TrueChartsClone/charts/incubator/traefik-forward-auth/questions.yaml

417 lines
13 KiB
YAML

# Include{groups}
questions:
# Include{global}
# Include{workload}
# Include{workloadDeployment}
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
# Include{containerBasic}
# Include{containerAdvanced}
# Include{controllerExpert}
- variable: tfaAppOptions
group: App Configuration
label: Application Options
schema:
type: dict
attrs:
- variable: secret
label: Secret
description: Mandatory, can be any string.
schema:
type: string
required: true
private: true
- variable: port
label: Port
schema:
type: int
default: 4181
- variable: logLevel
label: Log level
schema:
type: string
default: warn
enum:
- value: trace
description: Trace (most detailed)
- value: debug
description: Debug
- value: info
description: Information
- value: warn
description: Warning
- value: error
description: Error
- value: fatal
description: Fatal
- value: panic
description: Panic (least detailed)
- variable: logFormat
label: Log format
schema:
type: string
default: text
enum:
- value: text
description: Text
- value: json
description: JSON
- value: pretty
description: Pretty
- variable: tfaAuthOptions
group: App Configuration
label: Auth Options
schema:
type: dict
attrs:
- variable: authHost
label: Auth host
description: Single host to use when returning from 3rd party auth.
schema:
type: string
- variable: urlPath
label: Callback URL Path
schema:
type: string
default: "/_oauth"
- variable: defaultAction
label: Default action
schema:
type: string
default: auth
enum:
- value: auth
description: Authenticate
- value: allow
description: Allow (do not require authentication)
- variable: defaultProvider
label: Default provider
schema:
type: string
default: google
enum:
- value: google
description: Google Provider
- value: oidc
description: OIDC Provider
- value: generic-oauth
description: Generic OAuth2 Provider
- variable: domain
label: Domains
description: Only allow given email domains.
schema:
type: list
default: []
items:
- variable: allowedDomain
label: Host
schema:
type: string
required: true
- variable: whitelist
label: Whitelist
description: Only allow given email addresses.
schema:
type: list
default: []
items:
- variable: allowedEmail
label: Host
schema:
type: string
required: true
- variable: rules
label: Rules
description: Additional rules in rule.<name>.<param>=<value> format.
schema:
type: list
default: []
items:
- variable: rule
label: Rule
schema:
type: string
required: true
- variable: logoutRedirect
label: Logout redirect
description: URL to redirect to following logout.
schema:
type: string
- variable: tfaCookieOptions
group: App Configuration
label: Cookie Options
schema:
type: dict
attrs:
- variable: cookieDomain
label: Cookie domain hosts
schema:
type: list
default: []
items:
- variable: cookieDomainHost
label: Host
schema:
type: string
required: true
- variable: cookieName
label: Cookie name
schema:
type: string
default: "_forward_auth"
- variable: csrfCookieName
label: CSRF cookie name
schema:
type: string
default: "_forward_auth_csrf"
- variable: lifetime
label: Lifetime
description: Lifetime in seconds.
schema:
type: int
default: 43200
- variable: insecureCookie
label: Use insecure cookies
schema:
type: boolean
default: false
- variable: tfaGoogleOptions
group: App Configuration
label: Google Provider
schema:
type: dict
attrs:
- variable: clientId
label: Client ID
schema:
type: string
private: true
- variable: clientSecret
label: Client Secret
schema:
type: string
private: true
- variable: prompt
label: Prompt
description: Space separated list of OpenID prompt options.
schema:
type: string
- variable: tfaOidcOptions
group: App Configuration
label: OIDC Provider
schema:
type: dict
attrs:
- variable: issuerUrl
label: Issuer URL
schema:
type: string
- variable: clientId
label: Client ID
schema:
type: string
private: true
- variable: clientSecret
label: Client Secret
schema:
type: string
private: true
- variable: resource
label: Resource
description: Optional resource indicator.
schema:
type: string
- variable: tfaOauthOptions
group: App Configuration
label: Generic OAuth2 Provider
schema:
type: dict
attrs:
- variable: authUrl
label: Auth/Login URL
schema:
type: string
- variable: tokenUrl
label: Token URL
schema:
type: string
- variable: userUrl
label: User URL
description: URL used to retrieve user info.
schema:
type: string
- variable: clientId
label: Client ID
schema:
type: string
private: true
- variable: clientSecret
label: Client Secret
schema:
type: string
private: true
- variable: scopes
label: Scopes
schema:
type: string
default: profile, email
- variable: tokenStyle
label: Token style
description: How token is presented when querying the User URL
schema:
type: string
default: header
enum:
- value: header
description: Header
- value: query
description: Query
- variable: resource
label: Resource
description: Optional resource indicator.
schema:
type: string
# Include{fixedEnv}
# Include{containerConfig}
# Include{serviceRoot}
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
type: dict
attrs:
# Include{serviceSelector}
# Include{serviceSelectorExtras}
- variable: main
label: "Main Service Port Configuration"
schema:
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 4181
required: true
- variable: advanced
label: "Show Advanced settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: enabled
label: "Enable the port"
schema:
type: boolean
default: true
- variable: protocol
label: "Port Type"
schema:
type: string
default: "HTTP"
enum:
- value: HTTP
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- value: TCP
description: "TCP"
- value: "UDP"
description: "UDP"
- variable: nodePort
label: "Node Port (Optional)"
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
schema:
type: int
min: 9000
max: 65535
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 4181
# Include{serviceExpertRoot}
# Include{serviceExpert}
# Include{serviceList}
# Include{ingressRoot}
- variable: main
label: "Main Ingress"
schema:
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
# Include{ingressList}
- variable: advancedSecurity
label: "Show Advanced Security Settings"
group: "Security and Permissions"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: securityContext
label: "Security Context"
schema:
type: dict
attrs:
- variable: privileged
label: "Privileged mode"
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: true
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: "runAsNonRoot"
schema:
type: boolean
default: true
# Include{securityContextAdvanced}
# Include{securityContextRoot}
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 568
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 568
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 568
# Include{resources}
# Include{advanced}
# Include{addons}
# Include{codeserver}
# Include{netshoot}
# Include{promtail}
# Include{vpn}