628 lines
23 KiB
YAML
628 lines
23 KiB
YAML
# Include{groups}
|
|
portals:
|
|
open:
|
|
# Include{portalLink}
|
|
questions:
|
|
# Include{global}
|
|
# Include{controller}
|
|
# Include{replicas}
|
|
# Include{replica1}
|
|
# Include{controllerExpertExtraArgs}
|
|
- variable: authentik
|
|
group: App Configuration
|
|
label: Authentik Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: credentials
|
|
label: Credentials
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: password
|
|
label: Password (Initial install only)
|
|
description: Password for <akadmin> user. Can be used for any flow executor
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: general
|
|
label: General
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: disable_update_check
|
|
label: Disable Update Check
|
|
description: Disable the inbuilt update-checker
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: disable_startup_analytics
|
|
label: Disable Startup Analytics
|
|
description: Disable startup analytics
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allow_user_name_change
|
|
label: Allow User Name Change
|
|
description: Enable the ability for users to change their Name
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allow_user_mail_change
|
|
label: Allow User Mail Change
|
|
description: Enable the ability for users to change their Email address
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allow_user_username_change
|
|
label: Allow User Username Change
|
|
description: Enable the ability for users to change their Usernames
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: gdpr_compliance
|
|
label: GDPR Compliance
|
|
description: When enabled, all the events caused by a user will be deleted upon the user's deletion
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: impersonation
|
|
label: Impersonation
|
|
description: Globally enable / disable impersonation
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: avatars
|
|
label: Avatars
|
|
description: Configure how authentik should show avatars for users
|
|
schema:
|
|
type: string
|
|
default: gravatar,initials
|
|
- variable: token_length
|
|
label: Token Length
|
|
description: Configure the length of generated tokens
|
|
schema:
|
|
type: int
|
|
default: 128
|
|
- variable: footer_links
|
|
label: Footer Links
|
|
description: This option configures the footer links on the flow executor pages
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: mail
|
|
label: e-Mail
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: host
|
|
label: Mail Server Host
|
|
description: Sets host of mail server
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: port
|
|
label: Mail Server Port
|
|
description: Sets port of mail server
|
|
schema:
|
|
type: int
|
|
default: 25
|
|
- variable: tls
|
|
label: Use TLS for authentication
|
|
description: Sets tls for mail server authentication
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: ssl
|
|
label: Use SSL for authentication
|
|
description: Sets ssl for mail server authentication
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: timeout
|
|
label: Timeout of authentication
|
|
description: Sets timeout for mail server authentication
|
|
schema:
|
|
type: int
|
|
default: 10
|
|
- variable: user
|
|
label: Username
|
|
description: Sets username of mail server
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: pass
|
|
label: Password
|
|
description: Sets password of mail server
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: from
|
|
label: From Address
|
|
description: Email address authentik will send from
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: error_reporting
|
|
label: Error Reporting
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable Reporting
|
|
description: Enables error reporting
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if:
|
|
subquestions:
|
|
- variable: send_pii
|
|
label: Send Personal Data
|
|
description: Whether or not to send personal data, like usernames
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: environment
|
|
label: Environment
|
|
description: Unique environment that is attached to your error reports, should be set to your email address for example.
|
|
schema:
|
|
type: string
|
|
default: customer
|
|
- variable: logging
|
|
label: Logging
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: log_level
|
|
label: Log Level
|
|
description: Log level for the server and worker containers
|
|
schema:
|
|
type: string
|
|
default: info
|
|
enum:
|
|
- value: trace
|
|
description: trace
|
|
- value: debug
|
|
description: debug
|
|
- value: info
|
|
description: info
|
|
- value: warning
|
|
description: warning
|
|
- value: error
|
|
description: error
|
|
- variable: ldap
|
|
label: LDAP
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: tls_ciphers
|
|
label: TLS Ciphers
|
|
description: Allows configuration of TLS Ciphers for LDAP connections used by LDAP sources. Setting applies to all sources
|
|
schema:
|
|
type: string
|
|
default: "null"
|
|
- variable: outposts
|
|
group: App Configuration
|
|
label: Outpost Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: ldap
|
|
label: LDAP
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable LDAP outpost
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: overrideHost
|
|
label: Override Host
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: host
|
|
label: Authentik Host
|
|
description: "URL of your Authentik server. (e.g. https://auth.domain.com)"
|
|
schema:
|
|
type: string
|
|
# TODO: Make them required again once Scale stable supports nested subquestions
|
|
# required: true
|
|
default: ""
|
|
- variable: insecure
|
|
label: Insecure
|
|
description: Check only if you accessing Authentik in an unsecure way
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: overrideToken
|
|
label: Override Token
|
|
description: Overrides the random generated token to provide your own
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: token
|
|
label: API Token
|
|
description: You can get this from Applications > Outposts > View Deployment Info
|
|
schema:
|
|
type: string
|
|
private: true
|
|
# TODO: Make them required again once Scale stable supports nested subquestions
|
|
# required: true
|
|
default: ""
|
|
- variable: overrideBrowserHost
|
|
label: Override Host Browser
|
|
description: Overrides the Browser Host, by default the first ingress host is used
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: host_browser
|
|
label: Host Browser
|
|
description: URL to use in the browser, when it differs from << host >>
|
|
schema:
|
|
type: string
|
|
# TODO: Make them required again once Scale stable supports nested subquestions
|
|
# required: true
|
|
default: ""
|
|
- variable: proxy
|
|
label: Proxy
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable Proxy outpost
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: overrideHost
|
|
label: Override Host
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: host
|
|
label: Authentik Host
|
|
description: "URL of your Authentik server. (e.g. https://auth.domain.com)"
|
|
schema:
|
|
type: string
|
|
# TODO: Make them required again once Scale stable supports nested subquestions
|
|
# required: true
|
|
default: ""
|
|
- variable: insecure
|
|
label: Insecure
|
|
description: Check only if you accessing Authentik in an unsecure way
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: overrideToken
|
|
label: Override Token
|
|
description: Overrides the random generated token to provide your own
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: token
|
|
label: API Token
|
|
description: You can get this from Applications > Outposts > View Deployment Info
|
|
schema:
|
|
type: string
|
|
private: true
|
|
# TODO: Make them required again once Scale stable supports nested subquestions
|
|
# required: true
|
|
default: ""
|
|
- variable: overrideBrowserHost
|
|
label: Override Host Browser
|
|
description: Overrides the Browser Host, by default the first ingress host is used
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: host_browser
|
|
label: Host Browser
|
|
description: URL to use in the browser, when it differs from << host >>
|
|
schema:
|
|
type: string
|
|
# TODO: Make them required again once Scale stable supports nested subquestions
|
|
# required: true
|
|
default: ""
|
|
- variable: geoip
|
|
group: App Configuration
|
|
label: GeoIP Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable GeoIP Container
|
|
description: Enables GeoIP container
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: account_id
|
|
label: Account ID
|
|
description: Your MaxMind account ID
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: license_key
|
|
label: License Key
|
|
description: Your case-sensitive MaxMind license key
|
|
schema:
|
|
type: string
|
|
private: true
|
|
required: true
|
|
default: ""
|
|
- variable: edition_ids
|
|
label: Edition IDs
|
|
description: List of space-separated database edition IDs. Edition IDs may consist of letters, digits, and dashes
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: GeoLite2-City
|
|
- variable: frequency
|
|
label: Frequency
|
|
description: The number of hours between geoipupdate runs
|
|
schema:
|
|
type: int
|
|
min: 1
|
|
default: 8
|
|
- variable: host_server
|
|
label: Host Server
|
|
description: The host name of the server to use
|
|
schema:
|
|
type: string
|
|
default: updates.maxmind.com
|
|
- variable: preserve_file_times
|
|
label: Preserve File Times
|
|
description: Whether to preserve modification times of files downloaded from the server
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: verbose
|
|
label: Verbose
|
|
description: Enable verbose mode. Prints out the steps that geoipupdate takes
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: proxy
|
|
label: Proxy
|
|
description: The proxy host name or IP address
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: proxy_user_pass
|
|
label: Proxy Pass
|
|
description: The proxy user name and password, separated by a colon
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
# Include{containerConfig}
|
|
# Include{serviceRoot}
|
|
- variable: main
|
|
label: Main Service
|
|
description: The Primary service on which the healthcheck runs, often the webUI
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: main
|
|
label: Main Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 10229
|
|
required: true
|
|
- variable: ldapldaps
|
|
label: LDAPS Service
|
|
description: The LDAPS service.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: ldapldaps
|
|
label: LDAPS Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 636
|
|
required: true
|
|
- variable: ldapldap
|
|
label: LDAP Service
|
|
description: The LDAPS service.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: ldapldap
|
|
label: LDAP Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 389
|
|
required: true
|
|
- variable: proxyhttps
|
|
label: Proxy HTTPS Service
|
|
description: The Proxy HTTPS service.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: proxyhttps
|
|
label: Proxy HTTPS Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 10233
|
|
required: true
|
|
# Include{serviceExpertRoot}
|
|
default: false
|
|
# Include{serviceExpert}
|
|
# Include{serviceList}
|
|
# Include{persistenceRoot}
|
|
- variable: media
|
|
label: App Media Storage
|
|
description: Stores the Application Media.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: templates
|
|
label: App Templates Storage
|
|
description: Stores the Application Templates.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: certs
|
|
label: App Certs Storage
|
|
description: Stores the Application Certs.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: geoip
|
|
label: App GeoIP Storage
|
|
description: Stores the Application GeoIP.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceList}
|
|
# Include{ingressRoot}
|
|
- variable: main
|
|
label: Main (HTTPS) Ingress
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
# Include{ingressTLS}
|
|
# Include{ingressTraefik}
|
|
- variable: proxyhttps
|
|
label: Proxy HTTPS Ingress
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
# Include{ingressTLS}
|
|
# Include{ingressTraefik}
|
|
# Include{ingressList}
|
|
# Include{security}
|
|
# Include{securityContextAdvancedRoot}
|
|
- variable: privileged
|
|
label: Privileged mode
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: readOnlyRootFilesystem
|
|
label: ReadOnly Root Filesystem
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allowPrivilegeEscalation
|
|
label: Allow Privilege Escalation
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: runAsNonRoot
|
|
label: runAsNonRoot
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
# Include{podSecurityContextRoot}
|
|
- variable: runAsUser
|
|
label: runAsUser
|
|
description: The UserID of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 1000
|
|
- variable: runAsGroup
|
|
label: runAsGroup
|
|
description: The groupID this App of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 1000
|
|
- variable: fsGroup
|
|
label: fsGroup
|
|
description: The group that should own ALL storage.
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
# Include{podSecurityContextAdvanced}
|
|
# Include{resources}
|
|
# Include{metrics}
|
|
# Include{advanced}
|
|
# Include{addons}
|
|
# Include{codeserver}
|
|
# Include{vpn}
|
|
# Include{documentation}
|