577 lines
21 KiB
YAML
577 lines
21 KiB
YAML
# Include{groups}
|
|
portals:
|
|
open:
|
|
protocols:
|
|
- "$kubernetes-resource_configmap_portal_protocol"
|
|
host:
|
|
- "$kubernetes-resource_configmap_portal_host"
|
|
ports:
|
|
- "$kubernetes-resource_configmap_portal_port"
|
|
questions:
|
|
- variable: portal
|
|
group: "Container Image"
|
|
label: "Configure Portal Button"
|
|
schema:
|
|
type: dict
|
|
hidden: true
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable"
|
|
description: "enable the portal button"
|
|
schema:
|
|
hidden: true
|
|
editable: false
|
|
type: boolean
|
|
default: true
|
|
# Include{global}
|
|
- variable: controller
|
|
group: "Controller"
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: advanced
|
|
label: "Show Advanced Controller Settings"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: type
|
|
description: "Please specify type of workload to deploy"
|
|
label: "(Advanced) Controller Type"
|
|
schema:
|
|
type: string
|
|
default: "deployment"
|
|
required: true
|
|
enum:
|
|
- value: "deployment"
|
|
description: "Deployment"
|
|
- value: "statefulset"
|
|
description: "Statefulset"
|
|
- value: "daemonset"
|
|
description: "Daemonset"
|
|
- variable: replicas
|
|
description: "Number of desired pod replicas"
|
|
label: "Desired Replicas"
|
|
schema:
|
|
type: int
|
|
default: 1
|
|
required: true
|
|
- variable: strategy
|
|
description: "Please specify type of workload to deploy"
|
|
label: "(Advanced) Update Strategy"
|
|
schema:
|
|
type: string
|
|
default: "Recreate"
|
|
required: true
|
|
enum:
|
|
- value: "Recreate"
|
|
description: "Recreate: Kill existing pods before creating new ones"
|
|
- value: "RollingUpdate"
|
|
description: "RollingUpdate: Create new pods and then kill old ones"
|
|
- value: "OnDelete"
|
|
description: "(Legacy) OnDelete: ignore .spec.template changes"
|
|
# Include{controllerExpert}
|
|
- variable: secretEnv
|
|
group: "Container Configuration"
|
|
label: "Image Secrets"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: AK_ADMIN_PASS
|
|
label: "AK_ADMIN_PASS (Initial Install Only)"
|
|
description: "This will only have effect in the first installation or always if OVERRIDE_SERVER_PROPERTIES is enabled"
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: AK_ADMIN_TOKEN
|
|
label: "AK_ADMIN_TOKEN (Initial Install Only)"
|
|
description: "This will only have effect in the first installation or always if OVERRIDE_SERVER_PROPERTIES is enabled"
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: env
|
|
group: "Container Configuration"
|
|
label: "Image Environment"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: AUTHENTIK_DEFAULT_USER_CHANGE_NAME
|
|
label: "AUTHENTIK_DEFAULT_USER_CHANGE_NAME"
|
|
description: "Enable the ability for users to change their name."
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL
|
|
label: "AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL"
|
|
description: "Enable the ability for users to change their Email address."
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME
|
|
label: "AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME"
|
|
description: "Enable the ability for users to change their Usernames."
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: AUTHENTIK_GDPR_COMPLIANCE
|
|
label: "AUTHENTIK_GDPR_COMPLIANCE"
|
|
description: "When enabled, all the events caused by a user will be deleted upon the user's deletion."
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: AUTHENTIK_IMPERSONATION
|
|
label: "AUTHENTIK_IMPERSONATION"
|
|
description: "Globally enable/disable impersonation."
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: AUTHENTIK_DISABLE_UPDATE_CHECK
|
|
label: "AUTHENTIK_DISABLE_UPDATE_CHECK"
|
|
description: "Disable the inbuilt update-checker."
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: AUTHENTIK_DISABLE_STARTUP_ANALYTICS
|
|
label: "AUTHENTIK_DISABLE_STARTUP_ANALYTICS"
|
|
description: "Disable the startup analytics."
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: AUTHENTIK_ERROR_REPORTING__ENABLED
|
|
label: "AUTHENTIK_ERROR_REPORTING__ENABLED"
|
|
description: "Enable error reporting."
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: AUTHENTIK_ERROR_REPORTING__SEND_PII
|
|
label: "AUTHENTIK_ERROR_REPORTING__SEND_PII"
|
|
description: "Whether or not to send personal data, like usernames."
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
|
|
label: "AUTHENTIK_ERROR_REPORTING__ENVIRONMENT"
|
|
description: "Unique environment that is attached to your error reports, should be set to your email address for example."
|
|
schema:
|
|
type: string
|
|
default: "customer"
|
|
- variable: AUTHENTIK_DEFAULT_TOKEN_LENGTH
|
|
label: "AUTHENTIK_DEFAULT_TOKEN_LENGTH"
|
|
description: "Configure the length of generated tokens. Defaults to 128."
|
|
schema:
|
|
type: int
|
|
default: 128
|
|
- variable: AUTHENTIK_AVATARS
|
|
label: "AUTHENTIK_AVATARS"
|
|
description: "Configure how authentik should show avatars for users."
|
|
schema:
|
|
type: string
|
|
default: "gravatar"
|
|
- variable: AUTHENTIK_LOG_LEVEL
|
|
label: "AUTHENTIK_LOG_LEVEL"
|
|
description: "Log level for the server and worker containers."
|
|
schema:
|
|
type: string
|
|
default: "info"
|
|
enum:
|
|
- value: trace
|
|
description: "trace"
|
|
- value: debug
|
|
description: "debug"
|
|
- value: info
|
|
description: "info"
|
|
- value: warning
|
|
description: "warning"
|
|
- value: error
|
|
description: "error"
|
|
- variable: enable_mail_config
|
|
label: "Enable Email Settings"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: AUTHENTIK_EMAIL__HOST
|
|
label: "AUTHENTIK_EMAIL__HOST"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: AUTHENTIK_EMAIL__PORT
|
|
label: "AUTHENTIK_EMAIL__PORT"
|
|
schema:
|
|
type: int
|
|
default: 25
|
|
- variable: AUTHENTIK_EMAIL__USERNAME
|
|
label: "AUTHENTIK_EMAIL__USERNAME"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: AUTHENTIK_EMAIL__PASSWORD
|
|
label: "AUTHENTIK_EMAIL__PASSWORD"
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: AUTHENTIK_EMAIL__USE_TLS
|
|
label: "AUTHENTIK_EMAIL__USE_TLS"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: AUTHENTIK_EMAIL__USE_SSL
|
|
label: "AUTHENTIK_EMAIL__USE_SSL"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: AUTHENTIK_EMAIL__TIMEOUT
|
|
label: "AUTHENTIK_EMAIL__TIMEOUT"
|
|
schema:
|
|
type: int
|
|
default: 10
|
|
- variable: AUTHENTIK_EMAIL__FROM
|
|
label: "AUTHENTIK_EMAIL__FROM"
|
|
description: "Email address authentik will send from, should have a correct @domain. To change the sender's display name, use a format like Name <account@domain>."
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: geoip
|
|
group: "Container Configuration"
|
|
label: "Image GeoIP Updater"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: ENABLE_GEOIPUPDATER
|
|
label: "Enable CronJob for GeoIP Updater"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: GEOIPUPDATE_ACCOUNT_ID
|
|
label: "GEOIPUPDATE_ACCOUNT_ID"
|
|
description: "Your MaxMind account ID"
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: GEOIPUPDATE_LICENSE_KEY
|
|
label: "GEOIPUPDATE_LICENSE_KEY"
|
|
description: "Your case-sensitive MaxMind license key."
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: GEOIPUPDATE_EDITION_IDS
|
|
label: "GEOIPUPDATE_EDITION_IDS"
|
|
description: "ist of space-separated database edition IDs. Edition IDs may consist of letters, digits, and dashes."
|
|
schema:
|
|
type: string
|
|
default: "GeoIP2-City"
|
|
- variable: GEOIPUPDATE_HOST
|
|
label: "GEOIPUPDATE_HOST"
|
|
description: "The host name of the server to use. The default is updates.maxmind.com."
|
|
schema:
|
|
type: string
|
|
default: "updates.maxmind.com"
|
|
- variable: GEOIPUPDATE_PRESERVE_FILE_TIMES
|
|
label: "GEOIPUPDATE_PRESERVE_FILE_TIMES"
|
|
description: "Whether to preserve modification times of files downloaded from the server. This option is either 0 or 1. The default is 0."
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
- variable: freqhours
|
|
label: "FREQUENCY"
|
|
description: "The number of hours between geoipupdate runs."
|
|
schema:
|
|
type: int
|
|
default: 8
|
|
|
|
# Include{containerConfig}
|
|
|
|
- variable: service
|
|
group: "Networking and Services"
|
|
label: "Configure Service(s)"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: main
|
|
label: "Main Service"
|
|
description: "The Primary service on which the healthcheck runs, often the webUI"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelector}
|
|
- variable: main
|
|
label: "Main Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 10230
|
|
required: true
|
|
- variable: advanced
|
|
label: "Show Advanced settings"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: protocol
|
|
label: "Port Type"
|
|
schema:
|
|
type: string
|
|
default: "HTTP"
|
|
enum:
|
|
- value: HTTP
|
|
description: "HTTP"
|
|
- value: "HTTPS"
|
|
description: "HTTPS"
|
|
- value: TCP
|
|
description: "TCP"
|
|
- value: "UDP"
|
|
description: "UDP"
|
|
- variable: nodePort
|
|
label: "Node Port (Optional)"
|
|
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
|
schema:
|
|
type: int
|
|
min: 9000
|
|
max: 65535
|
|
- variable: targetPort
|
|
label: "Target Port"
|
|
description: "The internal(!) port on the container the Application runs on"
|
|
schema:
|
|
type: int
|
|
default: 9000
|
|
- variable: https
|
|
label: "https Service"
|
|
description: "The https service."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelector}
|
|
- variable: https
|
|
label: "https Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 10229
|
|
required: true
|
|
- variable: advanced
|
|
label: "Show Advanced settings"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: protocol
|
|
label: "Port Type"
|
|
schema:
|
|
type: string
|
|
default: "HTTPS"
|
|
enum:
|
|
- value: HTTP
|
|
description: "HTTP"
|
|
- value: "HTTPS"
|
|
description: "HTTPS"
|
|
- value: TCP
|
|
description: "TCP"
|
|
- value: "UDP"
|
|
description: "UDP"
|
|
- variable: nodePort
|
|
label: "Node Port (Optional)"
|
|
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
|
schema:
|
|
type: int
|
|
min: 9000
|
|
max: 65535
|
|
- variable: targetPort
|
|
label: "Target Port"
|
|
description: "The internal(!) port on the container the Application runs on"
|
|
schema:
|
|
type: int
|
|
default: 9443
|
|
|
|
- variable: serviceexpert
|
|
group: "Networking and Services"
|
|
label: "Show Expert Config"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: hostNetwork
|
|
group: "Networking and Services"
|
|
label: "Host-Networking (Complicated)"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
|
|
# Include{serviceExpert}
|
|
|
|
# Include{serviceList}
|
|
|
|
- variable: persistence
|
|
label: "Integrated Persistent Storage"
|
|
description: "Integrated Persistent Storage"
|
|
group: "Storage and Persistence"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: media
|
|
label: "App Media Storage"
|
|
description: "Stores the Application Media."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceAdvanced}
|
|
- variable: templates
|
|
label: "App Templates Storage"
|
|
description: "Stores the Application Templates."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceAdvanced}
|
|
- variable: certs
|
|
label: "App Certs Storage"
|
|
description: "Stores the Application Certs."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceAdvanced}
|
|
- variable: geoip
|
|
label: "App GeoIP Storage"
|
|
description: "Stores the Application GeoIP."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceAdvanced}
|
|
|
|
# Include{persistenceList}
|
|
|
|
- variable: ingress
|
|
label: ""
|
|
group: "Ingress"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: main
|
|
label: "Main Ingress"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
|
|
# Include{ingressTLS}
|
|
|
|
# Include{ingressTraefik}
|
|
|
|
# Include{ingressExpert}
|
|
|
|
# Include{ingressList}
|
|
|
|
# Include{security}
|
|
|
|
- variable: advancedSecurity
|
|
label: "Show Advanced Security Settings"
|
|
group: "Security and Permissions"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: securityContext
|
|
label: "Security Context"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: privileged
|
|
label: "Privileged mode"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: readOnlyRootFilesystem
|
|
label: "ReadOnly Root Filesystem"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allowPrivilegeEscalation
|
|
label: "Allow Privilege Escalation"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: runAsNonRoot
|
|
label: "runAsNonRoot"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
# Include{securityContextAdvanced}
|
|
|
|
- variable: podSecurityContext
|
|
group: "Security and Permissions"
|
|
label: "Pod Security Context"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: runAsUser
|
|
label: "runAsUser"
|
|
description: "The UserID of the user running the application"
|
|
schema:
|
|
type: int
|
|
default: 1000
|
|
- variable: runAsGroup
|
|
label: "runAsGroup"
|
|
description: "The groupID this App of the user running the application"
|
|
schema:
|
|
type: int
|
|
default: 1000
|
|
- variable: fsGroup
|
|
label: "fsGroup"
|
|
description: "The group that should own ALL storage."
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
# Include{podSecurityContextAdvanced}
|
|
|
|
# Include{resources}
|
|
|
|
# Include{advanced}
|
|
|
|
# Include{addons}
|