670 lines
24 KiB
YAML
670 lines
24 KiB
YAML
# Include{groups}
|
|
portals:
|
|
open:
|
|
# Include{portalLink}
|
|
questions:
|
|
# Include{global}
|
|
# Include{workload}
|
|
# Include{workloadDeployment}
|
|
# Include{replicas1}
|
|
# Include{podSpec}
|
|
# Include{containerMain}
|
|
# Include{containerBasic}
|
|
# Include{containerAdvanced}
|
|
- variable: authentik
|
|
group: App Configuration
|
|
label: Authentik Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: credentials
|
|
label: Credentials
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: email
|
|
label: Email
|
|
description: |
|
|
Set the default email address for the akadmin user.</br>
|
|
Only read on initial install, changing this will have no effect.
|
|
schema:
|
|
type: string
|
|
required: true
|
|
immutable: true
|
|
default: ""
|
|
- variable: password
|
|
label: Password
|
|
description: |
|
|
Set the default password for the akadmin user.</br>
|
|
Only read on initial install, changing this will have no effect.
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
immutable: true
|
|
default: ""
|
|
- variable: bootstrapToken
|
|
label: (Optional) Bootstrap Token
|
|
description: |
|
|
Set the bootstrap token for the authentik server.</br>
|
|
Only read on initial install, changing this will have no effect. </br>
|
|
Only set this token if you plan to use the API right after installation.
|
|
schema:
|
|
type: string
|
|
private: true
|
|
immutable: true
|
|
default: ""
|
|
- variable: general
|
|
label: General
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: disableUpdateCheck
|
|
label: Disable Update Check
|
|
description: Disable the inbuilt update-checker
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: disableStartupAnalytics
|
|
label: Disable Startup Analytics
|
|
description: Disable startup analytics
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allowUserChangeName
|
|
label: Allow User Change Name
|
|
description: Enable the ability for users to change their Name
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allowUserChangeEmail
|
|
label: Allow User Change Mail
|
|
description: Enable the ability for users to change their Email address
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allowUserChangeUsername
|
|
label: Allow User Change Username
|
|
description: Enable the ability for users to change their Usernames
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: gdprCompliance
|
|
label: GDPR Compliance
|
|
description: When enabled, all the events caused by a user will be deleted upon the user's deletion
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: overwriteDefaultBlueprints
|
|
label: Overwrite Default Blueprints
|
|
description: |
|
|
When enabled, all the default blueprints will be overwritten</br>
|
|
True: mountPath: /blueprints</br>
|
|
False: mountPath: /blueprints/custom
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: tokenLength
|
|
label: Token Length
|
|
description: Configure the length of generated tokens
|
|
schema:
|
|
type: int
|
|
min: 60
|
|
default: 128
|
|
- variable: impersonation
|
|
label: Impersonation
|
|
description: Globally enable / disable impersonation
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: avatars
|
|
label: Avatars
|
|
description: Configure how authentik should show avatars for users
|
|
schema:
|
|
type: list
|
|
default:
|
|
- gravatar
|
|
- initials
|
|
items:
|
|
- variable: avatar
|
|
label: Avatar
|
|
description: Avatar type
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: footerLinks
|
|
label: Footer Links
|
|
description: This option configures the footer links on the flow executor pages
|
|
schema:
|
|
type: list
|
|
default:
|
|
- name: Authentik
|
|
href: https://goauthentik.io
|
|
items:
|
|
- variable: footerLink
|
|
label: Footer Link
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: Name
|
|
description: Name of the link
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: href
|
|
label: Href
|
|
description: URL of the link
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: email
|
|
label: Email
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: host
|
|
label: Mail Server Host
|
|
description: Sets host of mail server
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: port
|
|
label: Mail Server Port
|
|
description: Sets port of mail server
|
|
schema:
|
|
type: int
|
|
default: 587
|
|
- variable: username
|
|
label: Username
|
|
description: Sets username of mail server
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: password
|
|
label: Password
|
|
description: Sets password of mail server
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: useTLS
|
|
label: Use TLS for authentication
|
|
description: Sets TLS for mail server authentication
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: useSSL
|
|
label: Use SSL for authentication
|
|
description: Sets SSL for mail server authentication
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: timeout
|
|
label: Timeout of authentication
|
|
description: Sets timeout for mail server authentication
|
|
schema:
|
|
type: int
|
|
default: 10
|
|
- variable: from
|
|
label: From Address
|
|
description: Email address authentik will send from
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: ldap
|
|
label: LDAP
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: tls_ciphers
|
|
label: TLS Ciphers
|
|
description: |
|
|
Allows configuration of TLS Ciphers for LDAP connections used by LDAP sources.</br>
|
|
Setting applies to all sources
|
|
schema:
|
|
type: string
|
|
default: "null"
|
|
- variable: taskTimeoutHours
|
|
label: Task Timeout Hours
|
|
description: Timeout in hours for LDAP synchronization tasks
|
|
schema:
|
|
type: int
|
|
default: 2
|
|
- variable: logging
|
|
label: Logging
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: log_level
|
|
label: Log Level
|
|
description: Log level for the server and worker containers
|
|
schema:
|
|
type: string
|
|
default: info
|
|
enum:
|
|
- value: trace
|
|
description: trace
|
|
- value: debug
|
|
description: debug
|
|
- value: info
|
|
description: info
|
|
- value: warning
|
|
description: warning
|
|
- value: error
|
|
description: error
|
|
- variable: error_reporting
|
|
label: Error Reporting
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable Reporting
|
|
description: Enables error reporting
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if:
|
|
subquestions:
|
|
- variable: sendPII
|
|
label: Send Personal Data
|
|
description: Whether or not to send personal data, like usernames
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: environment
|
|
label: Environment
|
|
description: The environment tag associated with all data sent to Sentry
|
|
schema:
|
|
type: string
|
|
default: customer
|
|
- variable: sentryDSN
|
|
label: Sentry DSN
|
|
description: Sets the DSN for the Sentry API endpoint.
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: geoip
|
|
label: GeoIP
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: wipeBuiltInDb
|
|
label: Wipe Built-In GeoIP DB
|
|
description: |
|
|
Wipes the built-in GeoIP database.</br>
|
|
With this set to false, and disabled GeoIP container,</br>
|
|
It will use the built-in database.
|
|
schema:
|
|
type: boolean
|
|
show_if: [["enabled", "=", false]]
|
|
default: false
|
|
- variable: enabled
|
|
label: Enabled
|
|
description: |
|
|
Enables and configures the GeoIP container.</br>
|
|
This will deploy the GeoIP container.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: editionID
|
|
label: Edition ID
|
|
description: |
|
|
The edition ID of the database to download.</br>
|
|
Only one seems to be supported by Authentik.
|
|
schema:
|
|
type: string
|
|
default: GeoLite2-City
|
|
- variable: frequency
|
|
label: Frequency
|
|
description: The number of hours between geoipupdate runs.
|
|
schema:
|
|
type: int
|
|
min: 1
|
|
default: 8
|
|
- variable: accountID
|
|
label: Account ID
|
|
description: Your MaxMind account ID
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: licenseKey
|
|
label: License Key
|
|
description: Your MaxMind license key
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: outposts
|
|
label: Outposts
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: disableEmbeddedOutpost
|
|
label: EXPERIMENTAL - Disable Embedded Outpost
|
|
description: |
|
|
Disables the embedded outpost.</br>
|
|
This will disable the embedded outpost, and will require you to deploy your own outpost.</br>
|
|
Only use this for testing, it might be removed without notice.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: proxy
|
|
label: Proxy
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enabled
|
|
description: |
|
|
Enables and configures the Proxy container.</br>
|
|
This will deploy the Proxy container.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: token
|
|
label: Token
|
|
description: |
|
|
The token used to authenticate with the authentik server.
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: radius
|
|
label: Radius
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enabled
|
|
description: |
|
|
Enables and configures the Radius container.</br>
|
|
This will deploy the Radius container.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: token
|
|
label: Token
|
|
description: |
|
|
The token used to authenticate with the authentik server.
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: ldap
|
|
label: LDAP
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enabled
|
|
description: |
|
|
Enables and configures the LDAP container.</br>
|
|
This will deploy the LDAP container.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: token
|
|
label: Token
|
|
description: |
|
|
The token used to authenticate with the authentik server.
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
# Include{containerConfig}
|
|
# Include{podOptions}
|
|
# Include{serviceRoot}
|
|
- variable: main
|
|
label: Main Service
|
|
description: The Primary service on which the healthcheck runs, often the webUI
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: main
|
|
label: Main Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 10229
|
|
required: true
|
|
- variable: proxy
|
|
label: Proxy Service
|
|
description: The Proxy service.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: http
|
|
label: HTTP Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 10227
|
|
required: true
|
|
- variable: https
|
|
label: HTTPS Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 10228
|
|
required: true
|
|
- variable: radius
|
|
label: RADIUS Service
|
|
description: The RADIUS service.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: radius
|
|
label: RADIUS Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 1812
|
|
required: true
|
|
- variable: ldap
|
|
label: LDAP Service
|
|
description: The LDAP service.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: ldap
|
|
label: LDAP Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 389
|
|
required: true
|
|
- variable: ldaps
|
|
label: LDAPS Service
|
|
description: The LDAPS service.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: ldaps
|
|
label: LDAPS Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 636
|
|
required: true
|
|
# Include{serviceExpertRoot}
|
|
# Include{serviceExpert}
|
|
# Include{serviceList}
|
|
# Include{persistenceRoot}
|
|
- variable: media
|
|
label: App Media Storage
|
|
description: Stores the Application Media.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: templates
|
|
label: App Templates Storage
|
|
description: Stores the Application Templates.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: blueprints
|
|
label: App Blueprints Storage
|
|
description: Stores the Application Blueprints.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: certs
|
|
label: App Certs Storage
|
|
description: Stores the Application Certs.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: geoip
|
|
label: App GeoIP Storage
|
|
description: Stores the Application GeoIP.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceList}
|
|
# Include{ingressRoot}
|
|
- variable: main
|
|
label: Main (HTTPS) Ingress
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
# Include{ingressTLS}
|
|
# Include{ingressTraefik}
|
|
# Include{ingressAdvanced}
|
|
- variable: proxy
|
|
label: Proxy (HTTPS) Ingress
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
# Include{ingressTLS}
|
|
# Include{ingressTraefik}
|
|
# Include{ingressAdvanced}
|
|
# Include{ingressList}
|
|
# Include{securityContextRoot}
|
|
- variable: runAsUser
|
|
label: runAsUser
|
|
description: The UserID of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 1000
|
|
- variable: runAsGroup
|
|
label: runAsGroup
|
|
description: The groupID of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 1000
|
|
# Include{securityContextContainer}
|
|
# Include{securityContextAdvanced}
|
|
# Include{securityContextPod}
|
|
- variable: fsGroup
|
|
label: fsGroup
|
|
description: The group that should own ALL storage.
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
# Include{resources}
|
|
# Include{metrics}
|
|
# Include{prometheusRule}
|
|
# Include{advanced}
|
|
# Include{addons}
|
|
# Include{codeserver}
|
|
# Include{netshoot}
|
|
# Include{vpn}
|
|
# Include{documentation}
|