780 lines
29 KiB
YAML
780 lines
29 KiB
YAML
# Include{groups}
|
||
portals:
|
||
open:
|
||
protocols:
|
||
- "$kubernetes-resource_configmap_portal_protocol"
|
||
host:
|
||
- "$kubernetes-resource_configmap_portal_host"
|
||
ports:
|
||
- "$kubernetes-resource_configmap_portal_port"
|
||
questions:
|
||
- variable: portal
|
||
group: "Container Image"
|
||
label: "Configure Portal Button"
|
||
schema:
|
||
type: dict
|
||
hidden: true
|
||
attrs:
|
||
- variable: enabled
|
||
label: "Enable"
|
||
description: "enable the portal button"
|
||
schema:
|
||
hidden: true
|
||
editable: false
|
||
type: boolean
|
||
default: true
|
||
# Include{global}
|
||
|
||
- variable: controller
|
||
group: "Controller"
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: advanced
|
||
label: "Show Advanced Controller Settings"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: type
|
||
description: "Please specify type of workload to deploy"
|
||
label: "(Advanced) Controller Type"
|
||
schema:
|
||
type: string
|
||
default: "deployment"
|
||
required: true
|
||
enum:
|
||
- value: "deployment"
|
||
description: "Deployment"
|
||
- value: "statefulset"
|
||
description: "Statefulset"
|
||
- value: "daemonset"
|
||
description: "Daemonset"
|
||
- variable: replicas
|
||
description: "Number of desired pod replicas"
|
||
label: "Desired Replicas"
|
||
schema:
|
||
type: int
|
||
default: 1
|
||
required: true
|
||
- variable: strategy
|
||
description: "Please specify type of workload to deploy"
|
||
label: "(Advanced) Update Strategy"
|
||
schema:
|
||
type: string
|
||
default: "Recreate"
|
||
required: true
|
||
enum:
|
||
- value: "Recreate"
|
||
description: "Recreate: Kill existing pods before creating new ones"
|
||
- value: "RollingUpdate"
|
||
description: "RollingUpdate: Create new pods and then kill old ones"
|
||
- value: "OnDelete"
|
||
description: "(Legacy) OnDelete: ignore .spec.template changes"
|
||
# Include{controllerExpert}
|
||
- variable: env
|
||
group: "Container Configuration"
|
||
label: "Image Environment"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: APP_URL
|
||
label: "APP_URL"
|
||
description: "This is the url to your application, beginning with http:// or https:// (if you're running Snipe-IT over SSL). This should not have a trailing slash."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: APP_TRUSTED_PROXIES
|
||
label: "APP_TRUSTED_PROXIES"
|
||
description: "APP_TRUSTED_PROXIES"
|
||
schema:
|
||
type: string
|
||
default: "172.16.0.0/16"
|
||
required: true
|
||
- variable: APP_LOCALE
|
||
label: "APP_LOCALE"
|
||
description: "Set this to reflect the two-letter or 5-letter abbreviation for the language you'd like to use for Snipe-IT"
|
||
schema:
|
||
type: string
|
||
default: "en"
|
||
required: true
|
||
enum:
|
||
- value: "en"
|
||
description: "English (US)"
|
||
- value: "en-GB"
|
||
description: "English (UK)"
|
||
- value: "af"
|
||
description: "Afrikaans"
|
||
- value: "ar"
|
||
description: "Arabic"
|
||
- value: "bg"
|
||
description: "Bulgarian"
|
||
- value: "zh-CN"
|
||
description: "Chinese Simplified"
|
||
- value: "zh-TW"
|
||
description: "Chinese Traditional"
|
||
- value: "hr"
|
||
description: "Croatian"
|
||
- value: "cs"
|
||
description: "Czech"
|
||
- value: "da"
|
||
description: "Danish"
|
||
- value: "nl"
|
||
description: "Dutch"
|
||
- value: "et"
|
||
description: "Estonian"
|
||
- value: "fi"
|
||
description: "Finnish"
|
||
- value: "fr"
|
||
description: "French"
|
||
- value: "de"
|
||
description: "German"
|
||
- value: "el"
|
||
description: "Greek"
|
||
- value: "he"
|
||
description: "Hebrew"
|
||
- value: "hu"
|
||
description: "Hungarian"
|
||
- value: "id"
|
||
description: "Indonesian"
|
||
- value: "en-ID"
|
||
description: "English, Indonesia"
|
||
- value: "ga-IE"
|
||
description: "Irish"
|
||
- value: "it"
|
||
description: "Italian"
|
||
- value: "ja"
|
||
description: "Japanese"
|
||
- value: "ko"
|
||
description: "Korean"
|
||
- value: "lv"
|
||
description: "Latvian"
|
||
- value: "lt"
|
||
description: "Lithuanian"
|
||
- value: "ms"
|
||
description: "Malay"
|
||
- value: "mi"
|
||
description: "Maori"
|
||
- value: "mn"
|
||
description: "Mongolian"
|
||
- value: "no"
|
||
description: "Norwegian"
|
||
- value: "fa"
|
||
description: "Persian"
|
||
- value: "pl"
|
||
description: "Polish"
|
||
- value: "pt-PT"
|
||
description: "Portuguese"
|
||
- value: "pt-BR"
|
||
description: "Portuguese, Brazilian"
|
||
- value: "ro"
|
||
description: "Romanian"
|
||
- value: "ru"
|
||
description: "Russian"
|
||
- value: "es-ES"
|
||
description: "Spanish"
|
||
- value: "es-CO"
|
||
description: "Spanish, Colombia"
|
||
- value: "sv-SE"
|
||
description: "Swedish"
|
||
- value: "ta"
|
||
description: "Tamil"
|
||
- value: "tr"
|
||
description: "Turkish"
|
||
- value: "vi"
|
||
description: "Vietnamese"
|
||
- value: "zu"
|
||
description: "Zulu"
|
||
- variable: IMAGE_LIB
|
||
label: "IMAGE_LIB"
|
||
description: "GD Library or Imagemagick are required to generate barcodes for Snipe-IT"
|
||
schema:
|
||
type: string
|
||
default: "gd"
|
||
required: true
|
||
enum:
|
||
- value: "gd"
|
||
description: "GD Library"
|
||
- value: "imagick"
|
||
description: "ImageMagick"
|
||
- variable: sessionsettings
|
||
label: "Session Settings"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: SESSION_LIFETIME
|
||
label: "SESSION_LIFETIME"
|
||
description: "Specify the time in minutes that the session should remain valid."
|
||
schema:
|
||
type: int
|
||
default: 30
|
||
required: true
|
||
- variable: EXPIRE_ON_CLOSE
|
||
label: "EXPIRE_ON_CLOSE"
|
||
description: "Specify whether or not the logged in session should be expired when the user closes their browser window."
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: ENCRYPT
|
||
label: "ENCRYPT"
|
||
description: "Specify whether you wish to use encrypted cookies for your Snipe-IT sessions."
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: COOKIE_NAME
|
||
label: "COOKIE_NAME"
|
||
description: "If you are running multiple Snipe-IT installs, you should probably set this to a unique name for each one so that your browser doesn't get sessions confused."
|
||
schema:
|
||
type: string
|
||
default: "snipeit_session"
|
||
required: true
|
||
- variable: COOKIE_DOMAIN
|
||
label: "COOKIE_DOMAIN"
|
||
description: "Specify what domain name Snipe-IT should honor cookies from.should be set to whatever the domain name is of your Snipe-IT installation if you choose to use it."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: SECURE_COOKIES
|
||
label: "SECURE_COOKIES"
|
||
description: "By setting this option to true, session cookies will only be sent back to the server if the browser has a HTTPS connection."
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: API_TOKEN_EXPIRATION_YEARS
|
||
label: "API_TOKEN_EXPIRATION_YEARS"
|
||
description: "This sets how long the API tokens should be valid for."
|
||
schema:
|
||
type: int
|
||
default: 40
|
||
required: true
|
||
- variable: loginsettings
|
||
label: "Login Settings"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: LOGIN_MAX_ATTEMPTS
|
||
label: "LOGIN_MAX_ATTEMPTS"
|
||
description: "The maximum number of failed attempts allowed before the user is throttled."
|
||
schema:
|
||
type: int
|
||
default: 5
|
||
required: true
|
||
- variable: LOGIN_LOCKOUT_DURATION
|
||
label: "LOGIN_LOCKOUT_DURATION"
|
||
description: " The duration (in seconds) that the user should be blocked from attempting to authenticate again."
|
||
schema:
|
||
type: int
|
||
default: 60
|
||
required: true
|
||
- variable: miscsettings
|
||
label: "Misc Settings"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: LOG
|
||
label: "LOG"
|
||
description: "Whether to use a single log file, or multiple date-based log files for your app error logs."
|
||
schema:
|
||
type: string
|
||
default: "daily"
|
||
required: true
|
||
enum:
|
||
- value: "single"
|
||
description: "Single File"
|
||
- value: "daily"
|
||
description: "Daily Files"
|
||
- variable: APP_LOG_MAX_FILES
|
||
label: "APP_LOG_MAX_FILES"
|
||
description: "Max number of daily app log files to retain."
|
||
schema:
|
||
type: int
|
||
default: 10
|
||
required: true
|
||
- variable: ALLOW_IFRAMING
|
||
label: "ALLOW_IFRAMING"
|
||
description: "Set this to true if you need to run Snipe-IT within an iframe."
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: APP_ALLOW_INSECURE_HOSTS
|
||
label: "APP_ALLOW_INSECURE_HOSTS"
|
||
description: "Set this to this to true ONLY if you if you can’t make your APP_URL match the actual URL of your application, and your hosting environment is secure and not accessible to the outside world."
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: GOOGLE_MAPS_API
|
||
label: "GOOGLE_MAPS_API"
|
||
description: "Include your Google Maps API key here if you'd like Snipe-IT to load maps from Google on your locations and suppliers pages."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: LDAP_MEM_LIM
|
||
label: "LDAP_MEM_LIM"
|
||
description: "Memory limit for LDAP execution"
|
||
schema:
|
||
type: string
|
||
default: "500M"
|
||
required: true
|
||
- variable: LDAP_TIME_LIM
|
||
label: "LDAP_TIME_LIM"
|
||
description: "Time limit for LDAP execution"
|
||
schema:
|
||
type: int
|
||
default: 600
|
||
required: true
|
||
- variable: API_THROTTLE_PER_MINUTE
|
||
label: "API_THROTTLE_PER_MINUTE"
|
||
description: "Number of requests to allow per minute."
|
||
schema:
|
||
type: int
|
||
default: 120
|
||
required: true
|
||
- variable: ENABLE_HSTS
|
||
label: "ENABLE_HSTS"
|
||
description: "HSTS is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking."
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: ENABLE_CSP
|
||
label: "ENABLE_CSP"
|
||
description: "Disable the content security policy that restricts what scripts, images and styles can load."
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: CORS_ALLOWED_ORIGINS
|
||
label: "CORS_ALLOWED_ORIGINS"
|
||
schema:
|
||
type: string
|
||
default: "null"
|
||
- variable: REFERRER_POLICY
|
||
label: "REFERRER_POLICY"
|
||
description: "This is an additional security header that browsers use to determine whether they should report back URL referrer information."
|
||
schema:
|
||
type: string
|
||
default: "same-origin"
|
||
- variable: mailsettings
|
||
label: "Mail Settings"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: MAIL_DRIVER
|
||
label: "MAIL_DRIVER"
|
||
description: "Specify the driver you would like to use."
|
||
schema:
|
||
type: string
|
||
default: "log"
|
||
enum:
|
||
- value: "log"
|
||
description: "log"
|
||
- value: "smtp"
|
||
description: "smtp"
|
||
- value: "mail"
|
||
description: "mail"
|
||
- value: "sendmail"
|
||
description: "sendmail"
|
||
- variable: MAIL_HOST
|
||
label: "MAIL_HOST"
|
||
description: "Specify the hostname for your outgoing mail server. Keep in mind that this server must be accessible from the server you're running Snipe-IT on."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: MAIL_PORT
|
||
label: "MAIL_PORT"
|
||
description: "Set the port number that your mail server expects to send from."
|
||
schema:
|
||
type: int
|
||
default: 587
|
||
- variable: MAIL_USERNAME
|
||
label: "MAIL_USERNAME"
|
||
description: "Set the username of the authenticated user you'll be sending email as."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: MAIL_PASSWORD
|
||
label: "MAIL_PASSWORD"
|
||
description: "Set the password for the authenticated user you'll be sending as."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
private: true
|
||
- variable: MAIL_ENCRYPTION
|
||
label: "MAIL_ENCRYPTION"
|
||
description: "Here you may specify the encryption protocol that should be used when the application sends e-mail messages."
|
||
schema:
|
||
type: string
|
||
default: "null"
|
||
enum:
|
||
- value: "null"
|
||
description: "null"
|
||
- value: "tls"
|
||
description: "tls"
|
||
- value: "ssl"
|
||
description: "ssl"
|
||
- variable: MAIL_FROM_ADDR
|
||
label: "MAIL_FROM_ADDR"
|
||
description: "Specify an email address that is used globally for all e-mails that are sent by your application."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: MAIL_FROM_NAME
|
||
label: "MAIL_FROM_NAME"
|
||
description: "Specify the name that should show up in the recipient's inbox when they receive email from your Snipe-IT instance."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: MAIL_REPLYTO_ADDR
|
||
label: "MAIL_REPLYTO_ADDR"
|
||
description: " Specify the address that should be the reply:to on emails from your Snipe-IT instance. This can be the same as your MAIL_FROM_ADDR, but it is required."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: MAIL_REPLYTO_NAME
|
||
label: "MAIL_REPLYTO_NAME"
|
||
description: "Specify the name that should be the reply:to on emails from your Snipe-IT instance. This can be the same as your MAIL_FROM_NAME , but it is required."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: MAIL_AUTO_EMBED
|
||
label: "MAIL_AUTO_EMBED"
|
||
description: "Whether or not to embed images in emails (via CID or base64) versus linking to them."
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
- variable: MAIL_AUTO_EMBED_METHOD
|
||
label: "MAIL_AUTO_EMBED_METHOD"
|
||
description: "Method that should be used for attaching inline images. Options are attachment (for CID) or base64."
|
||
schema:
|
||
type: string
|
||
default: "base64"
|
||
enum:
|
||
- value: "base64"
|
||
description: "base64"
|
||
- value: "attachment"
|
||
description: "attachment"
|
||
- variable: publicawssettings
|
||
label: "Public AWS S3 Settings"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: PUBLIC_AWS_SECRET_ACCESS_KEY
|
||
label: "PUBLIC_AWS_SECRET_ACCESS_KEY"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
private: true
|
||
- variable: PUBLIC_AWS_ACCESS_KEY_ID
|
||
label: "PUBLIC_AWS_ACCESS_KEY_ID"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
private: true
|
||
- variable: PUBLIC_AWS_DEFAULT_REGION
|
||
label: "PUBLIC_AWS_DEFAULT_REGION"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: PUBLIC_AWS_BUCKET
|
||
label: "PUBLIC_AWS_BUCKET"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: PUBLIC_AWS_URL
|
||
label: "PUBLIC_AWS_URL"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: PUBLIC_AWS_BUCKET_ROOT
|
||
label: "PUBLIC_AWS_BUCKET_ROOT"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: privateawssettings
|
||
label: "Private AWS S3 Settings"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: PRIVATE_AWS_SECRET_ACCESS_KEY
|
||
label: "PRIVATE_AWS_SECRET_ACCESS_KEY"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
private: true
|
||
- variable: PRIVATE_AWS_ACCESS_KEY_ID
|
||
label: "PRIVATE_AWS_ACCESS_KEY_ID"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
private: true
|
||
- variable: PRIVATE_AWS_DEFAULT_REGION
|
||
label: "PRIVATE_AWS_DEFAULT_REGION"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: PRIVATE_AWS_BUCKET
|
||
label: "PRIVATE_AWS_BUCKET"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: PRIVATE_AWS_URL
|
||
label: "PRIVATE_AWS_URL"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: PRIVATE_AWS_BUCKET_ROOT
|
||
label: "PRIVATE_AWS_BUCKET_ROOT"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
# Include{containerConfig}
|
||
|
||
- variable: service
|
||
group: "Networking and Services"
|
||
label: "Configure Service(s)"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: main
|
||
label: "Main Service"
|
||
description: "The Primary service on which the healthcheck runs, often the webUI"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
# Include{serviceSelector}
|
||
- variable: main
|
||
label: "Main Service Port Configuration"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: port
|
||
label: "Port"
|
||
description: "This port exposes the container port on the service"
|
||
schema:
|
||
type: int
|
||
default: 10120
|
||
required: true
|
||
- variable: advanced
|
||
label: "Show Advanced settings"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: enabled
|
||
label: "Enable the port"
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
- variable: protocol
|
||
label: "Port Type"
|
||
schema:
|
||
type: string
|
||
default: "HTTP"
|
||
enum:
|
||
- value: HTTP
|
||
description: "HTTP"
|
||
- value: "HTTPS"
|
||
description: "HTTPS"
|
||
- value: TCP
|
||
description: "TCP"
|
||
- value: "UDP"
|
||
description: "UDP"
|
||
- variable: nodePort
|
||
label: "Node Port (Optional)"
|
||
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
||
schema:
|
||
type: int
|
||
min: 9000
|
||
max: 65535
|
||
- variable: targetPort
|
||
label: "Target Port"
|
||
description: "The internal(!) port on the container the Application runs on"
|
||
schema:
|
||
type: int
|
||
default: 80
|
||
|
||
- variable: serviceexpert
|
||
group: "Networking and Services"
|
||
label: "Show Expert Config"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: hostNetwork
|
||
group: "Networking and Services"
|
||
label: "Host-Networking (Complicated)"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
|
||
# Include{serviceExpert}
|
||
|
||
# Include{serviceList}
|
||
|
||
- variable: persistence
|
||
label: "Integrated Persistent Storage"
|
||
description: "Integrated Persistent Storage"
|
||
group: "Storage and Persistence"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: logs
|
||
label: "App Logs Storage"
|
||
description: "Stores the Application Logs."
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: type
|
||
label: "Type of Storage"
|
||
description: "Sets the persistence type, Anything other than PVC could break rollback!"
|
||
schema:
|
||
type: string
|
||
default: "simplePVC"
|
||
enum:
|
||
- value: "simplePVC"
|
||
description: "PVC (simple)"
|
||
- value: "simpleHP"
|
||
description: "HostPath (simple)"
|
||
- value: "emptyDir"
|
||
description: "emptyDir"
|
||
- value: "pvc"
|
||
description: "pvc"
|
||
- value: "hostPath"
|
||
description: "hostPath"
|
||
# Include{persistenceBasic}
|
||
- variable: hostPath
|
||
label: "hostPath"
|
||
description: "Path inside the container the storage is mounted"
|
||
schema:
|
||
show_if: [["type", "=", "hostPath"]]
|
||
type: hostpath
|
||
- variable: medium
|
||
label: "EmptyDir Medium"
|
||
schema:
|
||
show_if: [["type", "=", "emptyDir"]]
|
||
type: string
|
||
default: ""
|
||
enum:
|
||
- value: ""
|
||
description: "Default"
|
||
- value: "Memory"
|
||
description: "Memory"
|
||
# Include{persistenceAdvanced}
|
||
# Include{persistenceList}
|
||
|
||
- variable: ingress
|
||
label: ""
|
||
group: "Ingress"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: main
|
||
label: "Main Ingress"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
# Include{ingressDefault}
|
||
|
||
# Include{ingressTLS}
|
||
|
||
# Include{ingressTraefik}
|
||
|
||
# Include{ingressExpert}
|
||
|
||
# Include{ingressList}
|
||
|
||
# Include{security}
|
||
|
||
- variable: advancedSecurity
|
||
label: "Show Advanced Security Settings"
|
||
group: "Security and Permissions"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: securityContext
|
||
label: "Security Context"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: privileged
|
||
label: "Privileged mode"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: readOnlyRootFilesystem
|
||
label: "ReadOnly Root Filesystem"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: allowPrivilegeEscalation
|
||
label: "Allow Privilege Escalation"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: runAsNonRoot
|
||
label: "runAsNonRoot"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
# Include{securityContextAdvanced}
|
||
|
||
- variable: podSecurityContext
|
||
group: "Security and Permissions"
|
||
label: "Pod Security Context"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: runAsUser
|
||
label: "runAsUser"
|
||
description: "The UserID of the user running the application"
|
||
schema:
|
||
type: int
|
||
default: 0
|
||
- variable: runAsGroup
|
||
label: "runAsGroup"
|
||
description: The groupID this App of the user running the application"
|
||
schema:
|
||
type: int
|
||
default: 0
|
||
- variable: fsGroup
|
||
label: "fsGroup"
|
||
description: "The group that should own ALL storage."
|
||
schema:
|
||
type: int
|
||
default: 568
|
||
# Include{podSecurityContextAdvanced}
|
||
|
||
# Include{resources}
|
||
|
||
# Include{advanced}
|
||
|
||
# Include{addons}
|