# Include{groups} questions: # Include{global} - variable: clusterIssuer group: App Configuration label: Cluster Certificate Issuer schema: additional_attrs: true type: dict attrs: - variable: ACME label: 'ACME Issuer' schema: type: list default: [] items: - variable: ACMEEntry label: 'ACME Issuer Entry' schema: additional_attrs: true type: dict attrs: - variable: name label: Name description: "Name to give the issuer" schema: type: string required: true valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$' default: "" - variable: type label: Type or DNS-Provider description: DNS Provider schema: type: string default: cloudflare enum: - value: cloudflare description: Cloudflare - value: route53 description: Route53 - value: akamai description: Akamai - value: digitalocean description: Digitalocean - value: rfc2136 description: rfc2136 (Advanced) - value: HTTP01 description: HTTP01 (Experimental) - value: acmedns description: ACME DNS (Advanced) - variable: server label: Server description: "Server for ACME, for example: letsencrypt" schema: type: string default: 'Letsencrypt-Production' enum: - value: 'https://acme-v02.api.letsencrypt.org/directory' description: Letsencrypt-Production - value: 'https://acme-staging-v02.api.letsencrypt.org/directory' description: Letsencrypt-Staging - value: 'https://api.buypass.no/acme-v02/directory' description: BuyPass-Production - value: 'https://api.test4.buypass.no/acme-v02/directory' description: BuyPass-Staging - value: custom description: Custom - variable: customServer label: Custom ACME Server (Advanced) description: "This can be used to enter your own custom ACME server" schema: type: string show_if: [["server", "=", "custom"]] default: 'https://acme-staging-v02.api.letsencrypt.org/directory' - variable: caBundle label: Trusted CABundle for private ACME server description: "Trusted CABundle for private ACME server, encoded in base64" schema: type: string show_if: [["server", "=", "custom"]] - variable: email label: Email description: "Email adress to use for certificate issuing must match your DNS provider email when required" schema: type: string required: true default: "something@example.com" - variable: cfapikey label: CloudFlare API key description: "CloudFlare API Key" schema: show_if: [["type", "=", "cloudflare"]] type: string default: "" - variable: cfapitoken label: CloudFlare API Token description: "CloudFlare API Token" schema: show_if: [["type", "=", "cloudflare"]] type: string default: "" - variable: region label: Route53 Region description: "Route 53 Region" schema: show_if: [["type", "=", "route53"]] type: string required: true default: "us-west-1" - variable: accessKeyID label: Route53 accessKeyID description: "Route53 accessKeyID" schema: show_if: [["type", "=", "route53"]] type: string required: true default: "" - variable: route53SecretAccessKey label: Route53 Secret Access Key description: "Route53 Secret Access Key" schema: show_if: [["type", "=", "route53"]] type: string required: true default: "" - variable: role label: Route53 Role (optional) description: "Route53 Role" schema: show_if: [["type", "=", "route53"]] type: string default: "" - variable: serviceConsumerDomain label: Akamai Service Consumer Domain description: "Akamai Service Consumer Domain" schema: show_if: [["type", "=", "akamai"]] type: string required: true default: "" - variable: akclientToken label: Akamai Client Token description: "Client Token" schema: show_if: [["type", "=", "akamai"]] type: string required: true default: "" - variable: akclientSecret label: Akamai Client Secret description: "Akamai Client Secret" schema: show_if: [["type", "=", "akamai"]] type: string required: true default: "" - variable: akaccessToken label: Akamai Access Token description: "Akamai Access Token" schema: show_if: [["type", "=", "akamai"]] type: string required: true default: "" - variable: doaccessToken label: Digitalocean Access Token description: "Digitalocean Access Token" schema: show_if: [["type", "=", "digitalocean"]] type: string required: true default: "" - variable: nameserver label: rfc2136 Namesever description: "rfc2136 Namesever" schema: show_if: [["type", "=", "rfc2136"]] type: string required: true default: "" - variable: tsigKeyName label: rfc2136 tsig Key Name description: "rfc2136 tsig Key Name" schema: show_if: [["type", "=", "rfc2136"]] type: string required: true default: "" - variable: tsigAlgorithm label: rfc2136 tsig Algorithm description: "rfc2136 tsig Algorithm" schema: show_if: [["type", "=", "rfc2136"]] type: string required: true default: "" - variable: rfctsigSecret label: rfc2136 sig Secret description: "rfc2136 sig Secret" schema: show_if: [["type", "=", "rfc2136"]] type: string required: true default: "" - variable: acmednsHost label: ACME DNS host description: "ACME DNS API server address" schema: show_if: [["type", "=", "acmedns"]] type: string required: true default: "https://auth.acme-dns.io" - variable: acmednsConfig label: ACME DNS config description: "ACME DNS per-domain auth configuration" schema: show_if: [["type", "=", "acmedns"]] type: list default: [] items: - variable: acmednsEntry label: 'ACME DNS entry' schema: type: dict attrs: - variable: domain label: Domain schema: type: string required: true - variable: username label: Username schema: type: string required: true - variable: password label: Password schema: type: string required: true - variable: fulldomain label: Full domain schema: type: string required: true - variable: subdomain label: Subdomain schema: type: string required: true - variable: allowFrom label: Allow from schema: type: list default: [] items: - variable: cidr label: CIDR schema: type: ipaddr cidr: true required: true - variable: CA label: Certificate Authority Issuer schema: type: list default: [] items: - variable: CAEntry label: 'CA Issuer Entry' schema: additional_attrs: true type: dict attrs: - variable: name label: Name description: "Name to give the issuer" schema: type: string required: true valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$' default: "" - variable: selfSigned label: selfSigned description: "Create Self Signed CA cert" schema: type: boolean default: true - variable: selfSignedCommonName label: selfSigned CommonName description: "Common name for selfSigned Certiticate Authority" schema: type: string required: true show_if: [["selfSigned", "=", true]] default: "my-selfsigned-ca" - variable: crt label: "Custom CA cert (experimental)" description: "certificate for Certiticate Authority" schema: type: string required: true max_length: 10240 show_if: [["selfSigned", "=", false]] default: "" - variable: key label: "Custom CA key (experimental)" description: "key Certiticate Authority" schema: type: string required: true max_length: 10240 show_if: [["selfSigned", "=", false]] default: "" - variable: selfSigned label: 'SelfSigned Issuer' schema: additional_attrs: true type: dict attrs: - variable: enabled label: enabled description: "Enable self-signed issuer" schema: type: boolean default: true - variable: name label: Name description: "Name to give the issuer" schema: type: string required: true valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$' default: "selfsigned" - variable: clusterCertificates group: App Configuration label: Cluster Wide Certificates (Advanced) description: "Creates certificates for use within the entire cluster. Can be used to create wildcard certificates." schema: additional_attrs: true type: dict attrs: - variable: certificates label: Cluster Certificates schema: type: list default: [] items: - variable: CertEntry label: 'Certificate Entry' schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enabled schema: type: boolean default: true - variable: name label: Certificate Name schema: type: string required: true default: "" - variable: certificateIssuer label: Cert-Manager clusterIssuer description: "One of the Cert-Manager clusterIssuers defined above" schema: type: string required: true valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$' default: "selfsigned" - variable: hosts label: Certificate Hosts description: "NOTE: Creation of wildcard certificates with an ACME issuer requires a DNSO1 solver to be set up." schema: type: list default: [] items: - variable: host label: Host schema: type: string default: "" required: true - variable: customMetrics group: Metrics label: Prometheus Metrics schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enabled description: Enable Prometheus Metrics schema: type: boolean default: true