346 lines
12 KiB
YAML
346 lines
12 KiB
YAML
# Include{groups}
|
|
portals:
|
|
open:
|
|
# Include{portalLink}
|
|
questions:
|
|
# Include{global}
|
|
# Include{controller}
|
|
# Include{replicas}
|
|
# Include{replica1}
|
|
# Include{controllerExpertExtraArgs}
|
|
- variable: grist
|
|
group: App Configuration
|
|
label: Grist Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: domain
|
|
label: Domain
|
|
description: In hosted Grist, Grist is served from subdomains of this domain
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: single_org
|
|
label: Single Org
|
|
description: Set to an org "domain" to pin client to that org
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: home_url
|
|
label: Home URL
|
|
description: URL prefix for home API
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: default_email
|
|
label: Default Email
|
|
description: If set, login as this user if no other credentials presented
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: default_product
|
|
label: Default Product
|
|
description: If set, this controls enabled features and limits of new sites.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: default_locale
|
|
label: Default Locale
|
|
description: Locale to use as fallback when Grist cannot honour the browser locale.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: allowed_webhook_domains
|
|
label: Allowed Webhook Domains
|
|
description: Permitted domains to use in webhooks
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: webhook_domain
|
|
label: Allowed Webhook Domain
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: allowed_hosts
|
|
label: Allowed Hosts
|
|
description: Permitted domains origin for requests
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: webhook_host
|
|
label: Allowed Webhook Host
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: hide_ui_elements
|
|
label: Hide UI Elements
|
|
description: Parts of the UI to hide
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: ui_element
|
|
label: UI Element to Hide
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
enum:
|
|
- value: helpCenter
|
|
description: helpCenter
|
|
- value: billing
|
|
description: billing
|
|
- value: templates
|
|
description: templates
|
|
- value: multiSite
|
|
description: multiSite
|
|
- value: multiAccounts
|
|
description: multiAccounts
|
|
- variable: default_locale
|
|
label: Default Locale
|
|
description: Locale to use as fallback when Grist cannot honour the browser locale.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: max_upload_import_mb
|
|
label: Max Upload Import in MB
|
|
description: Max allowed size for imports (except .grist files) (0 for unlimited).
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
- variable: max_upload_attachment_mb
|
|
label: Max Upload Attachment in MB
|
|
description: Max allowed size for attachments (except .grist files) (0 for unlimited).
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
- variable: title_suffix
|
|
label: Title Suffix
|
|
description: A string to append to the end of the <title> in HTML documents.
|
|
schema:
|
|
type: string
|
|
default: " - Grist"
|
|
- variable: proxy_auth_header
|
|
label: Proxy Auth Header
|
|
description: Header which will be set by a (reverse) proxy web server with an authorized users email.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: cookie_max_age
|
|
label: Cookie Max Age
|
|
description: Session cookie max age
|
|
schema:
|
|
type: int
|
|
default: 90
|
|
- variable: force_login
|
|
label: Force Login
|
|
description: When set to true disables anonymous access
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: ignore_session
|
|
label: Ignore Session
|
|
description: If set, Grist will not use a session for authentication.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: support_anon
|
|
label: Support Anon
|
|
description: When set to true, show UI for anonymous access
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: throttle_cpu
|
|
label: Throttle CPU
|
|
description: When set to true, CPU throttling is enabled
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: include_custom_css
|
|
label: Include Custom CSS
|
|
description: Set to true to include custom.css in static pages
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: google
|
|
label: Google Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: client_id
|
|
label: Client ID
|
|
description: Set to the Google Client Id to be used with Google API client
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: client_secret
|
|
label: Client Secret
|
|
description: Set to the Google Client Secret to be used with Google API client
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: api_key
|
|
label: API Key
|
|
description: Set to the Google API Key to be used with Google API client (accessing public files)
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: drive_scope
|
|
label: Drive Scope
|
|
description: Set to the scope requested for Google Drive integration
|
|
schema:
|
|
type: string
|
|
default: drive.file
|
|
- variable: forward_auth
|
|
label: Forward Auth
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: header
|
|
label: Header
|
|
description: If set, trust the specified header (e.g. "x-forwarded-user") to contain authorized user emails, and enable "forward auth" logins.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: login_path
|
|
label: Login Path
|
|
description: If Header is set, Grist will listen at this path for logins.
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: /auth/login
|
|
- variable: logout_path
|
|
label: Logout Path
|
|
description: If Header is set, Grist will forward to this path when user logs out.
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
# Include{containerConfig}
|
|
# Include{serviceRoot}
|
|
- variable: main
|
|
label: Main Service
|
|
description: The Primary service on which the healthcheck runs, often the webUI
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: main
|
|
label: Main Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 10163
|
|
required: true
|
|
- variable: api
|
|
label: API Service
|
|
description: API service
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: api
|
|
label: API Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 10164
|
|
required: true
|
|
# Include{serviceExpertRoot}
|
|
default: false
|
|
# Include{serviceExpert}
|
|
# Include{serviceList}
|
|
# Include{persistenceRoot}
|
|
- variable: persist
|
|
label: App Persist Storage
|
|
description: Stores the Application Persist.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceList}
|
|
# Include{ingressRoot}
|
|
- variable: main
|
|
label: Main Ingress
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
# Include{ingressTLS}
|
|
# Include{ingressTraefik}
|
|
# Include{ingressList}
|
|
# Include{security}
|
|
# Include{securityContextAdvancedRoot}
|
|
- variable: privileged
|
|
label: Privileged mode
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: readOnlyRootFilesystem
|
|
label: ReadOnly Root Filesystem
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: allowPrivilegeEscalation
|
|
label: Allow Privilege Escalation
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: runAsNonRoot
|
|
label: runAsNonRoot
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
# Include{podSecurityContextRoot}
|
|
- variable: runAsUser
|
|
label: runAsUser
|
|
description: The UserID of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
- variable: runAsGroup
|
|
label: runAsGroup
|
|
description: The groupID this App of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
- variable: fsGroup
|
|
label: fsGroup
|
|
description: The group that should own ALL storage.
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
# Include{podSecurityContextAdvanced}
|
|
# Include{resources}
|
|
# Include{advanced}
|
|
# Include{addons}
|
|
# Include{codeserver}
|
|
# Include{vpn}
|
|
# Include{documentation}
|