TrueChartsClone/charts/stable/authentik/questions.yaml

669 lines
25 KiB
YAML

# Include{groups}
portals:
open:
# Include{portalLink}
questions:
# Include{global}
# Include{controller}
# Include{controllerDeployment}
# Include{replicas}
# Include{replica1}
# Include{strategy}
# Include{recreate}
# Include{controllerExpert}
# Include{controllerExpertExtraArgs}
- variable: authentik
group: Container Configuration
label: Authentik Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: credentials
label: Credentials
schema:
additional_attrs: true
type: dict
attrs:
- variable: password
label: Password (Initial install only)
description: Password for <akadmin> user. Can be used for any flow executor
schema:
type: string
private: true
required: true
default: ""
- variable: general
label: General
schema:
additional_attrs: true
type: dict
attrs:
- variable: disable_update_check
label: Disable Update Check
description: Disable the inbuilt update-checker
schema:
type: boolean
default: false
- variable: disable_startup_analytics
label: Disable Startup Analytics
description: Disable startup analytics
schema:
type: boolean
default: true
- variable: allow_user_name_change
label: Allow User Name Change
description: Enable the ability for users to change their Name
schema:
type: boolean
default: true
- variable: allow_user_mail_change
label: Allow User Mail Change
description: Enable the ability for users to change their Email address
schema:
type: boolean
default: true
- variable: allow_user_username_change
label: Allow User Username Change
description: Enable the ability for users to change their Usernames
schema:
type: boolean
default: true
- variable: gdpr_compliance
label: GDPR Compliance
description: When enabled, all the events caused by a user will be deleted upon the user's deletion
schema:
type: boolean
default: true
- variable: impersonation
label: Impersonation
description: Globally enable / disable impersonation
schema:
type: boolean
default: true
- variable: avatars
label: Avatars
description: Configure how authentik should show avatars for users
schema:
type: string
default: gravatar
- variable: token_length
label: Token Length
description: Configure the length of generated tokens
schema:
type: int
default: 128
- variable: footer_links
label: Footer Links
description: This option configures the footer links on the flow executor pages
schema:
type: string
default: ""
- variable: mail
label: e-Mail
schema:
additional_attrs: true
type: dict
attrs:
- variable: host
label: Mail Server Host
description: Sets host of mail server
schema:
type: string
default: ""
- variable: port
label: Mail Server Port
description: Sets port of mail server
schema:
type: int
default: 25
- variable: tls
label: Use TLS for authentication
description: Sets tls for mail server authentication
schema:
type: boolean
default: false
- variable: ssl
label: Use SSL for authentication
description: Sets ssl for mail server authentication
schema:
type: boolean
default: false
- variable: timeout
label: Timeout of authentication
description: Sets timeout for mail server authentication
schema:
type: int
default: 10
- variable: user
label: Username
description: Sets username of mail server
schema:
type: string
default: ""
- variable: pass
label: Password
description: Sets password of mail server
schema:
type: string
private: true
default: ""
- variable: from
label: From Address
description: Email address authentik will send from
schema:
type: string
default: ""
- variable: error_reporting
label: Error Reporting
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable Reporting
description: Enables error reporting
schema:
type: boolean
default: false
show_subquestions_if:
subquestions:
- variable: send_pii
label: Send Personal Data
description: Whether or not to send personal data, like usernames
schema:
type: boolean
default: false
- variable: environment
label: Environment
description: Unique environment that is attached to your error reports, should be set to your email address for example.
schema:
type: string
default: customer
- variable: logging
label: Logging
schema:
additional_attrs: true
type: dict
attrs:
- variable: log_level
label: Log Level
description: Log level for the server and worker containers
schema:
type: string
default: info
enum:
- value: trace
description: trace
- value: debug
description: debug
- value: info
description: info
- value: warning
description: warning
- value: error
description: error
- variable: ldap
label: LDAP
schema:
additional_attrs: true
type: dict
attrs:
- variable: tls_ciphers
label: TLS Ciphers
description: Allows configuration of TLS Ciphers for LDAP connections used by LDAP sources. Setting applies to all sources
schema:
type: string
default: "null"
- variable: outposts
group: Container Configuration
label: Outpost Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: ldap
label: LDAP
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable LDAP outpost
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: overrideHost
label: Override Host
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: host
label: Authentik Host
description: "URL of your Authentik server. (e.g. https://auth.domain.com)"
schema:
type: string
# TODO: Make them required again once Scale stable supports nested subquestions
# required: true
default: ""
- variable: insecure
label: Insecure
description: Check only if you accessing Authentik in an unsecure way
schema:
type: boolean
default: false
- variable: overrideToken
label: Override Token
description: Overrides the random generated token to provide your own
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: token
label: API Token
description: You can get this from Applications > Outposts > View Deployment Info
schema:
type: string
private: true
# TODO: Make them required again once Scale stable supports nested subquestions
# required: true
default: ""
- variable: overrideBrowserHost
label: Override Host Browser
description: Overrides the Browser Host, by default the first ingress host is used
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: host_browser
label: Host Browser
description: URL to use in the browser, when it differs from << host >>
schema:
type: string
# TODO: Make them required again once Scale stable supports nested subquestions
# required: true
default: ""
- variable: proxy
label: Proxy
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable Proxy outpost
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: overrideHost
label: Override Host
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: host
label: Authentik Host
description: "URL of your Authentik server. (e.g. https://auth.domain.com)"
schema:
type: string
# TODO: Make them required again once Scale stable supports nested subquestions
# required: true
default: ""
- variable: insecure
label: Insecure
description: Check only if you accessing Authentik in an unsecure way
schema:
type: boolean
default: false
- variable: overrideToken
label: Override Token
description: Overrides the random generated token to provide your own
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: token
label: API Token
description: You can get this from Applications > Outposts > View Deployment Info
schema:
type: string
private: true
# TODO: Make them required again once Scale stable supports nested subquestions
# required: true
default: ""
- variable: overrideBrowserHost
label: Override Host Browser
description: Overrides the Browser Host, by default the first ingress host is used
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: host_browser
label: Host Browser
description: URL to use in the browser, when it differs from << host >>
schema:
type: string
# TODO: Make them required again once Scale stable supports nested subquestions
# required: true
default: ""
- variable: geoip
group: Container Configuration
label: GeoIP Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable GeoIP Container
description: Enables GeoIP container
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: account_id
label: Account ID
description: Your MaxMind account ID
schema:
type: string
private: true
required: true
default: ""
- variable: license_key
label: License Key
description: Your case-sensitive MaxMind license key
schema:
type: string
private: true
required: true
default: ""
- variable: edition_ids
label: Edition IDs
description: List of space-separated database edition IDs. Edition IDs may consist of letters, digits, and dashes
schema:
type: string
required: true
default: GeoLite2-City
- variable: frequency
label: Frequency
description: The number of hours between geoipupdate runs
schema:
type: int
min: 1
default: 8
- variable: host_server
label: Host Server
description: The host name of the server to use
schema:
type: string
default: updates.maxmind.com
- variable: preserve_file_times
label: Preserve File Times
description: Whether to preserve modification times of files downloaded from the server
schema:
type: boolean
default: false
- variable: verbose
label: Verbose
description: Enable verbose mode. Prints out the steps that geoipupdate takes
schema:
type: boolean
default: false
- variable: proxy
label: Proxy
description: The proxy host name or IP address
schema:
type: string
default: ""
- variable: proxy_user_pass
label: Proxy Pass
description: The proxy user name and password, separated by a colon
schema:
type: string
private: true
default: ""
# Include{containerConfig}
# Include{serviceRoot}
- variable: main
label: Main Service
description: The Primary service on which the healthcheck runs, often the webUI
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: main
label: Main Service Port Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: Port
description: This port exposes the container port on the service
schema:
type: int
default: 10229
required: true
# Include{advancedPortHTTPS}
- variable: targetPort
label: Target Port
description: The internal(!) port on the container the Application runs on
schema:
type: int
default: 9443
- variable: ldapldaps
label: LDAPS Service
description: The LDAPS service.
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: ldapldaps
label: LDAPS Service Port Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: Port
description: This port exposes the container port on the service
schema:
type: int
default: 636
required: true
# Include{advancedPortTCP}
- variable: targetPort
label: Target Port
description: The internal(!) port on the container the Application runs on
schema:
type: int
default: 6636
- variable: ldapldap
label: LDAP Service
description: The LDAPS service.
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: ldapldap
label: LDAP Service Port Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: Port
description: This port exposes the container port on the service
schema:
type: int
default: 389
required: true
# Include{advancedPortTCP}
- variable: targetPort
label: Target Port
description: The internal(!) port on the container the Application runs on
schema:
type: int
default: 3389
- variable: proxyhttps
label: Proxy HTTPS Service
description: The Proxy HTTPS service.
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: proxyhttps
label: Proxy HTTPS Service Port Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: Port
description: This port exposes the container port on the service
schema:
type: int
default: 10233
required: true
# Include{advancedPortHTTPS}
- variable: targetPort
label: Target Port
description: The internal(!) port on the container the Application runs on
schema:
type: int
default: 9444
# Include{serviceExpertRoot}
default: false
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceRoot}
- variable: media
label: App Media Storage
description: Stores the Application Media.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
- variable: templates
label: App Templates Storage
description: Stores the Application Templates.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
- variable: certs
label: App Certs Storage
description: Stores the Application Certs.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
- variable: geoip
label: App GeoIP Storage
description: Stores the Application GeoIP.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
# Include{persistenceList}
# Include{ingressRoot}
- variable: main
label: Main (HTTPS) Ingress
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
- variable: proxyhttps
label: Proxy HTTPS Ingress
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
# Include{ingressList}
# Include{security}
# Include{securityContextAdvancedRoot}
- variable: privileged
label: Privileged mode
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: ReadOnly Root Filesystem
schema:
type: boolean
default: true
- variable: allowPrivilegeEscalation
label: Allow Privilege Escalation
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: runAsNonRoot
schema:
type: boolean
default: true
# Include{securityContextAdvanced}
# Include{podSecurityContextRoot}
- variable: runAsUser
label: runAsUser
description: The UserID of the user running the application
schema:
type: int
default: 1000
- variable: runAsGroup
label: runAsGroup
description: The groupID this App of the user running the application
schema:
type: int
default: 1000
- variable: fsGroup
label: fsGroup
description: The group that should own ALL storage.
schema:
type: int
default: 568
# Include{podSecurityContextAdvanced}
# Include{resources}
# Include{metrics}
# Include{advanced}
# Include{addons}
# Include{codeserver}
# Include{promtail}
# Include{netshoot}
# Include{vpn}
# Include{documentation}