# Include{groups} portals: open: protocols: - "$kubernetes-resource_configmap_portal_protocol" host: - "$kubernetes-resource_configmap_portal_host" ports: - "$kubernetes-resource_configmap_portal_port" path: "/" admin: protocols: - "$kubernetes-resource_configmap_portal_protocol" host: - "$kubernetes-resource_configmap_portal_host" ports: - "$kubernetes-resource_configmap_portal_port" path: "/admin/" questions: - variable: portal group: "Container Image" label: "Configure Portal Button" schema: type: dict hidden: true attrs: - variable: enabled label: "Enable" description: "enable the portal button" schema: hidden: true editable: false type: boolean default: true # Include{global} - variable: controller group: "Controller" label: "" schema: additional_attrs: true type: dict attrs: - variable: advanced label: "Show Advanced Controller Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: type description: "Please specify type of workload to deploy" label: "(Advanced) Controller Type" schema: type: string default: "deployment" required: true enum: - value: "deployment" description: "Deployment" - value: "statefulset" description: "Statefulset" - value: "daemonset" description: "Daemonset" - variable: replicas description: "Number of desired pod replicas" label: "Desired Replicas" schema: type: int default: 1 required: true - variable: strategy description: "Please specify type of workload to deploy" label: "(Advanced) Update Strategy" schema: type: string default: "Recreate" required: true enum: - value: "Recreate" description: "Recreate: Kill existing pods before creating new ones" - value: "RollingUpdate" description: "RollingUpdate: Create new pods and then kill old ones" - value: "OnDelete" description: "(Legacy) OnDelete: ignore .spec.template changes" # Include{controllerExpert} - variable: secretEnv group: "Container Configuration" label: "Image Secrets" schema: additional_attrs: true type: dict attrs: - variable: DNS_SERVER_ADMIN_PASSWORD label: "DNS_SERVER_ADMIN_PASSWORD" description: "DNS web console admin user password." schema: type: string default: "" private: true required: true - variable: env group: "Container Configuration" label: "Image Environment" schema: additional_attrs: true type: dict attrs: - variable: DNS_SERVER_DOMAIN label: "DNS_SERVER_DOMAIN" description: "The primary domain name used by this DNS Server to identify itself." schema: type: string default: "dns-server" required: true - variable: DNS_SERVER_PREFER_IPV6 label: "DNS_SERVER_PREFER_IPV6" description: "DNS Server will use IPv6 for querying whenever possible with this option enabled." schema: type: boolean default: false - variable: DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP label: "DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP" description: "Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx." schema: type: boolean default: false - variable: DNS_SERVER_RECURSION label: "DNS_SERVER_RECURSION" schema: type: string default: "AllowOnlyForPrivateNetworks" enum: - value: "AllowOnlyForPrivateNetworks" description: "AllowOnlyForPrivateNetworks" - value: "UseSpecifiedNetworks" description: "UseSpecifiedNetworks" - value: "Allow" description: "Allow" - value: "Deny" description: "Deny" - variable: DNS_SERVER_RECURSION_DENIED_NETWORKS label: "DNS_SERVER_RECURSION_DENIED_NETWORKS" description: "Comma separated list of IP addresses or network addresses to deny recursion. Valid only for UseSpecifiedNetworks recursion option." schema: show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]] type: string default: "1.1.1.0/24" - variable: DNS_SERVER_RECURSION_ALLOWED_NETWORKS label: "DNS_SERVER_RECURSION_ALLOWED_NETWORKS" description: "Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworks` recursion option." schema: show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]] type: string default: "127.0.0.1, 192.168.1.0/24" - variable: DNS_SERVER_ENABLE_BLOCKING label: "DNS_SERVER_ENABLE_BLOCKING" description: "Sets the DNS server to block domain names using Blocked Zone and Block List Zone." schema: type: boolean default: false - variable: DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT label: "DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT" description: "Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests." schema: type: boolean default: false - variable: DNS_SERVER_FORWARDERS label: "DNS_SERVER_FORWARDERS" description: "Comma separated list of forwarder addresses." schema: type: string default: "1.1.1.1, 8.8.8.8" - variable: DNS_SERVER_FORWARDER_PROTOCOL label: "DNS_SERVER_FORWARDER_PROTOCOL" description: "Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson." schema: type: string default: "Tcp" enum: - value: "AllowOnlyForPrivateNetworks" description: "AllowOnlyForPrivateNetworks" - value: "Udp" description: "Udp" - value: "Tcp" description: "Tcp" - value: "Tls" description: "Tls" - value: "Https" description: "Https" - value: "HttpsJson" description: "HttpsJson" # Include{containerConfig} - variable: service group: "Networking and Services" label: "Configure Service(s)" schema: additional_attrs: true type: dict attrs: - variable: main label: "Main Service" description: "The Primary service on which the healthcheck runs, often the webUI" schema: additional_attrs: true type: dict attrs: # Include{serviceSelector} - variable: main label: "Main Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 5380 required: true - variable: advanced label: "Show Advanced settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: protocol label: "Port Type" schema: type: string default: "HTTP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" schema: type: int min: 9000 max: 65535 - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 5380 - variable: dns-udp label: "DNS-UDP Service" description: "DNS-UDP Service" schema: additional_attrs: true type: dict attrs: # Include{serviceSelector} - variable: dns-udp label: "DNS-UDP Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 53 required: true - variable: advanced label: "Show Advanced settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: protocol label: "Port Type" schema: type: string default: "UDP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" schema: type: int min: 9000 max: 65535 - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 53 - variable: dns-tcp label: "DNS-TCP Service" description: "DNS-TCP Service" schema: additional_attrs: true type: dict attrs: # Include{serviceSelector} - variable: dns-tcp label: "DNS-TCP Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 53 required: true - variable: advanced label: "Show Advanced settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: protocol label: "Port Type" schema: type: string default: "TCP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" schema: type: int min: 9000 max: 65535 - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 53 - variable: dns-tls label: "DNS-TLS Service" description: "DNS-TLS Service" schema: additional_attrs: true type: dict attrs: # Include{serviceSelector} - variable: dns-tls label: "DNS-TLS Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 853 required: true - variable: advanced label: "Show Advanced settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: protocol label: "Port Type" schema: type: string default: "TCP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" schema: type: int min: 9000 max: 65535 - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 853 - variable: dns-cert label: "DNS-over-HTTPS Certbot Service" description: "DNS-over-HTTPS Certbot Service" schema: additional_attrs: true type: dict attrs: # Include{serviceSelector} - variable: dns-cert label: "DNS-over-HTTPS Certbot Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 10202 required: true - variable: advanced label: "Show Advanced settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: protocol label: "Port Type" schema: type: string default: "TCP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" schema: type: int min: 9000 max: 65535 - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 80 - variable: dns-https label: "DNS-over-HTTPS Service" description: "DNS-over-HTTPS Service" schema: additional_attrs: true type: dict attrs: # Include{serviceSelector} - variable: dns-https label: "DNS-over-HTTPS Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 10203 required: true - variable: advanced label: "Show Advanced settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: protocol label: "Port Type" schema: type: string default: "TCP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" schema: type: int min: 9000 max: 65535 - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 443 - variable: dns-https-proxy label: "DNS-over-HTTPS Reverse Proxy Service" description: "DNS-over-HTTPS Reverse Proxy Service" schema: additional_attrs: true type: dict attrs: # Include{serviceSelector} - variable: dns-https-proxy label: "DNS-over-HTTPS Reverse Proxy Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 10204 required: true - variable: advanced label: "Show Advanced settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: protocol label: "Port Type" schema: type: string default: "TCP" enum: - value: HTTP description: "HTTP" - value: "HTTPS" description: "HTTPS" - value: TCP description: "TCP" - value: "UDP" description: "UDP" - variable: nodePort label: "Node Port (Optional)" description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" schema: type: int min: 9000 max: 65535 - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 8053 - variable: serviceexpert group: "Networking and Services" label: "Show Expert Config" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: hostNetwork group: "Networking and Services" label: "Host-Networking (Complicated)" schema: type: boolean default: false # Include{serviceExpert} # Include{serviceList} - variable: persistence label: "Integrated Persistent Storage" description: "Integrated Persistent Storage" group: "Storage and Persistence" schema: additional_attrs: true type: dict attrs: - variable: config label: "App Config Storage" description: "Stores the Application Configuration." schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} # Include{persistenceAdvanced} # Include{persistenceList} - variable: ingress label: "" group: "Ingress" schema: additional_attrs: true type: dict attrs: - variable: main label: "Main Ingress" schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressExpert} - variable: dns-https-proxy label: "DNS-over-HTTPS Reverse Proxy" schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressExpert} # Include{ingressList} # Include{security} - variable: advancedSecurity label: "Show Advanced Security Settings" group: "Security and Permissions" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: securityContext label: "Security Context" schema: additional_attrs: true type: dict attrs: - variable: privileged label: "Privileged mode" schema: type: boolean default: false - variable: readOnlyRootFilesystem label: "ReadOnly Root Filesystem" schema: type: boolean default: false - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: type: boolean default: true - variable: runAsNonRoot label: "runAsNonRoot" schema: type: boolean default: false # Include{securityContextAdvanced} - variable: podSecurityContext group: "Security and Permissions" label: "Pod Security Context" schema: additional_attrs: true type: dict attrs: - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 0 - variable: runAsGroup label: "runAsGroup" description: "The groupID this App of the user running the application" schema: type: int default: 0 - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage." schema: type: int default: 568 # Include{podSecurityContextAdvanced} # Include{resources} # Include{advanced} # Include{addons}