# Include{groups} portals: open: # Include{portalLink} questions: # Include{global} # Include{controller} # Include{replicas} # Include{replica1} # Include{controllerExpertExtraArgs} - variable: authentik group: App Configuration label: Authentik Configuration schema: additional_attrs: true type: dict attrs: - variable: credentials label: Credentials schema: additional_attrs: true type: dict attrs: - variable: password label: Password (Initial install only) description: Password for user. Can be used for any flow executor schema: type: string private: true required: true default: "" - variable: general label: General schema: additional_attrs: true type: dict attrs: - variable: disable_update_check label: Disable Update Check description: Disable the inbuilt update-checker schema: type: boolean default: false - variable: disable_startup_analytics label: Disable Startup Analytics description: Disable startup analytics schema: type: boolean default: true - variable: allow_user_name_change label: Allow User Name Change description: Enable the ability for users to change their Name schema: type: boolean default: true - variable: allow_user_mail_change label: Allow User Mail Change description: Enable the ability for users to change their Email address schema: type: boolean default: true - variable: allow_user_username_change label: Allow User Username Change description: Enable the ability for users to change their Usernames schema: type: boolean default: true - variable: gdpr_compliance label: GDPR Compliance description: When enabled, all the events caused by a user will be deleted upon the user's deletion schema: type: boolean default: true - variable: impersonation label: Impersonation description: Globally enable / disable impersonation schema: type: boolean default: true - variable: avatars label: Avatars description: Configure how authentik should show avatars for users schema: type: string default: gravatar,initials - variable: token_length label: Token Length description: Configure the length of generated tokens schema: type: int default: 128 - variable: footer_links label: Footer Links description: This option configures the footer links on the flow executor pages schema: type: string default: "" - variable: mail label: e-Mail schema: additional_attrs: true type: dict attrs: - variable: host label: Mail Server Host description: Sets host of mail server schema: type: string default: "" - variable: port label: Mail Server Port description: Sets port of mail server schema: type: int default: 25 - variable: tls label: Use TLS for authentication description: Sets tls for mail server authentication schema: type: boolean default: false - variable: ssl label: Use SSL for authentication description: Sets ssl for mail server authentication schema: type: boolean default: false - variable: timeout label: Timeout of authentication description: Sets timeout for mail server authentication schema: type: int default: 10 - variable: user label: Username description: Sets username of mail server schema: type: string default: "" - variable: pass label: Password description: Sets password of mail server schema: type: string private: true default: "" - variable: from label: From Address description: Email address authentik will send from schema: type: string default: "" - variable: error_reporting label: Error Reporting schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enable Reporting description: Enables error reporting schema: type: boolean default: false show_subquestions_if: subquestions: - variable: send_pii label: Send Personal Data description: Whether or not to send personal data, like usernames schema: type: boolean default: false - variable: environment label: Environment description: Unique environment that is attached to your error reports, should be set to your email address for example. schema: type: string default: customer - variable: logging label: Logging schema: additional_attrs: true type: dict attrs: - variable: log_level label: Log Level description: Log level for the server and worker containers schema: type: string default: info enum: - value: trace description: trace - value: debug description: debug - value: info description: info - value: warning description: warning - value: error description: error - variable: ldap label: LDAP schema: additional_attrs: true type: dict attrs: - variable: tls_ciphers label: TLS Ciphers description: Allows configuration of TLS Ciphers for LDAP connections used by LDAP sources. Setting applies to all sources schema: type: string default: "null" - variable: outposts group: App Configuration label: Outpost Configuration schema: additional_attrs: true type: dict attrs: - variable: ldap label: LDAP schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enable LDAP outpost schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: overrideHost label: Override Host schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: host label: Authentik Host description: "URL of your Authentik server. (e.g. https://auth.domain.com)" schema: type: string # TODO: Make them required again once Scale stable supports nested subquestions # required: true default: "" - variable: insecure label: Insecure description: Check only if you accessing Authentik in an unsecure way schema: type: boolean default: false - variable: overrideToken label: Override Token description: Overrides the random generated token to provide your own schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: token label: API Token description: You can get this from Applications > Outposts > View Deployment Info schema: type: string private: true # TODO: Make them required again once Scale stable supports nested subquestions # required: true default: "" - variable: overrideBrowserHost label: Override Host Browser description: Overrides the Browser Host, by default the first ingress host is used schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: host_browser label: Host Browser description: URL to use in the browser, when it differs from << host >> schema: type: string # TODO: Make them required again once Scale stable supports nested subquestions # required: true default: "" - variable: proxy label: Proxy schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enable Proxy outpost schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: overrideHost label: Override Host schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: host label: Authentik Host description: "URL of your Authentik server. (e.g. https://auth.domain.com)" schema: type: string # TODO: Make them required again once Scale stable supports nested subquestions # required: true default: "" - variable: insecure label: Insecure description: Check only if you accessing Authentik in an unsecure way schema: type: boolean default: false - variable: overrideToken label: Override Token description: Overrides the random generated token to provide your own schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: token label: API Token description: You can get this from Applications > Outposts > View Deployment Info schema: type: string private: true # TODO: Make them required again once Scale stable supports nested subquestions # required: true default: "" - variable: overrideBrowserHost label: Override Host Browser description: Overrides the Browser Host, by default the first ingress host is used schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: host_browser label: Host Browser description: URL to use in the browser, when it differs from << host >> schema: type: string # TODO: Make them required again once Scale stable supports nested subquestions # required: true default: "" - variable: geoip group: App Configuration label: GeoIP Configuration schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enable GeoIP Container description: Enables GeoIP container schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: account_id label: Account ID description: Your MaxMind account ID schema: type: string private: true required: true default: "" - variable: license_key label: License Key description: Your case-sensitive MaxMind license key schema: type: string private: true required: true default: "" - variable: edition_ids label: Edition IDs description: List of space-separated database edition IDs. Edition IDs may consist of letters, digits, and dashes schema: type: string required: true default: GeoLite2-City - variable: frequency label: Frequency description: The number of hours between geoipupdate runs schema: type: int min: 1 default: 8 - variable: host_server label: Host Server description: The host name of the server to use schema: type: string default: updates.maxmind.com - variable: preserve_file_times label: Preserve File Times description: Whether to preserve modification times of files downloaded from the server schema: type: boolean default: false - variable: verbose label: Verbose description: Enable verbose mode. Prints out the steps that geoipupdate takes schema: type: boolean default: false - variable: proxy label: Proxy description: The proxy host name or IP address schema: type: string default: "" - variable: proxy_user_pass label: Proxy Pass description: The proxy user name and password, separated by a colon schema: type: string private: true default: "" # Include{containerConfig} # Include{serviceRoot} - variable: main label: Main Service description: The Primary service on which the healthcheck runs, often the webUI schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main label: Main Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 10229 required: true - variable: ldapldaps label: LDAPS Service description: The LDAPS service. schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: ldapldaps label: LDAPS Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 636 required: true - variable: ldapldap label: LDAP Service description: The LDAPS service. schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: ldapldap label: LDAP Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 389 required: true - variable: proxyhttps label: Proxy HTTPS Service description: The Proxy HTTPS service. schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: proxyhttps label: Proxy HTTPS Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 10233 required: true # Include{serviceExpertRoot} default: false # Include{serviceExpert} # Include{serviceList} # Include{persistenceRoot} - variable: media label: App Media Storage description: Stores the Application Media. schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} - variable: templates label: App Templates Storage description: Stores the Application Templates. schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} - variable: certs label: App Certs Storage description: Stores the Application Certs. schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} - variable: geoip label: App GeoIP Storage description: Stores the Application GeoIP. schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} # Include{persistenceList} # Include{ingressRoot} - variable: main label: Main (HTTPS) Ingress schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} - variable: proxyhttps label: Proxy HTTPS Ingress schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressList} # Include{security} # Include{securityContextAdvancedRoot} - variable: privileged label: Privileged mode schema: type: boolean default: false - variable: readOnlyRootFilesystem label: ReadOnly Root Filesystem schema: type: boolean default: true - variable: allowPrivilegeEscalation label: Allow Privilege Escalation schema: type: boolean default: false - variable: runAsNonRoot label: runAsNonRoot schema: type: boolean default: true # Include{podSecurityContextRoot} - variable: runAsUser label: runAsUser description: The UserID of the user running the application schema: type: int default: 1000 - variable: runAsGroup label: runAsGroup description: The groupID this App of the user running the application schema: type: int default: 1000 - variable: fsGroup label: fsGroup description: The group that should own ALL storage. schema: type: int default: 568 # Include{podSecurityContextAdvanced} # Include{resources} # Include{metrics} # Include{advanced} # Include{addons} # Include{codeserver} # Include{vpn} # Include{documentation}