# Include{groups} portals: open: protocols: - "$kubernetes-resource_configmap_portal_protocol" host: - "$kubernetes-resource_configmap_portal_host" ports: - "$kubernetes-resource_configmap_portal_port" questions: - variable: portal group: "Container Image" label: "Configure Portal Button" schema: type: dict hidden: true attrs: - variable: enabled label: "Enable" description: "enable the portal button" schema: hidden: true editable: false type: boolean default: true # Include{global} - variable: controller group: "Controller" label: "" schema: additional_attrs: true type: dict attrs: - variable: advanced label: "Show Advanced Controller Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: type description: "Please specify type of workload to deploy" label: "(Advanced) Controller Type" schema: type: string default: "deployment" required: true enum: - value: "deployment" description: "Deployment" - value: "statefulset" description: "Statefulset" - value: "daemonset" description: "Daemonset" - variable: replicas description: "Number of desired pod replicas" label: "Desired Replicas" schema: type: int default: 1 required: true - variable: strategy description: "Please specify type of workload to deploy" label: "(Advanced) Update Strategy" schema: type: string default: "Recreate" required: true enum: - value: "Recreate" description: "Recreate: Kill existing pods before creating new ones" - value: "RollingUpdate" description: "RollingUpdate: Create new pods and then kill old ones" - value: "OnDelete" description: "(Legacy) OnDelete: ignore .spec.template changes" # Include{controllerExpert} # Include{containerConfig} - variable: synapse group: "Container Configuration" label: "Synapse Configuration" schema: additional_attrs: true type: dict attrs: - variable: loadCustomConfig label: "Load Custom Config" description: "Load custom config located in /data/custom.yaml" schema: type: boolean default: false - variable: matrix group: "Container Configuration" label: "Matrix Configuration" schema: additional_attrs: true type: dict attrs: - variable: disabled label: "Disable Server Globally" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: disabledMessage label: "Disabled Message" schema: type: string default: "" - variable: serverName label: "Server Name" schema: type: string default: "example.com" - variable: hostname label: "Hostname" schema: type: string default: "matrix.example.com" - variable: clientBaseUrl label: Client Base URL # Assigned to `client_base_url` formerly called `riot_base_url` description: | Custom URL for links within email notifications. If not set links will be based on https://matrix.to schema: type: string default: "" - variable: presence label: "Presence" schema: type: boolean default: true - variable: blockNonAdminInvites label: "Block Non Admin Invites" schema: type: boolean default: false - variable: search label: "Search" schema: type: boolean default: true - variable: encryptByDefault label: "Encrypt By Default" schema: type: string default: "invite" enum: - value: "off" description: "off" - value: "invite" description: "invite" - value: "all" description: "all" - variable: adminEmail label: "Admin Email" schema: type: string default: "admin@example.com" - variable: uploads label: "Uploads Configuration" schema: additional_attrs: true type: dict attrs: - variable: maxSize label: "Max Size" schema: type: string default: "10M" - variable: maxPixels label: "Max Pixels" schema: type: string default: "32M" - variable: urlPreviews label: "URL Previews Configuration" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable URL Previews" schema: type: boolean default: false - variable: federation label: "Federation Configuration" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable Federation" schema: type: boolean default: true - variable: allowPublicRooms label: "Allow Public Rooms" schema: type: boolean default: true # TODO: whitelist: # TODO: blacklist: - variable: registration label: "Registration Configuration" # Enabling captcha instead of mail is also an option but currently only # mail is configurable. description: | Enable registration. If enabled requires this will require enabling and configuring mail for SMTP. schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable Registration" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: requiresToken label: "Requires Token" description: "Require users to submit a token during registration." schema: type: boolean default: true - variable: require3PID label: "Third Party ID" description: "The 3rd party IDs required during registration. (All selected will be required)" schema: type: list default: [] items: - variable: medium label: "Medium" schema: type: string default: "email" enum: - value: "email" description: "Email" - value: "msisdn" description: "MSISDN" - variable: enable3PIDLookup label: "Lookup Third Party ID" schema: type: boolean default: true - variable: disableMSISDNRegistration label: "Disable MSISDN Registration" description: "Override requirement for MSISDN during registration" schema: type: boolean default: false - variable: allowedLocal3PIDs label: "Allowed Local Third Party IDs" description: "Restrict 3PID to specific patterns" schema: type: list default: [] items: - variable: allowed label: "Allowed Third Party ID" schema: type: dict attrs: - variable: medium label: "Medium" schema: type: string required: true default: "email" enum: - value: "email" description: "Email" - value: "msisdn" description: "MSISDN" - variable: pattern label: "Pattern" description: "Regular expression to match against" schema: type: string default: "" required: true - variable: sharedSecret label: "Shared Secret" description: | If set, allows registration of standard or admin accounts by anyone who has the shared secret, even if registration is otherwise disabled schema: type: string default: "" private: true required: true # TODO: required3PIDs # TODO: autoJoinRooms - variable: security label: "Security Configuration" schema: additional_attrs: true type: dict attrs: - variable: surpressKeyServerWarning label: "Surpress Key Server Warning" schema: type: boolean default: true - variable: trustedKeyServers label: "Truested Key Servers" schema: type: list default: [] items: - variable: serverName label: "Server Name" schema: type: string default: "" - variable: verifyKeys label: "Verify Keys" schema: additional_attrs: true type: dict attrs: - variable: id label: "id" schema: type: string default: "" - variable: key label: "key" schema: type: string default: "" private: true - variable: acceptKeysInsecurely label: "Accept Keys Insecurely" schema: type: boolean default: false - variable: logging group: "Container Configuration" label: "Logging Configuration" schema: additional_attrs: true type: dict attrs: # TODO: Find the log levels and make the enum's - variable: rootLogLevel label: "Root Log Level" schema: type: string default: "WARNING" - variable: sqlLogLevel label: "Root Log Level" schema: type: string default: "WARNING" - variable: sqlLogLevel label: "Root Log Level" schema: type: string default: "WARNING" - variable: mail group: "Container Configuration" label: "Mail Configuration" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable Mail" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: from label: "From: " schema: type: string default: "Matrix " - variable: host label: "Host" schema: type: string default: "" - variable: port label: "Port" schema: type: int default: 25 - variable: username label: "Username" schema: type: string default: "" - variable: password label: "Password" schema: type: string default: "" private: true - variable: requireTransportSecurity label: "Require Transport Security" schema: type: boolean default: true - variable: coturn group: "Container Configuration" label: "Coturn Configuration" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable Coturn" schema: type: boolean default: false - variable: service group: "Networking and Services" label: "Configure Service(s)" schema: additional_attrs: true type: dict attrs: - variable: main label: "Main Service" description: "The Primary service on which the healthcheck runs, often the webUI" schema: additional_attrs: true type: dict attrs: # Include{serviceSelector} - variable: main label: "Main Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 8008 required: true - variable: advanced label: "Show Advanced settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: protocol label: "Port Type" schema: type: string default: "HTTP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" schema: type: int min: 9000 max: 65535 - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 8008 - variable: federation label: "federation Service" description: "The federation service" schema: additional_attrs: true type: dict attrs: # Include{serviceSelector} - variable: federation label: "federation Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 8448 required: true - variable: advanced label: "Show Advanced settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: protocol label: "Port Type" schema: type: string default: "HTTP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" schema: type: int min: 9000 max: 65535 - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 8008 - variable: serviceexpert group: "Networking and Services" label: "Show Expert Config" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: hostNetwork group: "Networking and Services" label: "Host-Networking (Complicated)" schema: type: boolean default: false # Include{serviceExpert} # Include{serviceList} - variable: persistence label: "Integrated Persistent Storage" description: "Integrated Persistent Storage" group: "Storage and Persistence" schema: additional_attrs: true type: dict attrs: - variable: key label: "App Key Storage" description: "Stores the Application Key." schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} # Include{persistenceAdvanced} - variable: media label: "App Media Storage" description: "Stores the Application Media." schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} # Include{persistenceAdvanced} - variable: uploads label: "App Upload Storage" description: "Stores the Application Upload." schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} # Include{persistenceAdvanced} # Include{persistenceList} - variable: ingress label: "" group: "Ingress" schema: additional_attrs: true type: dict attrs: - variable: main label: "Main Ingress" schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressExpert} # Include{ingressList} # Include{security} - variable: advancedSecurity label: "Show Advanced Security Settings" group: "Security and Permissions" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: securityContext label: "Security Context" schema: additional_attrs: true type: dict attrs: - variable: privileged label: "Privileged mode" schema: type: boolean default: false - variable: readOnlyRootFilesystem label: "ReadOnly Root Filesystem" schema: type: boolean default: true - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: type: boolean default: true - variable: runAsNonRoot label: "runAsNonRoot" schema: type: boolean default: true # Include{securityContextAdvanced} - variable: podSecurityContext group: "Security and Permissions" label: "Pod Security Context" schema: additional_attrs: true type: dict attrs: - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 568 - variable: runAsGroup label: "runAsGroup" description: "The groupID this App of the user running the application" schema: type: int default: 568 - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage." schema: type: int default: 568 # Include{podSecurityContextAdvanced} # Include{resources} # Include{advanced} # Include{addons}