417 lines
13 KiB
YAML
417 lines
13 KiB
YAML
# Include{groups}
|
|
questions:
|
|
# Include{global}
|
|
# Include{workload}
|
|
# Include{workloadDeployment}
|
|
|
|
# Include{replicas1}
|
|
# Include{podSpec}
|
|
# Include{containerMain}
|
|
# Include{containerBasic}
|
|
# Include{containerAdvanced}
|
|
|
|
# Include{controllerExpert}
|
|
- variable: tfaAppOptions
|
|
group: App Configuration
|
|
label: Application Options
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: secret
|
|
label: Secret
|
|
description: Mandatory, can be any string.
|
|
schema:
|
|
type: string
|
|
required: true
|
|
private: true
|
|
- variable: port
|
|
label: Port
|
|
schema:
|
|
type: int
|
|
default: 4181
|
|
- variable: logLevel
|
|
label: Log level
|
|
schema:
|
|
type: string
|
|
default: warn
|
|
enum:
|
|
- value: trace
|
|
description: Trace (most detailed)
|
|
- value: debug
|
|
description: Debug
|
|
- value: info
|
|
description: Information
|
|
- value: warn
|
|
description: Warning
|
|
- value: error
|
|
description: Error
|
|
- value: fatal
|
|
description: Fatal
|
|
- value: panic
|
|
description: Panic (least detailed)
|
|
- variable: logFormat
|
|
label: Log format
|
|
schema:
|
|
type: string
|
|
default: text
|
|
enum:
|
|
- value: text
|
|
description: Text
|
|
- value: json
|
|
description: JSON
|
|
- value: pretty
|
|
description: Pretty
|
|
- variable: tfaAuthOptions
|
|
group: App Configuration
|
|
label: Auth Options
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: authHost
|
|
label: Auth host
|
|
description: Single host to use when returning from 3rd party auth.
|
|
schema:
|
|
type: string
|
|
- variable: urlPath
|
|
label: Callback URL Path
|
|
schema:
|
|
type: string
|
|
default: "/_oauth"
|
|
- variable: defaultAction
|
|
label: Default action
|
|
schema:
|
|
type: string
|
|
default: auth
|
|
enum:
|
|
- value: auth
|
|
description: Authenticate
|
|
- value: allow
|
|
description: Allow (do not require authentication)
|
|
- variable: defaultProvider
|
|
label: Default provider
|
|
schema:
|
|
type: string
|
|
default: google
|
|
enum:
|
|
- value: google
|
|
description: Google Provider
|
|
- value: oidc
|
|
description: OIDC Provider
|
|
- value: generic-oauth
|
|
description: Generic OAuth2 Provider
|
|
- variable: domain
|
|
label: Domains
|
|
description: Only allow given email domains.
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: allowedDomain
|
|
label: Host
|
|
schema:
|
|
type: string
|
|
required: true
|
|
- variable: whitelist
|
|
label: Whitelist
|
|
description: Only allow given email addresses.
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: allowedEmail
|
|
label: Host
|
|
schema:
|
|
type: string
|
|
required: true
|
|
- variable: rules
|
|
label: Rules
|
|
description: Additional rules in rule.<name>.<param>=<value> format.
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: rule
|
|
label: Rule
|
|
schema:
|
|
type: string
|
|
required: true
|
|
- variable: logoutRedirect
|
|
label: Logout redirect
|
|
description: URL to redirect to following logout.
|
|
schema:
|
|
type: string
|
|
- variable: tfaCookieOptions
|
|
group: App Configuration
|
|
label: Cookie Options
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: cookieDomain
|
|
label: Cookie domain hosts
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: cookieDomainHost
|
|
label: Host
|
|
schema:
|
|
type: string
|
|
required: true
|
|
- variable: cookieName
|
|
label: Cookie name
|
|
schema:
|
|
type: string
|
|
default: "_forward_auth"
|
|
- variable: csrfCookieName
|
|
label: CSRF cookie name
|
|
schema:
|
|
type: string
|
|
default: "_forward_auth_csrf"
|
|
- variable: lifetime
|
|
label: Lifetime
|
|
description: Lifetime in seconds.
|
|
schema:
|
|
type: int
|
|
default: 43200
|
|
- variable: insecureCookie
|
|
label: Use insecure cookies
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: tfaGoogleOptions
|
|
group: App Configuration
|
|
label: Google Provider
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: clientId
|
|
label: Client ID
|
|
schema:
|
|
type: string
|
|
private: true
|
|
- variable: clientSecret
|
|
label: Client Secret
|
|
schema:
|
|
type: string
|
|
private: true
|
|
- variable: prompt
|
|
label: Prompt
|
|
description: Space separated list of OpenID prompt options.
|
|
schema:
|
|
type: string
|
|
- variable: tfaOidcOptions
|
|
group: App Configuration
|
|
label: OIDC Provider
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: issuerUrl
|
|
label: Issuer URL
|
|
schema:
|
|
type: string
|
|
- variable: clientId
|
|
label: Client ID
|
|
schema:
|
|
type: string
|
|
private: true
|
|
- variable: clientSecret
|
|
label: Client Secret
|
|
schema:
|
|
type: string
|
|
private: true
|
|
- variable: resource
|
|
label: Resource
|
|
description: Optional resource indicator.
|
|
schema:
|
|
type: string
|
|
- variable: tfaOauthOptions
|
|
group: App Configuration
|
|
label: Generic OAuth2 Provider
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: authUrl
|
|
label: Auth/Login URL
|
|
schema:
|
|
type: string
|
|
- variable: tokenUrl
|
|
label: Token URL
|
|
schema:
|
|
type: string
|
|
- variable: userUrl
|
|
label: User URL
|
|
description: URL used to retrieve user info.
|
|
schema:
|
|
type: string
|
|
- variable: clientId
|
|
label: Client ID
|
|
schema:
|
|
type: string
|
|
private: true
|
|
- variable: clientSecret
|
|
label: Client Secret
|
|
schema:
|
|
type: string
|
|
private: true
|
|
- variable: scopes
|
|
label: Scopes
|
|
schema:
|
|
type: string
|
|
default: profile, email
|
|
- variable: tokenStyle
|
|
label: Token style
|
|
description: How token is presented when querying the User URL
|
|
schema:
|
|
type: string
|
|
default: header
|
|
enum:
|
|
- value: header
|
|
description: Header
|
|
- value: query
|
|
description: Query
|
|
- variable: resource
|
|
label: Resource
|
|
description: Optional resource indicator.
|
|
schema:
|
|
type: string
|
|
# Include{fixedEnv}
|
|
# Include{containerConfig}
|
|
# Include{serviceRoot}
|
|
- variable: main
|
|
label: "Main Service"
|
|
description: "The Primary service on which the healthcheck runs, often the webUI"
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelector}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: main
|
|
label: "Main Service Port Configuration"
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 4181
|
|
required: true
|
|
- variable: advanced
|
|
label: "Show Advanced settings"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: enabled
|
|
label: "Enable the port"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: protocol
|
|
label: "Port Type"
|
|
schema:
|
|
type: string
|
|
default: "HTTP"
|
|
enum:
|
|
- value: HTTP
|
|
description: "HTTP"
|
|
- value: "HTTPS"
|
|
description: "HTTPS"
|
|
- value: TCP
|
|
description: "TCP"
|
|
- value: "UDP"
|
|
description: "UDP"
|
|
- variable: nodePort
|
|
label: "Node Port (Optional)"
|
|
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
|
schema:
|
|
type: int
|
|
min: 9000
|
|
max: 65535
|
|
- variable: targetPort
|
|
label: "Target Port"
|
|
description: "The internal(!) port on the container the Application runs on"
|
|
schema:
|
|
type: int
|
|
default: 4181
|
|
# Include{serviceExpertRoot}
|
|
# Include{serviceExpert}
|
|
# Include{serviceList}
|
|
# Include{ingressRoot}
|
|
- variable: main
|
|
label: "Main Ingress"
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
# Include{ingressTLS}
|
|
# Include{ingressTraefik}
|
|
# Include{ingressExpert}
|
|
# Include{ingressList}
|
|
- variable: advancedSecurity
|
|
label: "Show Advanced Security Settings"
|
|
group: "Security and Permissions"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: securityContext
|
|
label: "Security Context"
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: privileged
|
|
label: "Privileged mode"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: readOnlyRootFilesystem
|
|
label: "ReadOnly Root Filesystem"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allowPrivilegeEscalation
|
|
label: "Allow Privilege Escalation"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: runAsNonRoot
|
|
label: "runAsNonRoot"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
# Include{securityContextAdvanced}
|
|
# Include{securityContextRoot}
|
|
- variable: runAsUser
|
|
label: "runAsUser"
|
|
description: "The UserID of the user running the application"
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
- variable: runAsGroup
|
|
label: "runAsGroup"
|
|
description: "The groupID of the user running the application"
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
# Include{securityContextContainer}
|
|
# Include{securityContextAdvanced}
|
|
# Include{securityContextPod}
|
|
- variable: fsGroup
|
|
label: "fsGroup"
|
|
description: "The group that should own ALL storage."
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
|
|
# Include{resources}
|
|
# Include{advanced}
|
|
# Include{addons}
|
|
# Include{codeserver}
|
|
# Include{netshoot}
|
|
# Include{promtail}
|
|
# Include{vpn}
|