385 lines
20 KiB
YAML
385 lines
20 KiB
YAML
# Include{groups}
|
|
portals:
|
|
open:
|
|
# Include{portalLink}
|
|
questions:
|
|
# Include{global}
|
|
# Include{credentials}
|
|
# Include{workload}
|
|
# Include{workloadDeployment}
|
|
# Include{replicas1}
|
|
# Include{podSpec}
|
|
# Include{containerMain}
|
|
- variable: env
|
|
group: "App Configuration"
|
|
label: "Image Environment"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: SFTPGO_FTPD__BINDINGS__0__FORCE_PASSIVE_IP
|
|
label: "SFTPGO_FTPD__BINDINGS__0__FORCE_PASSIVE_IP"
|
|
description: "Put your server IP here for local access, or your public IP for public access via port forwarding."
|
|
schema:
|
|
type: string
|
|
default: "10.0.0.10"
|
|
- variable: SFTPGO_COMMON__DEFENDER__ENABLED
|
|
label: "SFTPGO_COMMON__DEFENDER__ENABLED"
|
|
description: "httpsgithub.comdrakkansftpgoblobmaindocsdefender.md"
|
|
schema:
|
|
type: string
|
|
default: "true"
|
|
- variable: SFTPGO_FTPD__PASSIVE_PORT_RANGE__START
|
|
label: "SFTPGO_FTPD__PASSIVE_PORT_RANGE__START"
|
|
schema:
|
|
type: string
|
|
default: "50000"
|
|
- variable: SFTPGO_FTPD__PASSIVE_PORT_RANGE__END
|
|
label: "SFTPGO_FTPD__PASSIVE_PORT_RANGE__END"
|
|
schema:
|
|
type: string
|
|
default: "50100"
|
|
- variable: SFTPGO_FTPD__BINDINGS__0__PORT
|
|
label: "SFTPGO_FTPD__BINDINGS__0__PORT"
|
|
schema:
|
|
type: string
|
|
default: "2121"
|
|
- variable: SFTPGO_WEBDAVD__BINDINGS__0__PORT
|
|
label: "SFTPGO_WEBDAVD__BINDINGS__0__PORT"
|
|
schema:
|
|
type: string
|
|
default: "10080"
|
|
- variable: SFTPGO_FTPD__BINDINGS__0__DEBUG
|
|
label: "SFTPGO_FTPD__BINDINGS__0__DEBUG"
|
|
description: "0 = false, 1 = true"
|
|
schema:
|
|
type: string
|
|
default: "0"
|
|
- variable: SFTPGO_PLUGIN_AUTH_LDAP_URL
|
|
label: "SFTPGO_PLUGIN_AUTH_LDAP_URL"
|
|
description: "LDAP url"
|
|
schema:
|
|
type: string
|
|
default: "ldap://lldap-ldap.ix-lldap.svc.cluster.local"
|
|
- variable: SFTPGO_PLUGIN_AUTH_LDAP_BASE_DN
|
|
label: "SFTPGO_PLUGIN_AUTH_LDAP_BASE_DN"
|
|
description: "The base DN defines the address of the root object in the LDAP directory"
|
|
schema:
|
|
type: string
|
|
default: "dc=mylab,dc=local"
|
|
- variable: SFTPGO_PLUGIN_AUTH_LDAP_BIND_DN
|
|
label: "SFTPGO_PLUGIN_AUTH_LDAP_BIND_DN"
|
|
description: "The bind DN used to log in at the LDAP server in order to perform searches. This should be a read-only user."
|
|
schema:
|
|
type: string
|
|
default: "cn=Administrator,cn=users,dc=mylab,dc=local"
|
|
- variable: SFTPGO_PLUGIN_AUTH_LDAP_PASSWORD
|
|
label: "SFTPGO_PLUGIN_AUTH_LDAP_PASSWORD"
|
|
description: "The password for the defined ldap-bind-dn. If empty an anonymous bind will be attempted."
|
|
schema:
|
|
type: string
|
|
default: "Password.123456"
|
|
- variable: SFTPGO_PLUGIN_AUTH_LDAP_SEARCH_QUERY
|
|
label: "SFTPGO_PLUGIN_AUTH_LDAP_SEARCH_QUERY"
|
|
description: "The ldap query to use to find users attempting to login. The %username% placeholder will be replaced with the username attempting to log in"
|
|
schema:
|
|
type: string
|
|
default: "(&(objectClass=user)(sAMAccountType=805306368)(sAMAccountName=%username%))"
|
|
- variable: SFTPGO_PLUGIN_AUTH_LDAP_GROUP_ATTRIBUTES
|
|
label: "SFTPGO_PLUGIN_AUTH_LDAP_GROUP_ATTRIBUTES"
|
|
description: "The ldap attributes containing the groups the users are members of."
|
|
schema:
|
|
type: string
|
|
default: "memberOf"
|
|
- variable: SFTPGO_PLUGIN_AUTH_PRIMARY_GROUP_PREFIX
|
|
label: "SFTPGO_PLUGIN_AUTH_PRIMARY_GROUP_PREFIX"
|
|
description: "Prefix for LDAP groups to map to the primary group for SFTPGo users. SFTPGo users can have only one primary group."
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SFTPGO_PLUGIN_AUTH_SECONDARY_GROUP_PREFIX
|
|
label: "SFTPGO_PLUGIN_AUTH_SECONDARY_GROUP_PREFIX"
|
|
description: "Prefix for LDAP groups to map to secondary groups of SFTPGo users"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SFTPGO_PLUGIN_AUTH_MEMBERSHIP_GROUP_PREFIX
|
|
label: "SFTPGO_PLUGIN_AUTH_MEMBERSHIP_GROUP_PREFIX"
|
|
description: "Prefix for LDAP groups to map to membership groups of SFTPGo users"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SFTPGO_PLUGIN_AUTH_REQUIRE_GROUPS
|
|
label: "SFTPGO_PLUGIN_AUTH_REQUIRE_GROUPS"
|
|
description: "Require authenticated users to be members of at least one SFTPGo group"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SFTPGO_PLUGIN_AUTH_STARTTLS
|
|
label: "SFTPGO_PLUGIN_AUTH_STARTTLS"
|
|
description: "STARTTLS is the preferred method of encrypting an LDAP connection. Use it instead of using the ldaps:// URL schema. (0 = false, 1 = true)"
|
|
schema:
|
|
type: string
|
|
default: "0"
|
|
- variable: SFTPGO_PLUGIN_AUTH_USERS_BASE_DIR
|
|
label: "SFTPGO_PLUGIN_AUTH_USERS_BASE_DIR"
|
|
description: "Users default base directory. Leave empty if already set in SFTPGo. If set it must be an absolute path"
|
|
schema:
|
|
type: string
|
|
default: "/mnt/home"
|
|
- variable: SFTPGO_PLUGIN_AUTH_CACHE_TIME
|
|
label: "SFTPGO_PLUGIN_AUTH_CACHE_TIME"
|
|
description: "Defines the cache time, in seconds, for authenticated users. 0 means no cache"
|
|
schema:
|
|
type: string
|
|
default: "0"
|
|
- variable: SFTPGO_PLUGIN_AUTH_SKIP_TLS_VERIFY
|
|
label: "SFTPGO_PLUGIN_AUTH_SKIP_TLS_VERIFY"
|
|
description: "If set to 1 the plugin accepts any TLS certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. This should be used only for testing"
|
|
schema:
|
|
type: string
|
|
default: "0"
|
|
- variable: SFTPGO_PLUGIN_AUTH_CA_CERTIFICATES
|
|
label: "SFTPGO_PLUGIN_AUTH_CA_CERTIFICATES"
|
|
description: "If set to 1 the plugin accepts any TLS certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. This should be used only for testing"
|
|
schema:
|
|
type: string
|
|
default: "0"
|
|
|
|
- variable: SFTPGO_PLUGIN_EVENTSEARCH_DRIVER
|
|
label: "SFTPGO_PLUGIN_EVENTSEARCH_DRIVER"
|
|
description: "Database driver (required)"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SFTPGO_PLUGIN_EVENTSEARCH_DSN
|
|
label: "SFTPGO_PLUGIN_EVENTSEARCH_DSN"
|
|
description: "Data source URI (required)"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SFTPGO_PLUGIN_EVENTSTORE_DRIVER
|
|
label: "SFTPGO_PLUGIN_EVENTSTORE_DRIVER"
|
|
description: "Database driver (required)"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SFTPGO_PLUGIN_EVENTSTORE_DSN
|
|
label: "SFTPGO_PLUGIN_EVENTSTORE_DSN"
|
|
description: "Data source URI (required)"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SFTPGO_PLUGIN_EVENTSTORE_INSTANCE_ID
|
|
label: "SFTPGO_PLUGIN_EVENTSTORE_INSTANCE_ID"
|
|
description: "Instance identifier"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SFTPGO_PLUGIN_EVENTSTORE_RETENTION
|
|
label: "SFTPGO_PLUGIN_EVENTSTORE_RETENTION"
|
|
description: "Events older than the specified number of hours will be deleted. 0 means no events will be deleted"
|
|
schema:
|
|
type: string
|
|
default: "0"
|
|
- variable: SFTPGO_PLUGIN_GEOIPFILTER_DB_FILE
|
|
label: "SFTPGO_PLUGIN_GEOIPFILTER_DB_FILE"
|
|
description: "Path to the MaxMind GeoLite2 or GeoIP2 database"
|
|
schema:
|
|
type: string
|
|
default: "/mnt/database/geolite.db"
|
|
- variable: SFTPGO_PLUGIN_GEOIPFILTER_ALLOWED_COUNTRIES
|
|
label: "SFTPGO_PLUGIN_GEOIPFILTER_ALLOWED_COUNTRIES"
|
|
description: "Comma separated allowed countries in ISO 3166-1 alpha-2 format"
|
|
schema:
|
|
type: string
|
|
default: "JP"
|
|
- variable: SFTPGO_PLUGIN_GEOIPFILTER_DENIED_COUNTRIES
|
|
label: "SFTPGO_PLUGIN_GEOIPFILTER_DENIED_COUNTRIES"
|
|
description: "Comma separated denied countries in ISO 3166-1 alpha-2 format"
|
|
schema:
|
|
type: string
|
|
default: "KP"
|
|
# Include{containerBasic}
|
|
# Include{containerAdvanced}
|
|
# Include{containerConfig}
|
|
# Include{serviceRoot}
|
|
- variable: main
|
|
label: "Main Service"
|
|
description: "The Primary service on which the healthcheck runs, often the webUI"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: main
|
|
label: "Main Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 2221
|
|
required: true
|
|
- variable: ftpport
|
|
label: 'ftpport service'
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: ftpport
|
|
label: "ftpport Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 2121
|
|
required: true
|
|
- variable: sftpport
|
|
label: 'sftpport service'
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: sftpport
|
|
label: "sftpport Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 2022
|
|
required: true
|
|
- variable: passiveports
|
|
label: 'passiveports service'
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: passiveports
|
|
label: "passiveports Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 50000
|
|
required: true
|
|
- variable: webdavport
|
|
label: 'webdavport service'
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: webdavport
|
|
label: "webdavport Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 10080
|
|
required: true
|
|
# Include{externalInterfaces}
|
|
|
|
# Include{serviceList}
|
|
# Include{persistenceRoot}
|
|
- variable: data
|
|
label: "data Storage"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: backupdirectory
|
|
label: "backupdirectory Storage"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: configpath
|
|
label: "configpath Storage"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: shareaccess
|
|
label: "shareaccess Storage"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceList}
|
|
# Include{ingressRoot}
|
|
- variable: main
|
|
label: "Main Ingress"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
# Include{ingressAdvanced}
|
|
# Include{ingressList}
|
|
# Include{securityContextRoot}
|
|
- variable: runAsUser
|
|
label: "runAsUser"
|
|
description: "The UserID of the user running the application"
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
- variable: runAsGroup
|
|
label: "runAsGroup"
|
|
description: "The groupID of the user running the application"
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
# Include{securityContextContainer}
|
|
# Include{securityContextAdvanced}
|
|
# Include{securityContextPod}
|
|
- variable: fsGroup
|
|
label: "fsGroup"
|
|
description: "The group that should own ALL storage."
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
# Include{resources}
|
|
# Include{advanced}
|
|
# Include{addons}
|
|
# Include{codeserver}
|
|
# Include{netshoot}
|
|
# Include{vpn}
|
|
# Include{documentation}
|