644 lines
24 KiB
YAML
644 lines
24 KiB
YAML
# Include{groups}
|
|
portals:
|
|
open:
|
|
# Include{portalLink}
|
|
questions:
|
|
# Include{global}
|
|
# Include{controller}
|
|
# Include{controllerDeployment}
|
|
# Include{replicas}
|
|
# Include{replica1}
|
|
# Include{strategy}
|
|
# Include{recreate}
|
|
# Include{controllerExpert}
|
|
# Include{controllerExpertExtraArgs}
|
|
- variable: authentik
|
|
group: "Container Configuration"
|
|
label: "Authentik Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: credentials
|
|
label: "Credentials"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: password
|
|
label: "Password (Initial install only)"
|
|
description: "Password for <akadmin> user. Can be used for any flow executor"
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: token
|
|
label: "Token (Initial install only)"
|
|
description: "The string you specify for this variable is the token key you can use to authenticate yourself to the API"
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: general
|
|
label: "General"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: disable_update_check
|
|
label: "Disable Update Check"
|
|
description: "Disable the inbuilt update-checker"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: disable_startup_analytics
|
|
label: "Disable Startup Analytics"
|
|
description: "Disable startup analytics"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allow_user_name_change
|
|
label: "Allow User Name Change"
|
|
description: "Enable the ability for users to change their Name"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allow_user_mail_change
|
|
label: "Allow User Mail Change"
|
|
description: "Enable the ability for users to change their Email address"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allow_user_username_change
|
|
label: "Allow User Username Change"
|
|
description: "Enable the ability for users to change their Usernames"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: gdpr_compliance
|
|
label: "GDPR Compliance"
|
|
description: "When enabled, all the events caused by a user will be deleted upon the user's deletion"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: impersonation
|
|
label: "Impersonation"
|
|
description: "Globally enable/disable impersonation"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: avatars
|
|
label: "Avatars"
|
|
description: "Configure how authentik should show avatars for users"
|
|
schema:
|
|
type: string
|
|
default: "gravatar"
|
|
- variable: token_length
|
|
label: "Token Length"
|
|
description: "Configure the length of generated tokens"
|
|
schema:
|
|
type: int
|
|
default: 128
|
|
- variable: footer_links
|
|
label: "Footer Links"
|
|
description: "This option configures the footer links on the flow executor pages"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: mail
|
|
label: "e-Mail"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: host
|
|
label: "Mail Server Host"
|
|
description: "Sets host of mail server"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: port
|
|
label: "Mail Server Port"
|
|
description: "Sets port of mail server"
|
|
schema:
|
|
type: int
|
|
default: 25
|
|
- variable: tls
|
|
label: "Use TLS for authentication"
|
|
description: "Sets tls for mail server authentication"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: ssl
|
|
label: "Use SSL for authentication"
|
|
description: "Sets ssl for mail server authentication"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: timeout
|
|
label: "Timeout of authentication"
|
|
description: "Sets timeout for mail server authentication"
|
|
schema:
|
|
type: int
|
|
default: 10
|
|
- variable: user
|
|
label: "Username"
|
|
description: "Sets username of mail server"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: pass
|
|
label: "Password"
|
|
description: "Sets password of mail server"
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: from
|
|
label: "From Address"
|
|
description: "Email address authentik will send from"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: error_reporting
|
|
label: "Error Reporting"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable Reporting"
|
|
description: "Enables error reporting"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if:
|
|
subquestions:
|
|
- variable: send_pii
|
|
label: "Send Personal Data"
|
|
description: "Whether or not to send personal data, like usernames"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: environment
|
|
label: "Environment"
|
|
description: "Unique environment that is attached to your error reports, should be set to your email address for example."
|
|
schema:
|
|
type: string
|
|
default: "customer"
|
|
- variable: logging
|
|
label: "Logging"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: log_level
|
|
label: "Log Level"
|
|
description: "Log level for the server and worker containers"
|
|
schema:
|
|
type: string
|
|
default: "info"
|
|
enum:
|
|
- value: trace
|
|
description: "trace"
|
|
- value: debug
|
|
description: "debug"
|
|
- value: info
|
|
description: "info"
|
|
- value: warning
|
|
description: "warning"
|
|
- value: error
|
|
description: "error"
|
|
- variable: metrics
|
|
label: "Metrics"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Metrics Endpoint"
|
|
description: "Enables metrics endpoint for Authentik and embedded outpost"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: ldap
|
|
label: "LDAP"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: tls_ciphers
|
|
label: "TLS Ciphers"
|
|
description: "Allows configuration of TLS Ciphers for LDAP connections used by LDAP sources. Setting applies to all sources"
|
|
schema:
|
|
type: string
|
|
default: "null"
|
|
- variable: outposts
|
|
group: "Container Configuration"
|
|
label: "Outpost Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: ldap
|
|
label: "LDAP"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable LDAP outpost"
|
|
description: "Enable only AFTER you created an LDAP Provider and an API Token"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: insecure
|
|
label: "Insecure"
|
|
description: "Check only if you accessing Authentik in an unsecure way"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: host
|
|
label: "Authentik Host"
|
|
description: "URL of your Authentik server. (e.g. https://auth.domain.com)"
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: token
|
|
label: "API Token"
|
|
description: "Generated in the Authentik GUI > Directory > Token & App Passwords"
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: metrics
|
|
label: "Metrics Endpoint"
|
|
description: "Enables metric endpoint in LDAP Outpost"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: geoip
|
|
group: "Container Configuration"
|
|
label: "GeoIP Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable GeoIP Container"
|
|
description: "Enables GeoIP container"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: account_id
|
|
label: "Account ID"
|
|
description: "Your MaxMind account ID"
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: license_key
|
|
label: "License Key"
|
|
description: "Your case-sensitive MaxMind license key"
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: edition_ids
|
|
label: "Edition IDs"
|
|
description: "List of space-separated database edition IDs. Edition IDs may consist of letters, digits, and dashes"
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "GeoLite2-City"
|
|
- variable: frequency
|
|
label: "Frequency"
|
|
description: "The number of hours between geoipupdate runs"
|
|
schema:
|
|
type: int
|
|
min: 1
|
|
default: 8
|
|
- variable: host_server
|
|
label: "Host Server"
|
|
description: "The host name of the server to use"
|
|
schema:
|
|
type: string
|
|
default: "updates.maxmind.com"
|
|
- variable: preserve_file_times
|
|
label: "Preserve File Times"
|
|
description: "Whether to preserve modification times of files downloaded from the server"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: verbose
|
|
label: "Verbose"
|
|
description: "Enable verbose mode. Prints out the steps that geoipupdate takes"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: proxy
|
|
label: "Proxy"
|
|
description: "The proxy host name or IP address"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: proxy_user_pass
|
|
label: "Proxy Pass"
|
|
description: "The proxy user name and password, separated by a colon"
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
# Include{containerConfig}
|
|
# Include{serviceRoot}
|
|
- variable: main
|
|
label: "Main Service"
|
|
description: "The Primary service on which the healthcheck runs, often the webUI"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelector}
|
|
- variable: main
|
|
label: "Main Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 10229
|
|
required: true
|
|
# Include{advancedPortHTTPS}
|
|
- variable: targetPort
|
|
label: "Target Port"
|
|
description: "The internal(!) port on the container the Application runs on"
|
|
schema:
|
|
type: int
|
|
default: 9443
|
|
- variable: http
|
|
label: "http Service"
|
|
description: "The http service."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelector}
|
|
- variable: http
|
|
label: "http Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 10230
|
|
required: true
|
|
# Include{advancedPortHTTP}
|
|
- variable: targetPort
|
|
label: "Target Port"
|
|
description: "The internal(!) port on the container the Application runs on"
|
|
schema:
|
|
type: int
|
|
default: 9000
|
|
- variable: metrics
|
|
label: "metrics Service"
|
|
description: "The metrics service."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelector}
|
|
- variable: metrics
|
|
label: "metrics Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 10231
|
|
required: true
|
|
# Include{advancedPortHTTP}
|
|
- variable: targetPort
|
|
label: "Target Port"
|
|
description: "The internal(!) port on the container the Application runs on"
|
|
schema:
|
|
type: int
|
|
default: 9301
|
|
- variable: ldap
|
|
label: "LDAP Service"
|
|
description: "The LDAP service."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelector}
|
|
- variable: ldap1
|
|
label: "ldap1 Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 389
|
|
required: true
|
|
# Include{advancedPortHTTP}
|
|
- variable: targetPort
|
|
label: "Target Port"
|
|
description: "The internal(!) port on the container the Application runs on"
|
|
schema:
|
|
type: int
|
|
default: 3389
|
|
- variable: ldap2
|
|
label: "ldap2 Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 636
|
|
required: true
|
|
- variable: advanced
|
|
label: "Show Advanced settings"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: protocol
|
|
label: "Port Type"
|
|
schema:
|
|
type: string
|
|
default: "HTTP"
|
|
enum:
|
|
- value: HTTP
|
|
description: "HTTP"
|
|
- value: "HTTPS"
|
|
description: "HTTPS"
|
|
- value: TCP
|
|
description: "TCP"
|
|
- value: "UDP"
|
|
description: "UDP"
|
|
- variable: nodePort
|
|
label: "Node Port (Optional)"
|
|
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
|
schema:
|
|
type: int
|
|
min: 9000
|
|
max: 65535
|
|
- variable: targetPort
|
|
label: "Target Port"
|
|
description: "The internal(!) port on the container the Application runs on"
|
|
schema:
|
|
type: int
|
|
default: 6636
|
|
- variable: ldap-metrics
|
|
label: "LDAP metrics Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 10232
|
|
required: true
|
|
# Include{advancedPortHTTP}
|
|
- variable: targetPort
|
|
label: "Target Port"
|
|
description: "The internal(!) port on the container the Application runs on"
|
|
schema:
|
|
type: int
|
|
default: 9300
|
|
# Include{serviceExpertRoot}
|
|
default: false
|
|
# Include{serviceExpert}
|
|
# Include{serviceList}
|
|
# Include{persistenceRoot}
|
|
- variable: media
|
|
label: "App Media Storage"
|
|
description: "Stores the Application Media."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceAdvanced}
|
|
- variable: templates
|
|
label: "App Templates Storage"
|
|
description: "Stores the Application Templates."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceAdvanced}
|
|
- variable: certs
|
|
label: "App Certs Storage"
|
|
description: "Stores the Application Certs."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceAdvanced}
|
|
- variable: geoip
|
|
label: "App GeoIP Storage"
|
|
description: "Stores the Application GeoIP."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceAdvanced}
|
|
# Include{persistenceList}
|
|
# Include{ingressRoot}
|
|
- variable: main
|
|
label: "Main Ingress"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
# Include{ingressTLS}
|
|
# Include{ingressTraefik}
|
|
# Include{ingressExpert}
|
|
# Include{ingressList}
|
|
# Include{security}
|
|
# Include{securityContextAdvancedRoot}
|
|
- variable: privileged
|
|
label: "Privileged mode"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: readOnlyRootFilesystem
|
|
label: "ReadOnly Root Filesystem"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allowPrivilegeEscalation
|
|
label: "Allow Privilege Escalation"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: runAsNonRoot
|
|
label: "runAsNonRoot"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
# Include{securityContextAdvanced}
|
|
# Include{podSecurityContextRoot}
|
|
- variable: runAsUser
|
|
label: "runAsUser"
|
|
description: "The UserID of the user running the application"
|
|
schema:
|
|
type: int
|
|
default: 1000
|
|
- variable: runAsGroup
|
|
label: "runAsGroup"
|
|
description: "The groupID this App of the user running the application"
|
|
schema:
|
|
type: int
|
|
default: 1000
|
|
- variable: fsGroup
|
|
label: "fsGroup"
|
|
description: "The group that should own ALL storage."
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
# Include{podSecurityContextAdvanced}
|
|
# Include{resources}
|
|
# Include{advanced}
|
|
# Include{addons}
|
|
# Include{documentation}
|