# Include{groups} portals: open: protocols: - "$kubernetes-resource_configmap_portal_protocol" host: - "$kubernetes-resource_configmap_portal_host" ports: - "$kubernetes-resource_configmap_portal_port" path: "/guacamole" questions: - variable: portal group: "Container Image" label: "Configure Portal Button" schema: type: dict hidden: true attrs: - variable: enabled label: "Enable" description: "enable the portal button" schema: hidden: true editable: false type: boolean default: true # Include{global} - variable: controller group: "Controller" label: "" schema: additional_attrs: true type: dict attrs: - variable: advanced label: "Show Advanced Controller Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: type description: "Please specify type of workload to deploy" label: "(Advanced) Controller Type" schema: type: string default: "deployment" required: true enum: - value: "deployment" description: "Deployment" - value: "statefulset" description: "Statefulset" - value: "daemonset" description: "Daemonset" - variable: replicas description: "Number of desired pod replicas" label: "Desired Replicas" schema: type: int default: 1 required: true - variable: strategy description: "Please specify type of workload to deploy" label: "(Advanced) Update Strategy" schema: type: string default: "Recreate" required: true enum: - value: "Recreate" description: "Recreate: Kill existing pods before creating new ones" - value: "RollingUpdate" description: "RollingUpdate: Create new pods and then kill old ones" - value: "OnDelete" description: "(Legacy) OnDelete: ignore .spec.template changes" # Include{controllerExpert} - variable: env group: "Container Configuration" label: "Image Environment" schema: additional_attrs: true type: dict attrs: - variable: GUACD_HOSTNAME label: "Guacd Hostname" description: "The hostname of the guacd instance to use to establish remote desktop connections" schema: type: string required: true default: "" - variable: GUACD_PORT label: "Guacd Port" description: "The port that Guacamole should use when connecting to guacd" schema: type: int required: true default: 4822 # Include{containerConfig} - variable: general group: "App Configuration" label: "General Configuration" schema: additional_attrs: true type: dict attrs: - variable: EXTENSION_PRIORITY label: "Extension Priority (Leave blank for default)" description: "A comma-separated list of the namespaces of all extensions that should be loaded in a specific order" schema: type: string default: "" - variable: api group: "App Configuration" label: "API Configuration" schema: additional_attrs: true type: dict attrs: - variable: API_SESSION_TIMEOUT label: "API Session Timeout (Leave blank for default)" schema: type: string default: "" - variable: totp group: "App Configuration" label: "TOTP Configuration" schema: additional_attrs: true type: dict attrs: - variable: TOTP_ENABLED label: "Enable TOTP" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: TOTP_ISSUER label: "TOTP Issuer (Leave blank for default)" schema: type: string default: "" - variable: TOTP_PERIOD label: "TOTP Period (Leave blank for default)" schema: type: string default: "" - variable: TOTP_DIGITS label: "TOTP Digits" schema: type: string default: "" enum: - value: "" description: "default" - value: "6" description: "6" - value: "7" description: "7" - value: "8" description: "8" - variable: TOTP_MODE label: "TOTP Mode" schema: type: string default: "" enum: - value: "" description: "default" - value: "sha1" description: "sha1" - value: "sha256" description: "sha256" - value: "sha512" description: "sha512" - variable: header group: "App Configuration" label: "Header Configuration" schema: additional_attrs: true type: dict attrs: - variable: HEADER_ENABLED label: "Enable Header" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: HTTP_AUTH_HEADER label: "HTTP Auth Header (Leave blank for default)" schema: type: string default: "" - variable: json group: "App Configuration" label: "JSON Configuration" schema: additional_attrs: true type: dict attrs: - variable: json_enabled label: "Enable JSON" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: JSON_SECRET_KEY label: "JSON Secret Key" schema: type: string required: true default: "" - variable: JSON_TRUSTED_NETWORKS label: "JSON Trusted Networks (Leave blank for unrestricted" description: "Comma separated list e.g.: 127.0.0.0/8, 10.0.0.0/8" schema: type: string default: "" - variable: duo group: "App Configuration" label: "DUO Configuration" schema: additional_attrs: true type: dict attrs: - variable: duo_enabled label: "Enable DUO" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: DUO_API_HOSTNAME label: "DUO API Hostname (api-XXXXXXXX.duosecurity.com)" schema: type: string required: true default: "" - variable: DUO_INTEGRATION_KEY label: "DUO Integration Key (Exactly 20 chars)" schema: min_length: 20 max_length: 20 type: string required: true default: "" - variable: DUO_SECRET_KEY label: "DUO Secret Key (Exactly 40 chars)" schema: min_length: 40 max_length: 40 type: string required: true default: "" - variable: DUO_APPLICATION_KEY label: "DUO Application Key (At least 40 chars)" schema: min_length: 40 type: string required: true default: "" - variable: cas group: "App Configuration" label: "CAS Configuration" schema: additional_attrs: true type: dict attrs: - variable: cas_enabled label: "Enable CAS" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CAS_AUTHORIZATION_ENDPOINT label: "CAS Authorization Endpoint" schema: type: string required: true default: "" - variable: CAS_REDIRECT_URI label: "CAS Redirect URI" schema: type: string required: true default: "" - variable: CAS_CLEARPASS_KEY label: "CAS Clearpass Key" schema: type: string default: "" - variable: CAS_GROUP_ATTRIBUTE label: "CAS Group Attribute" schema: type: string default: "" - variable: CAS_GROUP_LDAP_BASE_DN label: "CAS Group LDAP Base DN" schema: type: string default: "" - variable: CAS_GROUP_LDAP_ATTRIBUTE label: "CAS Group LDAP Attribute" schema: type: string default: "" - variable: CAS_GROUP_FORMAT label: "CAS Group Format" schema: type: string default: "" enum: - value: "" description: "default" - value: "plain" description: "plain" - value: "ldap" description: "ldap" - variable: openid group: "App Configuration" label: "OpenID Configuration" schema: additional_attrs: true type: dict attrs: - variable: openid_enabled label: "Enable OpenID" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: OPENID_AUTHORIZATION_ENDPOINT label: "OpenID Authorization Endpoint" schema: type: string required: true default: "" - variable: OPENID_JWKS_ENDPOINT label: "OpenID JWKS Endpoint" schema: type: string required: true default: "" - variable: OPENID_ISSUER label: "OpenID Issuer" schema: type: string required: true default: "" - variable: OPENID_CLIENT_ID label: "OpenID Client ID" schema: type: string required: true default: "" - variable: OPENID_REDIRECT_URI label: "OpenID Redirect URI" schema: type: string required: true default: "" - variable: OPENID_USERNAME_CLAIM_TYPE label: "OpenID Username Claim Type (Leave blank for default)" schema: type: string default: "" - variable: OPENID_GROUPS_CLAIM_TYPE label: "OpenID Groups Claim Type (Leave blank for default)" schema: type: string default: "" - variable: OPENID_MAX_TOKEN_VALIDITY label: "OpenID Max Token Validity (Leave blank for default)" schema: type: string default: "" - variable: radius group: "App Configuration" label: "Radius Configuration" schema: additional_attrs: true type: dict attrs: - variable: radius_enabled label: "Enable Radius" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: RADIUS_SHARED_SECRET label: "Radius Shared Secret" schema: type: string required: true default: "" - variable: RADIUS_AUTH_PROTOCOL label: "Radius Auth Protocol" schema: type: string required: true default: "eap-tls" enum: - value: "pap" description: "pap" - value: "chap" description: "chap" - value: "mschapv1" description: "mschapv1" - value: "mschapv2" description: "mschapv2" - value: "eap-md5" description: "eap-md5" - value: "eap-tls" description: "eap-tls" - value: "eap-ttls" description: "eap-ttls" - variable: RADIUS_HOSTNAME label: "Radius Hostname (Leave blank for default)" schema: type: string default: "" - variable: RADIUS_AUTH_PORT label: "Radius Auth Port (Leave blank for default)" schema: type: string default: "" - variable: RADIUS_KEY_FILE label: "Radius Key File (Leave blank for default)" schema: type: string default: "" - variable: RADIUS_KEY_TYPE label: "Radius Key Type" schema: type: string default: "" enum: - value: "" description: "Default" - value: "pem" description: "pem" - value: "jceks" description: "jceks" - value: "jks" description: "jks" - value: "pkcs12" description: "pkcs12" - variable: RADIUS_KEY_PASSWORD label: "Radius Key Password (Leave blank if no password)" schema: type: string default: "" - variable: RADIUS_CA_FILE label: "Radius CA File (Leave blank for default)" schema: type: string default: "" - variable: RADIUS_CA_TYPE label: "Radius CA Type" schema: type: string default: "" enum: - value: "" description: "Default" - value: "pem" description: "pem" - value: "jceks" description: "jceks" - value: "jks" description: "jks" - value: "pkcs12" description: "pkcs12" - variable: RADIUS_CA_PASSWORD label: "Radius CA Password (Leave blank if no password)" schema: type: string default: "" - variable: RADIUS_TRUST_ALL label: "Radius Trust All" schema: type: boolean default: false - variable: RADIUS_RETRIES label: "Radius Retries (Leave blank for default)" schema: type: string default: "" - variable: RADIUS_TIMEOUT label: "Radius Timeout (Leave blank for default)" schema: type: string default: "" - variable: RADIUS_EAP_TTLS_INNER_PROTOCOL label: "Radius eap-ttls Inner Protocol" description: "Only has effect when RADIUS_AUTH_PROTOCOL is set to eap-ttls" schema: type: string default: "eap-tls" enum: - value: "pap" description: "pap" - value: "chap" description: "chap" - value: "mschapv1" description: "mschapv1" - value: "mschapv2" description: "mschapv2" - value: "eap-md5" description: "eap-md5" - value: "eap-tls" description: "eap-tls" - variable: ldap group: "App Configuration" label: "LDAP Configuration" schema: additional_attrs: true type: dict attrs: - variable: ldap_enabled label: "Enable LDAP" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: LDAP_HOSTNAME label: "LDAP Hostname (Leave blank for default)" schema: type: string required: true default: "" - variable: LDAP_USER_BASE_DN label: "LDAP User Base DN" schema: type: string required: true default: "" - variable: LDAP_PORT label: "LDAP Port (Leave blank for default)" schema: type: string default: "" - variable: LDAP_ENCRYPTION_METHOD label: "LDAP Encryption Method (Leave blank for default)" schema: type: string default: "" enum: - value: "" description: "Default" - value: "none" description: "none" - value: "ssl" description: "ssl" - value: "starttls" description: "starttls" - variable: LDAP_MAX_SEARCH_RESULTS label: "LDAP Max Search Results (Leave blank for default)" schema: type: string default: "" - variable: LDAP_SEARCH_BIND_DN label: "LDAP Search Bind DN (Leave blank for default)" schema: type: string default: "" - variable: LDAP_USER_ATTRIBUTES label: "LDAP User Attributes" schema: type: string default: "" - variable: LDAP_SEARCH_BIND_PASSWORD label: "LDAP Search Bind Password (Leave blank if no password)" schema: type: string default: "" - variable: LDAP_USERNAME_ATTRIBUTE label: "LDAP Username Attribute" schema: type: string default: "" - variable: LDAP_MEMBER_ATTRIBUTE label: "LDAP Member Attribute" schema: type: string default: "" - variable: LDAP_USER_SEARCH_FILTER label: "LDAP User Search Filter (Leave blank for default)" schema: type: string default: "" - variable: LDAP_CONFIG_BASE_DN label: "LDAP Config Base DN" schema: type: string default: "" - variable: LDAP_GROUP_BASE_DN label: "LDAP Group Base DN" schema: type: string default: "" - variable: LDAP_GROUP_SEARCH_FILTER label: "LDAP Group Search Filter (Leave blank for default)" schema: type: string default: "" - variable: LDAP_MEMBER_ATTRIBUTE_TYPE label: "LDAP Encryption Method" schema: type: string default: "" enum: - value: "" description: "Default" - value: "dn" description: "dn" - value: "uid" description: "uid" - variable: LDAP_GROUP_NAME_ATTRIBUTE label: "LDAP Group Name Attribute (Leave blank for default)" schema: type: string default: "" - variable: LDAP_DEREFERENCE_ALIASES label: "LDAP Dereference Aliases" schema: type: string default: "" enum: - value: "" description: "Default" - value: "never" description: "never" - value: "searching" description: "searching" - value: "finding" description: "finding" - value: "always" description: "always" - variable: LDAP_FOLLOW_REFERRALS label: "LDAP Follow Referrals" schema: type: boolean default: false - variable: LDAP_MAX_REFERRAL_HOPS label: "LDAP Max Referrals Hops (Leave blank for default)" schema: type: string default: "" - variable: LDAP_OPERATION_TIMEOUT label: "LDAP Operation Timeout (Leave blank for default)" schema: type: string default: "" - variable: saml group: "App Configuration" label: "SAML Configuration" schema: additional_attrs: true type: dict attrs: - variable: saml_enabled label: "Enable SAML" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: SAML_IDP_METADATA_URL label: "SAML IDP Metadata URL" schema: type: string default: "" - variable: SAML_IDP_URL label: "SAML IDP URL" schema: type: string default: "" - variable: SAML_ENTITY_ID label: "SAML Entity ID" schema: type: string default: "" - variable: SAML_CALLBACK_URL label: "SAML Callback URL" schema: type: string default: "" - variable: SAML_STRICT label: "SAML Strict" schema: type: boolean default: true - variable: SAML_DEBUG label: "SAML Debug" schema: type: boolean default: false - variable: SAML_COMPRESS_REQUEST label: "SAML Compress Request" schema: type: boolean default: true - variable: SAML_COMPRESS_RESPONSE label: "SAML Compress Response" schema: type: boolean default: true - variable: SAML_GROUP_ATTRIBUTE label: "SAML Group Attribute (Leave empty for default)" schema: type: string default: "" - variable: service group: "Networking and Services" label: "Configure Service(s)" schema: additional_attrs: true type: dict attrs: - variable: main label: "Main Service" description: "The Primary service on which the healthcheck runs, often the webUI" schema: additional_attrs: true type: dict attrs: # Include{serviceSelector} - variable: main label: "Main Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 9998 required: true - variable: advanced label: "Show Advanced settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: enabled label: "Enable the port" schema: type: boolean default: true - variable: protocol label: "Port Type" schema: type: string default: "HTTP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" schema: type: int min: 9000 max: 65535 - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 8080 - variable: serviceexpert group: "Networking and Services" label: "Show Expert Config" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: hostNetwork group: "Networking and Services" label: "Host-Networking (Complicated)" schema: type: boolean default: false # Include{serviceExpert} # Include{serviceList} # Include{persistenceList} - variable: ingress label: "" group: "Ingress" schema: additional_attrs: true type: dict attrs: - variable: main label: "Main Ingress" schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressExpert} # Include{ingressList} # Include{security} - variable: advancedSecurity label: "Show Advanced Security Settings" group: "Security and Permissions" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: securityContext label: "Security Context" schema: additional_attrs: true type: dict attrs: - variable: privileged label: "Privileged mode" schema: type: boolean default: false - variable: readOnlyRootFilesystem label: "ReadOnly Root Filesystem" schema: type: boolean default: false - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: type: boolean default: false - variable: runAsNonRoot label: "runAsNonRoot" schema: type: boolean default: true # Include{securityContextAdvanced} - variable: podSecurityContext group: "Security and Permissions" label: "Pod Security Context" schema: additional_attrs: true type: dict attrs: - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 1001 - variable: runAsGroup label: "runAsGroup" description: "The groupID this App of the user running the application" schema: type: int default: 1001 - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage" schema: type: int default: 568 # Include{podSecurityContextAdvanced} # Include{resources} # Include{advanced} # Include{addons}