diff --git a/stable/authentik/16.0.0/CHANGELOG.md b/stable/authentik/16.0.0/CHANGELOG.md
new file mode 100644
index 00000000000..dace5e1b577
--- /dev/null
+++ b/stable/authentik/16.0.0/CHANGELOG.md
@@ -0,0 +1,99 @@
+**Important:**
+*for the complete changelog, please refer to the website*
+
+
+
+
+## [authentik-16.0.0](https://github.com/truecharts/charts/compare/authentik-15.0.27...authentik-16.0.0) (2023-12-20)
+
+
+
+
+## [authentik-15.0.27](https://github.com/truecharts/charts/compare/authentik-15.0.26...authentik-15.0.27) (2023-12-20)
+
+### Chore
+
+- Bump everything to force min/max scale version update
+
+
+
+
+## [authentik-15.0.26](https://github.com/truecharts/charts/compare/authentik-15.0.25...authentik-15.0.26) (2023-12-16)
+
+### Chore
+
+- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
+
+
+
+
+## [authentik-15.0.26](https://github.com/truecharts/charts/compare/authentik-15.0.25...authentik-15.0.26) (2023-12-16)
+
+### Chore
+
+- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
+
+
+
+
+## [authentik-15.0.25](https://github.com/truecharts/charts/compare/authentik-15.0.24...authentik-15.0.25) (2023-12-03)
+
+### Chore
+
+- bump everything to ensure catalog has latest versions
+ - fix annotations again
+ - update annotations
+ - cleanup chart.yaml and add min-max scale version
+
+
+
+
+
+
+
+## [authentik-15.0.24](https://github.com/truecharts/charts/compare/authentik-15.0.20...authentik-15.0.24) (2023-11-24)
+
+### Chore
+
+- update authentik to v2023.10.4[@e16028e](https://github.com/e16028e) (patch) ([#15260](https://github.com/truecharts/charts/issues/15260))
+
+
+
+
+## [authentik-15.0.20](https://github.com/truecharts/charts/compare/authentik-15.0.19...authentik-15.0.20) (2023-11-18)
+
+
+
+
+## [authentik-15.0.19](https://github.com/truecharts/charts/compare/authentik-15.0.18...authentik-15.0.19) (2023-11-17)
+
+
+
+
+## [authentik-15.0.18](https://github.com/truecharts/charts/compare/authentik-15.0.17...authentik-15.0.18) (2023-11-10)
+
+### Chore
+
+- update container image tccr.io/truecharts/authentik to v2023.10.3 ([#14514](https://github.com/truecharts/charts/issues/14514))
+
+
+
+
+## [authentik-15.0.17](https://github.com/truecharts/charts/compare/authentik-15.0.16...authentik-15.0.17) (2023-11-09)
+
+### Chore
+
+- update authentik to v2023.10.3 (patch) ([#14495](https://github.com/truecharts/charts/issues/14495))
+
+
+
+
+## [authentik-15.0.16](https://github.com/truecharts/charts/compare/authentik-15.0.15...authentik-15.0.16) (2023-11-09)
+
+### Chore
+
+- update helm general non-major ([#14467](https://github.com/truecharts/charts/issues/14467))
+
+
+
+
diff --git a/stable/authentik/16.0.0/Chart.yaml b/stable/authentik/16.0.0/Chart.yaml
new file mode 100644
index 00000000000..96c04122739
--- /dev/null
+++ b/stable/authentik/16.0.0/Chart.yaml
@@ -0,0 +1,44 @@
+kubeVersion: ">=1.24.0-0"
+apiVersion: v2
+name: authentik
+version: 16.0.0
+appVersion: 2023.10.4
+description: Authentik is an open-source Identity Provider focused on flexibility and versatility.
+home: https://truecharts.org/charts/stable/authentik
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/authentik.png
+deprecated: false
+sources:
+ - https://ghcr.io/goauthentik/radius
+ - https://goauthentik.io/docs/
+ - https://github.com/goauthentik/authentik
+ - https://github.com/truecharts/charts/tree/master/charts/stable/authentik
+maintainers:
+ - name: TrueCharts
+ email: info@truecharts.org
+ url: https://truecharts.org
+keywords:
+ - authentik
+dependencies:
+ - name: common
+ version: 16.2.5
+ repository: https://library-charts.truecharts.org
+ condition: ""
+ alias: ""
+ tags: []
+ import-values: []
+ - name: redis
+ version: 8.0.47
+ repository: https://deps.truecharts.org
+ condition: redis.enabled
+ alias: ""
+ tags: []
+ import-values: []
+annotations:
+ max_scale_version: 23.10.2
+ min_scale_version: 23.10.0
+ truecharts.org/SCALE-support: "true"
+ truecharts.org/category: authentication
+ truecharts.org/max_helm_version: "3.13"
+ truecharts.org/min_helm_version: "3.12"
+ truecharts.org/train: stable
+type: application
diff --git a/stable/authentik/16.0.0/LICENSE b/stable/authentik/16.0.0/LICENSE
new file mode 100644
index 00000000000..33a8cbb23f0
--- /dev/null
+++ b/stable/authentik/16.0.0/LICENSE
@@ -0,0 +1,106 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor: The TrueCharts Project, it's owner and it's contributors
+Licensed Work: The TrueCharts "Blocky" Helm Chart
+Additional Use Grant: You may use the licensed work in production, as long
+ as it is directly sourced from a TrueCharts provided
+ official repository, catalog or source. You may also make private
+ modification to the directly sourced licenced work,
+ when used in production.
+
+ The following cases are, due to their nature, also
+ defined as 'production use' and explicitly prohibited:
+ - Bundling, including or displaying the licensed work
+ with(in) another work intended for production use,
+ with the apparent intend of facilitating and/or
+ promoting production use by third parties in
+ violation of this license.
+
+Change Date: 2050-01-01
+
+Change License: 3-clause BSD license
+
+For information about alternative licensing arrangements for the Software,
+please contact: legal@truecharts.org
+
+Notice
+
+The Business Source License (this document, or the “License”) is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license
+your works, and to refer to it using the trademark “Business Source License”,
+as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the “Business
+Source License” name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+ or a license that is compatible with GPL Version 2.0 or a later version,
+ where “compatible” means that software provided under the Change License can
+ be included in a program with software provided under GPL Version 2.0 or a
+ later version. Licensor may specify additional Change Licenses without
+ limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+ impose any additional restriction on the right granted in this License, as
+ the Additional Use Grant; or (b) insert the text “None”.
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.
diff --git a/stable/authentik/16.0.0/README.md b/stable/authentik/16.0.0/README.md
new file mode 100644
index 00000000000..97da9b371ce
--- /dev/null
+++ b/stable/authentik/16.0.0/README.md
@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/authentik)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*
diff --git a/stable/authentik/16.0.0/app-changelog.md b/stable/authentik/16.0.0/app-changelog.md
new file mode 100644
index 00000000000..a5965204107
--- /dev/null
+++ b/stable/authentik/16.0.0/app-changelog.md
@@ -0,0 +1,4 @@
+
+
+## [authentik-16.0.0](https://github.com/truecharts/charts/compare/authentik-15.0.27...authentik-16.0.0) (2023-12-20)
+
diff --git a/stable/authentik/16.0.0/app-readme.md b/stable/authentik/16.0.0/app-readme.md
new file mode 100644
index 00000000000..fe4c2e580a0
--- /dev/null
+++ b/stable/authentik/16.0.0/app-readme.md
@@ -0,0 +1,8 @@
+Authentik is an open-source Identity Provider focused on flexibility and versatility.
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/stable/authentik](https://truecharts.org/charts/stable/authentik)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
diff --git a/stable/authentik/16.0.0/charts/common-16.2.5.tgz b/stable/authentik/16.0.0/charts/common-16.2.5.tgz
new file mode 100644
index 00000000000..8a243143241
Binary files /dev/null and b/stable/authentik/16.0.0/charts/common-16.2.5.tgz differ
diff --git a/stable/authentik/16.0.0/charts/redis-8.0.47.tgz b/stable/authentik/16.0.0/charts/redis-8.0.47.tgz
new file mode 100644
index 00000000000..36ea025ba94
Binary files /dev/null and b/stable/authentik/16.0.0/charts/redis-8.0.47.tgz differ
diff --git a/stable/authentik/16.0.0/ix_values.yaml b/stable/authentik/16.0.0/ix_values.yaml
new file mode 100644
index 00000000000..996e16a322d
--- /dev/null
+++ b/stable/authentik/16.0.0/ix_values.yaml
@@ -0,0 +1,498 @@
+image:
+ repository: ghcr.io/goauthentik/server
+ tag: 2023.10.4@sha256:f201d0515461ef5ec2afd37ead691247f09dfef231fdaa494fd48105b65913ca
+ pullPolicy: IfNotPresent
+geoipImage:
+ repository: ghcr.io/maxmind/geoipupdate
+ tag: v6.0.0@sha256:e0d5c1dee7379d360e0f355557542d9672c616215dfdd5aaf917382de84cb84c
+ pullPolicy: IfNotPresent
+ldapImage:
+ repository: ghcr.io/goauthentik/ldap
+ tag: 2023.10.4@sha256:e16028e4e6312dcb0fb35a9b537829efd9f7c0c3c1bbe966150fca5734211c6d
+ pullPolicy: IfNotPresent
+radiusImage:
+ repository: ghcr.io/goauthentik/radius
+ tag: 2023.10.4@sha256:a5d36976190e4ccacb8caf315814534e75b983f789dc422bc327c4999a60cdab
+ pullPolicy: IfNotPresent
+proxyImage:
+ repository: ghcr.io/goauthentik/proxy
+ tag: 2023.10.4@sha256:35217928c215f5221685289e09a076ad38767b17485b102661fad5aca184b8b1
+ pullPolicy: IfNotPresent
+authentik:
+ credentials:
+ # Only works on initial install
+ email: my-mail@example.com
+ password: my-password
+ # Optional, only set if you want to use it
+ bootstrapToken: ""
+ general:
+ disableUpdateCheck: false
+ disableStartupAnalytics: true
+ allowUserChangeName: true
+ allowUserChangeEmail: true
+ allowUserChangeUsername: true
+ overwriteDefaultBlueprints: false
+ gdprCompliance: true
+ tokenLength: 128
+ impersonation: true
+ avatars:
+ - gravatar
+ - initials
+ footerLinks:
+ - name: Authentik
+ href: https://goauthentik.io
+ email:
+ host: ""
+ port: 587
+ username:
+ password:
+ useTLS: true
+ useSSL: false
+ timeout: 10
+ from: ""
+ ldap:
+ tlsCiphers: "null"
+ taskTimeoutHours: 2
+ logging:
+ # info, debug, warning, error, trace
+ logLevel: info
+ errorReporting:
+ enabled: false
+ sendPII: false
+ environment: customer
+ sentryDSN: ""
+ geoip:
+ enabled: false
+ # Ignored if enabled is true
+ # If enabled is false, and this is true, the
+ # built-in GeoIP database will be wiped
+ wipeBuiltInDb: false
+ editionID: GeoLite2-City
+ frequency: 8
+ accountID: ""
+ licenseKey: ""
+ outposts:
+ proxy:
+ enabled: false
+ token: ""
+ radius:
+ enabled: false
+ token: ""
+ ldap:
+ enabled: false
+ token: ""
+# ===== DO NOT EDIT BELOW THIS LINE =====
+workload:
+ # ===== Server =====
+ main:
+ enabled: true
+ type: Deployment
+ podSpec:
+ containers:
+ main:
+ enabled: true
+ primary: true
+ imageSelector: image
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
+ # readOnlyRootFilesystem: false
+ envFrom:
+ - configMapRef:
+ name: server
+ - secretRef:
+ name: server-worker
+ - configMapRef:
+ name: server-worker
+ args:
+ - server
+ probes:
+ liveness:
+ enabled: true
+ type: exec
+ command:
+ - /lifecycle/ak
+ - healthcheck
+ readiness:
+ enabled: true
+ type: exec
+ command:
+ - /lifecycle/ak
+ - healthcheck
+ startup:
+ enabled: true
+ type: exec
+ command:
+ - /lifecycle/ak
+ - healthcheck
+ # ===== Worker =====
+ worker:
+ enabled: true
+ type: Deployment
+ podSpec:
+ containers:
+ worker:
+ enabled: true
+ primary: true
+ imageSelector: image
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
+ # readOnlyRootFilesystem: false
+ envFrom:
+ - secretRef:
+ name: server-worker
+ - configMapRef:
+ name: server-worker
+ args:
+ - worker
+ probes:
+ liveness:
+ enabled: true
+ type: exec
+ command:
+ - /lifecycle/ak
+ - healthcheck
+ readiness:
+ enabled: true
+ type: exec
+ command:
+ - /lifecycle/ak
+ - healthcheck
+ startup:
+ enabled: true
+ type: exec
+ command:
+ - /lifecycle/ak
+ - healthcheck
+ # ===== PROXY =====
+ proxy:
+ enabled: true
+ type: Deployment
+ podSpec:
+ containers:
+ proxy:
+ enabled: true
+ primary: true
+ imageSelector: proxyImage
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
+ envFrom:
+ - configMapRef:
+ name: proxy
+ - secretRef:
+ name: proxy
+ probes:
+ liveness:
+ enabled: true
+ type: exec
+ command:
+ - /proxy
+ - healthcheck
+ readiness:
+ enabled: true
+ type: exec
+ command:
+ - /proxy
+ - healthcheck
+ startup:
+ enabled: true
+ type: exec
+ command:
+ - /proxy
+ - healthcheck
+ # ===== RADIUS =====
+ radius:
+ enabled: true
+ type: Deployment
+ podSpec:
+ containers:
+ radius:
+ enabled: true
+ primary: true
+ imageSelector: radiusImage
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
+ envFrom:
+ - configMapRef:
+ name: radius
+ - secretRef:
+ name: radius
+ probes:
+ liveness:
+ enabled: true
+ type: exec
+ command:
+ - /radius
+ - healthcheck
+ readiness:
+ enabled: true
+ type: exec
+ command:
+ - /radius
+ - healthcheck
+ startup:
+ enabled: true
+ type: exec
+ command:
+ - /radius
+ - healthcheck
+ # ===== LDAP =====
+ ldap:
+ enabled: true
+ type: Deployment
+ podSpec:
+ containers:
+ ldap:
+ enabled: true
+ primary: true
+ imageSelector: ldapImage
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
+ envFrom:
+ - configMapRef:
+ name: ldap
+ - secretRef:
+ name: ldap
+ probes:
+ liveness:
+ enabled: true
+ type: exec
+ command:
+ - /ldap
+ - healthcheck
+ readiness:
+ enabled: true
+ type: exec
+ command:
+ - /ldap
+ - healthcheck
+ startup:
+ enabled: true
+ type: exec
+ command:
+ - /ldap
+ - healthcheck
+ # ===== GeoIP Updater =====
+ geoip:
+ enabled: true
+ type: Deployment
+ podSpec:
+ containers:
+ geoip:
+ enabled: true
+ primary: true
+ imageSelector: geoipImage
+ securityContext:
+ runAsUser: 0
+ runAsGroup: 0
+ capabilities:
+ disableS6Caps: true
+ envFrom:
+ - configMapRef:
+ name: geoip
+ - secretRef:
+ name: geoip
+ probes:
+ liveness:
+ enabled: false
+ readiness:
+ enabled: false
+ startup:
+ enabled: false
+service:
+ # Server HTTPS
+ main:
+ ports:
+ main:
+ protocol: https
+ port: 10229
+ # Server HTTP
+ http:
+ enabled: true
+ type: ClusterIP
+ ports:
+ http:
+ enabled: true
+ protocol: http
+ port: 10230
+ # Proxy
+ proxy:
+ enabled: true
+ targetSelector: proxy
+ ports:
+ http:
+ enabled: true
+ protocol: http
+ port: 10227
+ targetSelector: proxy
+ https:
+ enabled: true
+ protocol: https
+ port: 10228
+ targetSelector: proxy
+ # Radius
+ radius:
+ enabled: true
+ targetSelector: radius
+ ports:
+ radius:
+ enabled: true
+ protocol: udp
+ targetSelector: radius
+ port: 1812
+ # LDAP
+ ldap:
+ enabled: true
+ targetSelector: ldap
+ ports:
+ ldap:
+ enabled: true
+ port: 389
+ targetSelector: ldap
+ # LDAPS
+ ldaps:
+ enabled: true
+ targetSelector: ldap
+ ports:
+ ldaps:
+ enabled: true
+ port: 636
+ targetSelector: ldap
+ # Server Metrics
+ servermetrics:
+ enabled: true
+ type: ClusterIP
+ ports:
+ servermetrics:
+ enabled: true
+ protocol: http
+ port: 10231
+ # Radius Metrics
+ radiusmetrics:
+ enabled: true
+ type: ClusterIP
+ targetSelector: radius
+ ports:
+ radiusmetrics:
+ enabled: true
+ protocol: http
+ port: 10232
+ targetSelector: radius
+ # LDAP Metrics
+ ldapmetrics:
+ enabled: true
+ type: ClusterIP
+ targetSelector: ldap
+ ports:
+ ldapmetrics:
+ enabled: true
+ protocol: http
+ port: 10233
+ targetSelector: ldap
+ # Proxy Metrics
+ proxymetrics:
+ enabled: true
+ type: ClusterIP
+ targetSelector: proxy
+ ports:
+ proxymetrics:
+ enabled: true
+ protocol: http
+ port: 10234
+ targetSelector: proxy
+persistence:
+ media:
+ enabled: true
+ targetSelector:
+ main:
+ main:
+ mountPath: /media
+ worker:
+ worker:
+ mountPath: /media
+ templates:
+ enabled: true
+ targetSelector:
+ main:
+ main:
+ mountPath: /templates
+ worker:
+ worker:
+ mountPath: /templates
+ blueprints:
+ enabled: true
+ targetSelector:
+ worker:
+ worker:
+ # This will automatically change to `/blueprints`
+ # if `overwriteDefaultBlueprints` is set to `true
+ # Otherwise it will respect the value specified here
+ mountPath: /blueprints/custom
+ certs:
+ enabled: true
+ mountPath: /certs
+ targetSelector:
+ worker:
+ worker:
+ mountPath: /certs
+ geoip:
+ enabled: true
+ targetSelector:
+ main:
+ main:
+ mountPath: /geoip
+ worker:
+ worker:
+ mountPath: /geoip
+ geoip:
+ geoip:
+ mountPath: /usr/share/GeoIP
+cnpg:
+ main:
+ enabled: true
+ user: authentik
+ database: authentik
+redis:
+ enabled: true
+portal:
+ open:
+ enabled: true
+metrics:
+ # FIXME: Metrics do not work yet
+ servermetrics:
+ enabled: true
+ type: servicemonitor
+ endpoints:
+ - port: "{{ .Values.service.servermetrics.ports.servermetrics.port }}"
+ path: /metrics
+ prometheusRule:
+ enabled: false
+ radiusmetrics:
+ enabled: true
+ type: servicemonitor
+ endpoints:
+ - port: "{{ .Values.service.radiusmetrics.ports.radiusmetrics.port }}"
+ path: /metrics
+ prometheusRule:
+ enabled: false
+ ldapmetrics:
+ enabled: true
+ type: servicemonitor
+ endpoints:
+ - port: "{{ .Values.service.ldapmetrics.ports.ldapmetrics.port }}"
+ path: /metrics
+ prometheusRule:
+ enabled: false
+ proxymetrics:
+ enabled: true
+ type: servicemonitor
+ endpoints:
+ - port: "{{ .Values.service.proxymetrics.ports.proxymetrics.port }}"
+ path: /metrics
+ prometheusRule:
+ enabled: false
+updated: true
diff --git a/stable/authentik/16.0.0/questions.yaml b/stable/authentik/16.0.0/questions.yaml
new file mode 100644
index 00000000000..fb52574fe42
--- /dev/null
+++ b/stable/authentik/16.0.0/questions.yaml
@@ -0,0 +1,4590 @@
+groups:
+ - name: Container Image
+ description: Image to be used for container
+ - name: General Settings
+ description: General Deployment Settings
+ - name: Workload Settings
+ description: Workload Settings
+ - name: App Configuration
+ description: App Specific Config Options
+ - name: Networking and Services
+ description: Configure Network and Services for Container
+ - name: Storage and Persistence
+ description: Persist and Share Data that is Separate from the Container
+ - name: Ingress
+ description: Ingress Configuration
+ - name: Security and Permissions
+ description: Configure Security Context and Permissions
+ - name: Resources and Devices
+ description: "Specify Resources/Devices to be Allocated to Workload"
+ - name: Middlewares
+ description: Traefik Middlewares
+ - name: Metrics
+ description: Metrics
+ - name: Addons
+ description: Addon Configuration
+ - name: Advanced
+ description: Advanced Configuration
+ - name: Postgresql
+ description: Postgresql
+ - name: Documentation
+ description: Documentation
+portals:
+ open:
+ protocols:
+ - "$kubernetes-resource_configmap_tcportal-open_protocol"
+ host:
+ - "$kubernetes-resource_configmap_tcportal-open_host"
+ ports:
+ - "$kubernetes-resource_configmap_tcportal-open_port"
+questions:
+ - variable: global
+ group: General Settings
+ label: "Global Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: stopAll
+ label: Stop All
+ description: "Stops All Running pods and hibernates cnpg"
+ schema:
+ type: boolean
+ default: false
+ - variable: workload
+ group: "Workload Settings"
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type (Advanced)
+ schema:
+ type: string
+ default: Deployment
+ enum:
+ - value: Deployment
+ description: Deployment
+ - value: DaemonSet
+ description: DaemonSet
+ - variable: replicas
+ label: Replicas (Advanced)
+ description: Set the number of Replicas
+ schema:
+ type: int
+ show_if: [["type", "!=", "DaemonSet"]]
+ default: 1
+ - variable: podSpec
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: containers
+ label: Containers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: envList
+ label: Extra Environment Variables
+ description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ - variable: extraArgs
+ label: Extra Args
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: arg
+ label: Arg
+ schema:
+ type: string
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: command
+ label: Command
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: param
+ label: Param
+ schema:
+ type: string
+ - variable: authentik
+ group: App Configuration
+ label: Authentik Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: credentials
+ label: Credentials
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: email
+ label: Email
+ description: |
+ Set the default email address for the akadmin user.
+ Only read on initial install, changing this will have no effect.
+ schema:
+ type: string
+ required: true
+ immutable: true
+ default: ""
+ - variable: password
+ label: Password
+ description: |
+ Set the default password for the akadmin user.
+ Only read on initial install, changing this will have no effect.
+ schema:
+ type: string
+ private: true
+ required: true
+ immutable: true
+ default: ""
+ - variable: bootstrapToken
+ label: (Optional) Bootstrap Token
+ description: |
+ Set the bootstrap token for the authentik server.
+ Only read on initial install, changing this will have no effect.
+ Only set this token if you plan to use the API right after installation.
+ schema:
+ type: string
+ private: true
+ immutable: true
+ default: ""
+ - variable: general
+ label: General
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: disableUpdateCheck
+ label: Disable Update Check
+ description: Disable the inbuilt update-checker
+ schema:
+ type: boolean
+ default: false
+ - variable: disableStartupAnalytics
+ label: Disable Startup Analytics
+ description: Disable startup analytics
+ schema:
+ type: boolean
+ default: true
+ - variable: allowUserChangeName
+ label: Allow User Change Name
+ description: Enable the ability for users to change their Name
+ schema:
+ type: boolean
+ default: true
+ - variable: allowUserChangeEmail
+ label: Allow User Change Mail
+ description: Enable the ability for users to change their Email address
+ schema:
+ type: boolean
+ default: true
+ - variable: allowUserChangeUsername
+ label: Allow User Change Username
+ description: Enable the ability for users to change their Usernames
+ schema:
+ type: boolean
+ default: true
+ - variable: gdprCompliance
+ label: GDPR Compliance
+ description: When enabled, all the events caused by a user will be deleted upon the user's deletion
+ schema:
+ type: boolean
+ default: true
+ - variable: overwriteDefaultBlueprints
+ label: Overwrite Default Blueprints
+ description: |
+ When enabled, all the default blueprints will be overwritten
+ True: mountPath: /blueprints
+ False: mountPath: /blueprints/custom
+ schema:
+ type: boolean
+ default: false
+ - variable: tokenLength
+ label: Token Length
+ description: Configure the length of generated tokens
+ schema:
+ type: int
+ min: 60
+ default: 128
+ - variable: impersonation
+ label: Impersonation
+ description: Globally enable / disable impersonation
+ schema:
+ type: boolean
+ default: true
+ - variable: avatars
+ label: Avatars
+ description: Configure how authentik should show avatars for users
+ schema:
+ type: list
+ default:
+ - gravatar
+ - initials
+ items:
+ - variable: avatar
+ label: Avatar
+ description: Avatar type
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: footerLinks
+ label: Footer Links
+ description: This option configures the footer links on the flow executor pages
+ schema:
+ type: list
+ default:
+ - name: Authentik
+ href: https://goauthentik.io
+ items:
+ - variable: footerLink
+ label: Footer Link
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: Name of the link
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: href
+ label: Href
+ description: URL of the link
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: email
+ label: Email
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: Mail Server Host
+ description: Sets host of mail server
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: Mail Server Port
+ description: Sets port of mail server
+ schema:
+ type: int
+ default: 587
+ - variable: username
+ label: Username
+ description: Sets username of mail server
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: Password
+ description: Sets password of mail server
+ schema:
+ type: string
+ private: true
+ default: ""
+ - variable: useTLS
+ label: Use TLS for authentication
+ description: Sets TLS for mail server authentication
+ schema:
+ type: boolean
+ default: true
+ - variable: useSSL
+ label: Use SSL for authentication
+ description: Sets SSL for mail server authentication
+ schema:
+ type: boolean
+ default: false
+ - variable: timeout
+ label: Timeout of authentication
+ description: Sets timeout for mail server authentication
+ schema:
+ type: int
+ default: 10
+ - variable: from
+ label: From Address
+ description: Email address authentik will send from
+ schema:
+ type: string
+ default: ""
+ - variable: ldap
+ label: LDAP
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: tls_ciphers
+ label: TLS Ciphers
+ description: |
+ Allows configuration of TLS Ciphers for LDAP connections used by LDAP sources.
+ Setting applies to all sources
+ schema:
+ type: string
+ default: "null"
+ - variable: taskTimeoutHours
+ label: Task Timeout Hours
+ description: Timeout in hours for LDAP synchronization tasks
+ schema:
+ type: int
+ default: 2
+ - variable: logging
+ label: Logging
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: log_level
+ label: Log Level
+ description: Log level for the server and worker containers
+ schema:
+ type: string
+ default: info
+ enum:
+ - value: trace
+ description: trace
+ - value: debug
+ description: debug
+ - value: info
+ description: info
+ - value: warning
+ description: warning
+ - value: error
+ description: error
+ - variable: error_reporting
+ label: Error Reporting
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Reporting
+ description: Enables error reporting
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if:
+ subquestions:
+ - variable: sendPII
+ label: Send Personal Data
+ description: Whether or not to send personal data, like usernames
+ schema:
+ type: boolean
+ default: false
+ - variable: environment
+ label: Environment
+ description: The environment tag associated with all data sent to Sentry
+ schema:
+ type: string
+ default: customer
+ - variable: sentryDSN
+ label: Sentry DSN
+ description: Sets the DSN for the Sentry API endpoint.
+ schema:
+ type: string
+ private: true
+ default: ""
+ - variable: geoip
+ label: GeoIP
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: wipeBuiltInDb
+ label: Wipe Built-In GeoIP DB
+ description: |
+ Wipes the built-in GeoIP database.
+ With this set to false, and disabled GeoIP container,
+ It will use the built-in database.
+ schema:
+ type: boolean
+ show_if: [["enabled", "=", false]]
+ default: false
+ - variable: enabled
+ label: Enabled
+ description: |
+ Enables and configures the GeoIP container.
+ This will deploy the GeoIP container.
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: editionID
+ label: Edition ID
+ description: |
+ The edition ID of the database to download.
+ Only one seems to be supported by Authentik.
+ schema:
+ type: string
+ default: GeoLite2-City
+ - variable: frequency
+ label: Frequency
+ description: The number of hours between geoipupdate runs.
+ schema:
+ type: int
+ min: 1
+ default: 8
+ - variable: accountID
+ label: Account ID
+ description: Your MaxMind account ID
+ schema:
+ type: string
+ private: true
+ required: true
+ default: ""
+ - variable: licenseKey
+ label: License Key
+ description: Your MaxMind license key
+ schema:
+ type: string
+ private: true
+ required: true
+ default: ""
+ - variable: outposts
+ label: Outposts
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: proxy
+ label: Proxy
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: |
+ Enables and configures the Proxy container.
+ This will deploy the Proxy container.
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: token
+ label: Token
+ description: |
+ The token used to authenticate with the authentik server.
+ schema:
+ type: string
+ private: true
+ required: true
+ default: ""
+ - variable: radius
+ label: Radius
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: |
+ Enables and configures the Radius container.
+ This will deploy the Radius container.
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: token
+ label: Token
+ description: |
+ The token used to authenticate with the authentik server.
+ schema:
+ type: string
+ private: true
+ required: true
+ default: ""
+ - variable: ldap
+ label: LDAP
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: |
+ Enables and configures the LDAP container.
+ This will deploy the LDAP container.
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: token
+ label: Token
+ description: |
+ The token used to authenticate with the authentik server.
+ schema:
+ type: string
+ private: true
+ required: true
+ default: ""
+ - variable: TZ
+ label: Timezone
+ group: "General Settings"
+ schema:
+ type: string
+ default: "Etc/UTC"
+ $ref:
+ - "definitions/timezone"
+ - variable: podOptions
+ group: "General Settings"
+ label: "Global Pod Options (Advanced)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: expertPodOpts
+ label: "Expert - Pod Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hostNetwork
+ label: "Host Networking"
+ schema:
+ type: boolean
+ default: false
+ - variable: dnsConfig
+ label: "DNS Configuration"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: options
+ label: "Options"
+ schema:
+ type: list
+ default: [{"name": "ndots", "value": "1"}]
+ items:
+ - variable: optionsEntry
+ label: "Option Entry"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: nameservers
+ label: "Nameservers"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: nsEntry
+ label: "Nameserver Entry"
+ schema:
+ type: string
+ required: true
+ - variable: searches
+ label: "Searches"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: searchEntry
+ label: "Search Entry"
+ schema:
+ type: string
+ required: true
+
+ - variable: imagePullSecretList
+ group: "General Settings"
+ label: "Image Pull Secrets"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pullsecretentry
+ label: "Pull Secret"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: registry
+ label: "Registry"
+ schema:
+ type: string
+ required: true
+ default: "https://index.docker.io/v1/"
+ - variable: username
+ label: "Username"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: password
+ label: "Password"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: email
+ label: "Email"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: service
+ group: Networking and Services
+ label: Configure Service(s)
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Service
+ description: The Primary service on which the healthcheck runs, often the webUI
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Service Port Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ default: 10229
+ required: true
+ - variable: proxy
+ label: Proxy Service
+ description: The Proxy service.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: http
+ label: HTTP Service Port Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ default: 10227
+ required: true
+ - variable: https
+ label: HTTPS Service Port Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ default: 10228
+ required: true
+ - variable: radius
+ label: RADIUS Service
+ description: The RADIUS service.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: radius
+ label: RADIUS Service Port Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ default: 1812
+ required: true
+ - variable: ldap
+ label: LDAP Service
+ description: The LDAP service.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ldap
+ label: LDAP Service Port Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ default: 389
+ required: true
+ - variable: ldaps
+ label: LDAPS Service
+ description: The LDAPS service.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ldaps
+ label: LDAPS Service Port Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ default: 636
+ required: true
+ - variable: serviceexpert
+ group: Networking and Services
+ label: Show Expert Config
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: scaleExternalInterface
+ description: Add External Interfaces
+ label: Add external Interfaces
+ group: Networking
+ schema:
+ type: list
+ items:
+ - variable: interfaceConfiguration
+ description: Interface Configuration
+ label: Interface Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "normalize/interfaceConfiguration"
+ attrs:
+ - variable: hostInterface
+ description: Please Specify Host Interface
+ label: Host Interface
+ schema:
+ type: string
+ required: true
+ $ref:
+ - "definitions/interface"
+ - variable: ipam
+ description: Define how IP Address will be managed
+ label: IP Address Management
+ schema:
+ additional_attrs: true
+ type: dict
+ required: true
+ attrs:
+ - variable: type
+ description: Specify type for IPAM
+ label: IPAM Type
+ schema:
+ type: string
+ required: true
+ enum:
+ - value: dhcp
+ description: Use DHCP
+ - value: static
+ description: Use Static IP
+ - variable: staticIPConfigurations
+ label: Static IP Addresses
+ schema:
+ type: list
+ show_if: [["type", "=", "static"]]
+ items:
+ - variable: staticIP
+ label: Static IP
+ schema:
+ type: ipaddr
+ cidr: true
+ - variable: staticRoutes
+ label: Static Routes
+ schema:
+ type: list
+ show_if: [["type", "=", "static"]]
+ items:
+ - variable: staticRouteConfiguration
+ label: Static Route Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: destination
+ label: Destination
+ schema:
+ type: ipaddr
+ cidr: true
+ required: true
+ - variable: gateway
+ label: Gateway
+ schema:
+ type: ipaddr
+ cidr: false
+ required: true
+ - variable: serviceList
+ label: Add Manual Custom Services
+ group: Networking and Services
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: serviceListEntry
+ label: Custom Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: advancedsvcset
+ label: Show Advanced Service Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: External IP
+ schema:
+ type: string
+ - variable: ipFamilyPolicy
+ label: IP Family Policy
+ description: Specify the IP Policy
+ schema:
+ type: string
+ default: SingleStack
+ enum:
+ - value: SingleStack
+ description: SingleStack
+ - value: PreferDualStack
+ description: PreferDualStack
+ - value: RequireDualStack
+ description: RequireDualStack
+ - variable: ipFamilies
+ label: IP Families
+ description: (Advanced) The IP Families that should be used
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ipFamily
+ label: IP Family
+ schema:
+ type: string
+ - variable: portsList
+ label: Additional Service Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsListEntry
+ label: Custom ports
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Port
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Port Name
+ schema:
+ type: string
+ default: ""
+ - variable: protocol
+ label: Port Type
+ schema:
+ type: string
+ default: tcp
+ enum:
+ - value: http
+ description: HTTP
+ - value: https
+ description: HTTPS
+ - value: tcp
+ description: TCP
+ - value: udp
+ description: UDP
+ - variable: targetPort
+ label: Target Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ required: true
+ - variable: port
+ label: Container Port
+ schema:
+ type: int
+ required: true
+ - variable: persistence
+ label: Integrated Persistent Storage
+ description: Integrated Persistent Storage
+ group: Storage and Persistence
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: media
+ label: App Media Storage
+ description: Stores the Application Media.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - value: iscsi
+ description: iSCSI Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: disabled
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: templates
+ label: App Templates Storage
+ description: Stores the Application Templates.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - value: iscsi
+ description: iSCSI Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: disabled
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: blueprints
+ label: App Blueprints Storage
+ description: Stores the Application Blueprints.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - value: iscsi
+ description: iSCSI Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: disabled
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: certs
+ label: App Certs Storage
+ description: Stores the Application Certs.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - value: iscsi
+ description: iSCSI Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: disabled
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: geoip
+ label: App GeoIP Storage
+ description: Stores the Application GeoIP.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - value: iscsi
+ description: iSCSI Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: disabled
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: persistenceList
+ label: Additional App Storage
+ group: Storage and Persistence
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: persistenceListEntry
+ label: Custom Storage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the storage
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: hostPath
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: mountPath
+ label: Mount Path
+ description: Path inside the container the storage is mounted
+ schema:
+ type: string
+ default: ""
+ required: true
+ valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size Quotum of Storage
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: "disabled"
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: ingress
+ label: ""
+ group: Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main (HTTPS) Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: [{path: "/", pathType: "Prefix"}]
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: certificateIssuer
+ label: Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: integration
+ label: Integrations
+ description: Connect ingress with other charts
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: homepage
+ label: Homepage
+ description: Connect ingress with Homepage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ - variable: name
+ label: Name
+ description: defaults to chartname
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: description
+ label: Description
+ description: defaults to chart description
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: group
+ label: Group
+ schema:
+ type: string
+ required: true
+ default: "default"
+ show_if: [["enabled", "=", true]]
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ show_if: [["advanced", "=", true]]
+ required: true
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ show_if: [["advanced", "=", true]]
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ show_if: [["advanced", "=", true]]
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: 'Use Custom Certificate Secret (Advanced)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: 'Use TrueNAS SCALE Certificate (Deprecated)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: proxy
+ label: Proxy (HTTPS) Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: [{path: "/", pathType: "Prefix"}]
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: certificateIssuer
+ label: Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: integration
+ label: Integrations
+ description: Connect ingress with other charts
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: homepage
+ label: Homepage
+ description: Connect ingress with Homepage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ - variable: name
+ label: Name
+ description: defaults to chartname
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: description
+ label: Description
+ description: defaults to chart description
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: group
+ label: Group
+ schema:
+ type: string
+ required: true
+ default: "default"
+ show_if: [["enabled", "=", true]]
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ show_if: [["advanced", "=", true]]
+ required: true
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ show_if: [["advanced", "=", true]]
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ show_if: [["advanced", "=", true]]
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: 'Use Custom Certificate Secret (Advanced)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: 'Use TrueNAS SCALE Certificate (Deprecated)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: ingressList
+ label: Add Manual Custom Ingresses
+ group: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressListEntry
+ label: Custom Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: ingressClassName
+ label: IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: service
+ label: Linked Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Service Name
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: Service Port
+ schema:
+ type: int
+ - variable: certificateIssuer
+ label: certificateIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ show_if: [["certificateIssuer", "=", ""]]
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: Use TrueNAS SCALE Certificate (Deprecated)
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: Use Custom Secret (Advanced)
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: integration
+ label: Integrations
+ description: Connect ingress with other charts
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: homepage
+ label: Homepage
+ description: Connect ingress with Homepage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ - variable: name
+ label: Name
+ description: defaults to chartname
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: description
+ label: Description
+ description: defaults to chart description
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: group
+ label: Group
+ schema:
+ type: string
+ required: true
+ default: "default"
+ show_if: [["enabled", "=", true]]
+ - variable: entrypoint
+ label: Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: securityContext
+ group: Security and Permissions
+ label: Security Context
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: container
+ label: Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: runAsUser
+ label: runAsUser
+ description: The UserID of the user running the application
+ schema:
+ type: int
+ default: 1000
+ - variable: runAsGroup
+ label: runAsGroup
+ description: The groupID of the user running the application
+ schema:
+ type: int
+ default: 1000
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: PUID
+ label: Process User ID - PUID
+ description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
+ schema:
+ type: int
+ show_if: [["runAsUser", "=", 0]]
+ default: 568
+ - variable: UMASK
+ label: UMASK
+ description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
+ schema:
+ type: string
+ default: "0022"
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: privileged
+ label: "Privileged mode"
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnlyRootFilesystem
+ label: "ReadOnly Root Filesystem"
+ schema:
+ type: boolean
+ default: true
+ - variable: pod
+ label: Pod
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: fsGroupChangePolicy
+ label: "When should we take ownership?"
+ schema:
+ type: string
+ default: OnRootMismatch
+ enum:
+ - value: OnRootMismatch
+ description: OnRootMismatch
+ - value: Always
+ description: Always
+ - variable: supplementalGroups
+ label: Supplemental Groups
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: supplementalGroupsEntry
+ label: Supplemental Group
+ schema:
+ type: int
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: fsGroup
+ label: fsGroup
+ description: The group that should own ALL storage.
+ schema:
+ type: int
+ default: 568
+ - variable: resources
+ group: Resources and Devices
+ label: "Resource Limits"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: limits
+ label: Advanced Limit Resource Consumption
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 4000m
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: RAM
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 8Gi
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: requests
+ label: "Minimum Resources Required (request)"
+ schema:
+ additional_attrs: true
+ type: dict
+ hidden: true
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 10m
+ hidden: true
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: "RAM"
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 50Mi
+ hidden: true
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: deviceList
+ label: Mount USB Devices
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: deviceListEntry
+ label: Device
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Storage
+ schema:
+ type: boolean
+ default: true
+ - variable: type
+ label: (Advanced) Type of Storage
+ description: Sets the persistence type
+ schema:
+ type: string
+ default: device
+ hidden: true
+ - variable: readOnly
+ label: readOnly
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Device Path
+ description: Path to the device on the host system
+ schema:
+ type: path
+ - variable: mountPath
+ label: Container Device Path
+ description: Path inside the container the device is mounted
+ schema:
+ type: string
+ default: "/dev/ttyACM0"
+ - variable: scaleGPU
+ label: GPU Configuration
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: scaleGPUEntry
+ label: GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Specify GPU configuration
+ - variable: gpu
+ label: Select GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "definitions/gpuConfiguration"
+ attrs: []
+ - variable: workaround
+ label: "Workaround"
+ schema:
+ type: string
+ default: workaround
+ hidden: true
+ - variable: metrics
+ group: Metrics
+ label: Prometheus Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: prometheusRule
+ label: PrometheusRule
+ description: Enable and configure Prometheus Rules for the App.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ # TODO: Rule List section
+# - variable: horizontalPodAutoscaler
+# group: Advanced
+# label: (Advanced) Horizontal Pod Autoscaler
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: hpaEntry
+# label: HPA Entry
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: name
+# label: Name
+# schema:
+# type: string
+# required: true
+# default: ""
+# - variable: enabled
+# label: Enabled
+# schema:
+# type: boolean
+# default: false
+# show_subquestions_if: true
+# subquestions:
+# - variable: target
+# label: Target
+# description: Deployment name, Defaults to Main Deployment
+# schema:
+# type: string
+# default: ""
+# - variable: minReplicas
+# label: Minimum Replicas
+# schema:
+# type: int
+# default: 1
+# - variable: maxReplicas
+# label: Maximum Replicas
+# schema:
+# type: int
+# default: 5
+# - variable: targetCPUUtilizationPercentage
+# label: Target CPU Utilization Percentage
+# schema:
+# type: int
+# default: 80
+# - variable: targetMemoryUtilizationPercentage
+# label: Target Memory Utilization Percentage
+# schema:
+# type: int
+# default: 80
+ - variable: networkPolicy
+ group: Advanced
+ label: (Advanced) Network Policy
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: netPolicyEntry
+ label: Network Policy Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: policyType
+ label: Policy Type
+ schema:
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: ingress
+ description: Ingress
+ - value: egress
+ description: Egress
+ - value: ingress-egress
+ description: Ingress and Egress
+ - variable: egress
+ label: Egress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: egressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: to
+ label: To
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: toEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: ingress
+ label: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: from
+ label: From
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: fromEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: addons
+ group: Addons
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: Codeserver
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: service
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: NodePort
+ description: Deprecated CHANGE THIS
+ - value: ClusterIP
+ description: ClusterIP
+ - value: LoadBalancer
+ description: LoadBalancer
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ default: 36107
+ - variable: ingress
+ label: "Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: [{path: "/", pathType: "Prefix"}]
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: certificateIssuer
+ label: Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ show_if: [["advanced", "=", true]]
+ required: true
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ show_if: [["advanced", "=", true]]
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ show_if: [["advanced", "=", true]]
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: 'Use Custom Certificate Secret (Advanced)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: 'Use TrueNAS SCALE Certificate (Deprecated)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: envList
+ label: Codeserver Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: netshoot
+ label: Netshoot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: envList
+ label: Netshoot Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: vpn
+ label: VPN
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ schema:
+ type: string
+ default: disabled
+ enum:
+ - value: disabled
+ description: disabled
+ - value: gluetun
+ description: Gluetun
+ - value: tailscale
+ description: Tailscale
+ - value: openvpn
+ description: OpenVPN (Deprecated)
+ - value: wireguard
+ description: Wireguard (Deprecated)
+ - variable: openvpn
+ label: OpenVPN Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "openvpn"]]
+ attrs:
+ - variable: username
+ label: Authentication Username (Optional)
+ description: Authentication Username, Optional
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: Authentication Password
+ description: Authentication Credentials
+ schema:
+ type: string
+ show_if: [["username", "!=", ""]]
+ default: ""
+ required: true
+ - variable: tailscale
+ label: Tailscale Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "tailscale"]]
+ attrs:
+ - variable: authkey
+ label: Authentication Key
+ description: Provide an auth key to automatically authenticate the node as your user account.
+ schema:
+ type: string
+ private: true
+ default: ""
+ - variable: auth_once
+ label: Auth Once
+ description: Only attempt to log in if not already logged in.
+ schema:
+ type: boolean
+ default: true
+ - variable: accept_dns
+ label: Accept DNS
+ description: Accept DNS configuration from the admin console.
+ schema:
+ type: boolean
+ default: false
+ - variable: userspace
+ label: Userspace
+ description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
+ schema:
+ type: boolean
+ default: false
+ - variable: routes
+ label: Routes
+ description: Expose physical subnet routes to your entire Tailscale network.
+ schema:
+ type: string
+ default: ""
+ - variable: dest_ip
+ label: Destination IP
+ description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
+ schema:
+ type: string
+ default: ""
+ - variable: sock5_server
+ label: Sock5 Server
+ description: The address on which to listen for SOCKS5 proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: outbound_http_proxy_listen
+ label: Outbound HTTP Proxy Listen
+ description: The address on which to listen for HTTP proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: extra_args
+ label: Extra Args
+ description: Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: daemon_extra_args
+ label: Tailscale Daemon Extra Args
+ description: Tailscale Daemon Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: killSwitch
+ label: Enable Killswitch
+ schema:
+ type: boolean
+ show_if: [["type", "!=", "disabled"]]
+ default: true
+ - variable: excludedNetworks_IPv4
+ label: Killswitch Excluded IPv4 networks
+ description: List of Killswitch Excluded IPv4 Addresses
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv4
+ label: IPv4 Network
+ schema:
+ type: string
+ required: true
+ - variable: excludedNetworks_IPv6
+ label: Killswitch Excluded IPv6 networks
+ description: "List of Killswitch Excluded IPv6 Addresses"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv6
+ label: IPv6 Network
+ schema:
+ type: string
+ required: true
+ - variable: configFile
+ label: VPN Config File Location
+ schema:
+ type: string
+ show_if: [["type", "!=", "disabled"]]
+ default: ""
+
+ - variable: envList
+ label: VPN Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ max_length: 10240
+ - variable: docs
+ group: Documentation
+ label: Please read the documentation at https://truecharts.org
+ description: Please read the documentation at
+
https://truecharts.org
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDocs
+ label: I have checked the documentation
+ schema:
+ type: boolean
+ default: true
+ - variable: donateNag
+ group: Documentation
+ label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
+ description: Please consider supporting TrueCharts, see
+
https://truecharts.org/sponsor
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDonate
+ label: I have considered donating
+ schema:
+ type: boolean
+ default: true
+ hidden: true
diff --git a/stable/authentik/16.0.0/templates/NOTES.txt b/stable/authentik/16.0.0/templates/NOTES.txt
new file mode 100644
index 00000000000..efcb74cb772
--- /dev/null
+++ b/stable/authentik/16.0.0/templates/NOTES.txt
@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}
diff --git a/stable/authentik/16.0.0/templates/_config.tpl b/stable/authentik/16.0.0/templates/_config.tpl
new file mode 100644
index 00000000000..c46407c309c
--- /dev/null
+++ b/stable/authentik/16.0.0/templates/_config.tpl
@@ -0,0 +1,128 @@
+{{/* Define the configmaps */}}
+{{- define "authentik.configmaps" -}}
+
+ {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}}
+ {{- $serverHost := printf "https://%v:%v" $fullname .Values.service.main.ports.main.port -}}
+ {{- $host := .Values.chartContext.appUrl }}
+server:
+ enabled: true
+ data:
+ AUTHENTIK_LISTEN__HTTPS: {{ printf "0.0.0.0:%v" .Values.service.main.ports.main.port | quote }}
+ AUTHENTIK_LISTEN__HTTP: {{ printf "0.0.0.0:%v" .Values.service.http.ports.http.port | quote }}
+ AUTHENTIK_LISTEN__METRICS: {{ printf "0.0.0.0:%v" .Values.service.servermetrics.ports.servermetrics.port | quote }}
+
+server-worker:
+ enabled: true
+ data:
+ {{/* Dependencies */}}
+ AUTHENTIK_POSTGRESQL__NAME: {{ .Values.cnpg.main.database }}
+ AUTHENTIK_POSTGRESQL__USER: {{ .Values.cnpg.main.user }}
+ AUTHENTIK_POSTGRESQL__HOST: {{ .Values.cnpg.main.creds.host }}
+ AUTHENTIK_POSTGRESQL__PORT: "5432"
+ AUTHENTIK_REDIS__HOST: {{ .Values.redis.creds.plain }}
+ AUTHENTIK_REDIS__PORT: "6379"
+
+ {{/* Outposts */}}
+ AUTHENTIK_OUTPOSTS__DISCOVER: "false"
+
+ {{/* GeoIP */}}
+ {{- $geoipPath := (printf "/geoip/%v.mmdb" .Values.authentik.geoip.editionID) -}}
+ {{- if not .Values.authentik.geoip.enabled -}}
+ {{- $geoipPath = "/tmp/non-existent-file" -}}
+ {{- end -}}
+
+ {{- if or .Values.authentik.geoip.enabled .Values.authentik.geoip.wipeBuiltInDb }}
+ AUTHENTIK_GEOIP: {{ $geoipPath }}
+ {{- end }}
+
+ {{/* Mail */}}
+ AUTHENTIK_EMAIL__USE_TLS: {{ .Values.authentik.email.useTLS | quote }}
+ AUTHENTIK_EMAIL__USE_SSL: {{ .Values.authentik.email.useSSL | quote }}
+ {{- with .Values.authentik.email.port }}
+ AUTHENTIK_EMAIL__PORT: {{ . | quote }}
+ {{- end -}}
+ {{- with .Values.authentik.email.timeout }}
+ AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }}
+ {{- end }}
+
+ {{/* LDAP */}}
+ AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS: {{ .Values.authentik.ldap.taskTimeoutHours | quote }}
+ AUTHENTIK_LDAP__TLS__CIPHERS: {{ .Values.authentik.ldap.tlsCiphers | quote }}
+
+ {{/* Logging */}}
+ AUTHENTIK_LOG_LEVEL: {{ .Values.authentik.logging.logLevel }}
+
+ {{/* Error Reporting */}}
+ AUTHENTIK_ERROR_REPORTING__ENABLED: {{ .Values.authentik.errorReporting.enabled | quote }}
+ AUTHENTIK_ERROR_REPORTING__SEND_PII: {{ .Values.authentik.errorReporting.sendPII | quote }}
+ {{- with .Values.authentik.errorReporting.environment }}
+ AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: {{ . | quote }}
+ {{- end -}}
+ {{- with .Values.authentik.errorReporting.sentryDSN }}
+ AUTHENTIK_ERROR_REPORTING__SENTRY_DSN: {{ . | quote }}
+ {{- end -}}
+ {{- with .Values.authentik.general.avatars }}
+ AUTHENTIK_AVATARS: {{ join "," . }}
+ {{- end -}}
+ {{- with .Values.authentik.general.footerLinks }}
+ AUTHENTIK_FOOTER_LINKS: {{ toJson . | squote }}
+ {{- end }}
+
+ {{/* General */}}
+ AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disableUpdateCheck | quote }}
+ AUTHENTIK_DISABLE_STARTUP_ANALYTICS: {{ .Values.authentik.general.disableStartupAnalytics | quote }}
+ AUTHENTIK_DEFAULT_USER_CHANGE_NAME: {{ .Values.authentik.general.allowUserChangeName | quote }}
+ AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: {{ .Values.authentik.general.allowUserChangeEmail | quote }}
+ AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: {{ .Values.authentik.general.allowUserChangeUsername | quote }}
+ AUTHENTIK_GDPR_COMPLIANCE: {{ .Values.authentik.general.gdprCompliance | quote }}
+ AUTHENTIK_DEFAULT_TOKEN_LENGTH: {{ .Values.authentik.general.tokenLength | quote }}
+ AUTHENTIK_IMPERSONATION: {{ .Values.authentik.general.impersonation | quote }}
+
+{{- if .Values.authentik.outposts.proxy.enabled }}
+proxy:
+ enabled: true
+ data:
+ AUTHENTIK_LISTEN__HTTP: {{ printf "0.0.0.0:%v" .Values.service.proxy.ports.http.port | quote }}
+ AUTHENTIK_LISTEN__HTTPS: {{ printf "0.0.0.0:%v" .Values.service.proxy.ports.https.port | quote }}
+ AUTHENTIK_LISTEN__METRICS: {{ printf "0.0.0.0:%v" .Values.service.proxymetrics.ports.proxymetrics.port | quote }}
+ AUTHENTIK_HOST: {{ $serverHost }}
+ AUTHENTIK_INSECURE: "true"
+ # TODO: node ip or ingress host
+ AUTHENTIK_HOST_BROWSER: {{ $host }}
+{{- end -}}
+
+{{- if .Values.authentik.outposts.radius.enabled }}
+radius:
+ enabled: true
+ data:
+ AUTHENTIK_LISTEN__RADIUS: {{ printf "0.0.0.0:%v" .Values.service.radius.ports.radius.port | quote }}
+ AUTHENTIK_LISTEN__METRICS: {{ printf "0.0.0.0:%v" .Values.service.radiusmetrics.ports.radiusmetrics.port | quote }}
+ AUTHENTIK_HOST: {{ $serverHost }}
+ AUTHENTIK_INSECURE: "true"
+ # TODO: node ip or ingress host
+ AUTHENTIK_HOST_BROWSER: {{ $host }}
+{{- end -}}
+
+{{- if .Values.authentik.outposts.ldap.enabled }}
+ldap:
+ enabled: true
+ data:
+ AUTHENTIK_LISTEN__LDAP: {{ printf "0.0.0.0:%v" .Values.service.ldap.ports.ldap.port | quote }}
+ AUTHENTIK_LISTEN__LDAPS: {{ printf "0.0.0.0:%v" .Values.service.ldaps.ports.ldaps.port | quote }}
+ AUTHENTIK_LISTEN__METRICS: {{ printf "0.0.0.0:%v" .Values.service.ldapmetrics.ports.ldapmetrics.port | quote }}
+ AUTHENTIK_HOST: {{ $serverHost }}
+ AUTHENTIK_INSECURE: "true"
+ # TODO: node ip or ingress host
+ AUTHENTIK_HOST_BROWSER: {{ $host }}
+{{- end -}}
+
+{{- if .Values.authentik.geoip.enabled }}
+geoip:
+ enabled: true
+ data:
+ GEOIPUPDATE_EDITION_IDS: {{ .Values.authentik.geoip.editionID }}
+ GEOIPUPDATE_FREQUENCY: {{ .Values.authentik.geoip.frequency | quote }}
+ GEOIPUPDATE_DB_DIR: {{ .Values.persistence.geoip.targetSelector.geoip.geoip.mountPath | quote }}
+{{- end -}}
+
+{{- end -}}
diff --git a/stable/authentik/16.0.0/templates/_secret.tpl b/stable/authentik/16.0.0/templates/_secret.tpl
new file mode 100644
index 00000000000..faf26d54e10
--- /dev/null
+++ b/stable/authentik/16.0.0/templates/_secret.tpl
@@ -0,0 +1,74 @@
+{{/* Define the secrets */}}
+{{- define "authentik.secrets" -}}
+
+ {{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}}
+ {{- $fetchname := printf "%v-server-worker" $fullname -}}
+
+ {{- $secretKey := randAlphaNum 32 -}}
+ {{- with (lookup "v1" "Secret" .Release.Namespace $fetchname) -}}
+ {{- $secretKey = index .data "AUTHENTIK_SECRET_KEY" | b64dec -}}
+ {{- end }}
+
+server-worker:
+ enabled: true
+ data:
+ {{/* Dependencies */}}
+ AUTHENTIK_POSTGRESQL__PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
+ AUTHENTIK_REDIS__PASSWORD: {{ .Values.redis.creds.redisPassword | trimAll "\"" }}
+
+ {{/* Secret Key */}}
+ AUTHENTIK_SECRET_KEY: {{ $secretKey }}
+
+ {{/* Initial credentials */}}
+ AUTHENTIK_BOOTSTRAP_EMAIL: {{ .Values.authentik.credentials.email | quote }}
+ AUTHENTIK_BOOTSTRAP_PASSWORD: {{ .Values.authentik.credentials.password | quote }}
+ {{- with .Values.authentik.credentials.bootstrapToken }}
+ AUTHENTIK_BOOTSTRAP_TOKEN: {{ . }}
+ {{- end }}
+
+ {{/* Mail */}}
+ {{- with .Values.authentik.email.host }}
+ AUTHENTIK_EMAIL__HOST: {{ . }}
+ {{- end -}}
+ {{- with .Values.authentik.email.username }}
+ AUTHENTIK_EMAIL__USERNAME: {{ . }}
+ {{- end -}}
+ {{- with .Values.authentik.email.password }}
+ AUTHENTIK_EMAIL__PASSWORD: {{ . }}
+ {{- end -}}
+ {{- with .Values.authentik.email.from }}
+ AUTHENTIK_EMAIL__FROM: {{ . }}
+ {{- end -}}
+
+{{- if .Values.authentik.geoip.enabled }}
+geoip:
+ enabled: true
+ data:
+ GEOIPUPDATE_VERBOSE: "0"
+ GEOIPUPDATE_PRESERVE_FILE_TIMES: "1"
+ GEOIPUPDATE_ACCOUNT_ID: {{ .Values.authentik.geoip.accountID | quote }}
+ GEOIPUPDATE_LICENSE_KEY: {{ .Values.authentik.geoip.licenseKey | quote }}
+{{- end -}}
+
+{{- if .Values.authentik.outposts.proxy.enabled }}
+proxy:
+ enabled: true
+ data:
+ AUTHENTIK_TOKEN: {{ .Values.authentik.outposts.proxy.token | quote }}
+{{- end -}}
+
+{{- if .Values.authentik.outposts.radius.enabled }}
+radius:
+ enabled: true
+ data:
+ AUTHENTIK_TOKEN: {{ .Values.authentik.outposts.radius.token | quote }}
+{{- end -}}
+
+{{- if .Values.authentik.outposts.ldap.enabled }}
+ldap:
+ enabled: true
+ data:
+ AUTHENTIK_TOKEN: {{ .Values.authentik.outposts.ldap.token | quote }}
+{{- end -}}
+
+{{- end -}}
diff --git a/stable/authentik/16.0.0/templates/_validation.tpl b/stable/authentik/16.0.0/templates/_validation.tpl
new file mode 100644
index 00000000000..5a1b5f029b8
--- /dev/null
+++ b/stable/authentik/16.0.0/templates/_validation.tpl
@@ -0,0 +1,23 @@
+{{- define "authentik.validation" -}}
+ {{- range $outpost, $values := .Values.authentik.outposts -}}
+ {{- if (kindIs "dict" $values) -}}
+ {{- if and $values.enabled (not $values.token) -}}
+ {{- fail (printf "Authentik - Outpost [%v] is enabled, but [token] was not provided" ($outpost | upper)) -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- if .Values.authentik.geoip.enabled -}}
+ {{- if not .Values.authentik.geoip.accountID -}}
+ {{- fail "Authentik - GeoIP is enabled but [accountID] was not provided" -}}
+ {{- end -}}
+
+ {{- if not .Values.authentik.geoip.licenseKey -}}
+ {{- fail "Authentik - GeoIP is enabled but [licenseKey] was not provided" -}}
+ {{- end -}}
+
+ {{- if contains " " .Values.authentik.geoip.editionID -}}
+ {{- fail "Authentik - GeoIP is enabled but [editionID] cannot contain spaces" -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
diff --git a/stable/authentik/16.0.0/templates/_waitAuthentik.tpl b/stable/authentik/16.0.0/templates/_waitAuthentik.tpl
new file mode 100644
index 00000000000..b2421746cef
--- /dev/null
+++ b/stable/authentik/16.0.0/templates/_waitAuthentik.tpl
@@ -0,0 +1,20 @@
+{{- define "authentik.wait.server" -}}
+{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
+{{- $serverUrl := printf "https://%v:%v/-/health/ready/" $fullname .Values.service.main.ports.main.port }}
+enabled: true
+type: init
+imageSelector: alpineImage
+command: /bin/sh
+args:
+ - -c
+ - |
+ echo "Waiting Authentik Server [{{ $serverUrl }}] to be ready..."
+ until wget --no-check-certificate --spider --quiet "{{ $serverUrl }}";
+ do
+ echo "Waiting Authentik Server [{{ $serverUrl }}] to be ready..."
+ sleep 3
+ done
+
+ echo "Authentik [{{ $serverUrl }}] is ready..."
+ echo "Starting Outpost..."
+{{- end -}}
diff --git a/stable/authentik/16.0.0/templates/common.yaml b/stable/authentik/16.0.0/templates/common.yaml
new file mode 100644
index 00000000000..f60f125473f
--- /dev/null
+++ b/stable/authentik/16.0.0/templates/common.yaml
@@ -0,0 +1,97 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . }}
+
+{{- include "authentik.validation" $ -}}
+
+{{/* Render secrets for authentik and friends */}}
+{{- $secrets := include "authentik.secrets" . | fromYaml -}}
+{{- if $secrets -}}
+ {{ $secrets := (mustMergeOverwrite .Values.secret $secrets) }}
+ {{- $_ := set .Values "secret" $secrets -}}
+{{- end -}}
+
+{{/* Render configmaps for authentik and friends */}}
+{{- $configmaps := include "authentik.configmaps" . | fromYaml -}}
+{{- if $configmaps -}}
+ {{ $configmaps := (mustMergeOverwrite .Values.configmap $configmaps) }}
+ {{- $_ := set .Values "configmap" $configmaps -}}
+{{- end -}}
+
+{{- if .Values.authentik.general.overwriteDefaultBlueprints -}}
+ {{- $_ := set .Values.persistence.blueprints.targetSelector.worker.worker "mountPath" "/blueprints" -}}
+{{- end -}}
+
+{{- if .Values.authentik.geoip.enabled -}}
+ {{- $_ := set .Values.workload.geoip "enabled" true -}}
+{{- else -}}
+ {{- $_ := set .Values.workload.geoip "enabled" false -}}
+ {{- $_ := set .Values.persistence.geoip "enabled" false -}}
+{{- end -}}
+
+{{- if or .Values.authentik.geoip.enabled .Values.authentik.geoip.wipeBuiltInDb -}}
+ {{- $_ := set .Values.persistence.geoip "enabled" true -}}
+{{- end -}}
+
+{{- if .Values.authentik.outposts.proxy.enabled -}}
+ {{- $_ := set .Values.workload.proxy "enabled" true -}}
+ {{- if not .Values.workload.proxy.podSpec.initContainers -}}
+ {{- $_ := set .Values.workload.proxy.podSpec "initContainers" dict -}}
+ {{- end -}}
+ {{- $_ := set .Values.workload.proxy.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}}
+ {{- $_ := set .Values.service.proxy "enabled" true -}}
+ {{- $_ := set .Values.service.proxymetrics "enabled" true -}}
+ {{- $_ := set .Values.metrics.proxymetrics "enabled" true -}}
+{{- else -}}
+ {{- $_ := set .Values.workload.proxy "enabled" false -}}
+ {{- $_ := set .Values.service.proxy "enabled" false -}}
+ {{- $_ := set .Values.service.proxymetrics "enabled" false -}}
+ {{- $_ := set .Values.metrics.proxymetrics "enabled" false -}}
+{{- end -}}
+
+{{- if .Values.authentik.outposts.radius.enabled -}}
+ {{- $_ := set .Values.workload.radius "enabled" true -}}
+ {{- if not .Values.workload.radius.podSpec.initContainers -}}
+ {{- $_ := set .Values.workload.radius.podSpec "initContainers" dict -}}
+ {{- end -}}
+ {{- $_ := set .Values.workload.radius.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}}
+ {{- $_ := set .Values.service.radius "enabled" true -}}
+ {{- $_ := set .Values.service.radiusmetrics "enabled" true -}}
+ {{- $_ := set .Values.metrics.radiusmetrics "enabled" true -}}
+{{- else -}}
+ {{- $_ := set .Values.workload.radius "enabled" false -}}
+ {{- $_ := set .Values.service.radius "enabled" false -}}
+ {{- $_ := set .Values.service.radiusmetrics "enabled" false -}}
+ {{- $_ := set .Values.metrics.radiusmetrics "enabled" false -}}
+{{- end -}}
+
+{{- if .Values.authentik.outposts.ldap.enabled -}}
+ {{- $_ := set .Values.workload.ldap "enabled" true -}}
+ {{- if not .Values.workload.ldap.podSpec.initContainers -}}
+ {{- $_ := set .Values.workload.ldap.podSpec "initContainers" dict -}}
+ {{- end -}}
+ {{- $_ := set .Values.workload.ldap.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}}
+ {{- $_ := set .Values.service.ldap "enabled" true -}}
+ {{- $_ := set .Values.service.ldaps "enabled" true -}}
+ {{- $_ := set .Values.service.ldapmetrics "enabled" true -}}
+ {{- $_ := set .Values.metrics.ldapmetrics "enabled" true -}}
+{{- else -}}
+ {{- $_ := set .Values.workload.ldap "enabled" false -}}
+ {{- $_ := set .Values.service.ldap "enabled" false -}}
+ {{- $_ := set .Values.service.ldaps "enabled" false -}}
+ {{- $_ := set .Values.service.ldapmetrics "enabled" false -}}
+ {{- $_ := set .Values.metrics.ldapmetrics "enabled" false -}}
+{{- end -}}
+
+{{/* FIXME: See values.yaml */}}
+{{- $_ := set .Values.service.servermetrics "enabled" false -}}
+{{- $_ := set .Values.service.proxymetrics "enabled" false -}}
+{{- $_ := set .Values.service.radiusmetrics "enabled" false -}}
+{{- $_ := set .Values.service.ldapmetrics "enabled" false -}}
+
+{{- $_ := set .Values.metrics.servermetrics "enabled" false -}}
+{{- $_ := set .Values.metrics.proxymetrics "enabled" false -}}
+{{- $_ := set .Values.metrics.radiusmetrics "enabled" false -}}
+{{- $_ := set .Values.metrics.ldapmetrics "enabled" false -}}
+
+{{/* Render the templates */}}
+{{ include "tc.v1.common.loader.apply" . }}
diff --git a/stable/authentik/16.0.0/values.yaml b/stable/authentik/16.0.0/values.yaml
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/stable/jellyfin/16.0.0/CHANGELOG.md b/stable/jellyfin/16.0.0/CHANGELOG.md
new file mode 100644
index 00000000000..28d0e548da3
--- /dev/null
+++ b/stable/jellyfin/16.0.0/CHANGELOG.md
@@ -0,0 +1,99 @@
+**Important:**
+*for the complete changelog, please refer to the website*
+
+
+
+
+## [jellyfin-16.0.0](https://github.com/truecharts/charts/compare/jellyfin-15.1.4...jellyfin-16.0.0) (2023-12-20)
+
+
+
+
+## [jellyfin-15.1.4](https://github.com/truecharts/charts/compare/jellyfin-15.1.3...jellyfin-15.1.4) (2023-12-20)
+
+### Chore
+
+- Bump everything to force min/max scale version update
+
+
+
+
+## [jellyfin-15.1.3](https://github.com/truecharts/charts/compare/jellyfin-15.1.0...jellyfin-15.1.3) (2023-12-16)
+
+### Chore
+
+- fix move mistake and cleanup metadata
+ - update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
+ - update container image docker.io/alpine/socat to 1.8.0.0[@af9a3db](https://github.com/af9a3db) ([#16139](https://github.com/truecharts/charts/issues/16139))
+
+
+
+
+## [jellyfin-15.1.3](https://github.com/truecharts/charts/compare/jellyfin-15.1.0...jellyfin-15.1.3) (2023-12-16)
+
+### Chore
+
+- fix move mistake and cleanup metadata
+ - update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
+ - update container image docker.io/alpine/socat to 1.8.0.0[@af9a3db](https://github.com/af9a3db) ([#16139](https://github.com/truecharts/charts/issues/16139))
+
+
+
+
+## [jellyfin-15.1.2](https://github.com/truecharts/charts/compare/jellyfin-15.1.0...jellyfin-15.1.2) (2023-12-16)
+
+### Chore
+
+- fix move mistake and cleanup metadata
+ - update container image docker.io/alpine/socat to 1.8.0.0[@af9a3db](https://github.com/af9a3db) ([#16139](https://github.com/truecharts/charts/issues/16139))
+
+
+
+
+## [jellyfin-15.1.1](https://github.com/truecharts/charts/compare/jellyfin-15.1.0...jellyfin-15.1.1) (2023-12-16)
+
+### Chore
+
+- update container image docker.io/alpine/socat to 1.8.0.0[@af9a3db](https://github.com/af9a3db) ([#16139](https://github.com/truecharts/charts/issues/16139))
+
+
+
+
+## [jellyfin-15.1.1](https://github.com/truecharts/charts/compare/jellyfin-15.1.0...jellyfin-15.1.1) (2023-12-16)
+
+### Chore
+
+- update container image docker.io/alpine/socat to 1.8.0.0[@af9a3db](https://github.com/af9a3db) ([#16139](https://github.com/truecharts/charts/issues/16139))
+
+
+
+
+## [jellyfin-15.1.0](https://github.com/truecharts/charts/compare/jellyfin-15.0.31...jellyfin-15.1.0) (2023-12-09)
+
+### Chore
+
+- update container image docker.io/alpine/socat to v1.8.0.0[@61c06c2](https://github.com/61c06c2) ([#15914](https://github.com/truecharts/charts/issues/15914))
+
+
+
+
+## [jellyfin-15.0.31](https://github.com/truecharts/charts/compare/jellyfin-15.0.30...jellyfin-15.0.31) (2023-12-03)
+
+### Chore
+
+- bump everything to ensure catalog has latest versions
+
+
+
+
+## [jellyfin-15.0.30](https://github.com/truecharts/charts/compare/jellyfin-15.0.29...jellyfin-15.0.30) (2023-12-02)
+
+### Chore
+
+- fix annotations again
+ - update annotations
+ - update container image docker.io/alpine/socat to 1.7.4.4[@13740b3](https://github.com/13740b3) ([#15598](https://github.com/truecharts/charts/issues/15598))
+
+
+
+
diff --git a/stable/jellyfin/16.0.0/Chart.yaml b/stable/jellyfin/16.0.0/Chart.yaml
new file mode 100644
index 00000000000..fbcc77e4d20
--- /dev/null
+++ b/stable/jellyfin/16.0.0/Chart.yaml
@@ -0,0 +1,38 @@
+kubeVersion: ">=1.24.0-0"
+apiVersion: v2
+name: jellyfin
+version: 16.0.0
+appVersion: 10.8.13
+description: Jellyfin is a Free Software Media System
+home: https://truecharts.org/charts/stable/jellyfin
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/jellyfin.png
+deprecated: false
+sources:
+ - https://github.com/jellyfin/jellyfin
+ - https://github.com/truecharts/charts/tree/master/charts/stable/jellyfin
+ - https://hub.docker.com/r/alpine/socat
+maintainers:
+ - name: TrueCharts
+ email: info@truecharts.org
+ url: https://truecharts.org
+keywords:
+ - jellyfin
+ - plex
+ - emby
+dependencies:
+ - name: common
+ version: 16.2.5
+ repository: https://library-charts.truecharts.org
+ condition: ""
+ alias: ""
+ tags: []
+ import-values: []
+annotations:
+ max_scale_version: 23.10.2
+ min_scale_version: 23.10.0
+ truecharts.org/SCALE-support: "true"
+ truecharts.org/category: media
+ truecharts.org/max_helm_version: "3.13"
+ truecharts.org/min_helm_version: "3.12"
+ truecharts.org/train: stable
+type: application
diff --git a/stable/jellyfin/16.0.0/README.md b/stable/jellyfin/16.0.0/README.md
new file mode 100644
index 00000000000..d5940186534
--- /dev/null
+++ b/stable/jellyfin/16.0.0/README.md
@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/jellyfin)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*
diff --git a/stable/jellyfin/16.0.0/app-changelog.md b/stable/jellyfin/16.0.0/app-changelog.md
new file mode 100644
index 00000000000..444d409e171
--- /dev/null
+++ b/stable/jellyfin/16.0.0/app-changelog.md
@@ -0,0 +1,4 @@
+
+
+## [jellyfin-16.0.0](https://github.com/truecharts/charts/compare/jellyfin-15.1.4...jellyfin-16.0.0) (2023-12-20)
+
diff --git a/stable/jellyfin/16.0.0/app-readme.md b/stable/jellyfin/16.0.0/app-readme.md
new file mode 100644
index 00000000000..73fdb17ba45
--- /dev/null
+++ b/stable/jellyfin/16.0.0/app-readme.md
@@ -0,0 +1,8 @@
+Jellyfin is a Free Software Media System
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/stable/jellyfin](https://truecharts.org/charts/stable/jellyfin)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
diff --git a/stable/jellyfin/16.0.0/charts/common-16.2.5.tgz b/stable/jellyfin/16.0.0/charts/common-16.2.5.tgz
new file mode 100644
index 00000000000..8a243143241
Binary files /dev/null and b/stable/jellyfin/16.0.0/charts/common-16.2.5.tgz differ
diff --git a/stable/jellyfin/16.0.0/ix_values.yaml b/stable/jellyfin/16.0.0/ix_values.yaml
new file mode 100644
index 00000000000..dc61257f1c3
--- /dev/null
+++ b/stable/jellyfin/16.0.0/ix_values.yaml
@@ -0,0 +1,98 @@
+image:
+ repository: docker.io/jellyfin/jellyfin
+ pullPolicy: IfNotPresent
+ tag: 10.8.13@sha256:05a9734d7e83086b957c5b7a16cbb5a60b5bb8d113ffb953e57547359dd05140
+broadcastProxyImage:
+ repository: docker.io/alpine/socat
+ pullPolicy: IfNotPresent
+ tag: 1.8.0.0@sha256:af9a3db190ffc0d49d24796be0cdd29cdef0463ada13d22eaf56342f2cb31bfb
+service:
+ main:
+ ports:
+ main:
+ port: 8096
+ targetPort: 8096
+ autodiscovery:
+ enabled: true
+ ports:
+ autodiscovery:
+ enabled: true
+ protocol: udp
+ port: 7359
+ targetPort: 7359
+persistence:
+ config:
+ enabled: true
+ mountPath: "/config"
+ cache:
+ enabled: true
+ mountPath: "/cache"
+ type: "emptyDir"
+ transcode:
+ enabled: true
+ mountPath: "/config/transcodes"
+ type: "emptyDir"
+portal:
+ open:
+ enabled: true
+securityContext:
+ container:
+ readOnlyRootFilesystem: false
+workload:
+ main:
+ podSpec:
+ containers:
+ main:
+ env:
+ JELLYFIN_PublishedServerUrl: "{{ $.Values.chartContext.appUrl }}"
+ broadcastproxy:
+ enabled: false
+ type: DaemonSet
+ podSpec:
+ hostNetwork: true
+ # Proxy doesn't seem to respect the TERM signal, so by default
+ # this ends up just hanging until the default grace period ends.
+ # This is unnecesary since this workload only proxies autodiscovery
+ # messages.
+ terminationGracePeriodSeconds: 3
+ containers:
+ broadcastproxy:
+ enabled: true
+ primary: true
+ imageSelector: broadcastProxyImage
+ securityContext:
+ readOnlyRootFilesystem: true
+ command: ["/bin/sh"]
+ # Quite a lot going on here:
+ # - Resolve Jellyfin's autodiscovery service IP from its FQDN via getent hosts
+ # - Export the IP to `$TARGET_IP`
+ # - Check `$TARGET_IP` is not empty (so we can crash if it is - will help to detect templating errors)
+ # - Touch `/tmp/healty` to use with the readiness, liveness and startup probes
+ # - Start socat in proxy mode
+ # - On exit remove `/tmp/healthy`
+ args:
+ - "-c"
+ - 'export TARGET_IP=$(getent hosts ''{{ printf "%v-autodiscovery" (include "tc.v1.common.lib.chart.names.fullname" $) }}'' | awk ''{ print $1 }'') && [[ ! -z $TARGET_IP ]] && touch /tmp/healthy && socat UDP-LISTEN:7359,fork,reuseaddr,rcvbuf=8096 UDP4-SENDTO:${TARGET_IP}:7359,rcvbuf=8096 ; rm -rf /tmp/healthy'
+ probes:
+ readiness:
+ enabled: true
+ type: exec
+ command:
+ - cat
+ - /tmp/healthy
+ liveness:
+ enabled: true
+ type: exec
+ command:
+ - cat
+ - /tmp/healthy
+ startup:
+ enabled: true
+ type: exec
+ command:
+ - cat
+ - /tmp/healthy
+# -- enable Jellyfin autodiscovery on LAN
+autodiscovery:
+ enabled: false
+updated: true
diff --git a/stable/jellyfin/16.0.0/questions.yaml b/stable/jellyfin/16.0.0/questions.yaml
new file mode 100644
index 00000000000..aefba67985b
--- /dev/null
+++ b/stable/jellyfin/16.0.0/questions.yaml
@@ -0,0 +1,2924 @@
+groups:
+ - name: Container Image
+ description: Image to be used for container
+ - name: General Settings
+ description: General Deployment Settings
+ - name: Workload Settings
+ description: Workload Settings
+ - name: App Configuration
+ description: App Specific Config Options
+ - name: Networking and Services
+ description: Configure Network and Services for Container
+ - name: Storage and Persistence
+ description: Persist and Share Data that is Separate from the Container
+ - name: Ingress
+ description: Ingress Configuration
+ - name: Security and Permissions
+ description: Configure Security Context and Permissions
+ - name: Resources and Devices
+ description: "Specify Resources/Devices to be Allocated to Workload"
+ - name: Middlewares
+ description: Traefik Middlewares
+ - name: Metrics
+ description: Metrics
+ - name: Addons
+ description: Addon Configuration
+ - name: Advanced
+ description: Advanced Configuration
+ - name: Postgresql
+ description: Postgresql
+ - name: Documentation
+ description: Documentation
+portals:
+ open:
+ protocols:
+ - "$kubernetes-resource_configmap_tcportal-open_protocol"
+ host:
+ - "$kubernetes-resource_configmap_tcportal-open_host"
+ ports:
+ - "$kubernetes-resource_configmap_tcportal-open_port"
+questions:
+ - variable: global
+ group: General Settings
+ label: "Global Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: stopAll
+ label: Stop All
+ description: "Stops All Running pods and hibernates cnpg"
+ schema:
+ type: boolean
+ default: false
+ - variable: workload
+ group: "Workload Settings"
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type (Advanced)
+ schema:
+ type: string
+ default: Deployment
+ enum:
+ - value: Deployment
+ description: Deployment
+ - value: DaemonSet
+ description: DaemonSet
+
+ - variable: replicas
+ label: Replicas (Advanced)
+ description: Set the number of Replicas
+ schema:
+ type: int
+ show_if: [["type", "!=", "DaemonSet"]]
+ default: 1
+ - variable: podSpec
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: containers
+ label: Containers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+
+ - variable: envList
+ label: Extra Environment Variables
+ description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ - variable: extraArgs
+ label: Extra Args
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: arg
+ label: Arg
+ schema:
+ type: string
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: command
+ label: Command
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: param
+ label: Param
+ schema:
+ type: string
+ - variable: autodiscovery
+ group: "App Configuration"
+ label: "Autodiscovery"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable Autodiscovery on LAN"
+ schema:
+ type: boolean
+ default: false
+ - variable: TZ
+ label: Timezone
+ group: "General Settings"
+ schema:
+ type: string
+ default: "Etc/UTC"
+ $ref:
+ - "definitions/timezone"
+ - variable: podOptions
+ group: "General Settings"
+ label: "Global Pod Options (Advanced)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: expertPodOpts
+ label: "Expert - Pod Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hostNetwork
+ label: "Host Networking"
+ schema:
+ type: boolean
+ default: false
+ - variable: dnsConfig
+ label: "DNS Configuration"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: options
+ label: "Options"
+ schema:
+ type: list
+ default: [{"name": "ndots", "value": "1"}]
+ items:
+ - variable: optionsEntry
+ label: "Option Entry"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: nameservers
+ label: "Nameservers"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: nsEntry
+ label: "Nameserver Entry"
+ schema:
+ type: string
+ required: true
+ - variable: searches
+ label: "Searches"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: searchEntry
+ label: "Search Entry"
+ schema:
+ type: string
+ required: true
+
+ - variable: imagePullSecretList
+ group: "General Settings"
+ label: "Image Pull Secrets"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pullsecretentry
+ label: "Pull Secret"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: registry
+ label: "Registry"
+ schema:
+ type: string
+ required: true
+ default: "https://index.docker.io/v1/"
+ - variable: username
+ label: "Username"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: password
+ label: "Password"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: email
+ label: "Email"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: service
+ group: Networking and Services
+ label: Configure Service(s)
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Service"
+ description: "The Primary service on which the healthcheck runs, often the webUI"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Service Port Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: "Port"
+ description: "This port exposes the container port on the service"
+ schema:
+ type: int
+ default: 8096
+ required: true
+ - variable: serviceexpert
+ group: Networking and Services
+ label: Show Expert Config
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: scaleExternalInterface
+ description: Add External Interfaces
+ label: Add external Interfaces
+ group: Networking
+ schema:
+ type: list
+ items:
+ - variable: interfaceConfiguration
+ description: Interface Configuration
+ label: Interface Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "normalize/interfaceConfiguration"
+ attrs:
+ - variable: hostInterface
+ description: Please Specify Host Interface
+ label: Host Interface
+ schema:
+ type: string
+ required: true
+ $ref:
+ - "definitions/interface"
+ - variable: ipam
+ description: Define how IP Address will be managed
+ label: IP Address Management
+ schema:
+ additional_attrs: true
+ type: dict
+ required: true
+ attrs:
+ - variable: type
+ description: Specify type for IPAM
+ label: IPAM Type
+ schema:
+ type: string
+ required: true
+ enum:
+ - value: dhcp
+ description: Use DHCP
+ - value: static
+ description: Use Static IP
+ - variable: staticIPConfigurations
+ label: Static IP Addresses
+ schema:
+ type: list
+ show_if: [["type", "=", "static"]]
+ items:
+ - variable: staticIP
+ label: Static IP
+ schema:
+ type: ipaddr
+ cidr: true
+ - variable: staticRoutes
+ label: Static Routes
+ schema:
+ type: list
+ show_if: [["type", "=", "static"]]
+ items:
+ - variable: staticRouteConfiguration
+ label: Static Route Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: destination
+ label: Destination
+ schema:
+ type: ipaddr
+ cidr: true
+ required: true
+ - variable: gateway
+ label: Gateway
+ schema:
+ type: ipaddr
+ cidr: false
+ required: true
+ - variable: serviceList
+ label: Add Manual Custom Services
+ group: Networking and Services
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: serviceListEntry
+ label: Custom Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: advancedsvcset
+ label: Show Advanced Service Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: External IP
+ schema:
+ type: string
+ - variable: ipFamilyPolicy
+ label: IP Family Policy
+ description: Specify the IP Policy
+ schema:
+ type: string
+ default: SingleStack
+ enum:
+ - value: SingleStack
+ description: SingleStack
+ - value: PreferDualStack
+ description: PreferDualStack
+ - value: RequireDualStack
+ description: RequireDualStack
+ - variable: ipFamilies
+ label: IP Families
+ description: (Advanced) The IP Families that should be used
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ipFamily
+ label: IP Family
+ schema:
+ type: string
+ - variable: portsList
+ label: Additional Service Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsListEntry
+ label: Custom ports
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Port
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Port Name
+ schema:
+ type: string
+ default: ""
+ - variable: protocol
+ label: Port Type
+ schema:
+ type: string
+ default: tcp
+ enum:
+ - value: http
+ description: HTTP
+ - value: https
+ description: HTTPS
+ - value: tcp
+ description: TCP
+ - value: udp
+ description: UDP
+ - variable: targetPort
+ label: Target Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ required: true
+ - variable: port
+ label: Container Port
+ schema:
+ type: int
+ required: true
+ - variable: persistence
+ label: Integrated Persistent Storage
+ description: Integrated Persistent Storage
+ group: Storage and Persistence
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: config
+ label: "App Config Storage"
+ description: "Stores the Application Configuration."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - value: iscsi
+ description: iSCSI Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: disabled
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: transcode
+ label: "App Transcode Storage"
+ description: "Storage for transcode, best to be set to emptyDir and if enough RAM, to Memory type."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - value: iscsi
+ description: iSCSI Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: disabled
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: persistenceList
+ label: Additional App Storage
+ group: Storage and Persistence
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: persistenceListEntry
+ label: Custom Storage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the storage
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: hostPath
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: mountPath
+ label: Mount Path
+ description: Path inside the container the storage is mounted
+ schema:
+ type: string
+ default: ""
+ required: true
+ valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size Quotum of Storage
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: "disabled"
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: ingress
+ label: ""
+ group: Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: [{path: "/", pathType: "Prefix"}]
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: certificateIssuer
+ label: Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: integration
+ label: Integrations
+ description: Connect ingress with other charts
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: homepage
+ label: Homepage
+ description: Connect ingress with Homepage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ - variable: name
+ label: Name
+ description: defaults to chartname
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: description
+ label: Description
+ description: defaults to chart description
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: group
+ label: Group
+ schema:
+ type: string
+ required: true
+ default: "default"
+ show_if: [["enabled", "=", true]]
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ show_if: [["advanced", "=", true]]
+ required: true
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ show_if: [["advanced", "=", true]]
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ show_if: [["advanced", "=", true]]
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: 'Use Custom Certificate Secret (Advanced)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: 'Use TrueNAS SCALE Certificate (Deprecated)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: ingressList
+ label: Add Manual Custom Ingresses
+ group: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressListEntry
+ label: Custom Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: ingressClassName
+ label: IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: service
+ label: Linked Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Service Name
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: Service Port
+ schema:
+ type: int
+ - variable: certificateIssuer
+ label: certificateIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ show_if: [["certificateIssuer", "=", ""]]
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: Use TrueNAS SCALE Certificate (Deprecated)
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: Use Custom Secret (Advanced)
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: integration
+ label: Integrations
+ description: Connect ingress with other charts
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: homepage
+ label: Homepage
+ description: Connect ingress with Homepage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ - variable: name
+ label: Name
+ description: defaults to chartname
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: description
+ label: Description
+ description: defaults to chart description
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: group
+ label: Group
+ schema:
+ type: string
+ required: true
+ default: "default"
+ show_if: [["enabled", "=", true]]
+ - variable: entrypoint
+ label: Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: securityContext
+ group: Security and Permissions
+ label: Security Context
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: container
+ label: Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Settings from questions.yaml get appended here on a per-app basis
+
+ - variable: runAsUser
+ label: "runAsUser"
+ description: "The UserID of the user running the application"
+ schema:
+ type: int
+ default: 568
+ - variable: runAsGroup
+ label: "runAsGroup"
+ description: "The groupID this App of the user running the application"
+ schema:
+ type: int
+ default: 568
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: PUID
+ label: Process User ID - PUID
+ description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
+ schema:
+ type: int
+ show_if: [["runAsUser", "=", 0]]
+ default: 568
+ - variable: UMASK
+ label: UMASK
+ description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
+ schema:
+ type: string
+ default: "0022"
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: privileged
+ label: "Privileged mode"
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnlyRootFilesystem
+ label: "ReadOnly Root Filesystem"
+ schema:
+ type: boolean
+ default: true
+ - variable: pod
+ label: Pod
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: fsGroupChangePolicy
+ label: "When should we take ownership?"
+ schema:
+ type: string
+ default: OnRootMismatch
+ enum:
+ - value: OnRootMismatch
+ description: OnRootMismatch
+ - value: Always
+ description: Always
+ - variable: supplementalGroups
+ label: Supplemental Groups
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: supplementalGroupsEntry
+ label: Supplemental Group
+ schema:
+ type: int
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: fsGroup
+ label: "fsGroup"
+ description: "The group that should own ALL storage."
+ schema:
+ type: int
+ default: 568
+
+ - variable: resources
+ group: Resources and Devices
+ label: "Resource Limits"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: limits
+ label: Advanced Limit Resource Consumption
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 4000m
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: RAM
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 8Gi
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: requests
+ label: "Minimum Resources Required (request)"
+ schema:
+ additional_attrs: true
+ type: dict
+ hidden: true
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 10m
+ hidden: true
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: "RAM"
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 50Mi
+ hidden: true
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: deviceList
+ label: Mount USB Devices
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: deviceListEntry
+ label: Device
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Storage
+ schema:
+ type: boolean
+ default: true
+ - variable: type
+ label: (Advanced) Type of Storage
+ description: Sets the persistence type
+ schema:
+ type: string
+ default: device
+ hidden: true
+ - variable: readOnly
+ label: readOnly
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Device Path
+ description: Path to the device on the host system
+ schema:
+ type: path
+ - variable: mountPath
+ label: Container Device Path
+ description: Path inside the container the device is mounted
+ schema:
+ type: string
+ default: "/dev/ttyACM0"
+ - variable: scaleGPU
+ label: GPU Configuration
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: scaleGPUEntry
+ label: GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Specify GPU configuration
+ - variable: gpu
+ label: Select GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "definitions/gpuConfiguration"
+ attrs: []
+ - variable: workaround
+ label: "Workaround"
+ schema:
+ type: string
+ default: workaround
+ hidden: true
+# - variable: horizontalPodAutoscaler
+# group: Advanced
+# label: (Advanced) Horizontal Pod Autoscaler
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: hpaEntry
+# label: HPA Entry
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: name
+# label: Name
+# schema:
+# type: string
+# required: true
+# default: ""
+# - variable: enabled
+# label: Enabled
+# schema:
+# type: boolean
+# default: false
+# show_subquestions_if: true
+# subquestions:
+# - variable: target
+# label: Target
+# description: Deployment name, Defaults to Main Deployment
+# schema:
+# type: string
+# default: ""
+# - variable: minReplicas
+# label: Minimum Replicas
+# schema:
+# type: int
+# default: 1
+# - variable: maxReplicas
+# label: Maximum Replicas
+# schema:
+# type: int
+# default: 5
+# - variable: targetCPUUtilizationPercentage
+# label: Target CPU Utilization Percentage
+# schema:
+# type: int
+# default: 80
+# - variable: targetMemoryUtilizationPercentage
+# label: Target Memory Utilization Percentage
+# schema:
+# type: int
+# default: 80
+ - variable: networkPolicy
+ group: Advanced
+ label: (Advanced) Network Policy
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: netPolicyEntry
+ label: Network Policy Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: policyType
+ label: Policy Type
+ schema:
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: ingress
+ description: Ingress
+ - value: egress
+ description: Egress
+ - value: ingress-egress
+ description: Ingress and Egress
+ - variable: egress
+ label: Egress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: egressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: to
+ label: To
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: toEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: ingress
+ label: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: from
+ label: From
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: fromEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: addons
+ group: Addons
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: Codeserver
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: service
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: NodePort
+ description: Deprecated CHANGE THIS
+ - value: ClusterIP
+ description: ClusterIP
+ - value: LoadBalancer
+ description: LoadBalancer
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ default: 36107
+ - variable: ingress
+ label: "Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: [{path: "/", pathType: "Prefix"}]
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: certificateIssuer
+ label: Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ show_if: [["advanced", "=", true]]
+ required: true
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ show_if: [["advanced", "=", true]]
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ show_if: [["advanced", "=", true]]
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: 'Use Custom Certificate Secret (Advanced)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: 'Use TrueNAS SCALE Certificate (Deprecated)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: envList
+ label: Codeserver Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: netshoot
+ label: Netshoot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: envList
+ label: Netshoot Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: vpn
+ label: VPN
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ schema:
+ type: string
+ default: disabled
+ enum:
+ - value: disabled
+ description: disabled
+ - value: gluetun
+ description: Gluetun
+ - value: tailscale
+ description: Tailscale
+ - value: openvpn
+ description: OpenVPN (Deprecated)
+ - value: wireguard
+ description: Wireguard (Deprecated)
+ - variable: openvpn
+ label: OpenVPN Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "openvpn"]]
+ attrs:
+ - variable: username
+ label: Authentication Username (Optional)
+ description: Authentication Username, Optional
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: Authentication Password
+ description: Authentication Credentials
+ schema:
+ type: string
+ show_if: [["username", "!=", ""]]
+ default: ""
+ required: true
+ - variable: tailscale
+ label: Tailscale Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "tailscale"]]
+ attrs:
+ - variable: authkey
+ label: Authentication Key
+ description: Provide an auth key to automatically authenticate the node as your user account.
+ schema:
+ type: string
+ private: true
+ default: ""
+ - variable: auth_once
+ label: Auth Once
+ description: Only attempt to log in if not already logged in.
+ schema:
+ type: boolean
+ default: true
+ - variable: accept_dns
+ label: Accept DNS
+ description: Accept DNS configuration from the admin console.
+ schema:
+ type: boolean
+ default: false
+ - variable: userspace
+ label: Userspace
+ description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
+ schema:
+ type: boolean
+ default: false
+ - variable: routes
+ label: Routes
+ description: Expose physical subnet routes to your entire Tailscale network.
+ schema:
+ type: string
+ default: ""
+ - variable: dest_ip
+ label: Destination IP
+ description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
+ schema:
+ type: string
+ default: ""
+ - variable: sock5_server
+ label: Sock5 Server
+ description: The address on which to listen for SOCKS5 proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: outbound_http_proxy_listen
+ label: Outbound HTTP Proxy Listen
+ description: The address on which to listen for HTTP proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: extra_args
+ label: Extra Args
+ description: Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: daemon_extra_args
+ label: Tailscale Daemon Extra Args
+ description: Tailscale Daemon Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: killSwitch
+ label: Enable Killswitch
+ schema:
+ type: boolean
+ show_if: [["type", "!=", "disabled"]]
+ default: true
+ - variable: excludedNetworks_IPv4
+ label: Killswitch Excluded IPv4 networks
+ description: List of Killswitch Excluded IPv4 Addresses
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv4
+ label: IPv4 Network
+ schema:
+ type: string
+ required: true
+ - variable: excludedNetworks_IPv6
+ label: Killswitch Excluded IPv6 networks
+ description: "List of Killswitch Excluded IPv6 Addresses"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv6
+ label: IPv6 Network
+ schema:
+ type: string
+ required: true
+ - variable: configFile
+ label: VPN Config File Location
+ schema:
+ type: string
+ show_if: [["type", "!=", "disabled"]]
+ default: ""
+
+ - variable: envList
+ label: VPN Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ max_length: 10240
+ - variable: docs
+ group: Documentation
+ label: Please read the documentation at https://truecharts.org
+ description: Please read the documentation at
+
https://truecharts.org
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDocs
+ label: I have checked the documentation
+ schema:
+ type: boolean
+ default: true
+ - variable: donateNag
+ group: Documentation
+ label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
+ description: Please consider supporting TrueCharts, see
+
https://truecharts.org/sponsor
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDonate
+ label: I have considered donating
+ schema:
+ type: boolean
+ default: true
+ hidden: true
diff --git a/stable/jellyfin/16.0.0/templates/NOTES.txt b/stable/jellyfin/16.0.0/templates/NOTES.txt
new file mode 100644
index 00000000000..efcb74cb772
--- /dev/null
+++ b/stable/jellyfin/16.0.0/templates/NOTES.txt
@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}
diff --git a/stable/jellyfin/16.0.0/templates/common.yaml b/stable/jellyfin/16.0.0/templates/common.yaml
new file mode 100644
index 00000000000..754fc728167
--- /dev/null
+++ b/stable/jellyfin/16.0.0/templates/common.yaml
@@ -0,0 +1,8 @@
+{{- include "tc.v1.common.loader.init" . }}
+
+{{- if .Values.autodiscovery.enabled -}}
+{{/* Add proxy workload */}}
+{{- $_ := set .Values.workload.broadcastproxy "enabled" true -}}
+{{- end -}}
+
+{{- include "tc.v1.common.loader.apply" . -}}
diff --git a/stable/jellyfin/16.0.0/values.yaml b/stable/jellyfin/16.0.0/values.yaml
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/stable/nextcloud/24.0.0/CHANGELOG.md b/stable/nextcloud/24.0.0/CHANGELOG.md
new file mode 100644
index 00000000000..99ed28854b7
--- /dev/null
+++ b/stable/nextcloud/24.0.0/CHANGELOG.md
@@ -0,0 +1,99 @@
+**Important:**
+*for the complete changelog, please refer to the website*
+
+
+
+
+## [nextcloud-24.0.0](https://github.com/truecharts/charts/compare/nextcloud-23.0.2...nextcloud-24.0.0) (2023-12-20)
+
+
+
+
+## [nextcloud-23.0.2](https://github.com/truecharts/charts/compare/nextcloud-23.0.1...nextcloud-23.0.2) (2023-12-20)
+
+### Chore
+
+- Bump everything to force min/max scale version update
+
+
+
+
+## [nextcloud-23.0.1](https://github.com/truecharts/charts/compare/nextcloud-23.0.0...nextcloud-23.0.1) (2023-12-18)
+
+### Fix
+
+- add nginx changes for nc 28 ([#16306](https://github.com/truecharts/charts/issues/16306))
+
+
+
+
+## [nextcloud-23.0.0](https://github.com/truecharts/charts/compare/nextcloud-22.2.21...nextcloud-23.0.0) (2023-12-17)
+
+### Chore
+
+- update container image tccr.io/truecharts/nextcloud-fpm to v28.0.0[@a765a49](https://github.com/a765a49) by renovate ([#16069](https://github.com/truecharts/charts/issues/16069))
+
+
+
+
+## [nextcloud-22.2.21](https://github.com/truecharts/charts/compare/nextcloud-22.2.20...nextcloud-22.2.21) (2023-12-17)
+
+### Chore
+
+- update container image collabora/code to v23.05.6.3.1[@6d21951](https://github.com/6d21951) by renovate ([#16097](https://github.com/truecharts/charts/issues/16097))
+
+
+
+
+## [nextcloud-22.2.20](https://github.com/truecharts/charts/compare/nextcloud-22.2.19...nextcloud-22.2.20) (2023-12-17)
+
+### Chore
+
+- update container image tccr.io/truecharts/nextcloud-fpm to v[@e97e94d](https://github.com/e97e94d) ([#16037](https://github.com/truecharts/charts/issues/16037))
+
+
+
+
+## [nextcloud-22.2.19](https://github.com/truecharts/charts/compare/nextcloud-22.2.18...nextcloud-22.2.19) (2023-12-16)
+
+### Chore
+
+- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
+
+
+
+
+## [nextcloud-22.2.19](https://github.com/truecharts/charts/compare/nextcloud-22.2.18...nextcloud-22.2.19) (2023-12-16)
+
+### Chore
+
+- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
+
+
+
+
+## [nextcloud-22.2.18](https://github.com/truecharts/charts/compare/nextcloud-22.2.17...nextcloud-22.2.18) (2023-12-11)
+
+### Chore
+
+- update container image clamav/clamav to 1.2.1[@d584c29](https://github.com/d584c29) ([#15962](https://github.com/truecharts/charts/issues/15962))
+
+
+
+
+## [nextcloud-22.2.17](https://github.com/truecharts/charts/compare/nextcloud-22.2.16...nextcloud-22.2.17) (2023-12-08)
+
+### Chore
+
+- update container image tccr.io/truecharts/nextcloud-fpm to v27.1.4[@37c7521](https://github.com/37c7521) ([#15885](https://github.com/truecharts/charts/issues/15885))
+ - update container image nginxinc/nginx-unprivileged to 1.25.3[@1d026ae](https://github.com/1d026ae) ([#15884](https://github.com/truecharts/charts/issues/15884))
+
+
+
+
+## [nextcloud-22.2.16](https://github.com/truecharts/charts/compare/nextcloud-22.2.15...nextcloud-22.2.16) (2023-12-06)
+
+### Chore
+
+- update container image nginxinc/nginx-unprivileged to 1.25.3[@a7ef461](https://github.com/a7ef461) ([#15718](https://github.com/truecharts/charts/issues/15718))
+
diff --git a/stable/nextcloud/24.0.0/Chart.yaml b/stable/nextcloud/24.0.0/Chart.yaml
new file mode 100644
index 00000000000..2fd9c08ebc2
--- /dev/null
+++ b/stable/nextcloud/24.0.0/Chart.yaml
@@ -0,0 +1,50 @@
+kubeVersion: ">=1.24.0-0"
+apiVersion: v2
+name: nextcloud
+version: 24.0.0
+appVersion: 27.1.4
+description:
+ A private cloud server that puts the control and security of your own
+ data back into your hands.
+home: https://truecharts.org/charts/stable/nextcloud
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png
+deprecated: false
+sources:
+ - https://github.com/nextcloud/helm
+ - https://github.com/truecharts/charts/tree/master/charts/stable/nextcloud
+ - https://github.com/truecharts/containers/tree/master/mirrornextcloud-fpm
+ - https://github.com/nextcloud/docker
+maintainers:
+ - name: TrueCharts
+ email: info@truecharts.org
+ url: https://truecharts.org
+keywords:
+ - nextcloud
+ - storage
+ - http
+ - web
+ - php
+dependencies:
+ - name: common
+ version: 16.2.5
+ repository: https://library-charts.truecharts.org
+ condition: ""
+ alias: ""
+ tags: []
+ import-values: []
+ - name: redis
+ version: 6.0.66
+ repository: https://deps.truecharts.org
+ condition: redis.enabled
+ alias: ""
+ tags: []
+ import-values: []
+annotations:
+ max_scale_version: 23.10.2
+ min_scale_version: 23.10.0
+ truecharts.org/SCALE-support: "true"
+ truecharts.org/category: cloud
+ truecharts.org/max_helm_version: "3.13"
+ truecharts.org/min_helm_version: "3.12"
+ truecharts.org/train: stable
+type: application
diff --git a/stable/nextcloud/24.0.0/LICENSE b/stable/nextcloud/24.0.0/LICENSE
new file mode 100644
index 00000000000..33a8cbb23f0
--- /dev/null
+++ b/stable/nextcloud/24.0.0/LICENSE
@@ -0,0 +1,106 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor: The TrueCharts Project, it's owner and it's contributors
+Licensed Work: The TrueCharts "Blocky" Helm Chart
+Additional Use Grant: You may use the licensed work in production, as long
+ as it is directly sourced from a TrueCharts provided
+ official repository, catalog or source. You may also make private
+ modification to the directly sourced licenced work,
+ when used in production.
+
+ The following cases are, due to their nature, also
+ defined as 'production use' and explicitly prohibited:
+ - Bundling, including or displaying the licensed work
+ with(in) another work intended for production use,
+ with the apparent intend of facilitating and/or
+ promoting production use by third parties in
+ violation of this license.
+
+Change Date: 2050-01-01
+
+Change License: 3-clause BSD license
+
+For information about alternative licensing arrangements for the Software,
+please contact: legal@truecharts.org
+
+Notice
+
+The Business Source License (this document, or the “License”) is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license
+your works, and to refer to it using the trademark “Business Source License”,
+as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the “Business
+Source License” name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+ or a license that is compatible with GPL Version 2.0 or a later version,
+ where “compatible” means that software provided under the Change License can
+ be included in a program with software provided under GPL Version 2.0 or a
+ later version. Licensor may specify additional Change Licenses without
+ limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+ impose any additional restriction on the right granted in this License, as
+ the Additional Use Grant; or (b) insert the text “None”.
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.
diff --git a/stable/nextcloud/24.0.0/README.md b/stable/nextcloud/24.0.0/README.md
new file mode 100644
index 00000000000..d551b5d959d
--- /dev/null
+++ b/stable/nextcloud/24.0.0/README.md
@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/nextcloud)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*
diff --git a/stable/nextcloud/24.0.0/app-changelog.md b/stable/nextcloud/24.0.0/app-changelog.md
new file mode 100644
index 00000000000..2e6e26a39fb
--- /dev/null
+++ b/stable/nextcloud/24.0.0/app-changelog.md
@@ -0,0 +1,4 @@
+
+
+## [nextcloud-24.0.0](https://github.com/truecharts/charts/compare/nextcloud-23.0.2...nextcloud-24.0.0) (2023-12-20)
+
diff --git a/stable/nextcloud/24.0.0/app-readme.md b/stable/nextcloud/24.0.0/app-readme.md
new file mode 100644
index 00000000000..1369f69bf57
--- /dev/null
+++ b/stable/nextcloud/24.0.0/app-readme.md
@@ -0,0 +1,8 @@
+A private cloud server that puts the control and security of your own data back into your hands.
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/stable/nextcloud](https://truecharts.org/charts/stable/nextcloud)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
diff --git a/stable/nextcloud/24.0.0/charts/common-16.2.5.tgz b/stable/nextcloud/24.0.0/charts/common-16.2.5.tgz
new file mode 100644
index 00000000000..8a243143241
Binary files /dev/null and b/stable/nextcloud/24.0.0/charts/common-16.2.5.tgz differ
diff --git a/stable/nextcloud/24.0.0/charts/redis-6.0.66.tgz b/stable/nextcloud/24.0.0/charts/redis-6.0.66.tgz
new file mode 100644
index 00000000000..77495e13510
Binary files /dev/null and b/stable/nextcloud/24.0.0/charts/redis-6.0.66.tgz differ
diff --git a/stable/nextcloud/24.0.0/ix_values.yaml b/stable/nextcloud/24.0.0/ix_values.yaml
new file mode 100644
index 00000000000..a4cf48ce193
--- /dev/null
+++ b/stable/nextcloud/24.0.0/ix_values.yaml
@@ -0,0 +1,512 @@
+image:
+ repository: tccr.io/truecharts/nextcloud-fpm
+ pullPolicy: IfNotPresent
+ tag: v28.0.0@sha256:a765a49bafef4e3e6c1f874c5ee1c4d2ce39b2bd6793b9a2e044ed75645bbc1a
+nginxImage:
+ repository: nginxinc/nginx-unprivileged
+ pullPolicy: IfNotPresent
+ tag: 1.25.3@sha256:1d026ae92e50e76c77ca776f234f154d4a1d39e33e8f813115e53c2a9b893bc9
+imaginaryImage:
+ repository: tccr.io/truecharts/nextcloud-imaginary
+ pullPolicy: IfNotPresent
+ tag: v20230401@sha256:6a227d1b0200d29f25028e07b8852f60e3d91a5814048933e70eccee749dc04c
+hpbImage:
+ repository: tccr.io/truecharts/nextcloud-push-notify
+ pullPolicy: IfNotPresent
+ tag: v0.6.3@sha256:b9c35ab123354eeac3996e361f8c30b8e4de6d2ccd69e5179a7c2a101a67b46f
+clamavImage:
+ repository: clamav/clamav
+ pullPolicy: IfNotPresent
+ tag: 1.2.1@sha256:d584c29eefc29e138eb14f243abef2f6712cffecac52194626a2b2f6bb3ec2c7
+collaboraImage:
+ repository: collabora/code
+ pullPolicy: IfNotPresent
+ tag: 23.05.6.3.1@sha256:6d21951e6376be4a12009b5058c57f3da7df06faf05c62406030b3652a3e78f6
+nextcloud:
+ # Initial Credentials
+ credentials:
+ initialAdminUser: admin
+ initialAdminPassword: adminpass
+ # General settings
+ general:
+ # Custom Nextcloud Scripts
+ run_optimize: true
+ default_phone_region: GR
+ # IP used for exposing nextcloud,
+ # often the loadbalancer IP
+ accessIP: ""
+ # Allows Nextcloud to connect to unsecure (http) endpoints
+ force_enable_allow_local_remote_servers: false
+ # File settings
+ files:
+ shared_folder_name: Shared
+ max_chunk_size: 10485760
+ # Expiration settings
+ expirations:
+ activity_expire_days: 90
+ trash_retention_obligation: auto
+ versions_retention_obligation: auto
+ # Previews settings
+ previews:
+ enabled: true
+ # It will also deploy the container
+ imaginary: true
+ cron: true
+ schedule: "*/30 * * * *"
+ max_x: 2048
+ max_y: 2048
+ max_memory: 1024
+ max_file_size_image: 50
+ # Setting for Imaginary
+ max_allowed_resolution: 18.0
+ jpeg_quality: 60
+ square_sizes: 32 256
+ width_sizes: 256 384
+ height_sizes: 256
+ # Casings are important
+ # https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269
+ # Only the last part of the provider is needed
+ providers:
+ - PNG
+ - JPEG
+ # Logging settings
+ logging:
+ log_level: 2
+ log_file: /var/www/html/data/logs/nextcloud.log
+ log_audit_file: /var/www/html/data/logs/audit.log
+ log_date_format: d/m/Y H:i:s
+ # ClamAV settings
+ clamav:
+ # It will also deploy the container
+ # Note that this runs as root
+ enabled: false
+ stream_max_length: 26214400
+ file_max_size: -1
+ infected_action: only_log
+ # Notify Push settings
+ notify_push:
+ # It will also deploy the container
+ enabled: true
+ # Collabora settings
+ collabora:
+ # It will also deploy the container
+ enabled: false
+ # default|compact|tabbed
+ interface_mode: default
+ username: admin
+ password: changeme
+ dictionaries:
+ - de_DE
+ - en_GB
+ - en_US
+ - el_GR
+ - es_ES
+ - fr_FR
+ - pt_BR
+ - pt_PT
+ - it
+ - nl
+ - ru
+ onlyoffice:
+ # It will not deploy the container
+ # Only add the OnlyOffice settings
+ enabled: false
+ url: ""
+ internal_url: ""
+ verify_ssl: true
+ jwt: ""
+ jwt_header: Authorization
+ # PHP settings
+ php:
+ memory_limit: 1G
+ upload_limit: 10G
+ pm_max_children: 180
+ pm_start_servers: 18
+ pm_min_spare_servers: 12
+ pm_max_spare_servers: 30
+ opcache:
+ interned_strings_buffer: 32
+ max_accelerated_files: 10000
+ memory_consumption: 128
+ revalidate_freq: 60
+ jit_buffer_size: 128
+# Do NOT edit below this line
+workload:
+ # Nextcloud php-fpm
+ main:
+ type: Deployment
+ podSpec:
+ containers:
+ main:
+ enabled: true
+ primary: true
+ envFrom:
+ - configMapRef:
+ name: nextcloud-config
+ probes:
+ liveness:
+ enabled: true
+ type: exec
+ command: /healthcheck.sh
+ readiness:
+ enabled: true
+ type: exec
+ command: /healthcheck.sh
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}"
+ nginx:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ nginx:
+ enabled: true
+ primary: true
+ imageSelector: nginxImage
+ probes:
+ readiness:
+ enabled: true
+ path: /robots.txt
+ port: "{{ .Values.service.main.ports.main.port }}"
+ httpHeaders:
+ Host: kube.internal.healthcheck
+ liveness:
+ enabled: true
+ path: /robots.txt
+ port: "{{ .Values.service.main.ports.main.port }}"
+ httpHeaders:
+ Host: kube.internal.healthcheck
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.main.ports.main.port }}"
+ notify:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ notify:
+ primary: true
+ enabled: true
+ imageSelector: hpbImage
+ envFrom:
+ - configMapRef:
+ name: hpb-config
+ probes:
+ readiness:
+ enabled: true
+ path: /push/test/cookie
+ port: 7867
+ httpHeaders:
+ Host: kube.internal.healthcheck
+ liveness:
+ enabled: true
+ path: /push/test/cookie
+ port: 7867
+ httpHeaders:
+ Host: kube.internal.healthcheck
+ startup:
+ enabled: true
+ type: tcp
+ port: 7867
+ imaginary:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ imaginary:
+ primary: true
+ enabled: true
+ imageSelector: imaginaryImage
+ command: imaginary
+ args:
+ - -p
+ - "{{ .Values.service.imaginary.ports.imaginary.port }}"
+ - -concurrency
+ - "10"
+ - -max-allowed-resolution
+ - "{{ .Values.nextcloud.previews.max_allowed_resolution }}"
+ - -enable-url-source
+ - -return-size
+ probes:
+ readiness:
+ enabled: true
+ path: /health
+ port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
+ liveness:
+ enabled: true
+ path: /health
+ port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
+ clamav:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ clamav:
+ primary: true
+ enabled: true
+ imageSelector: clamavImage
+ # FIXME: https://github.com/Cisco-Talos/clamav/issues/478
+ securityContext:
+ runAsUser: 0
+ runAsGroup: 0
+ runAsNonRoot: false
+ readOnlyRootFilesystem: false
+ envFrom:
+ - configMapRef:
+ name: clamav-config
+ probes:
+ readiness:
+ enabled: true
+ type: exec
+ command: clamdcheck.sh
+ liveness:
+ enabled: true
+ type: exec
+ command: clamdcheck.sh
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.clamav.ports.clamav.targetPort }}"
+ collabora:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ collabora:
+ primary: true
+ enabled: true
+ imageSelector: collaboraImage
+ securityContext:
+ runAsUser: 100
+ runAsGroup: 102
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: true
+ capabilities:
+ add:
+ - CHOWN
+ - FOWNER
+ - SYS_CHROOT
+ - MKNOD
+ envFrom:
+ - configMapRef:
+ name: collabora-config
+ probes:
+ readiness:
+ enabled: true
+ type: http
+ path: /collabora/
+ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
+ liveness:
+ enabled: true
+ type: http
+ path: /collabora/
+ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
+cronjobs:
+ # Don't change names, it's used in the persistence
+ - name: nextcloud-cron
+ enabled: true
+ schedule: "*/5 * * * *"
+ cmd:
+ - echo "Running [php -f /var/www/html/cron.php] ..."
+ - php -f /var/www/html/cron.php
+ - echo "Finished [php -f /var/www/html/cron.php]"
+ - name: preview-cron
+ enabled: "{{ .Values.nextcloud.previews.cron }}"
+ schedule: "{{ .Values.nextcloud.previews.schedule }}"
+ cmd:
+ - echo "Running [occ preview:pre-generate] ..."
+ - occ preview:pre-generate
+ - echo "Finished [occ preview:pre-generate]"
+service:
+ # Main service links to ingress easier
+ # That's why the nginx is swapped with nextcloud
+ main:
+ targetSelector: nginx
+ ports:
+ main:
+ targetSelector: nginx
+ port: 8080
+ nextcloud:
+ enabled: true
+ targetSelector: main
+ ports:
+ nextcloud:
+ enabled: true
+ targetSelector: main
+ port: 9000
+ targetPort: 9000
+ notify:
+ enabled: true
+ targetSelector: notify
+ ports:
+ notify:
+ enabled: true
+ primary: true
+ port: 7867
+ targetPort: 7867
+ targetSelector: notify
+ metrics:
+ enabled: true
+ port: 7868
+ targetSelector: notify
+ imaginary:
+ enabled: true
+ targetSelector: imaginary
+ ports:
+ imaginary:
+ enabled: true
+ port: 9090
+ targetSelector: imaginary
+ clamav:
+ enabled: true
+ targetSelector: clamav
+ ports:
+ clamav:
+ enabled: true
+ port: 3310
+ targetPort: 3310
+ targetSelector: clamav
+ collabora:
+ enabled: true
+ targetSelector: collabora
+ ports:
+ collabora:
+ enabled: true
+ port: 9980
+ targetPort: 9980
+ targetSelector: collabora
+persistence:
+ php-tune:
+ enabled: true
+ type: configmap
+ objectName: php-tune
+ targetSelector:
+ main:
+ main:
+ mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf
+ subPath: zz-tune.conf
+ readOnly: true
+ redis-session:
+ enabled: true
+ type: configmap
+ objectName: redis-session
+ targetSelector:
+ main:
+ main:
+ mountPath: /usr/local/etc/php/conf.d/redis-session.ini
+ subPath: redis-session.ini
+ readOnly: true
+ opcache-recommended:
+ enabled: true
+ type: configmap
+ objectName: opcache
+ targetSelector:
+ main:
+ main:
+ mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini
+ subPath: opcache-recommended.ini
+ readOnly: true
+ nginx:
+ enabled: true
+ type: configmap
+ objectName: nginx-config
+ targetSelector:
+ nginx:
+ nginx:
+ mountPath: /etc/nginx/nginx.conf
+ subPath: nginx.conf
+ readOnly: true
+ nginx-temp:
+ enabled: true
+ type: emptyDir
+ targetSelector:
+ nginx:
+ nginx:
+ mountPath: /tmp/nginx
+ html:
+ enabled: true
+ targetSelector:
+ main:
+ main:
+ mountPath: /var/www/html
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html
+ preview-cron:
+ preview-cron:
+ mountPath: /var/www/html
+ nginx:
+ nginx:
+ mountPath: /var/www/html
+ readOnly: true
+ config:
+ enabled: true
+ targetSelector:
+ main:
+ main:
+ mountPath: /var/www/html/config
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html/config
+ preview-cron:
+ preview-cron:
+ mountPath: /var/www/html/config
+ notify:
+ notify:
+ mountPath: /var/www/html/config
+ readOnly: true
+ nginx:
+ nginx:
+ mountPath: /var/www/html/config
+ readOnly: true
+ data:
+ enabled: true
+ targetSelector:
+ main:
+ main:
+ mountPath: /var/www/html/data
+ init-perms:
+ mountPath: /var/www/html/data
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html/data
+ preview-cron:
+ preview-cron:
+ mountPath: /var/www/html/data
+ nginx:
+ nginx:
+ mountPath: /var/www/html/data
+ readOnly: true
+cnpg:
+ main:
+ enabled: true
+ user: nextcloud
+ database: nextcloud
+redis:
+ enabled: true
+ username: default
+portal:
+ open:
+ enabled: true
+updated: true
diff --git a/stable/nextcloud/24.0.0/questions.yaml b/stable/nextcloud/24.0.0/questions.yaml
new file mode 100644
index 00000000000..ead3e38e3b2
--- /dev/null
+++ b/stable/nextcloud/24.0.0/questions.yaml
@@ -0,0 +1,3778 @@
+groups:
+ - name: Container Image
+ description: Image to be used for container
+ - name: General Settings
+ description: General Deployment Settings
+ - name: Workload Settings
+ description: Workload Settings
+ - name: App Configuration
+ description: App Specific Config Options
+ - name: Networking and Services
+ description: Configure Network and Services for Container
+ - name: Storage and Persistence
+ description: Persist and Share Data that is Separate from the Container
+ - name: Ingress
+ description: Ingress Configuration
+ - name: Security and Permissions
+ description: Configure Security Context and Permissions
+ - name: Resources and Devices
+ description: "Specify Resources/Devices to be Allocated to Workload"
+ - name: Middlewares
+ description: Traefik Middlewares
+ - name: Metrics
+ description: Metrics
+ - name: Addons
+ description: Addon Configuration
+ - name: Advanced
+ description: Advanced Configuration
+ - name: Postgresql
+ description: Postgresql
+ - name: Documentation
+ description: Documentation
+portals:
+ open:
+ protocols:
+ - "$kubernetes-resource_configmap_tcportal-open_protocol"
+ host:
+ - "$kubernetes-resource_configmap_tcportal-open_host"
+ ports:
+ - "$kubernetes-resource_configmap_tcportal-open_port"
+questions:
+ - variable: global
+ group: General Settings
+ label: "Global Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: stopAll
+ label: Stop All
+ description: "Stops All Running pods and hibernates cnpg"
+ schema:
+ type: boolean
+ default: false
+ - variable: workload
+ group: "Workload Settings"
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type (Advanced)
+ schema:
+ type: string
+ default: Deployment
+ enum:
+ - value: Deployment
+ description: Deployment
+ - value: DaemonSet
+ description: DaemonSet
+ - variable: replicas
+ label: Replicas (Advanced)
+ description: Set the number of Replicas
+ schema:
+ type: int
+ show_if: [["type", "!=", "DaemonSet"]]
+ default: 1
+ - variable: podSpec
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: containers
+ label: Containers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: envList
+ label: Extra Environment Variables
+ description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ - variable: extraArgs
+ label: Extra Args
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: arg
+ label: Arg
+ schema:
+ type: string
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: command
+ label: Command
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: param
+ label: Param
+ schema:
+ type: string
+ - variable: TZ
+ label: Timezone
+ group: "General Settings"
+ schema:
+ type: string
+ default: "Etc/UTC"
+ $ref:
+ - "definitions/timezone"
+ - variable: nextcloud
+ group: App Configuration
+ label: Nextcloud
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: credentials
+ label: Initial Credentials
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: initialAdminUser
+ label: Initial Admin User
+ description: Sets the initial admin username
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: initialAdminPassword
+ label: Initial Admin Password
+ description: Sets the initial admin password
+ schema:
+ type: string
+ required: true
+ private: true
+ default: ""
+ - variable: general
+ label: General
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: run_optimize
+ label: Run Optimize Scripts
+ description: |
+ Runs the following commands at startup:
+ occ db:add-missing-indices
+ occ db:add-missing-columns
+ occ db:add-missing-primary-keys
+ yes | occ db:convert-filecache-bigint
+ occ maintenance:mimetype:update-js
+ occ maintenance:mimetype:update-db
+ occ maintenance:update:htaccess
+ schema:
+ type: boolean
+ default: false
+ - variable: default_phone_region
+ label: Default Phone Region
+ description: |
+ Sets the default phone region in ISO_3166-1 format (e.g. US).
+ https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
+ schema:
+ type: string
+ valid_chars: '^[A-Z]{2}$'
+ required: true
+ default: ""
+ - variable: accessIP
+ label: Access IP
+ description: Set to the IP-Address used to reach Nextcloud.
+ schema:
+ type: string
+ required: true
+ $ref:
+ - "definitions/nodeIP"
+ - variable: force_enable_allow_local_remote_servers
+ label: Force Enable Allow Local Remote Servers
+ description:
+ Enables 'allow_local_remote_servers' option
+ schema:
+ type: boolean
+ default: false
+ - variable: files
+ label: Files Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: shared_folder_name
+ label: Shared Folder Name
+ schema:
+ type: string
+ required: true
+ default: Shared
+ - variable: max_chunk_size
+ label: Max Chunk Size
+ schema:
+ type: int
+ required: true
+ default: 10485760
+ - variable: expirations
+ label: Expirations Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: activity_expire_days
+ label: Activity Expire Days
+ schema:
+ type: int
+ required: true
+ default: 90
+ - variable: trash_retention_obligation
+ label: Trash Retention Obligation
+ schema:
+ type: string
+ required: true
+ default: auto
+ - variable: versions_retention_obligation
+ label: Versions Retention Obligation
+ schema:
+ type: string
+ required: true
+ default: auto
+ - variable: previews
+ label: Previews Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Previews
+ schema:
+ type: boolean
+ default: true
+ show_subquestions_if: true
+ subquestions:
+ - variable: imaginary
+ label: Enable imaginary
+ description: |
+ Enable imaginary to generate previews in the background.
+ It will also deploy the needed container.
+ schema:
+ type: boolean
+ default: true
+ - variable: cron
+ label: Enable cron
+ description: |
+ Enable cron to generate previews in the background.
+ schema:
+ type: boolean
+ default: true
+ - variable: schedule
+ label: Cron Schedule
+ schema:
+ type: string
+ default: "*/30 * * * *"
+ - variable: max_x
+ label: Max X
+ schema:
+ type: int
+ required: true
+ default: 2048
+ - variable: max_y
+ label: Max Y
+ schema:
+ type: int
+ required: true
+ default: 2048
+ - variable: max_memory
+ label: Max Memory
+ schema:
+ type: int
+ required: true
+ default: 1024
+ - variable: max_allowed_resolution
+ label: Max Allowed Resolution
+ schema:
+ type: string
+ valid_chars: '^[0-9]{1,5}(\.[0-9]{1,2})?$'
+ show_if: [["imaginary", "=", true]]
+ required: true
+ default: "18.0"
+ - variable: max_file_size_image
+ label: Max File Size Image
+ schema:
+ type: int
+ required: true
+ default: 50
+ - variable: jpeg_quality
+ label: JPEG Quality
+ schema:
+ type: int
+ required: true
+ default: 60
+ - variable: square_sizes
+ label: Square Sizes
+ schema:
+ type: string
+ required: true
+ default: "32 256"
+ - variable: width_sizes
+ label: Width Sizes
+ schema:
+ type: string
+ required: true
+ default: "256 384"
+ - variable: height_sizes
+ label: Height Sizes
+ schema:
+ type: string
+ required: true
+ default: "256"
+ - variable: providers
+ label: Providers
+ schema:
+ type: list
+ empty: false
+ required: true
+ default:
+ - BMP
+ - GIF
+ - JPEG
+ - Krita
+ - MarkDown
+ - MP3
+ - OpenDocument
+ - PNG
+ - TXT
+ - XBitmap
+ items:
+ - variable: provider_entry
+ label: Provider Entry
+ schema:
+ type: string
+ required: true
+ default: ""
+ enum:
+ - value: BMP
+ description: BMP
+ - value: Font
+ description: Font
+ - value: GIF
+ description: GIF
+ - value: HEIC
+ description: HEIC
+ - value: Illustrator
+ description: Illustrator
+ - value: JPEG
+ description: JPEG
+ - value: Krita
+ description: Krita
+ - value: MarkDown
+ description: MarkDown
+ - value: Movie
+ description: Movie
+ - value: MP3
+ description: MP3
+ - value: MSOffice2003
+ description: MSOffice2003
+ - value: MSOffice2007
+ description: MSOffice2007
+ - value: MSOfficeDoc
+ description: MSOfficeDoc
+ - value: OpenDocument
+ description: OpenDocument
+ - value: PDF
+ description: PDF
+ - value: Photoshop
+ description: Photoshop
+ - value: PNG
+ description: PNG
+ - value: Postscript
+ description: Postscript
+ - value: StarOffice
+ description: StarOffice
+ - value: SVG
+ description: SVG
+ - value: TIFF
+ description: TIFF
+ - value: TXT
+ description: TXT
+ - value: XBitmap
+ description: XBitmap
+ - variable: logging
+ label: Logging Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: log_level
+ label: Log Level
+ schema:
+ type: int
+ required: true
+ default: 2
+ enum:
+ - value: 0
+ description: Debug
+ - value: 1
+ description: Info
+ - value: 2
+ description: Warning
+ - value: 3
+ description: Error
+ - value: 4
+ description: Fatal
+ - variable: log_date_format
+ label: Log Date Format
+ schema:
+ type: string
+ required: true
+ default: d/m/Y H:i:s
+ - variable: notify_push
+ label: Notify Push Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Notify Push
+ description: |
+ Enable and Configure Notify Push.
+ It will also deploy the needed container
+ schema:
+ type: boolean
+ default: true
+ - variable: clamav
+ label: ClamAV Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable ClamAV
+ description: |
+ Enable and configure ClamAV.
+ It will also deploy the needed container.
+ Keep in mind that this will run as root.
+ https://github.com/Cisco-Talos/clamav/issues/478
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: stream_max_length
+ label: Stream Max Length
+ schema:
+ type: int
+ required: true
+ default: 104857600
+ - variable: file_max_size
+ label: File Max Size
+ schema:
+ type: int
+ required: true
+ default: -1
+ - variable: infected_action
+ label: Infected Action
+ schema:
+ type: string
+ required: true
+ default: only_log
+ enum:
+ - value: delete
+ description: Delete
+ - value: only_log
+ description: Only Log
+ - variable: collabora
+ label: Collabora Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Collabora
+ description: |
+ Enable and configure Collabora.
+ It will also deploy the needed container.
+ Keep in mind that this will run as root.
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: interface_mode
+ label: Interface Mode
+ schema:
+ type: string
+ required: true
+ default: default
+ enum:
+ - value: default
+ description: Default
+ - value: compact
+ description: Compact
+ - value: tabbed
+ description: Tabbed
+ - variable: username
+ label: Username
+ schema:
+ type: string
+ default: admin
+ required: true
+ - variable: password
+ label: Password
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: dictionaries
+ label: Dictionaries
+ schema:
+ type: list
+ empty: false
+ required: true
+ default:
+ - de_DE
+ - en_GB
+ - en_US
+ - el_GR
+ - es_ES
+ - fr_FR
+ - pt_BR
+ - pt_PT
+ - it
+ - nl
+ - ru
+ items:
+ - variable: dictionary
+ label: Dictionary
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: onlyoffice
+ label: Only Office Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable OnlyOffice
+ description: |
+ Enable and configure OnlyOffice.
+ This will NOT deploy the needed container.
+ You need to deploy it yourself.
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: url
+ label: Public URL
+ description: |
+ The public FQDN and port of the OnlyOffice Document Server
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: internal_url
+ label: Internal URL
+ description: |
+ The internal FQDN and port of the OnlyOffice Document Server
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: verify_ssl
+ label: Verify SSL (Advanced)
+ description: |
+ Verify SSL when connecting to OnlyOffice Document Server
+ schema:
+ type: boolean
+ default: true
+ - variable: jwt
+ label: JWT
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: jwt_header
+ label: JWT Header
+ schema:
+ type: string
+ required: true
+ default: Authorization
+ - variable: php
+ label: PHP Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: memory_limit
+ label: Memory Limit
+ schema:
+ type: string
+ required: true
+ default: 1G
+ - variable: upload_limit
+ label: Upload Limit
+ schema:
+ type: string
+ required: true
+ default: 10G
+ - variable: pm_max_children
+ label: Max Children
+ schema:
+ type: int
+ required: true
+ default: 180
+ - variable: pm_start_servers
+ label: Start Servers
+ schema:
+ type: int
+ required: true
+ default: 18
+ - variable: pm_min_spare_servers
+ label: Minimum Spare Servers
+ schema:
+ type: int
+ required: true
+ default: 12
+ - variable: pm_max_spare_servers
+ label: Maximum Spare Servers
+ schema:
+ type: int
+ required: true
+ default: 30
+ - variable: opcache
+ label: OPCache Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: interned_strings_buffer
+ label: Interned Strings Buffer
+ description: The amount of memory used to store interned strings, in megabytes.
+ schema:
+ type: int
+ required: true
+ default: 32
+ - variable: max_accelerated_files
+ label: Max Accelerated Files
+ description: The maximum number of keys (and therefore scripts) in the OPcache hash table.
+ schema:
+ type: int
+ required: true
+ default: 10000
+ - variable: memory_consumption
+ label: Memory Consumption
+ description: The size of the shared memory storage used by OPcache, in megabytes.
+ schema:
+ type: int
+ required: true
+ default: 128
+ - variable: revalidate_freq
+ label: Revalidate Frequency
+ description: How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.
+ schema:
+ type: int
+ required: true
+ default: 60
+ - variable: jit_buffer_size
+ label: JIT Buffer Size
+ description: The amount of shared memory (in megabytes) to reserve for compiled JIT code. A zero value disables the JIT.
+ schema:
+ type: int
+ required: true
+ default: 128
+
+ - variable: podOptions
+ group: "General Settings"
+ label: "Global Pod Options (Advanced)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: expertPodOpts
+ label: "Expert - Pod Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hostNetwork
+ label: "Host Networking"
+ schema:
+ type: boolean
+ default: false
+ - variable: dnsConfig
+ label: "DNS Configuration"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: options
+ label: "Options"
+ schema:
+ type: list
+ default: [{"name": "ndots", "value": "1"}]
+ items:
+ - variable: optionsEntry
+ label: "Option Entry"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: nameservers
+ label: "Nameservers"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: nsEntry
+ label: "Nameserver Entry"
+ schema:
+ type: string
+ required: true
+ - variable: searches
+ label: "Searches"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: searchEntry
+ label: "Search Entry"
+ schema:
+ type: string
+ required: true
+
+ - variable: imagePullSecretList
+ group: "General Settings"
+ label: "Image Pull Secrets"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pullsecretentry
+ label: "Pull Secret"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: registry
+ label: "Registry"
+ schema:
+ type: string
+ required: true
+ default: "https://index.docker.io/v1/"
+ - variable: username
+ label: "Username"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: password
+ label: "Password"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: email
+ label: "Email"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: service
+ group: Networking and Services
+ label: Configure Service(s)
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Service
+ description: The Primary service on which the healthcheck runs, often the webUI
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Service Port Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ default: 12000
+ required: true
+ - variable: serviceexpert
+ group: Networking and Services
+ label: Show Expert Config
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: scaleExternalInterface
+ description: Add External Interfaces
+ label: Add external Interfaces
+ group: Networking
+ schema:
+ type: list
+ items:
+ - variable: interfaceConfiguration
+ description: Interface Configuration
+ label: Interface Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "normalize/interfaceConfiguration"
+ attrs:
+ - variable: hostInterface
+ description: Please Specify Host Interface
+ label: Host Interface
+ schema:
+ type: string
+ required: true
+ $ref:
+ - "definitions/interface"
+ - variable: ipam
+ description: Define how IP Address will be managed
+ label: IP Address Management
+ schema:
+ additional_attrs: true
+ type: dict
+ required: true
+ attrs:
+ - variable: type
+ description: Specify type for IPAM
+ label: IPAM Type
+ schema:
+ type: string
+ required: true
+ enum:
+ - value: dhcp
+ description: Use DHCP
+ - value: static
+ description: Use Static IP
+ - variable: staticIPConfigurations
+ label: Static IP Addresses
+ schema:
+ type: list
+ show_if: [["type", "=", "static"]]
+ items:
+ - variable: staticIP
+ label: Static IP
+ schema:
+ type: ipaddr
+ cidr: true
+ - variable: staticRoutes
+ label: Static Routes
+ schema:
+ type: list
+ show_if: [["type", "=", "static"]]
+ items:
+ - variable: staticRouteConfiguration
+ label: Static Route Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: destination
+ label: Destination
+ schema:
+ type: ipaddr
+ cidr: true
+ required: true
+ - variable: gateway
+ label: Gateway
+ schema:
+ type: ipaddr
+ cidr: false
+ required: true
+ - variable: serviceList
+ label: Add Manual Custom Services
+ group: Networking and Services
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: serviceListEntry
+ label: Custom Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: advancedsvcset
+ label: Show Advanced Service Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: External IP
+ schema:
+ type: string
+ - variable: ipFamilyPolicy
+ label: IP Family Policy
+ description: Specify the IP Policy
+ schema:
+ type: string
+ default: SingleStack
+ enum:
+ - value: SingleStack
+ description: SingleStack
+ - value: PreferDualStack
+ description: PreferDualStack
+ - value: RequireDualStack
+ description: RequireDualStack
+ - variable: ipFamilies
+ label: IP Families
+ description: (Advanced) The IP Families that should be used
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ipFamily
+ label: IP Family
+ schema:
+ type: string
+ - variable: portsList
+ label: Additional Service Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsListEntry
+ label: Custom ports
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Port
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Port Name
+ schema:
+ type: string
+ default: ""
+ - variable: protocol
+ label: Port Type
+ schema:
+ type: string
+ default: tcp
+ enum:
+ - value: http
+ description: HTTP
+ - value: https
+ description: HTTPS
+ - value: tcp
+ description: TCP
+ - value: udp
+ description: UDP
+ - variable: targetPort
+ label: Target Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ required: true
+ - variable: port
+ label: Container Port
+ schema:
+ type: int
+ required: true
+ - variable: persistence
+ label: Integrated Persistent Storage
+ description: Integrated Persistent Storage
+ group: Storage and Persistence
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: html
+ label: App HTML Storage
+ description: Stores the Application HTML.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - value: iscsi
+ description: iSCSI Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: disabled
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: config
+ label: App Config Storage
+ description: Stores the Application Config.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - value: iscsi
+ description: iSCSI Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: disabled
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: data
+ label: User Data Storage
+ description: Stores the User Data.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - value: iscsi
+ description: iSCSI Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: disabled
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: persistenceList
+ label: Additional App Storage
+ group: Storage and Persistence
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: persistenceListEntry
+ label: Custom Storage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the storage
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: hostPath
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: iscsi
+ label: iSCSI Options
+ schema:
+ show_if: [["type", "=", "iscsi"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: targetPortal
+ label: targetPortal
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: iqn
+ label: iqn
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: lun
+ label: lun
+ schema:
+ type: int
+ default: 0
+ - variable: authSession
+ label: authSession
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: authDiscovery
+ label: authDiscovery
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: username
+ label: username
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: password
+ schema:
+ type: string
+ default: ""
+ - variable: usernameInitiator
+ label: usernameInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: passwordInitiator
+ label: passwordInitiator
+ schema:
+ type: string
+ default: ""
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: mountPath
+ label: Mount Path
+ description: Path inside the container the storage is mounted
+ schema:
+ type: string
+ default: ""
+ required: true
+ valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size Quotum of Storage
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: "disabled"
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: ingress
+ label: ""
+ group: Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: [{path: "/", pathType: "Prefix"}]
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: certificateIssuer
+ label: Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: integration
+ label: Integrations
+ description: Connect ingress with other charts
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: homepage
+ label: Homepage
+ description: Connect ingress with Homepage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ - variable: name
+ label: Name
+ description: defaults to chartname
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: description
+ label: Description
+ description: defaults to chart description
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: group
+ label: Group
+ schema:
+ type: string
+ required: true
+ default: "default"
+ show_if: [["enabled", "=", true]]
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ show_if: [["advanced", "=", true]]
+ required: true
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ show_if: [["advanced", "=", true]]
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ show_if: [["advanced", "=", true]]
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: 'Use Custom Certificate Secret (Advanced)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: 'Use TrueNAS SCALE Certificate (Deprecated)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: ingressList
+ label: Add Manual Custom Ingresses
+ group: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressListEntry
+ label: Custom Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: ingressClassName
+ label: IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: service
+ label: Linked Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Service Name
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: Service Port
+ schema:
+ type: int
+ - variable: certificateIssuer
+ label: certificateIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ show_if: [["certificateIssuer", "=", ""]]
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: Use TrueNAS SCALE Certificate (Deprecated)
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: Use Custom Secret (Advanced)
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: integration
+ label: Integrations
+ description: Connect ingress with other charts
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: homepage
+ label: Homepage
+ description: Connect ingress with Homepage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ - variable: name
+ label: Name
+ description: defaults to chartname
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: description
+ label: Description
+ description: defaults to chart description
+ schema:
+ type: string
+ default: ""
+ show_if: [["enabled", "=", true]]
+ - variable: group
+ label: Group
+ schema:
+ type: string
+ required: true
+ default: "default"
+ show_if: [["enabled", "=", true]]
+ - variable: entrypoint
+ label: Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: securityContext
+ group: Security and Permissions
+ label: Security Context
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: container
+ label: Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: runAsUser
+ label: runAsUser
+ description: The UserID of the user running the application
+ schema:
+ type: int
+ default: 568
+ - variable: runAsGroup
+ label: runAsGroup
+ description: The groupID of the user running the application
+ schema:
+ type: int
+ default: 568
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: PUID
+ label: Process User ID - PUID
+ description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
+ schema:
+ type: int
+ show_if: [["runAsUser", "=", 0]]
+ default: 568
+ - variable: UMASK
+ label: UMASK
+ description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
+ schema:
+ type: string
+ default: "0022"
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: privileged
+ label: "Privileged mode"
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnlyRootFilesystem
+ label: "ReadOnly Root Filesystem"
+ schema:
+ type: boolean
+ default: true
+ - variable: pod
+ label: Pod
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: fsGroupChangePolicy
+ label: "When should we take ownership?"
+ schema:
+ type: string
+ default: OnRootMismatch
+ enum:
+ - value: OnRootMismatch
+ description: OnRootMismatch
+ - value: Always
+ description: Always
+ - variable: supplementalGroups
+ label: Supplemental Groups
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: supplementalGroupsEntry
+ label: Supplemental Group
+ schema:
+ type: int
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: fsGroup
+ label: fsGroup
+ description: The group that should own ALL storage.
+ schema:
+ type: int
+ default: 568
+ - variable: resources
+ group: Resources and Devices
+ label: "Resource Limits"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: limits
+ label: Advanced Limit Resource Consumption
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 4000m
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: RAM
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 8Gi
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: requests
+ label: "Minimum Resources Required (request)"
+ schema:
+ additional_attrs: true
+ type: dict
+ hidden: true
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 10m
+ hidden: true
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: "RAM"
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 50Mi
+ hidden: true
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: deviceList
+ label: Mount USB Devices
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: deviceListEntry
+ label: Device
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Storage
+ schema:
+ type: boolean
+ default: true
+ - variable: type
+ label: (Advanced) Type of Storage
+ description: Sets the persistence type
+ schema:
+ type: string
+ default: device
+ hidden: true
+ - variable: readOnly
+ label: readOnly
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Device Path
+ description: Path to the device on the host system
+ schema:
+ type: path
+ - variable: mountPath
+ label: Container Device Path
+ description: Path inside the container the device is mounted
+ schema:
+ type: string
+ default: "/dev/ttyACM0"
+ - variable: scaleGPU
+ label: GPU Configuration
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: scaleGPUEntry
+ label: GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Specify GPU configuration
+ - variable: gpu
+ label: Select GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "definitions/gpuConfiguration"
+ attrs: []
+ - variable: workaround
+ label: "Workaround"
+ schema:
+ type: string
+ default: workaround
+ hidden: true
+ - variable: metrics
+ group: Metrics
+ label: Prometheus Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: prometheusRule
+ label: PrometheusRule
+ description: Enable and configure Prometheus Rules for the App.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ # TODO: Rule List section
+# - variable: horizontalPodAutoscaler
+# group: Advanced
+# label: (Advanced) Horizontal Pod Autoscaler
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: hpaEntry
+# label: HPA Entry
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: name
+# label: Name
+# schema:
+# type: string
+# required: true
+# default: ""
+# - variable: enabled
+# label: Enabled
+# schema:
+# type: boolean
+# default: false
+# show_subquestions_if: true
+# subquestions:
+# - variable: target
+# label: Target
+# description: Deployment name, Defaults to Main Deployment
+# schema:
+# type: string
+# default: ""
+# - variable: minReplicas
+# label: Minimum Replicas
+# schema:
+# type: int
+# default: 1
+# - variable: maxReplicas
+# label: Maximum Replicas
+# schema:
+# type: int
+# default: 5
+# - variable: targetCPUUtilizationPercentage
+# label: Target CPU Utilization Percentage
+# schema:
+# type: int
+# default: 80
+# - variable: targetMemoryUtilizationPercentage
+# label: Target Memory Utilization Percentage
+# schema:
+# type: int
+# default: 80
+ - variable: networkPolicy
+ group: Advanced
+ label: (Advanced) Network Policy
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: netPolicyEntry
+ label: Network Policy Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: policyType
+ label: Policy Type
+ schema:
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: ingress
+ description: Ingress
+ - value: egress
+ description: Egress
+ - value: ingress-egress
+ description: Ingress and Egress
+ - variable: egress
+ label: Egress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: egressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: to
+ label: To
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: toEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: ingress
+ label: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: from
+ label: From
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: fromEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: addons
+ group: Addons
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: Codeserver
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: service
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: NodePort
+ description: Deprecated CHANGE THIS
+ - value: ClusterIP
+ description: ClusterIP
+ - value: LoadBalancer
+ description: LoadBalancer
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ default: 36107
+ - variable: ingress
+ label: "Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: [{path: "/", pathType: "Prefix"}]
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: certificateIssuer
+ label: Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ show_if: [["advanced", "=", true]]
+ required: true
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ show_if: [["advanced", "=", true]]
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ show_if: [["advanced", "=", true]]
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: 'Use Custom Certificate Secret (Advanced)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: 'Use TrueNAS SCALE Certificate (Deprecated)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: envList
+ label: Codeserver Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: netshoot
+ label: Netshoot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: envList
+ label: Netshoot Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: vpn
+ label: VPN
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ schema:
+ type: string
+ default: disabled
+ enum:
+ - value: disabled
+ description: disabled
+ - value: gluetun
+ description: Gluetun
+ - value: tailscale
+ description: Tailscale
+ - value: openvpn
+ description: OpenVPN (Deprecated)
+ - value: wireguard
+ description: Wireguard (Deprecated)
+ - variable: openvpn
+ label: OpenVPN Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "openvpn"]]
+ attrs:
+ - variable: username
+ label: Authentication Username (Optional)
+ description: Authentication Username, Optional
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: Authentication Password
+ description: Authentication Credentials
+ schema:
+ type: string
+ show_if: [["username", "!=", ""]]
+ default: ""
+ required: true
+ - variable: tailscale
+ label: Tailscale Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "tailscale"]]
+ attrs:
+ - variable: authkey
+ label: Authentication Key
+ description: Provide an auth key to automatically authenticate the node as your user account.
+ schema:
+ type: string
+ private: true
+ default: ""
+ - variable: auth_once
+ label: Auth Once
+ description: Only attempt to log in if not already logged in.
+ schema:
+ type: boolean
+ default: true
+ - variable: accept_dns
+ label: Accept DNS
+ description: Accept DNS configuration from the admin console.
+ schema:
+ type: boolean
+ default: false
+ - variable: userspace
+ label: Userspace
+ description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
+ schema:
+ type: boolean
+ default: false
+ - variable: routes
+ label: Routes
+ description: Expose physical subnet routes to your entire Tailscale network.
+ schema:
+ type: string
+ default: ""
+ - variable: dest_ip
+ label: Destination IP
+ description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
+ schema:
+ type: string
+ default: ""
+ - variable: sock5_server
+ label: Sock5 Server
+ description: The address on which to listen for SOCKS5 proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: outbound_http_proxy_listen
+ label: Outbound HTTP Proxy Listen
+ description: The address on which to listen for HTTP proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: extra_args
+ label: Extra Args
+ description: Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: daemon_extra_args
+ label: Tailscale Daemon Extra Args
+ description: Tailscale Daemon Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: killSwitch
+ label: Enable Killswitch
+ schema:
+ type: boolean
+ show_if: [["type", "!=", "disabled"]]
+ default: true
+ - variable: excludedNetworks_IPv4
+ label: Killswitch Excluded IPv4 networks
+ description: List of Killswitch Excluded IPv4 Addresses
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv4
+ label: IPv4 Network
+ schema:
+ type: string
+ required: true
+ - variable: excludedNetworks_IPv6
+ label: Killswitch Excluded IPv6 networks
+ description: "List of Killswitch Excluded IPv6 Addresses"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv6
+ label: IPv6 Network
+ schema:
+ type: string
+ required: true
+ - variable: configFile
+ label: VPN Config File Location
+ schema:
+ type: string
+ show_if: [["type", "!=", "disabled"]]
+ default: ""
+
+ - variable: envList
+ label: VPN Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ max_length: 10240
+ - variable: docs
+ group: Documentation
+ label: Please read the documentation at https://truecharts.org
+ description: Please read the documentation at
+
https://truecharts.org
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDocs
+ label: I have checked the documentation
+ schema:
+ type: boolean
+ default: true
+ - variable: donateNag
+ group: Documentation
+ label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
+ description: Please consider supporting TrueCharts, see
+
https://truecharts.org/sponsor
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDonate
+ label: I have considered donating
+ schema:
+ type: boolean
+ default: true
+ hidden: true
diff --git a/stable/nextcloud/24.0.0/templates/NOTES.txt b/stable/nextcloud/24.0.0/templates/NOTES.txt
new file mode 100644
index 00000000000..efcb74cb772
--- /dev/null
+++ b/stable/nextcloud/24.0.0/templates/NOTES.txt
@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}
diff --git a/stable/nextcloud/24.0.0/templates/_configmap.tpl b/stable/nextcloud/24.0.0/templates/_configmap.tpl
new file mode 100644
index 00000000000..50cac7f16f6
--- /dev/null
+++ b/stable/nextcloud/24.0.0/templates/_configmap.tpl
@@ -0,0 +1,443 @@
+{{- define "nextcloud.accessurl" -}}
+ {{- $accessUrl := .Values.chartContext.appUrl -}}
+ {{- if or (contains "127.0.0.1" $accessUrl) (contains "localhost" $accessUrl) -}}
+ {{- if .Values.nextcloud.general.accessIP -}}
+ {{- $prot := "http" -}}
+ {{- $host := .Values.nextcloud.general.accessIP -}}
+ {{- $port := .Values.service.main.ports.main.port -}}
+ {{/*
+ Allowing here to override protocol and port
+ should be enough to make it work with any rev proxy
+ */}}
+ {{- $accessUrl = printf "%v://%v:%v" $prot $host $port -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- $accessUrl -}}
+{{- end -}}
+
+{{- define "nextcloud.accesshost" -}}
+ {{- $accessUrl := (include "nextcloud.accessurl" $) -}}
+ {{- $accessHost := regexReplaceAll ".*://(.*)" $accessUrl "${1}" -}}
+ {{- $accessHost = regexReplaceAll "(.*):.*" $accessHost "${1}" -}}
+
+ {{- $accessHost -}}
+{{- end -}}
+
+{{/* Define the configmap */}}
+{{- define "nextcloud.configmaps" -}}
+{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
+{{- $fqdn := (include "tc.v1.common.lib.chart.names.fqdn" $) -}}
+{{- $accessUrl := (include "nextcloud.accessurl" $) -}}
+{{- $accessHost := (include "nextcloud.accesshost" $) -}}
+{{- $accessHostPort := regexReplaceAll ".*://(.*)" $accessUrl "${1}" -}}
+{{- $accessProtocol := regexReplaceAll "(.*)://.*" $accessUrl "${1}" -}}
+{{- $redisHost := .Values.redis.creds.plainhost | trimAll "\"" -}}
+{{- $redisPass := .Values.redis.creds.redisPassword | trimAll "\"" -}}
+{{- $healthHost := "kube.internal.healthcheck" -}}
+
+php-tune:
+ enabled: true
+ data:
+ zz-tune.conf: |
+ [www]
+ pm.max_children = {{ .Values.nextcloud.php.pm_max_children }}
+ pm.start_servers = {{ .Values.nextcloud.php.pm_start_servers }}
+ pm.min_spare_servers = {{ .Values.nextcloud.php.pm_min_spare_servers }}
+ pm.max_spare_servers = {{ .Values.nextcloud.php.pm_max_spare_servers }}
+
+opcache:
+ enabled: true
+ data:
+ opcache-recommended.ini: |
+ opcache.enable=1
+ opcache.save_comments=1
+ opcache.jit=1255
+ opcache.interned_strings_buffer={{ .Values.nextcloud.opcache.interned_strings_buffer }}
+ opcache.max_accelerated_files={{ .Values.nextcloud.opcache.max_accelerated_files }}
+ opcache.memory_consumption={{ .Values.nextcloud.opcache.memory_consumption }}
+ opcache.revalidate_freq={{ .Values.nextcloud.opcache.revalidate_freq }}
+ opcache.jit_buffer_size={{ printf "%vM" .Values.nextcloud.opcache.jit_buffer_size }}
+
+redis-session:
+ enabled: true
+ data:
+ redis-session.ini: |
+ session.save_handler = redis
+ session.save_path = {{ printf "tcp://%v:6379?auth=%v" $redisHost $redisPass | quote }}
+ redis.session.locking_enabled = 1
+ redis.session.lock_retries = -1
+ redis.session.lock_wait_time = 10000
+
+hpb-config:
+ enabled: {{ .Values.nextcloud.notify_push.enabled }}
+ data:
+ NEXTCLOUD_URL: {{ printf "http://%v:%v" $fullname .Values.service.main.ports.main.port }}
+ HPB_HOST: {{ $healthHost }}
+ CONFIG_FILE: {{ printf "%v/config.php" .Values.persistence.config.targetSelector.notify.notify.mountPath }}
+ METRICS_PORT: {{ .Values.service.notify.ports.metrics.port | quote }}
+
+clamav-config:
+ enabled: {{ .Values.nextcloud.clamav.enabled }}
+ data:
+ CLAMAV_NO_CLAMD: "false"
+ CLAMAV_NO_FRESHCLAMD: "true"
+ CLAMAV_NO_MILTERD: "true"
+ CLAMD_STARTUP_TIMEOUT: "1800"
+
+collabora-config:
+ enabled: {{ .Values.nextcloud.collabora.enabled }}
+ data:
+ aliasgroup1: {{ $accessUrl }}
+ server_name: {{ $accessHostPort }}
+ dictionaries: {{ join " " .Values.nextcloud.collabora.dictionaries }}
+ username: {{ .Values.nextcloud.collabora.username | quote }}
+ password: {{ .Values.nextcloud.collabora.password | quote }}
+ DONT_GEN_SSL_CERT: "true"
+ # mount_jail_tree is only used for local storage
+ # not needed for WOPI https://github.com/CollaboraOnline/online/issues/3604#issuecomment-989833814
+ extra_params: |
+ --o:ssl.enable=false
+ --o:ssl.termination=true
+ --o:net.service_root=/collabora
+ --o:home_mode.enable=true
+ --o:welcome.enable=false
+ --o:logging.level=warning
+ --o:logging.level_startup=warning
+ --o:security.seccomp=true
+ --o:mount_jail_tree=false
+ --o:user_interface.mode={{ .Values.nextcloud.collabora.user_interface_mode }}
+
+nextcloud-config:
+ enabled: true
+ data:
+ {{/* Database */}}
+ POSTGRES_DB: {{ .Values.cnpg.main.database | quote }}
+ POSTGRES_USER: {{ .Values.cnpg.main.user | quote }}
+ POSTGRES_PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
+ POSTGRES_HOST: {{ .Values.cnpg.main.creds.host | trimAll "\"" }}
+
+ {{/* Redis */}}
+ NX_REDIS_HOST: {{ $redisHost }}
+ NX_REDIS_PASS: {{ $redisPass }}
+
+ {{/* Nextcloud INITIAL credentials */}}
+ NEXTCLOUD_ADMIN_USER: {{ .Values.nextcloud.credentials.initialAdminUser | quote }}
+ NEXTCLOUD_ADMIN_PASSWORD: {{ .Values.nextcloud.credentials.initialAdminPassword | quote }}
+
+ {{/* PHP Variables */}}
+ PHP_MEMORY_LIMIT: {{ .Values.nextcloud.php.memory_limit | quote }}
+ PHP_UPLOAD_LIMIT: {{ .Values.nextcloud.php.upload_limit | quote }}
+
+ {{/* Notify Push */}}
+ NX_NOTIFY_PUSH: {{ .Values.nextcloud.notify_push.enabled | quote }}
+ {{- if .Values.nextcloud.notify_push.enabled }}
+ NX_NOTIFY_PUSH_ENDPOINT: {{ $accessUrl }}/push
+ {{- end }}
+
+ {{/* Previews */}}
+ NX_PREVIEWS: {{ .Values.nextcloud.previews.enabled | quote }}
+ NX_PREVIEW_PROVIDERS: {{ join " " .Values.nextcloud.previews.providers }}
+ NX_PREVIEW_MAX_X: {{ .Values.nextcloud.previews.max_x | quote }}
+ NX_PREVIEW_MAX_Y: {{ .Values.nextcloud.previews.max_y | quote }}
+ NX_PREVIEW_MAX_MEMORY: {{ .Values.nextcloud.previews.max_memory | quote }}
+ NX_PREVIEW_MAX_FILESIZE_IMAGE: {{ .Values.nextcloud.previews.max_file_size_image | quote }}
+ NX_JPEG_QUALITY: {{ .Values.nextcloud.previews.jpeg_quality | quote }}
+ NX_PREVIEW_SQUARE_SIZES: {{ .Values.nextcloud.previews.square_sizes | quote }}
+ NX_PREVIEW_WIDTH_SIZES: {{ .Values.nextcloud.previews.width_sizes | quote }}
+ NX_PREVIEW_HEIGHT_SIZES: {{ .Values.nextcloud.previews.height_sizes | quote }}
+
+ {{/* Imaginary */}}
+ NX_IMAGINARY: {{ and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary | quote }}
+ {{- if and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary }}
+ NX_IMAGINARY_URL: {{ printf "http://%v-imaginary:%v" $fullname .Values.service.imaginary.ports.imaginary.port }}
+ {{- end }}
+
+ {{/* Expirations */}}
+ NX_ACTIVITY_EXPIRE_DAYS: {{ .Values.nextcloud.expirations.activity_expire_days | quote }}
+ NX_TRASH_RETENTION: {{ .Values.nextcloud.expirations.trash_retention_obligation | quote }}
+ NX_VERSIONS_RETENTION: {{ .Values.nextcloud.expirations.versions_retention_obligation | quote }}
+
+ {{/* General */}}
+ NX_RUN_OPTIMIZE: {{ .Values.nextcloud.general.run_optimize | quote }}
+ NX_DEFAULT_PHONE_REGION: {{ .Values.nextcloud.general.default_phone_region | quote }}
+ NEXTCLOUD_DATA_DIR: {{ .Values.persistence.data.targetSelector.main.main.mountPath }}
+ NX_FORCE_ENABLE_ALLOW_LOCAL_REMOTE_SERVERS: {{ .Values.nextcloud.general.force_enable_allow_local_remote_servers | quote }}
+
+ {{/* Files */}}
+ NX_SHARED_FOLDER_NAME: {{ .Values.nextcloud.files.shared_folder_name | quote }}
+ NX_MAX_CHUNKSIZE: {{ .Values.nextcloud.files.max_chunk_size | mul 1 | quote }}
+
+ {{/* Logging */}}
+ NX_LOG_LEVEL: {{ .Values.nextcloud.logging.log_level | quote }}
+ NX_LOG_FILE: {{ .Values.nextcloud.logging.log_file | quote }}
+ NX_LOG_FILE_AUDIT: {{ .Values.nextcloud.logging.log_audit_file | quote }}
+ NX_LOG_DATE_FORMAT: {{ .Values.nextcloud.logging.log_date_format | quote }}
+ NX_LOG_TIMEZONE: {{ .Values.TZ | quote }}
+
+ {{/* ClamAV */}}
+ NX_CLAMAV: {{ .Values.nextcloud.clamav.enabled | quote }}
+ {{- if .Values.nextcloud.clamav.enabled }}
+ NX_CLAMAV_HOST: {{ printf "%v-clamav" $fullname }}
+ NX_CLAMAV_PORT: {{ .Values.service.clamav.ports.clamav.targetPort | quote }}
+ NX_CLAMAV_STREAM_MAX_LENGTH: {{ .Values.nextcloud.clamav.stream_max_length | mul 1 | quote }}
+ NX_CLAMAV_FILE_MAX_SIZE: {{ .Values.nextcloud.clamav.file_max_size | quote }}
+ NX_CLAMAV_INFECTED_ACTION: {{ .Values.nextcloud.clamav.infected_action | quote }}
+ {{- end }}
+
+ {{/* Collabora */}}
+ NX_COLLABORA: {{ .Values.nextcloud.collabora.enabled | quote }}
+ {{- if .Values.nextcloud.collabora.enabled }}
+ NX_COLLABORA_URL: {{ printf "%v/collabora" $accessUrl | quote }}
+ # Ideally this would be a combo of: public ip, pod cidr, svc cidr
+ # But not always people have static IP.
+ NX_COLLABORA_ALLOWLIST: "0.0.0.0/0"
+ {{- end }}
+
+ {{/* Only Office */}}
+ NX_ONLYOFFICE: {{ .Values.nextcloud.onlyoffice.enabled | quote }}
+ {{- if .Values.nextcloud.onlyoffice.enabled }}
+ NX_ONLYOFFICE_URL: {{ .Values.nextcloud.onlyoffice.url | quote }}
+ NX_ONLYOFFICE_INTERNAL_URL: {{ .Values.nextcloud.onlyoffice.internal_url | quote }}
+ NX_ONLYOFFICE_VERIFY_SSL: {{ .Values.nextcloud.onlyoffice.verify_ssl | quote }}
+ NX_ONLYOFFICE_NEXTCLOUD_INTERNAL_URL: {{ printf "http://%v.svc.cluster.local:%v" $fqdn .Values.service.main.ports.main.port }}
+ NX_ONLYOFFICE_JWT: {{ .Values.nextcloud.onlyoffice.jwt | quote }}
+ NX_ONLYOFFICE_JWT_HEADER: {{ .Values.nextcloud.onlyoffice.jwt_header | quote }}
+ {{- end }}
+
+ {{/* URLs */}}
+ NX_OVERWRITE_HOST: {{ $accessHostPort }}
+ NX_OVERWRITE_CLI_URL: {{ $accessUrl }}
+ # Return the protocol part of the URL
+ NX_OVERWRITE_PROTOCOL: {{ $accessProtocol | lower }}
+ # IP (or range in this case) of the proxy(ies)
+ NX_TRUSTED_PROXIES: |
+ {{ .Values.chartContext.podCIDR }}
+ {{ .Values.chartContext.svcCIDR }}
+ # fullname-* will allow access from the
+ # other services in the same namespace
+ NX_TRUSTED_DOMAINS: |
+ 127.0.0.1
+ localhost
+ {{ $fullname }}
+ {{ printf "%v-*" $fullname }}
+ {{ $healthHost }}
+ {{- if not (contains "127.0.0.1" $accessHost) }}
+ {{- $accessHost | nindent 6 }}
+ {{- end -}}
+ {{- with .Values.nextcloud.general.accessIP }}
+ {{- . | nindent 6 }}
+ {{- end }}
+
+# TODO: Replace locations with ingress
+# like /push, /.well-known/carddav, /.well-known/caldav
+# needs some work as nginx converts urls to pretty urls
+# before matching them to locations, so ingress needs to
+# take that into consideration.
+nginx-config:
+ enabled: true
+ data:
+ nginx.conf: |
+ worker_processes auto;
+
+ error_log /var/log/nginx/error.log warn;
+ # Set to /tmp so it can run as non-root
+ pid /tmp/nginx.pid;
+
+ events {
+ worker_connections 1024;
+ }
+
+ http {
+ # Set to /tmp so it can run as non-root
+ client_body_temp_path /tmp/nginx/client_temp;
+ proxy_temp_path /tmp/nginx/proxy_temp_path;
+ fastcgi_temp_path /tmp/nginx/fastcgi_temp;
+ uwsgi_temp_path /tmp/nginx/uwsgi_temp;
+ scgi_temp_path /tmp/nginx/scgi_temp;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ # Prevent nginx HTTP Server Detection
+ server_tokens off;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+
+ upstream php-handler {
+ server {{ printf "%v-nextcloud" $fullname }}:{{ .Values.service.nextcloud.ports.nextcloud.targetPort }};
+ }
+
+ server {
+ listen {{ .Values.service.main.ports.main.port }};
+ absolute_redirect off;
+
+ {{- if .Values.nextcloud.notify_push.enabled }}
+ # Forward Notify_Push "High Performance Backend" to it's own container
+ location ^~ /push/ {
+ # The trailing "/" is important!
+ proxy_pass http://{{ printf "%v-notify" $fullname }}:{{ .Values.service.notify.ports.notify.targetPort }}/;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "Upgrade";
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+ {{- end }}
+
+ # HSTS settings
+ # WARNING: Only add the preload option once you read about
+ # the consequences in https://hstspreload.org/. This option
+ # will add the domain to a hardcoded list that is shipped
+ # in all major browsers and getting removed from this list
+ # could take several months.
+ #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+
+ # Set max upload size
+ client_max_body_size {{ .Values.nextcloud.php.upload_limit | default "512M" }};
+ fastcgi_buffers 64 4K;
+
+ # Enable gzip but do not remove ETag headers
+ gzip on;
+ gzip_vary on;
+ gzip_comp_level 4;
+ gzip_min_length 256;
+ gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+ gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+ # Pagespeed is not supported by Nextcloud, so if your server is built
+ # with the `ngx_pagespeed` module, uncomment this line to disable it.
+ #pagespeed off;
+
+ include mime.types;
+ types {
+ text/javascript js mjs;
+ }
+
+ # HTTP response headers borrowed from Nextcloud `.htaccess`
+ add_header Referrer-Policy "no-referrer" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-Download-Options "noopen" always;
+ add_header X-Frame-Options "SAMEORIGIN" always;
+ add_header X-Permitted-Cross-Domain-Policies "none" always;
+ add_header X-Robots-Tag "noindex, nofollow" always;
+ add_header X-XSS-Protection "1; mode=block" always;
+
+ # Remove X-Powered-By, which is an information leak
+ fastcgi_hide_header X-Powered-By;
+
+ # Path to the root of your installation
+ root {{ .Values.persistence.html.targetSelector.nginx.nginx.mountPath }};
+
+ # Specify how to handle directories -- specifying `/index.php$request_uri`
+ # here as the fallback means that Nginx always exhibits the desired behaviour
+ # when a client requests a path that corresponds to a directory that exists
+ # on the server. In particular, if that directory contains an index.php file,
+ # that file is correctly served; if it doesn't, then the request is passed to
+ # the front-end controller. This consistent behaviour means that we don't need
+ # to specify custom rules for certain paths (e.g. images and other assets,
+ # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
+ # `try_files $uri $uri/ /index.php$request_uri`
+ # always provides the desired behaviour.
+ index index.php index.html /index.php$request_uri;
+
+ # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
+ location = / {
+ if ( $http_user_agent ~ ^DavClnt ) {
+ return 302 /remote.php/webdav/$is_args$args;
+ }
+ }
+
+ location = /robots.txt {
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+
+ # Make a regex exception for `/.well-known` so that clients can still
+ # access it despite the existence of the regex rule
+ # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+ # for `/.well-known`.
+ location ^~ /.well-known {
+ # The rules in this block are an adaptation of the rules
+ # in `.htaccess` that concern `/.well-known`.
+
+ location = /.well-known/carddav { return 301 /remote.php/dav/; }
+ location = /.well-known/caldav { return 301 /remote.php/dav/; }
+
+ location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
+ location /.well-known/pki-validation { try_files $uri $uri/ =404; }
+
+ # Let Nextcloud's API for `/.well-known` URIs handle all other
+ # requests by passing them to the front-end controller.
+ return 301 /index.php$request_uri;
+ }
+
+ # Rules borrowed from `.htaccess` to hide certain paths from clients
+ location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
+ location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
+
+ # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+ # which handle static assets (as seen below). If this block is not declared first,
+ # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+ # to the URI, resulting in a HTTP 500 error response.
+ location ~ \.php(?:$|/) {
+ # Required for legacy support
+ rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ set $path_info $fastcgi_path_info;
+
+ try_files $fastcgi_script_name =404;
+
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO $path_info;
+ #fastcgi_param HTTPS on;
+
+ fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
+ fastcgi_param front_controller_active true; # Enable pretty urls
+ fastcgi_pass php-handler;
+
+ fastcgi_intercept_errors on;
+ fastcgi_request_buffering off;
+ proxy_send_timeout 3600s;
+ proxy_read_timeout 3600s;
+ fastcgi_send_timeout 3600s;
+ fastcgi_read_timeout 3600s;
+ }
+
+ location ~ \.(?:css|js|svg|gif)$ {
+ try_files $uri /index.php$request_uri;
+ expires 6M; # Cache-Control policy borrowed from `.htaccess`
+ access_log off; # Optional: Don't log access to assets
+ }
+
+ location ~ \.woff2?$ {
+ try_files $uri /index.php$request_uri;
+ expires 7d; # Cache-Control policy borrowed from `.htaccess`
+ access_log off; # Optional: Don't log access to assets
+ }
+
+ # Rule borrowed from `.htaccess`
+ location /remote {
+ return 301 /remote.php$request_uri;
+ }
+
+ location / {
+ try_files $uri $uri/ /index.php$request_uri;
+ }
+ }
+ }
+{{- end -}}
diff --git a/stable/nextcloud/24.0.0/templates/_cronjobs.tpl b/stable/nextcloud/24.0.0/templates/_cronjobs.tpl
new file mode 100644
index 00000000000..0fa050dba68
--- /dev/null
+++ b/stable/nextcloud/24.0.0/templates/_cronjobs.tpl
@@ -0,0 +1,34 @@
+{{- define "nextcloud.cronjobs" -}}
+{{- range $cj := .Values.cronjobs }}
+ {{- $name := $cj.name | required "Nextcloud - Expected non-empty name in cronjob" -}}
+ {{- $schedule := $cj.schedule | required "Nextcloud - Expected non-empty schedule in cronjob" }}
+
+{{ $name }}:
+ enabled: {{ $cj.enabled | quote }}
+ type: CronJob
+ schedule: {{ $schedule | quote }}
+ podSpec:
+ restartPolicy: Never
+ containers:
+ {{ $name }}:
+ enabled: true
+ primary: true
+ imageSelector: image
+ command:
+ - /bin/bash
+ - -c
+ - |
+ {{- range $cj.cmd }}
+ {{- . | nindent 12 }}
+ {{- else -}}
+ {{- fail "Nextcloud - Expected non-empty cmd in cronjob" -}}
+ {{- end }}
+ probes:
+ liveness:
+ enabled: false
+ readiness:
+ enabled: false
+ startup:
+ enabled: false
+{{- end }}
+{{- end -}}
diff --git a/stable/nextcloud/24.0.0/templates/_ingressInjector.tpl b/stable/nextcloud/24.0.0/templates/_ingressInjector.tpl
new file mode 100644
index 00000000000..37919189e21
--- /dev/null
+++ b/stable/nextcloud/24.0.0/templates/_ingressInjector.tpl
@@ -0,0 +1,24 @@
+{{- define "nextcloud.ingressInjector" -}}
+ {{- if .Values.ingress.main.enabled -}}
+ {{- $injectPaths := list -}}
+ {{- if .Values.nextcloud.collabora.enabled -}}
+ {{- $injectPaths = mustAppend $injectPaths (include "nextcloud.collabora.ingress" $ | fromYaml) -}}
+ {{- end -}}
+ {{/* Append more paths here if needed */}}
+
+ {{- range $host := .Values.ingress.main.hosts -}}
+ {{- $paths := $host.paths -}}
+ {{- $paths = concat $paths $injectPaths -}}
+ {{- $_ := set $host "paths" $paths -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{- define "nextcloud.collabora.ingress" -}}
+{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" . }}
+path: /collabora/
+pathType: Prefix
+service:
+ name: {{ printf "%v-collabora" $fullname }}
+ port: {{ .Values.service.collabora.ports.collabora.port }}
+{{- end -}}
diff --git a/stable/nextcloud/24.0.0/templates/_initPerms.tpl b/stable/nextcloud/24.0.0/templates/_initPerms.tpl
new file mode 100644
index 00000000000..ed94790ad93
--- /dev/null
+++ b/stable/nextcloud/24.0.0/templates/_initPerms.tpl
@@ -0,0 +1,29 @@
+{{- define "nextcloud.init.perms" -}}
+{{- $uid := .Values.securityContext.container.runAsUser -}}
+{{- $gid := .Values.securityContext.container.runAsGroup -}}
+{{- $path := .Values.persistence.data.targetSelector.main.main.mountPath }}
+enabled: true
+type: install
+imageSelector: alpineImage
+securityContext:
+ runAsUser: 0
+ runAsGroup: 0
+ runAsNonRoot: false
+ capabilities:
+ disableS6Caps: true
+ add:
+ - DAC_OVERRIDE
+ - FOWNER
+ - CHOWN
+command: /bin/sh
+args:
+ - -c
+ - |
+ echo "Setting permissions to 700 on data directory [{{ $path }}] ..."
+ chmod 770 {{ $path }} | echo "Failed to set permissions on data directory [{{ $path }}]"
+
+ echo "Setting ownership to {{ $uid }}:{{ $gid }} on data directory [{{ $path }}] ..."
+ chown {{ $uid }}:{{ $gid }} {{ $path }} | echo "Failed to set ownership on data directory [{{ $path }}]"
+
+ echo "Finished."
+{{- end -}}
diff --git a/stable/nextcloud/24.0.0/templates/_validation.tpl b/stable/nextcloud/24.0.0/templates/_validation.tpl
new file mode 100644
index 00000000000..5650c0f63fe
--- /dev/null
+++ b/stable/nextcloud/24.0.0/templates/_validation.tpl
@@ -0,0 +1,42 @@
+{{- define "nextcloud.validation" -}}
+
+ {{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.memory_limit) -}}
+ {{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.memory_limit) -}}
+ {{- end -}}
+
+ {{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.upload_limit) -}}
+ {{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.upload_limit) -}}
+ {{- end -}}
+
+ {{- if not (deepEqual .Values.nextcloud.previews.providers (uniq .Values.nextcloud.previews.providers)) -}}
+ {{- fail (printf "Nextcloud - Expected preview providers to be unique but got [%v]" .Values.nextcloud.previews.providers) -}}
+ {{- end -}}
+
+ {{- if and .Values.nextcloud.collabora.enabled .Values.nextcloud.onlyoffice.enabled -}}
+ {{- fail "Nextcloud - Expected only one of [Collabora, OnlyOffice] to be enabled" -}}
+ {{- end -}}
+
+ {{- if contains "$" .Values.nextcloud.collabora.password -}}
+ {{- fail "Nextcloud - Collabora [Password] cannot contain [$]" -}}
+ {{- end -}}
+
+ {{- if .Values.nextcloud.collabora.enabled -}}
+ {{- if lt (len .Values.nextcloud.collabora.password) 8 -}}
+ {{- fail "Nextcloud - Collabora [Password] must be at least 8 characters" -}}
+ {{- end -}}
+
+ {{- $collaboraUIModes := (list "default" "compact" "tabbed") -}}
+ {{- if not (mustHas .Values.nextcloud.collabora.interface_mode $collaboraUIModes) -}}
+ {{- fail (printf "Nextcloud - Expected [Interface Mode] in Collabora to be one of [%v], but got [%v]" (join "," $collaboraUIModes) .Values.nextcloud.collabora.interface_mode) -}}
+ {{- end -}}
+
+ {{- if not .Values.nextcloud.collabora.dictionaries -}}
+ {{- fail "Nextcloud - Expected non-empty Collabora [Dictionaries]" -}}
+ {{- end -}}
+
+ {{- if not (deepEqual .Values.nextcloud.collabora.dictionaries (uniq .Values.nextcloud.collabora.dictionaries)) -}}
+ {{- fail "Nextcloud - Collabora [Dictionaries] must be unique" -}}
+ {{- end -}}
+ {{- end -}}
+
+{{- end -}}
diff --git a/stable/nextcloud/24.0.0/templates/_waitNextcloud.tpl b/stable/nextcloud/24.0.0/templates/_waitNextcloud.tpl
new file mode 100644
index 00000000000..24946d640e8
--- /dev/null
+++ b/stable/nextcloud/24.0.0/templates/_waitNextcloud.tpl
@@ -0,0 +1,25 @@
+{{- define "nextcloud.wait.nextcloud" -}}
+{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
+{{- $ncURL := printf "%v-nextcloud:%v" $fullname .Values.service.nextcloud.ports.nextcloud.targetPort }}
+enabled: true
+type: init
+imageSelector: image
+securityContext:
+command: /bin/sh
+args:
+ - -c
+ - |
+ echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..."
+ until \
+ REQUEST_METHOD="GET" \
+ SCRIPT_NAME="status.php" \
+ SCRIPT_FILENAME="status.php" \
+ cgi-fcgi -bind -connect "{{ $ncURL }}" | grep -q '"installed":true';
+ do
+ echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..."
+ sleep 3
+ done
+
+ echo "Nextcloud is ready and installed..."
+ echo "Starting Nginx..."
+{{- end -}}
diff --git a/stable/nextcloud/24.0.0/templates/common.yaml b/stable/nextcloud/24.0.0/templates/common.yaml
new file mode 100644
index 00000000000..1eeaf033ebe
--- /dev/null
+++ b/stable/nextcloud/24.0.0/templates/common.yaml
@@ -0,0 +1,80 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . -}}
+
+{{- include "nextcloud.validation" $ -}}
+
+{{/* Render configmaps for all pods */}}
+{{- $configmaps := include "nextcloud.configmaps" . | fromYaml -}}
+{{- if $configmaps -}}
+ {{- $_ := mustMergeOverwrite .Values.configmap $configmaps -}}
+{{- end -}}
+
+{{/* Create hostAliases (resolve ingress host to Node/LB IP) */}}
+{{- $hostAlias := (list (dict
+ "ip" .Values.nextcloud.general.accessIP
+ "hostnames" (
+ list (include "nextcloud.accesshost" $)
+ )
+ )) -}}
+
+{{/* Add [hostAliases] to nextcloud and collabora pod */}}
+{{- $_ := set .Values.workload.main.podSpec "hostAliases" $hostAlias -}}
+{{- $_ := set .Values.workload.collabora.podSpec "hostAliases" $hostAlias -}}
+
+{{/* Add [init perms] container to nextcloud */}}
+{{- if not (get .Values.workload.main.podSpec "initContainers") -}}
+ {{- $_ := set .Values.workload.main.podSpec "initContainers" dict -}}
+{{- end -}}
+
+{{- $initPerms := (include "nextcloud.init.perms" . | fromYaml) -}}
+{{- $_ := set .Values.workload.main.podSpec.initContainers "init-perms" $initPerms -}}
+
+{{/* Add [wait nextcloud] container to nginx */}}
+{{- if not (get .Values.workload.nginx.podSpec "initContainers") -}}
+ {{- $_ := set .Values.workload.nginx.podSpec "initContainers" dict -}}
+{{- end -}}
+{{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}}
+{{- $_ := set .Values.workload.nginx.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}}
+
+{{/* Disable [notify push] if requested */}}
+{{- if not .Values.nextcloud.notify_push.enabled -}}
+ {{- $_ := set .Values.workload.notify "enabled" false -}}
+ {{- $_ := set .Values.service.notify "enabled" false -}}
+{{- else -}}
+ {{/* Add [wait nextcloud] container to notify push */}}
+ {{- if not (get .Values.workload.notify.podSpec "initContainers") -}}
+ {{- $_ := set .Values.workload.notify.podSpec "initContainers" dict -}}
+ {{- end -}}
+ {{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}}
+ {{- $_ := set .Values.workload.notify.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}}
+{{- end -}}
+
+{{/* Disable [clamav] if requested */}}
+{{- if not .Values.nextcloud.clamav.enabled -}}
+ {{- $_ := set .Values.workload.clamav "enabled" false -}}
+ {{- $_ := set .Values.service.clamav "enabled" false -}}
+{{- end -}}
+
+{{/* Disable [previews] if requested */}}
+{{- if or (not .Values.nextcloud.previews.imaginary) (not .Values.nextcloud.previews.enabled) -}}
+ {{- $_ := set .Values.workload.imaginary "enabled" false -}}
+ {{- $_ := set .Values.service.imaginary "enabled" false -}}
+{{- end -}}
+
+{{/* Disable [collabora] if requested */}}
+{{- if not .Values.nextcloud.collabora.enabled -}}
+ {{- $_ := set .Values.workload.collabora "enabled" false -}}
+ {{- $_ := set .Values.service.collabora "enabled" false -}}
+{{- end -}}
+
+{{/* Create [cronjobs] defined */}}
+{{- $cronjobs := include "nextcloud.cronjobs" . | fromYaml -}}
+{{- if $cronjobs -}}
+ {{- $_ := mustMergeOverwrite .Values.workload $cronjobs -}}
+{{- end -}}
+
+{{/* TODO: Do we have to cleanup when something (eg Collabora) is disabled? */}}
+{{- include "nextcloud.ingressInjector" $ -}}
+
+{{/* Render the templates */}}
+{{- include "tc.v1.common.loader.apply" . -}}
diff --git a/stable/nextcloud/24.0.0/values.yaml b/stable/nextcloud/24.0.0/values.yaml
new file mode 100644
index 00000000000..e69de29bb2d