# Include{groups} portals: open: protocols: - "$kubernetes-resource_configmap_portal_protocol" host: - "$kubernetes-resource_configmap_portal_host" ports: - "$kubernetes-resource_configmap_portal_port" questions: - variable: portal group: "Container Image" label: "Configure Portal Button" schema: type: dict hidden: true attrs: - variable: enabled label: "Enable" description: "enable the portal button" schema: hidden: true editable: false type: boolean default: true # Include{global} - variable: controller group: "Controller" label: "" schema: additional_attrs: true type: dict attrs: - variable: advanced label: "Show Advanced Controller Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: type description: "Please specify type of workload to deploy" label: "(Advanced) Controller Type" schema: type: string default: "deployment" required: true enum: - value: "deployment" description: "Deployment" - value: "statefulset" description: "Statefulset" - value: "daemonset" description: "Daemonset" - variable: replicas description: "Number of desired pod replicas" label: "Desired Replicas" schema: type: int default: 1 required: true - variable: strategy description: "Please specify type of workload to deploy" label: "(Advanced) Update Strategy" schema: type: string default: "Recreate" required: true enum: - value: "Recreate" description: "Recreate: Kill existing pods before creating new ones" - value: "RollingUpdate" description: "RollingUpdate: Create new pods and then kill old ones" - value: "OnDelete" description: "(Legacy) OnDelete: ignore .spec.template changes" # Include{controllerExpert} - variable: privatebin group: "Container Configuration" label: "PrivateBin Custom Configuration" schema: additional_attrs: true type: dict attrs: - variable: main label: "Main Configuration" schema: additional_attrs: true type: dict attrs: - variable: name label: "name" description: "Set a project name to be displayed on the website" schema: type: string default: "" - variable: basepath label: "basepath" description: "The full URL, with the domain name and directories that point to the PrivateBin files. This URL is essential to allow Opengraph images to be displayed on social networks." schema: type: string default: "" - variable: discussion label: "discussion" description: "Enable or disable the discussion feature" schema: type: boolean default: true - variable: opendiscussion label: "opendiscussion" description: "Preselect the discussion feature" schema: type: boolean default: false - variable: password label: "password" description: "Enable or disable the password feature" schema: type: boolean default: true - variable: fileupload label: "fileupload" description: "Enable or disable the file upload feature" schema: type: boolean default: false - variable: burnafterreadingselected label: "burnafterreadingselected" description: "Preselect the burn-after-reading feature" schema: type: boolean default: false - variable: defaultformatter label: "defaultformatter" description: "Which display mode to preselect by default" schema: type: string default: "plaintext" required: true enum: - value: "plaintext" description: "Plain Text" - value: "syntaxhighlighting" description: "Source Code" - value: "markdown" description: "Markdown" - variable: syntaxhighlightingtheme label: "syntaxhighlightingtheme" description: "Set a syntax highlighting theme" schema: type: string default: "" enum: - value: "" description: "PrivateBin Default" - value: "desert" description: "Desert" - value: "doxy" description: "Doxy" - value: "prettify" description: "Default" - value: "sons-of-obsidian" description: "Sons-Of-Obsidian" - value: "sunburst" description: "Sunburst" - variable: sizelimit label: "sizelimit" description: "Size limit per paste or comment in bytes" schema: type: int default: 10485760 required: true - variable: template label: "template" description: "Template to use" schema: type: string default: "bootstrap" required: true enum: - value: "bootstrap" description: "bootstrap" - value: "bootstrap-page" description: "bootstrap-page" - value: "bootstrap-dark" description: "bootstrap-dark" - value: "bootstrap-dark-page" description: "bootstrap-dark-page" - value: "bootstrap-compact" description: "bootstrap-compact" - value: "bootstrap-compact-page" description: "bootstrap-compact-page" - value: "page" description: "page" - variable: info label: "info" description: "Info text to display. Use single, instead of double quotes for HTML attributes." schema: type: string default: "" - variable: notice label: "notice" description: "Notice to display" schema: type: string default: "" - variable: languageselection label: "languageselection" description: "By default PrivateBin will guess the visitors language based on the browsers settings. Optionally you can enable the language selection menu, which uses a session cookie to store the choice until the browser is closed." schema: type: boolean default: false - variable: languagedefault label: "languagedefault" description: "Set the language your installs defaults to, defaults to English. If this is set and language selection is disabled, this will be the only language." schema: type: string default: "" - variable: urlshortener label: "urlshortener" description: "URL shortener address to offer after a new paste is created. It is suggested to only use this with self-hosted shorteners as this will leak the pastes encryption key." schema: type: string default: "" - variable: qrcode label: "qrcode" description: "Let users create a QR code for sharing the paste URL with one click. It works both when a new paste is created and when you view a paste." schema: type: string default: "" enum: - value: "" description: "PrivateBin Default" - value: "true" description: "true" - value: "false" description: "false" - variable: icon label: "icon" description: "IP based icons are a weak mechanism to detect if a comment was from. a different user when the same username was used in a comment. It might be used to get the IP of a non anonymous comment poster if the server salt is leaked and a SHA256 HMAC rainbow table is generated for all (relevant) IPs." schema: type: string default: "" enum: - value: "" description: "PrivateBin Default" - value: "none" description: "none" - value: "vizhash" description: "vizhash" - value: "identicon" description: "identicon" - variable: cspheader label: "cspheader" description: "Content Security Policy headers allow a website to restrict what sources are allowed to be accessed in its context. You need to change this if you added custom scripts from third-party domains to your templates, e.g. tracking scripts or run your site behind certain DDoS-protection services. Check the documentation at https://content-security-policy.com/" schema: type: string default: "" - variable: zerobincompatibility label: "zerobincompatibility" description: "Stay compatible with PrivateBin Alpha 0.19, less secure. f enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of sha256 in HMAC for the deletion token." schema: type: string default: "" enum: - value: "" description: "PrivateBin Default" - value: "true" description: "true" - value: "false" description: "false" - variable: httpwarning label: "httpwarning" description: "Enable or disable the warning message when the site is served over an insecure connection (insecure HTTP instead of HTTPS). Secure transport methods like Tor and I2P domains are automatically whitelisted. It is **strongly discouraged** to disable this." schema: type: string default: "" enum: - value: "" description: "PrivateBin Default" - value: "true" description: "true" - value: "false" description: "false" - variable: compression label: "compression" description: "Pick compression algorithm or disable it. Only applies to pastes/comments created after changing the setting." schema: type: string default: "" enum: - value: "" description: "PrivateBin Default" - value: "none" description: "none" - value: "zlib" description: "zlib" - variable: expire label: "Expire Configuration" schema: additional_attrs: true type: dict attrs: - variable: default label: "default" description: "Expire value that is selected per default" schema: type: string default: "1week" required: true enum: - value: "5min" description: "5min" - value: "10min" description: "10min" - value: "1hour" description: "1hour" - value: "1day" description: "1day" - value: "1week" description: "1week" - value: "1month" description: "1month" - value: "1year" description: "1year" - value: "never" description: "never" - variable: traffic label: "Traffic Configuration" schema: additional_attrs: true type: dict attrs: - variable: limit label: "limit" description: "Time limit between calls from the same IP address in seconds" schema: type: int default: 10 required: true - variable: exempted label: "exempted" description: "Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted from the rate-limit. Invalid IPs will be ignored. If multiple values are to be exempted, the list needs to be comma separated. Leave unset to disable exemptions." schema: type: string default: "" - variable: creators label: "creators" description: "If you want only some source IP addresses (v4 or v6) or subnets (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be ignored. If multiple values are to be exempted, the list needs to be comma separated. Leave unset to allow anyone to create pastes." schema: type: string default: "" - variable: header label: "header" description: "If your website runs behind a reverse proxy or load balancer, set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR" schema: type: string default: "" - variable: purge label: "Purge Configuration" schema: additional_attrs: true type: dict attrs: - variable: limit label: "limit" description: "Minimum time limit between two purgings of expired pastes, it is only triggered when pastes are created" schema: type: int default: 300 required: true - variable: batchsize label: "batchsize" description: "Maximum amount of expired pastes to delete in one purge. Set this to 0 to disable purging. Set it higher, if you are running a large site." schema: type: int default: 10 required: true # Include{containerConfig} - variable: service group: "Networking and Services" label: "Configure Service(s)" schema: additional_attrs: true type: dict attrs: - variable: main label: "Main Service" description: "The Primary service on which the healthcheck runs, often the webUI" schema: additional_attrs: true type: dict attrs: # Include{serviceSelector} - variable: main label: "Main Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 10248 required: true - variable: advanced label: "Show Advanced settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: protocol label: "Port Type" schema: type: string default: "HTTP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" schema: type: int min: 9000 max: 65535 - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 8080 - variable: serviceexpert group: "Networking and Services" label: "Show Expert Config" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: hostNetwork group: "Networking and Services" label: "Host-Networking (Complicated)" schema: type: boolean default: false # Include{serviceExpert} # Include{serviceList} # Include{persistenceList} - variable: ingress label: "" group: "Ingress" schema: additional_attrs: true type: dict attrs: - variable: main label: "Main Ingress" schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressExpert} # Include{ingressList} # Include{security} - variable: advancedSecurity label: "Show Advanced Security Settings" group: "Security and Permissions" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: securityContext label: "Security Context" schema: additional_attrs: true type: dict attrs: - variable: privileged label: "Privileged mode" schema: type: boolean default: false - variable: readOnlyRootFilesystem label: "ReadOnly Root Filesystem" schema: type: boolean default: true - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: type: boolean default: false - variable: runAsNonRoot label: "runAsNonRoot" schema: type: boolean default: true # Include{securityContextAdvanced} - variable: podSecurityContext group: "Security and Permissions" label: "Pod Security Context" schema: additional_attrs: true type: dict attrs: - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 65534 - variable: runAsGroup label: "runAsGroup" description: "The groupID this App of the user running the application" schema: type: int default: 82 - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage." schema: type: int default: 82 # Include{podSecurityContextAdvanced} # Include{resources} # Include{advanced} # Include{addons}