# Include{groups} questions: # Include{global} # Include{workload} # Include{workloadDeployment} # Include{replicas1} # Include{podSpec} # Include{containerMain} # Include{containerBasic} # Include{containerAdvanced} # Include{containerConfig} # Include{controllerExpert} - variable: tfaAppOptions group: App Configuration label: Application Options schema: type: dict attrs: - variable: secret label: Secret description: Mandatory, can be any string. schema: type: string required: true private: true - variable: port label: Port schema: type: int default: 4181 - variable: logLevel label: Log level schema: type: string default: warn enum: - value: trace description: Trace (most detailed) - value: debug description: Debug - value: info description: Information - value: warn description: Warning - value: error description: Error - value: fatal description: Fatal - value: panic description: Panic (least detailed) - variable: logFormat label: Log format schema: type: string default: text enum: - value: text description: Text - value: json description: JSON - value: pretty description: Pretty - variable: tfaAuthOptions group: App Configuration label: Auth Options schema: type: dict attrs: - variable: authHost label: Auth host description: Single host to use when returning from 3rd party auth. schema: type: string - variable: urlPath label: Callback URL Path schema: type: string default: "/_oauth" - variable: defaultAction label: Default action schema: type: string default: auth enum: - value: auth description: Authenticate - value: allow description: Allow (do not require authentication) - variable: defaultProvider label: Default provider schema: type: string default: google enum: - value: google description: Google Provider - value: oidc description: OIDC Provider - value: generic-oauth description: Generic OAuth2 Provider - variable: domain label: Domains description: Only allow given email domains. schema: type: list default: [] items: - variable: allowedDomain label: Host schema: type: string required: true - variable: whitelist label: Whitelist description: Only allow given email addresses. schema: type: list default: [] items: - variable: allowedEmail label: Host schema: type: string required: true - variable: rules label: Rules description: Additional rules in rule..= format. schema: type: list default: [] items: - variable: rule label: Rule schema: type: string required: true - variable: logoutRedirect label: Logout redirect description: URL to redirect to following logout. schema: type: string - variable: tfaCookieOptions group: App Configuration label: Cookie Options schema: type: dict attrs: - variable: cookieDomain label: Cookie domain hosts schema: type: list default: [] items: - variable: cookieDomainHost label: Host schema: type: string required: true - variable: cookieName label: Cookie name schema: type: string default: "_forward_auth" - variable: csrfCookieName label: CSRF cookie name schema: type: string default: "_forward_auth_csrf" - variable: lifetime label: Lifetime description: Lifetime in seconds. schema: type: int default: 43200 - variable: insecureCookie label: Use insecure cookies schema: type: boolean default: false - variable: tfaGoogleOptions group: App Configuration label: Google Provider schema: type: dict attrs: - variable: clientId label: Client ID schema: type: string private: true - variable: clientSecret label: Client Secret schema: type: string private: true - variable: prompt label: Prompt description: Space separated list of OpenID prompt options. schema: type: string - variable: tfaOidcOptions group: App Configuration label: OIDC Provider schema: type: dict attrs: - variable: issuerUrl label: Issuer URL schema: type: string - variable: clientId label: Client ID schema: type: string private: true - variable: clientSecret label: Client Secret schema: type: string private: true - variable: resource label: Resource description: Optional resource indicator. schema: type: string - variable: tfaOauthOptions group: App Configuration label: Generic OAuth2 Provider schema: type: dict attrs: - variable: authUrl label: Auth/Login URL schema: type: string - variable: tokenUrl label: Token URL schema: type: string - variable: userUrl label: User URL description: URL used to retrieve user info. schema: type: string - variable: clientId label: Client ID schema: type: string private: true - variable: clientSecret label: Client Secret schema: type: string private: true - variable: scopes label: Scopes schema: type: string default: profile, email - variable: tokenStyle label: Token style description: How token is presented when querying the User URL schema: type: string default: header enum: - value: header description: Header - value: query description: Query - variable: resource label: Resource description: Optional resource indicator. schema: type: string # Include{fixedEnv} # Include{containerConfig} # Include{serviceRoot} - variable: main label: "Main Service" description: "The Primary service on which the healthcheck runs, often the webUI" schema: type: dict attrs: # Include{serviceSelector} - variable: main label: "Main Service Port Configuration" schema: type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 4181 required: true - variable: advanced label: "Show Advanced settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: enabled label: "Enable the port" schema: type: boolean default: true - variable: protocol label: "Port Type" schema: type: string default: "HTTP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" schema: type: int min: 9000 max: 65535 - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 4181 # Include{serviceExpertRoot} default: false # Include{serviceExpert} # Include{serviceList} # Include{ingressRoot} - variable: main label: "Main Ingress" schema: type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressExpert} # Include{ingressList} - variable: advancedSecurity label: "Show Advanced Security Settings" group: "Security and Permissions" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: securityContext label: "Security Context" schema: type: dict attrs: - variable: privileged label: "Privileged mode" schema: type: boolean default: false - variable: readOnlyRootFilesystem label: "ReadOnly Root Filesystem" schema: type: boolean default: true - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: type: boolean default: false - variable: runAsNonRoot label: "runAsNonRoot" schema: type: boolean default: true # Include{securityContextAdvanced} # Include{podSecurityContextRoot} - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 568 - variable: runAsGroup label: "runAsGroup" description: "The groupID this App of the user running the application" schema: type: int default: 568 # Include{securityContextContainer} # Include{securityContextAdvanced} # Include{securityContextPod} - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage." schema: type: int default: 568 # Include{resources} # Include{advanced} # Include{addons} # Include{codeserver} # Include{netshoot} # Include{promtail} # Include{netshoot} # Include{vpn}