||||
label: "CMD_OAUTH2_USER_PROFILE_URL"
|
||||
description: "Where to retrieve information about a user after successful login"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
|
||||
label: "CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR"
|
||||
description: "Where to find the username in the JSON from the user profile URL"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR
|
||||
label: "CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR"
|
||||
description: "Where to find the display-name in the JSON from the user profile URL"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR
|
||||
label: "CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR"
|
||||
description: "Where to find the email address in the JSON from the user profile URL"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_OAUTH2_USER_PROFILE_ID_ATTR
|
||||
label: "CMD_OAUTH2_USER_PROFILE_ID_ATTR"
|
||||
description: "Where to find the dedicated user ID (optional, overrides CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_OAUTH2_TOKEN_URL
|
||||
label: "CMD_OAUTH2_TOKEN_URL"
|
||||
description: "Sometimes called token endpoint, please refer to the documentation of your OAuth2 provider"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_OAUTH2_AUTHORIZATION_URL
|
||||
label: "CMD_OAUTH2_AUTHORIZATION_URL"
|
||||
description: "Authorization URL of your provider, please refer to the documentation of your OAuth2 provider"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_OAUTH2_CLIENT_ID
|
||||
label: "CMD_OAUTH2_CLIENT_ID"
|
||||
description: "You will get this from your OAuth2 provider when you register HedgeDoc as OAuth2-client"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_OAUTH2_CLIENT_SECRET
|
||||
label: "CMD_OAUTH2_CLIENT_SECRET"
|
||||
description: "You will get this from your OAuth2 provider when you register HedgeDoc as OAuth2-client"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_OAUTH2_PROVIDERNAME
|
||||
label: "CMD_OAUTH2_PROVIDERNAME"
|
||||
description: "Optional name to be displayed at login form indicating the oAuth2 provider"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_OAUTH2_SCOPE
|
||||
label: "CMD_OAUTH2_SCOPE"
|
||||
description: "Scope to request for OIDC (OpenID Connect) providers"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_OAUTH2_ROLES_CLAIM
|
||||
label: "CMD_OAUTH2_ROLES_CLAIM"
|
||||
description: "ID token claim, which is supposed to provide an array of strings of roles"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_OAUTH2_ACCESS_ROLE
|
||||
label: "CMD_OAUTH2_ACCESS_ROLE"
|
||||
description: "The role which should be included in the ID token roles claim to grant access"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: ldapsettings
|
||||
label: "LDAP Login Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_LDAP_URL
|
||||
label: "CMD_LDAP_URL"
|
||||
description: "URL of LDAP server"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_LDAP_BINDDN
|
||||
label: "CMD_LDAP_BINDDN"
|
||||
description: "bindDn for LDAP access"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_LDAP_BINDCREDENTIALS
|
||||
label: "CMD_LDAP_BINDCREDENTIALS"
|
||||
description: "bindCredentials for LDAP access"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_LDAP_SEARCHBASE
|
||||
label: "CMD_LDAP_SEARCHBASE"
|
||||
description: "LDAP directory to begin search from"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_LDAP_SEARCHFILTER
|
||||
label: "CMD_LDAP_SEARCHFILTER"
|
||||
description: "LDAP filter to search with"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_LDAP_SEARCHATTRIBUTES
|
||||
label: "CMD_LDAP_SEARCHATTRIBUTES"
|
||||
description: "LDAP attributes to search with (use comma to separate)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_LDAP_USERIDFIELD
|
||||
label: "CMD_LDAP_USERIDFIELD"
|
||||
description: "The LDAP field which is used uniquely identify a user on HedgeDoc"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_LDAP_USERNAMEFIELD
|
||||
label: "CMD_LDAP_USERNAMEFIELD"
|
||||
description: "The LDAP field which is used as the username on HedgeDoc"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_LDAP_TLS_CA
|
||||
label: "CMD_LDAP_TLS_CA"
|
||||
description: "Root CA for LDAP TLS in PEM format (use comma to separate)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_LDAP_PROVIDERNAME
|
||||
label: "CMD_LDAP_PROVIDERNAME"
|
||||
description: "CMD_LDAP_PROVIDERNAME"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: samlsettings
|
||||
label: "SAML Login Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_SAML_IDPSSOURL
|
||||
label: "CMD_SAML_IDPSSOURL"
|
||||
description: "Authentication endpoint of IdP. for details"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_SAML_IDPCERT
|
||||
label: "CMD_SAML_IDPCERT"
|
||||
description: "Certificate file path of IdP in PEM format"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_SAML_CLIENTCERT
|
||||
label: "CMD_SAML_CLIENTCERT"
|
||||
description: "Certificate file path for the client in PEM format"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_SAML_ISSUER
|
||||
label: "CMD_SAML_ISSUER"
|
||||
description: "Issuer to supply to identity provider"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT
|
||||
label: "CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT"
|
||||
description: "True to allow any authentication method, false restricts to password authentication"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CMD_SAML_IDENTIFIERFORMAT
|
||||
label: "CMD_SAML_IDENTIFIERFORMAT"
|
||||
description: "Name identifier format"
|
||||
schema:
|
||||
type: string
|
||||
default: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
|
||||
- variable: CMD_SAML_GROUPATTRIBUTE
|
||||
label: "CMD_SAML_GROUPATTRIBUTE"
|
||||
description: "Attribute name for group list"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_SAML_REQUIREDGROUPS
|
||||
label: "CMD_SAML_REQUIREDGROUPS"
|
||||
description: "Group names that allowed (use vertical bar to separate)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_SAML_EXTERNALGROUPS
|
||||
label: "CMD_SAML_EXTERNALGROUPS"
|
||||
description: "Group names that not allowed (use vertical bar to separate) "
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_SAML_ATTRIBUTE_ID
|
||||
label: "CMD_SAML_ATTRIBUTE_ID"
|
||||
description: "Attribute map for id"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_SAML_ATTRIBUTE_USERNAME
|
||||
label: "CMD_SAML_ATTRIBUTE_USERNAME"
|
||||
description: "Attribute map for username"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_SAML_ATTRIBUTE_EMAIL
|
||||
label: "CMD_SAML_ATTRIBUTE_EMAIL"
|
||||
description: "Attribute map for email"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_SAML_PROVIDERNAME
|
||||
label: "CMD_SAML_PROVIDERNAME"
|
||||
description: "Optional name to be displayed at login form indicating the SAML provider"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: amazonsettings
|
||||
label: "Amazon S3 Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_S3_ACCESS_KEY_ID
|
||||
label: "CMD_S3_ACCESS_KEY_ID"
|
||||
description: "AWS access key id"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_S3_SECRET_ACCESS_KEY
|
||||
label: "CMD_S3_SECRET_ACCESS_KEY"
|
||||
description: "AWS secret key"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_S3_REGION
|
||||
label: "CMD_S3_REGION"
|
||||
description: "AWS S3 region"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_S3_BUCKET
|
||||
label: "CMD_S3_BUCKET"
|
||||
description: "AWS S3 bucket name"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_S3_ENDPOINT
|
||||
label: "CMD_S3_ENDPOINT "
|
||||
description: "S3 API endpoint if you don't use AWS name"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: azuresettings
|
||||
label: "Azure Blob Storage Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_AZURE_CONNECTION_STRING
|
||||
label: "CMD_AZURE_CONNECTION_STRING"
|
||||
description: "Azure Blob Storage connection string"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_AZURE_CONTAINER
|
||||
label: "CMD_AZURE_CONTAINER"
|
||||
description: "Azure Blob Storage container name (automatically created if non existent)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: miniosettings
|
||||
label: "Minio Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_MINIO_ACCESS_KEY
|
||||
label: "CMD_MINIO_ACCESS_KEY"
|
||||
description: "Minio access key"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_MINIO_SECRET_KEY
|
||||
label: "CMD_MINIO_SECRET_KEY"
|
||||
description: "Minio secret key"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: CMD_MINIO_ENDPOINT
|
||||
label: "CMD_MINIO_ENDPOINT"
|
||||
description: "Address of your Minio endpoint/instance"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_MINIO_PORT
|
||||
label: "CMD_MINIO_ACCESS_KEY"
|
||||
description: "Port that is used for your Minio instance"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CMD_MINIO_SECURE
|
||||
label: "CMD_MINIO_SECURE"
|
||||
description: "If set to true HTTPS is used for Minio"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: imgursettings
|
||||
label: "Imgur Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_IMGUR_CLIENTID
|
||||
label: "CMD_IMGUR_CLIENTID"
|
||||
description: "Imgur API client id"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: lutimsettings
|
||||
label: "Lutim Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CMD_LUTIM_URL
|
||||
label: "CMD_LUTIM_URL"
|
||||
description: "When CMD_IMAGE_UPLOAD_TYPE is set to lutim, you can setup the lutim url"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: logsettings
|
||||
label: "Logs Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: DEBUG
|
||||
label: "DEBUG"
|
||||
description: "Set debug mode, show more logs"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CMD_LOGLEVEL
|
||||
label: "CMD_LOGLEVEL"
|
||||
description: "Defines what kind of logs are provided to stdout."
|
||||
schema:
|
||||
type: string
|
||||
default: "info"
|
||||
enum:
|
||||
- value: "info"
|
||||
description: "info"
|
||||
- value: "warn"
|
||||
description: "warn"
|
||||
- value: "error"
|
||||
description: "error"
|
||||
- value: "verbose"
|
||||
description: "verbose"
|
||||
- value: "debug"
|
||||
description: "debug"
|
||||
|
||||
# Include{containerConfig}
|
||||
|
||||
- variable: service
|
||||
|
@ -169,7 +967,7 @@ questions:
|
|||
description: "The internal(!) port on the container the Application runs on"
|
||||
schema:
|
||||
type: int
|
||||
default: 3000
|
||||
default: 10132
|
||||
|
||||
- variable: serviceexpert
|
||||
group: "Networking and Services"
|
||||
|
@ -190,6 +988,24 @@ questions:
|
|||
|
||||
# Include{serviceList}
|
||||
|
||||
- variable: persistence
|
||||
label: "Integrated Persistent Storage"
|
||||
description: "Integrated Persistent Storage"
|
||||
group: "Storage and Persistence"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: uploads
|
||||
label: "App Uploads Storage"
|
||||
description: "Stores the Application Uploads."
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{persistenceBasic}
|
||||
# Include{persistenceAdvanced}
|
||||
|
||||
# Include{persistenceList}
|
||||
|
||||
- variable: ingress
|
||||
|
@ -250,7 +1066,7 @@ questions:
|
|||
label: "runAsNonRoot"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
default: true
|
||||
# Include{securityContextAdvanced}
|
||||
|
||||
- variable: podSecurityContext
|
||||
|
@ -265,13 +1081,13 @@ questions:
|
|||
description: "The UserID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
default: 568
|
||||
- variable: fsGroup
|
||||
label: "fsGroup"
|
||||
description: "The group that should own ALL storage."
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
{{/* Define the secrets */}}
|
||||
{{- define "hedgedoc.secrets" -}}
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: hedgedoc-secrets
|
||||
{{- $hedgedocprevious := lookup "v1" "Secret" .Release.Namespace "hedgedoc-secrets" }}
|
||||
{{- $session_secret := "" }}
|
||||
data:
|
||||
{{- if $hedgedocprevious}}
|
||||
CMD_SESSION_SECRET: {{ index $hedgedocprevious.data "CMD_SESSION_SECRET" }}
|
||||
{{- else }}
|
||||
{{- $session_secret := randAlphaNum 32 }}
|
||||
CMD_SESSION_SECRET: {{ $session_secret | b64enc }}
|
||||
{{- end }}
|
||||
|
||||
{{- end -}}
|
|
@ -1 +1,8 @@
|
|||
{{ include "tc.common.loader.all" . }}
|
||||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.common.loader.init" . }}
|
||||
|
||||
{{/* Render secrets for hedgedoc */}}
|
||||
{{- include "hedgedoc.secrets" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.common.loader.apply" . }}
|
||||
|
|
|
@ -1,43 +1,141 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/hedgedoc
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v1.9.3
|
||||
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
tag: v1.9.3@sha256:8aadcc96880e9c11c0ebc633a6f38d3ed2e55582f60d5ee8339af989936c83ac
|
||||
|
||||
env:
|
||||
CMD_DOMAIN: ""
|
||||
CMD_PROTOCOL_USESSL: false
|
||||
CMD_URL_ADDPORT: true
|
||||
DB_NAME: "hedgedoc"
|
||||
DB_USER: "hedgedoc"
|
||||
DB_HOST:
|
||||
NODE_ENV: "production"
|
||||
CMD_PORT: "{{ .Values.service.main.ports.main.port }}"
|
||||
CMD_DB_PORT: "5432"
|
||||
CMD_DB_DIALECT: "postgres"
|
||||
CMD_DB_USERNAME: "{{ .Values.postgresql.postgresqlUsername }}"
|
||||
CMD_DB_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}"
|
||||
CMD_SESSION_SECRET:
|
||||
secretKeyRef:
|
||||
name: mariadbcreds
|
||||
name: hedgedoc-secrets
|
||||
key: CMD_SESSION_SECRET
|
||||
CMD_DB_HOST:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: plainhost
|
||||
DB_PASS:
|
||||
CMD_DB_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: mariadbcreds
|
||||
key: mariadb-password
|
||||
name: dbcreds
|
||||
key: postgresql-password
|
||||
# User Defined
|
||||
CMD_FORBIDDEN_NOTE_IDS: "robots.txt, favicon.ico, api, build, css, docs, fonts, js, uploads, vendor, views"
|
||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||
CMD_SOURCE_URL: ""
|
||||
CMD_TOOBUSY_LAG: 70
|
||||
CMD_ALLOW_GRAVATAR: true
|
||||
CMD_DOMAIN: false
|
||||
CMD_PROTOCOL_USESSL: false
|
||||
CMD_URL_ADDPORT: false
|
||||
# CMD_ALLOW_ORIGIN: "localhost"
|
||||
# CMD_HSTS_ENABLE: true
|
||||
# CMD_HSTS_INCLUDE_SUBDOMAINS: true
|
||||
# CMD_HSTS_MAX_AGE: 31536000
|
||||
# CMD_HSTS_PRELOAD: true
|
||||
# CMD_CSP_ENABLE: true
|
||||
# CMD_CSP_ADD_DISQUS: false
|
||||
# CMD_CSP_ADD_GOOGLE_ANALYTICS: false
|
||||
# CMD_CSP_REPORTURI: ""
|
||||
# CMD_CSP_ALLOW_FRAMING: true
|
||||
# CMD_CSP_ALLOW_PDF_EMBED: true
|
||||
# CMD_COOKIE_POLICY: "lax"
|
||||
# CMD_ALLOW_ANONYMOUS: false
|
||||
# CMD_ALLOW_ANONYMOUS_EDITS: false
|
||||
# CMD_ALLOW_FREEURL: false
|
||||
# CMD_REQUIRE_FREEURL_AUTHENTICATION: true
|
||||
# CMD_DEFAULT_PERMISSION: "editable"
|
||||
# CMD_SESSION_LIFE: 1209600000
|
||||
# CMD_EMAIL: true
|
||||
# CMD_ALLOW_EMAIL_REGISTER: true
|
||||
# CMD_DROPBOX_CLIENTID: ""
|
||||
# CMD_DROPBOX_CLIENTSECRET: ""
|
||||
# CMD_FACEBOOK_CLIENTID: ""
|
||||
# CMD_FACEBOOK_CLIENTSECRET: ""
|
||||
# CMD_GITHUB_CLIENTID: ""
|
||||
# CMD_GITHUB_CLIENTSECRET: ""
|
||||
# CMD_GITLAB_SCOPE: "api"
|
||||
# CMD_GITLAB_BASEURL: ""
|
||||
# CMD_GITLAB_CLIENTID: ""
|
||||
# CMD_GITLAB_CLIENTSECRET: ""
|
||||
# CMD_GITLAB_VERSION: "v4"
|
||||
# CMD_GOOGLE_CLIENTID: ""
|
||||
# CMD_GOOGLE_CLIENTSECRET: ""
|
||||
# CMD_GOOGLE_HOSTEDDOMAIN: ""
|
||||
# CMD_TWITTER_CONSUMERKEY: ""
|
||||
# CMD_TWITTER_CONSUMERSECRET: ""
|
||||
# CMD_MATTERMOST_BASEURL: ""
|
||||
# CMD_MATTERMOST_CLIENTID: ""
|
||||
# CMD_MATTERMOST_CLIENTSECRET: ""
|
||||
# CMD_OAUTH2_USER_PROFILE_URL: ""
|
||||
# CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: ""
|
||||
# CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: ""
|
||||
# CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: ""
|
||||
# CMD_OAUTH2_USER_PROFILE_ID_ATTR: ""
|
||||
# CMD_OAUTH2_TOKEN_URL: ""
|
||||
# CMD_OAUTH2_AUTHORIZATION_URL: ""
|
||||
# CMD_OAUTH2_CLIENT_ID: ""
|
||||
# CMD_OAUTH2_CLIENT_SECRET: ""
|
||||
# CMD_OAUTH2_PROVIDERNAME: ""
|
||||
# CMD_OAUTH2_SCOPE: ""
|
||||
# CMD_OAUTH2_ROLES_CLAIM: ""
|
||||
# CMD_OAUTH2_ACCESS_ROLE: ""
|
||||
# CMD_LDAP_URL: ""
|
||||
# CMD_LDAP_BINDDN: ""
|
||||
# CMD_LDAP_BINDCREDENTIALS: ""
|
||||
# CMD_LDAP_SEARCHBASE: ""
|
||||
# CMD_LDAP_SEARCHFILTER: ""
|
||||
# CMD_LDAP_SEARCHATTRIBUTES: ""
|
||||
# CMD_LDAP_USERIDFIELD: ""
|
||||
# CMD_LDAP_USERNAMEFIELD: ""
|
||||
# CMD_LDAP_TLS_CA: ""
|
||||
# CMD_LDAP_PROVIDERNAME: ""
|
||||
# CMD_SAML_IDPSSOURL: ""
|
||||
# CMD_SAML_IDPCERT: ""
|
||||
# CMD_SAML_CLIENTCERT: ""
|
||||
# CMD_SAML_ISSUER: ""
|
||||
# CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT: false
|
||||
# CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
|
||||
# CMD_SAML_GROUPATTRIBUTE: ""
|
||||
# CMD_SAML_REQUIREDGROUPS: ""
|
||||
# CMD_SAML_EXTERNALGROUPS: ""
|
||||
# CMD_SAML_ATTRIBUTE_ID: ""
|
||||
# CMD_SAML_ATTRIBUTE_USERNAME: ""
|
||||
# CMD_SAML_ATTRIBUTE_EMAIL: ""
|
||||
# CMD_SAML_PROVIDERNAME: ""
|
||||
# CMD_S3_ACCESS_KEY_ID: ""
|
||||
# CMD_S3_SECRET_ACCESS_KEY: ""
|
||||
# CMD_S3_REGION: ""
|
||||
# CMD_S3_BUCKET: ""
|
||||
# CMD_S3_ENDPOINT: ""
|
||||
# CMD_AZURE_CONNECTION_STRING: ""
|
||||
# CMD_AZURE_CONTAINER: ""
|
||||
# CMD_MINIO_ACCESS_KEY: ""
|
||||
# CMD_MINIO_SECRET_KEY: ""
|
||||
# CMD_MINIO_ENDPOINT: ""
|
||||
# CMD_MINIO_PORT: ""
|
||||
# CMD_MINIO_SECURE: true
|
||||
# CMD_IMGUR_CLIENTID: ""
|
||||
# CMD_LUTIM_URL: ""
|
||||
# DEBUG: false
|
||||
# CMD_LOGLEVEL: "info"
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
targetPort: 3000
|
||||
port: 10132
|
||||
|
||||
persistence:
|
||||
varrun:
|
||||
uploads:
|
||||
enabled: true
|
||||
mountPath: "/hedgedoc/public/uploads"
|
||||
|
||||
mariadb:
|
||||
postgresql:
|
||||
enabled: true
|
||||
mariadbUsername: hedgedoc
|
||||
mariadbDatabase: hedgedoc
|
||||
existingSecret: "mariadbcreds"
|
||||
existingSecret: "dbcreds"
|
||||
postgresqlUsername: hedgedoc
|
||||
postgresqlDatabase: hedgedoc
|
||||
|
|
Loading…
Reference in New Issue