TrueChartsClone/charts/incubator/authentik/questions.yaml

577 lines
21 KiB
YAML

# Include{groups}
portals:
open:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
questions:
- variable: portal
group: "Container Image"
label: "Configure Portal Button"
schema:
type: dict
hidden: true
attrs:
- variable: enabled
label: "Enable"
description: "enable the portal button"
schema:
hidden: true
editable: false
type: boolean
default: true
# Include{global}
- variable: controller
group: "Controller"
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: advanced
label: "Show Advanced Controller Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: type
description: "Please specify type of workload to deploy"
label: "(Advanced) Controller Type"
schema:
type: string
default: "deployment"
required: true
enum:
- value: "deployment"
description: "Deployment"
- value: "statefulset"
description: "Statefulset"
- value: "daemonset"
description: "Daemonset"
- variable: replicas
description: "Number of desired pod replicas"
label: "Desired Replicas"
schema:
type: int
default: 1
required: true
- variable: strategy
description: "Please specify type of workload to deploy"
label: "(Advanced) Update Strategy"
schema:
type: string
default: "Recreate"
required: true
enum:
- value: "Recreate"
description: "Recreate: Kill existing pods before creating new ones"
- value: "RollingUpdate"
description: "RollingUpdate: Create new pods and then kill old ones"
- value: "OnDelete"
description: "(Legacy) OnDelete: ignore .spec.template changes"
# Include{controllerExpert}
- variable: secretEnv
group: "Container Configuration"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
attrs:
- variable: AK_ADMIN_PASS
label: "AK_ADMIN_PASS (Initial Install Only)"
description: "This will only have effect in the first installation or always if OVERRIDE_SERVER_PROPERTIES is enabled"
schema:
type: string
private: true
required: true
default: ""
- variable: AK_ADMIN_TOKEN
label: "AK_ADMIN_TOKEN (Initial Install Only)"
description: "This will only have effect in the first installation or always if OVERRIDE_SERVER_PROPERTIES is enabled"
schema:
type: string
private: true
required: true
default: ""
- variable: env
group: "Container Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: AUTHENTIK_DEFAULT_USER_CHANGE_NAME
label: "AUTHENTIK_DEFAULT_USER_CHANGE_NAME"
description: "Enable the ability for users to change their name."
schema:
type: boolean
default: true
- variable: AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL
label: "AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL"
description: "Enable the ability for users to change their Email address."
schema:
type: boolean
default: true
- variable: AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME
label: "AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME"
description: "Enable the ability for users to change their Usernames."
schema:
type: boolean
default: true
- variable: AUTHENTIK_GDPR_COMPLIANCE
label: "AUTHENTIK_GDPR_COMPLIANCE"
description: "When enabled, all the events caused by a user will be deleted upon the user's deletion."
schema:
type: boolean
default: true
- variable: AUTHENTIK_IMPERSONATION
label: "AUTHENTIK_IMPERSONATION"
description: "Globally enable/disable impersonation."
schema:
type: boolean
default: true
- variable: AUTHENTIK_DISABLE_UPDATE_CHECK
label: "AUTHENTIK_DISABLE_UPDATE_CHECK"
description: "Disable the inbuilt update-checker."
schema:
type: boolean
default: false
- variable: AUTHENTIK_DISABLE_STARTUP_ANALYTICS
label: "AUTHENTIK_DISABLE_STARTUP_ANALYTICS"
description: "Disable the startup analytics."
schema:
type: boolean
default: false
- variable: AUTHENTIK_ERROR_REPORTING__ENABLED
label: "AUTHENTIK_ERROR_REPORTING__ENABLED"
description: "Enable error reporting."
schema:
type: boolean
default: false
- variable: AUTHENTIK_ERROR_REPORTING__SEND_PII
label: "AUTHENTIK_ERROR_REPORTING__SEND_PII"
description: "Whether or not to send personal data, like usernames."
schema:
type: boolean
default: false
- variable: AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
label: "AUTHENTIK_ERROR_REPORTING__ENVIRONMENT"
description: "Unique environment that is attached to your error reports, should be set to your email address for example."
schema:
type: string
default: "customer"
- variable: AUTHENTIK_DEFAULT_TOKEN_LENGTH
label: "AUTHENTIK_DEFAULT_TOKEN_LENGTH"
description: "Configure the length of generated tokens. Defaults to 128."
schema:
type: int
default: 128
- variable: AUTHENTIK_AVATARS
label: "AUTHENTIK_AVATARS"
description: "Configure how authentik should show avatars for users."
schema:
type: string
default: "gravatar"
- variable: AUTHENTIK_LOG_LEVEL
label: "AUTHENTIK_LOG_LEVEL"
description: "Log level for the server and worker containers."
schema:
type: string
default: "info"
enum:
- value: trace
description: "trace"
- value: debug
description: "debug"
- value: info
description: "info"
- value: warning
description: "warning"
- value: error
description: "error"
- variable: enable_mail_config
label: "Enable Email Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: AUTHENTIK_EMAIL__HOST
label: "AUTHENTIK_EMAIL__HOST"
schema:
type: string
default: ""
- variable: AUTHENTIK_EMAIL__PORT
label: "AUTHENTIK_EMAIL__PORT"
schema:
type: int
default: 25
- variable: AUTHENTIK_EMAIL__USERNAME
label: "AUTHENTIK_EMAIL__USERNAME"
schema:
type: string
default: ""
- variable: AUTHENTIK_EMAIL__PASSWORD
label: "AUTHENTIK_EMAIL__PASSWORD"
schema:
type: string
private: true
default: ""
- variable: AUTHENTIK_EMAIL__USE_TLS
label: "AUTHENTIK_EMAIL__USE_TLS"
schema:
type: boolean
default: false
- variable: AUTHENTIK_EMAIL__USE_SSL
label: "AUTHENTIK_EMAIL__USE_SSL"
schema:
type: boolean
default: false
- variable: AUTHENTIK_EMAIL__TIMEOUT
label: "AUTHENTIK_EMAIL__TIMEOUT"
schema:
type: int
default: 10
- variable: AUTHENTIK_EMAIL__FROM
label: "AUTHENTIK_EMAIL__FROM"
description: "Email address authentik will send from, should have a correct @domain. To change the sender's display name, use a format like Name <account@domain>."
schema:
type: string
default: ""
- variable: geoip
group: "Container Configuration"
label: "Image GeoIP Updater"
schema:
additional_attrs: true
type: dict
attrs:
- variable: ENABLE_GEOIPUPDATER
label: "Enable CronJob for GeoIP Updater"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: GEOIPUPDATE_ACCOUNT_ID
label: "GEOIPUPDATE_ACCOUNT_ID"
description: "Your MaxMind account ID"
schema:
type: string
private: true
default: ""
- variable: GEOIPUPDATE_LICENSE_KEY
label: "GEOIPUPDATE_LICENSE_KEY"
description: "Your case-sensitive MaxMind license key."
schema:
type: string
private: true
default: ""
- variable: GEOIPUPDATE_EDITION_IDS
label: "GEOIPUPDATE_EDITION_IDS"
description: "ist of space-separated database edition IDs. Edition IDs may consist of letters, digits, and dashes."
schema:
type: string
default: "GeoIP2-City"
- variable: GEOIPUPDATE_HOST
label: "GEOIPUPDATE_HOST"
description: "The host name of the server to use. The default is updates.maxmind.com."
schema:
type: string
default: "updates.maxmind.com"
- variable: GEOIPUPDATE_PRESERVE_FILE_TIMES
label: "GEOIPUPDATE_PRESERVE_FILE_TIMES"
description: "Whether to preserve modification times of files downloaded from the server. This option is either 0 or 1. The default is 0."
schema:
type: int
default: 0
- variable: freqhours
label: "FREQUENCY"
description: "The number of hours between geoipupdate runs."
schema:
type: int
default: 8
# Include{containerConfig}
- variable: service
group: "Networking and Services"
label: "Configure Service(s)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelector}
- variable: main
label: "Main Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 10230
required: true
- variable: advanced
label: "Show Advanced settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: protocol
label: "Port Type"
schema:
type: string
default: "HTTP"
enum:
- value: HTTP
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- value: TCP
description: "TCP"
- value: "UDP"
description: "UDP"
- variable: nodePort
label: "Node Port (Optional)"
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
schema:
type: int
min: 9000
max: 65535
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 9000
- variable: https
label: "https Service"
description: "The https service."
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelector}
- variable: https
label: "https Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 10229
required: true
- variable: advanced
label: "Show Advanced settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: protocol
label: "Port Type"
schema:
type: string
default: "HTTPS"
enum:
- value: HTTP
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- value: TCP
description: "TCP"
- value: "UDP"
description: "UDP"
- variable: nodePort
label: "Node Port (Optional)"
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
schema:
type: int
min: 9000
max: 65535
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 9443
- variable: serviceexpert
group: "Networking and Services"
label: "Show Expert Config"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostNetwork
group: "Networking and Services"
label: "Host-Networking (Complicated)"
schema:
type: boolean
default: false
# Include{serviceExpert}
# Include{serviceList}
- variable: persistence
label: "Integrated Persistent Storage"
description: "Integrated Persistent Storage"
group: "Storage and Persistence"
schema:
additional_attrs: true
type: dict
attrs:
- variable: media
label: "App Media Storage"
description: "Stores the Application Media."
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
- variable: templates
label: "App Templates Storage"
description: "Stores the Application Templates."
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
- variable: certs
label: "App Certs Storage"
description: "Stores the Application Certs."
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
- variable: geoip
label: "App GeoIP Storage"
description: "Stores the Application GeoIP."
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
# Include{persistenceList}
- variable: ingress
label: ""
group: "Ingress"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Ingress"
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
# Include{ingressList}
# Include{security}
- variable: advancedSecurity
label: "Show Advanced Security Settings"
group: "Security and Permissions"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: securityContext
label: "Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: privileged
label: "Privileged mode"
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: true
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: "runAsNonRoot"
schema:
type: boolean
default: true
# Include{securityContextAdvanced}
- variable: podSecurityContext
group: "Security and Permissions"
label: "Pod Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 1000
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 1000
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 568
# Include{podSecurityContextAdvanced}
# Include{resources}
# Include{advanced}
# Include{addons}