groups: - name: Container Image description: Image to be used for container - name: General Settings description: General Deployment Settings - name: App Configuration description: App Specific Config Options - name: Networking and Services description: Configure Network and Services for Container - name: Storage and Persistence description: Persist and Share Data that is Separate from the Container - name: Ingress description: Ingress Configuration - name: Security and Permissions description: Configure Security Context and Permissions - name: Resources and Devices description: "Specify Resources/Devices to be Allocated to Workload" - name: Middlewares description: Traefik Middlewares - name: Metrics description: Metrics - name: VPN description: VPN - name: Addons description: Addon Configuration - name: Advanced description: Advanced Configuration - name: Documentation description: Documentation portals: open: protocols: - "$kubernetes-resource_configmap_portal_protocol" host: - "$kubernetes-resource_configmap_portal_host" ports: - "$kubernetes-resource_configmap_portal_port" questions: - variable: global label: Global Settings group: "General Settings" schema: type: dict hidden: true attrs: - variable: isSCALE label: Flag this is SCALE schema: type: boolean default: true hidden: true - variable: controller group: "General Settings" label: "" schema: additional_attrs: true type: dict attrs: - variable: replicas description: Number of desired pod replicas label: Desired Replicas schema: type: int required: true default: 1 - variable: customextraargs group: "General Settings" label: "Extra Args" description: "Do not click this unless you know what you are doing" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: extraArgs label: Extra Args schema: type: list default: [] items: - variable: arg label: Arg schema: type: string - variable: TZ label: Timezone group: "General Settings" schema: type: string default: "Etc/UTC" $ref: - "definitions/timezone" - variable: envList label: Extra Environment Variables description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." group: "General Settings" schema: type: list default: [] items: - variable: envItem label: Environment Variable schema: additional_attrs: true type: dict attrs: - variable: name label: Name schema: type: string - variable: value label: Value schema: type: string - variable: domain group: "App Configuration" label: "Domain" description: "The highest domain level possible, for example: domain.com when using app.domain.com" schema: type: string default: "" required: true - variable: default_redirection_url group: "App Configuration" label: "Default Redirection Url" description: "If user tries to authenticate without any referer, this is used" schema: type: string default: "" - variable: theme group: "App Configuration" label: "Theme" schema: type: string default: "auto" enum: - value: "auto" description: "auto" - value: "light" description: "light" - value: "grey" description: "grey" - value: "dark" description: "dark" - variable: log group: "App Configuration" label: "Log Configuration " schema: additional_attrs: true type: dict attrs: - variable: level label: "Log Level" schema: type: string default: "info" enum: - value: "info" description: "info" - value: "debug" description: "debug" - value: "trace" description: "trace" - variable: format label: "Log Format" schema: type: string default: "text" enum: - value: "json" description: "json" - value: "text" description: "text" - variable: totp group: "App Configuration" label: "TOTP Configuration" schema: additional_attrs: true type: dict attrs: - variable: issuer label: "Issuer" description: "The issuer name displayed in the Authenticator application of your choice" schema: type: string default: "" - variable: period label: "Period" description: "The period in seconds a one-time password is current for" schema: type: int default: 30 - variable: skew label: "skew" description: "Controls number of one-time passwords either side of the current one that are valid." schema: type: int default: 1 - variable: duo_api group: "App Configuration" label: "DUO API Configuration" description: "Parameters used to contact the Duo API." schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: hostname label: "Hostname" schema: type: string required: true default: "" - variable: integration_key label: "integration_key" schema: type: string default: "" required: true - variable: plain_api_key label: "plain_api_key" schema: type: string default: "" required: true - variable: session group: "App Configuration" label: "Session Provider" description: "The session cookies identify the user once logged in." schema: additional_attrs: true type: dict attrs: - variable: name label: "Cookie Name" description: "The name of the session cookie." schema: type: string required: true default: "authelia_session" - variable: same_site label: "SameSite Value" description: "Sets the Cookie SameSite value" schema: type: string default: "lax" enum: - value: "lax" description: "lax" - value: "strict" description: "strict" - variable: expiration label: "Expiration Time" description: "The time in seconds before the cookie expires and session is reset." schema: type: string default: "1h" required: true - variable: inactivity label: "Inactivity Time" description: "The inactivity time in seconds before the session is reset." schema: type: string default: "5m" required: true - variable: inactivity label: "Remember-Me duration" description: "The remember me duration" schema: type: string default: "5M" required: true - variable: regulation group: "App Configuration" label: "Regulation Configuration" description: "his mechanism prevents attackers from brute forcing the first factor." schema: additional_attrs: true type: dict attrs: - variable: max_retries label: "Maximum Retries" description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation." schema: type: int default: 3 - variable: find_time label: "Find Time" description: "The time range during which the user can attempt login before being banned." schema: type: string default: "2m" required: true - variable: ban_time label: "Ban Duration" description: "The length of time before a banned user can login again" schema: type: string default: "5m" required: true - variable: authentication_backend group: "App Configuration" label: "Authentication Backend Provider" description: "sed for verifying user passwords and retrieve information such as email address and groups users belong to." schema: additional_attrs: true type: dict attrs: - variable: disable_reset_password label: "Disable Reset Password" description: "Disable both the HTML element and the API for reset password functionality" schema: type: boolean default: false - variable: refresh_interval label: "Reset Interval" description: "The amount of time to wait before we refresh data from the authentication backend" schema: type: string default: "5m" required: true - variable: ldap label: "LDAP backend configuration" description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: implementation label: "Implementation" description: "The LDAP implementation, this affects elements like the attribute utilised for resetting a password" schema: type: string default: "custom" enum: - value: "activedirectory" description: "activedirectory" - value: "custom" description: "custom" - variable: url label: "URL" description: "The url to the ldap server. Format: ://
[:]" schema: type: string default: "ldap://openldap.default.svc.cluster.local" required: true - variable: timeout label: "Connection Timeout" schema: type: string default: "5s" required: true - variable: start_tls label: "Start TLS" description: "Use StartTLS with the LDAP connection" schema: type: boolean default: false - variable: tls label: "TLS Settings" schema: additional_attrs: true type: dict attrs: - variable: server_name label: "Server Name" description: "Server Name for certificate validation (in case it's not set correctly in the URL)." schema: type: string default: "" - variable: skip_verify label: "Skip Certificate Verification" description: "Skip verifying the server certificate (to allow a self-signed certificate)" schema: type: boolean default: false - variable: minimum_version label: "Minimum TLS version" description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS." schema: type: string default: "TLS1.2" enum: - value: "TLS1.0" description: "TLS1.0" - value: "TLS1.1" description: "TLS1.1" - value: "TLS1.2" description: "TLS1.2" - value: "TLS1.3" description: "TLS1.3" - variable: base_dn label: "Base DN" description: "The base dn for every LDAP query." schema: type: string default: "DC=example,DC=com" required: true - variable: username_attribute label: "Username Attribute" description: "The attribute holding the username of the user" schema: type: string default: "" required: true - variable: additional_users_dn label: "Additional Users DN" description: "An additional dn to define the scope to all users." schema: type: string default: "OU=Users" required: true - variable: users_filter label: "Users Filter" description: "The groups filter used in search queries to find the groups of the user." schema: type: string default: "" required: true - variable: additional_groups_dn label: "Additional Groups DN" description: "An additional dn to define the scope of groups." schema: type: string default: "OU=Groups" required: true - variable: groups_filter label: "Groups Filter" description: "The groups filter used in search queries to find the groups of the user." schema: type: string default: "" required: true - variable: group_name_attribute label: "Group name Attribute" description: "The attribute holding the name of the group" schema: type: string default: "" required: true - variable: mail_attribute label: "Mail Attribute" description: "The attribute holding the primary mail address of the user" schema: type: string default: "" required: true - variable: display_name_attribute label: "Display Name Attribute" description: "he attribute holding the display name of the user. This will be used to greet an authenticated user." schema: type: string default: "" - variable: user label: "Admin User" description: "The username of the admin user used to connect to LDAP." schema: type: string default: "CN=Authelia,DC=example,DC=com" required: true - variable: plain_password label: "Password" schema: type: string default: "" required: true - variable: file label: "File backend configuration" description: "With this backend, the users database is stored in a file which is updated when users reset their passwords." schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: path label: "Path" schema: type: string default: "/config/users_database.yml" required: true - variable: password label: "Password Settings" schema: additional_attrs: true type: dict attrs: - variable: algorithm label: "Algorithm" schema: type: string default: "argon2id" enum: - value: "argon2id" description: "argon2id" - value: "sha512" description: "sha512" - variable: iterations label: "Iterations" schema: type: int default: 1 required: true - variable: key_length label: "Key Length" schema: type: int default: 32 required: true - variable: salt_length label: "Salt Length" schema: type: int default: 16 required: true - variable: memory label: "Memory" schema: type: int default: 1024 required: true - variable: parallelism label: "Parallelism" schema: type: int default: 8 required: true - variable: notifier group: "App Configuration" label: "Notifier Configuration" description: "otifications are sent to users when they require a password reset, a u2f registration or a TOTP registration." schema: additional_attrs: true type: dict attrs: - variable: disable_startup_check label: "Disable Startup Check" schema: type: boolean default: false - variable: filesystem label: "Filesystem Provider" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: filename label: "File Path" schema: type: string default: "/config/notification.txt" required: true - variable: smtp label: "SMTP Provider" description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate." schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable" schema: type: boolean default: true show_subquestions_if: true subquestions: - variable: host label: "Host" schema: type: string default: "smtp.mail.svc.cluster.local" required: true - variable: port label: "Port" schema: type: int default: 25 required: true - variable: timeout label: "Timeout" schema: type: string default: "5s" required: true - variable: username label: "Username" schema: type: string default: "" required: true - variable: plain_password label: "Password" schema: type: string default: "" required: true - variable: sender label: "Sender" schema: type: string default: "" required: true - variable: identifier label: "Identifier" description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost." schema: type: string default: "localhost" required: true - variable: subject label: "Subject" description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier" schema: type: string default: "[Authelia] {title}" required: true - variable: startup_check_address label: "Startup Check Address" description: "This address is used during the startup check to verify the email configuration is correct." schema: type: string default: "test@authelia.com" required: true - variable: disable_require_tls label: "Disable Require TLS" schema: type: boolean default: false - variable: disable_html_emails label: "Disable HTML emails" schema: type: boolean default: false - variable: tls label: "TLS Settings" schema: additional_attrs: true type: dict attrs: - variable: server_name label: "Server Name" description: "Server Name for certificate validation (in case it's not set correctly in the URL)." schema: type: string default: "" - variable: skip_verify label: "Skip Certificate Verification" description: "Skip verifying the server certificate (to allow a self-signed certificate)" schema: type: boolean default: false - variable: minimum_version label: "Minimum TLS version" description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS." schema: type: string default: "TLS1.2" enum: - value: "TLS1.0" description: "TLS1.0" - value: "TLS1.1" description: "TLS1.1" - value: "TLS1.2" description: "TLS1.2" - value: "TLS1.3" description: "TLS1.3" - variable: access_control group: "App Configuration" label: "Access Control Configuration" description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users." schema: additional_attrs: true type: dict attrs: - variable: default_policy label: "Default Policy" description: "Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'." schema: type: string default: "two_factor" enum: - value: "bypass" description: "bypass" - value: "one_factor" description: "one_factor" - value: "two_factor" description: "two_factor" - value: "deny" description: "deny" - variable: networks label: "Networks" schema: type: list default: [] items: - variable: networkItem label: "Network Item" schema: additional_attrs: true type: dict attrs: - variable: name label: "Name" schema: type: string default: "" required: true - variable: networks label: "Networks" schema: type: list default: [] items: - variable: network label: "network" schema: type: string default: "" required: true - variable: rules label: "Rules" schema: type: list default: [] items: - variable: rulesItem label: "Rule" schema: additional_attrs: true type: dict attrs: - variable: domain label: "Domains" description: "defines which domain or set of domains the rule applies to." schema: type: list default: [] items: - variable: domainEntry label: "Domain" schema: type: string default: "" required: true - variable: policy label: "Policy" description: "The policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'." schema: type: string default: "two_factor" enum: - value: "bypass" description: "bypass" - value: "one_factor" description: "one_factor" - value: "two_factor" description: "two_factor" - value: "deny" description: "deny" - variable: subject label: "Subject" description: "defines the subject to apply authorizations to. This parameter is optional and matching any user if not provided" schema: type: list default: [] items: - variable: subjectitem label: "Subject" schema: type: string default: "" required: true - variable: networks label: "Networks" schema: type: list default: [] items: - variable: network label: "Network" schema: type: string default: "" required: true - variable: resources label: "Resources" description: "is a list of regular expressions that matches a set of resources to apply the policy to" schema: type: list default: [] items: - variable: resource label: "Resource" schema: type: string default: "" required: true - variable: service group: Networking and Services label: Configure Service(s) schema: additional_attrs: true type: dict attrs: - variable: main label: "Main Service" description: "The Primary service on which the healthcheck runs, often the webUI" schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enable the Service schema: type: boolean default: true hidden: true - variable: type label: Service Type description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" schema: type: string default: LoadBalancer enum: - value: LoadBalancer description: LoadBalancer (Expose Ports) - value: ClusterIP description: ClusterIP (Do Not Expose Ports) - value: Simple description: Deprecated CHANGE THIS - variable: loadBalancerIP label: LoadBalancer IP description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" schema: show_if: [["type", "=", "LoadBalancer"]] type: string default: "" - variable: ports label: "Service's Port(s) Configuration" schema: additional_attrs: true type: dict attrs: - variable: main label: "Main Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 9091 required: true - variable: serviceexpert group: Networking and Services label: Show Expert Config schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: hostNetwork group: Networking and Services label: Host-Networking (Complicated) schema: type: boolean default: false - variable: externalInterfaces description: Add External Interfaces label: Add external Interfaces group: Networking schema: type: list items: - variable: interfaceConfiguration description: Interface Configuration label: Interface Configuration schema: type: dict $ref: - "normalize/interfaceConfiguration" attrs: - variable: hostInterface description: Please Specify Host Interface label: Host Interface schema: type: string required: true $ref: - "definitions/interface" - variable: ipam description: Define how IP Address will be managed label: IP Address Management schema: type: dict required: true attrs: - variable: type description: Specify type for IPAM label: IPAM Type schema: type: string required: true enum: - value: dhcp description: Use DHCP - value: static description: Use Static IP show_subquestions_if: static subquestions: - variable: staticIPConfigurations label: Static IP Addresses schema: type: list items: - variable: staticIP label: Static IP schema: type: ipaddr cidr: true - variable: staticRoutes label: Static Routes schema: type: list items: - variable: staticRouteConfiguration label: Static Route Configuration schema: additional_attrs: true type: dict attrs: - variable: destination label: Destination schema: type: ipaddr cidr: true required: true - variable: gateway label: Gateway schema: type: ipaddr cidr: false required: true - variable: serviceList label: Add Manual Custom Services group: Networking and Services schema: type: list default: [] items: - variable: serviceListEntry label: Custom Service schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enable the service schema: type: boolean default: true hidden: true - variable: name label: Name schema: type: string default: "" - variable: type label: Service Type description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" schema: type: string default: LoadBalancer enum: - value: LoadBalancer description: LoadBalancer (Expose Ports) - value: ClusterIP description: ClusterIP (Do Not Expose Ports) - value: Simple description: Deprecated CHANGE THIS - variable: loadBalancerIP label: LoadBalancer IP description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" schema: show_if: [["type", "=", "LoadBalancer"]] type: string default: "" - variable: advancedsvcset label: Show Advanced Service Settings schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: externalIPs label: "External IP's" description: "External IP's" schema: type: list default: [] items: - variable: externalIP label: External IP schema: type: string - variable: ipFamilyPolicy label: IP Family Policy description: Specify the IP Policy schema: type: string default: SingleStack enum: - value: SingleStack description: SingleStack - value: PreferDualStack description: PreferDualStack - value: RequireDualStack description: RequireDualStack - variable: ipFamilies label: IP Families description: (Advanced) The IP Families that should be used schema: type: list default: [] items: - variable: ipFamily label: IP Family schema: type: string - variable: portsList label: Additional Service Ports schema: type: list default: [] items: - variable: portsListEntry label: Custom ports schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enable the Port schema: type: boolean default: true hidden: true - variable: name label: Port Name schema: type: string default: "" - variable: protocol label: Port Type schema: type: string default: TCP enum: - value: HTTP description: HTTP - value: HTTPS description: HTTPS - value: TCP description: TCP - value: UDP description: UDP - variable: targetPort label: Target Port description: This port exposes the container port on the service schema: type: int required: true - variable: port label: Container Port schema: type: int required: true - variable: persistence label: Integrated Persistent Storage description: Integrated Persistent Storage group: Storage and Persistence schema: additional_attrs: true type: dict attrs: - variable: config label: "App Config Storage" description: "Stores the Application Configuration." schema: additional_attrs: true type: dict attrs: - variable: type label: Type of Storage description: Sets the persistence type, Anything other than PVC could break rollback! schema: type: string default: pvc enum: - value: pvc description: PVC - value: hostPath description: Host Path - value: emptyDir description: emptyDir - value: nfs description: NFS Share - variable: server label: NFS Server schema: show_if: [["type", "=", "nfs"]] type: string default: "" - variable: path label: Path on NFS Server schema: show_if: [["type", "=", "nfs"]] type: string default: "" - variable: setPermissions label: Automatic Permissions description: Automatically set permissions on install schema: show_if: [["type", "=", "hostPath"]] type: boolean default: false - variable: readOnly label: Read Only schema: type: boolean default: false - variable: hostPath label: Host Path description: Path inside the container the storage is mounted schema: show_if: [["type", "=", "hostPath"]] type: hostpath - variable: medium label: EmptyDir Medium schema: show_if: [["type", "=", "emptyDir"]] type: string default: "" enum: - value: "" description: Default - value: Memory description: Memory - variable: size label: Size quotum of Storage (Do NOT REDUCE after installation) description: This value can ONLY be INCREASED after the installation schema: show_if: [["type", "=", "pvc"]] type: string default: 256Gi - variable: persistenceList label: Additional App Storage group: Storage and Persistence schema: type: list default: [] items: - variable: persistenceListEntry label: Custom Storage schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enable the storage schema: type: boolean default: true hidden: true - variable: type label: Type of Storage description: Sets the persistence type, Anything other than PVC could break rollback! schema: type: string default: hostPath enum: - value: pvc description: PVC - value: hostPath description: Host Path - value: emptyDir description: emptyDir - value: nfs description: NFS Share - variable: server label: NFS Server schema: show_if: [["type", "=", "nfs"]] type: string default: "" - variable: path label: Path on NFS Server schema: show_if: [["type", "=", "nfs"]] type: string default: "" - variable: setPermissions label: Automatic Permissions description: Automatically set permissions on install schema: show_if: [["type", "=", "hostPath"]] type: boolean default: false - variable: readOnly label: Read Only schema: type: boolean default: false - variable: hostPath label: Host Path description: Path inside the container the storage is mounted schema: show_if: [["type", "=", "hostPath"]] type: hostpath - variable: mountPath label: Mount Path description: Path inside the container the storage is mounted schema: type: string default: "" required: true valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' - variable: medium label: EmptyDir Medium schema: show_if: [["type", "=", "emptyDir"]] type: string default: "" enum: - value: "" description: Default - value: Memory description: Memory - variable: size label: Size Quotum of Storage schema: show_if: [["type", "=", "pvc"]] type: string default: 256Gi - variable: ingress label: "" group: Ingress schema: additional_attrs: true type: dict attrs: - variable: main label: "Main Ingress" schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enable Ingress schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: hosts label: Hosts schema: type: list default: [] items: - variable: hostEntry label: Host schema: additional_attrs: true type: dict attrs: - variable: host label: HostName schema: type: string default: "" required: true - variable: paths label: Paths schema: type: list default: [] items: - variable: pathEntry label: Host schema: additional_attrs: true type: dict attrs: - variable: path label: Path schema: type: string required: true default: "/" - variable: pathType label: Path Type schema: type: string required: true default: Prefix - variable: tls label: TLS-Settings schema: type: list default: [] items: - variable: tlsEntry label: Host schema: additional_attrs: true type: dict attrs: - variable: hosts label: Certificate Hosts schema: type: list default: [] items: - variable: host label: Host schema: type: string default: "" required: true - variable: scaleCert label: Select TrueNAS SCALE Certificate schema: type: int $ref: - "definitions/certificate" - variable: entrypoint label: (Advanced) Traefik Entrypoint description: Entrypoint used by Traefik when using Traefik as Ingress Provider schema: type: string default: websecure required: true - variable: ingressClassName label: (Advanced/Optional) IngressClass Name schema: type: string default: "" - variable: middlewares label: Traefik Middlewares description: Add previously created Traefik Middlewares to this Ingress schema: type: list default: [] items: - variable: name label: Name schema: type: string default: "" required: true - variable: ingressList label: Add Manual Custom Ingresses group: Ingress schema: type: list default: [] items: - variable: ingressListEntry label: Custom Ingress schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enable Ingress schema: type: boolean default: true hidden: true - variable: name label: Name schema: type: string default: "" - variable: ingressClassName label: IngressClass Name schema: type: string default: "" - variable: hosts label: Hosts schema: type: list default: [] items: - variable: hostEntry label: Host schema: additional_attrs: true type: dict attrs: - variable: host label: HostName schema: type: string default: "" required: true - variable: paths label: Paths schema: type: list default: [] items: - variable: pathEntry label: Host schema: additional_attrs: true type: dict attrs: - variable: path label: Path schema: type: string required: true default: "/" - variable: pathType label: Path Type schema: type: string required: true default: Prefix - variable: service label: Linked Service schema: additional_attrs: true type: dict attrs: - variable: name label: Service Name schema: type: string default: "" - variable: port label: Service Port schema: type: int - variable: tls label: TLS-Settings schema: type: list default: [] items: - variable: tlsEntry label: Host schema: additional_attrs: true type: dict attrs: - variable: hosts label: Certificate Hosts schema: type: list default: [] items: - variable: host label: Host schema: type: string default: "" required: true - variable: scaleCert label: Select TrueNAS SCALE Certificate schema: type: int $ref: - "definitions/certificate" - variable: entrypoint label: Traefik Entrypoint description: Entrypoint used by Traefik when using Traefik as Ingress Provider schema: type: string default: websecure required: true - variable: middlewares label: Traefik Middlewares description: Add previously created Traefik Middlewares to this Ingress schema: type: list default: [] items: - variable: name label: Name schema: type: string default: "" required: true - variable: security label: Container Security Settings group: Security and Permissions schema: type: dict additional_attrs: true attrs: - variable: editsecurity label: Change PUID / UMASK values description: By enabling this you override default set values. schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: PUID label: Process User ID - PUID description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps schema: type: int default: 568 - variable: UMASK label: UMASK description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps schema: type: string default: "002" - variable: advancedSecurity label: Show Advanced Security Settings group: Security and Permissions schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: securityContext label: Security Context schema: additional_attrs: true type: dict attrs: - variable: privileged label: "Privileged mode" schema: type: boolean default: false - variable: readOnlyRootFilesystem label: "ReadOnly Root Filesystem" schema: type: boolean default: true - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: type: boolean default: false - variable: runAsNonRoot label: "runAsNonRoot" schema: type: boolean default: true - variable: podSecurityContext group: Security and Permissions label: Pod Security Context schema: additional_attrs: true type: dict attrs: - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 568 - variable: runAsGroup label: "runAsGroup" description: "The groupID this App of the user running the application" schema: type: int default: 568 - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage." schema: type: int default: 568 - variable: fsGroupChangePolicy label: "When should we take ownership?" schema: type: string default: OnRootMismatch enum: - value: OnRootMismatch description: OnRootMismatch - value: Always description: Always - variable: supplementalGroups label: Supplemental Groups schema: type: list default: [] items: - variable: supplementalGroupsEntry label: Supplemental Group schema: type: int - variable: resources group: Resources and Devices label: "Resource Limits" schema: additional_attrs: true type: dict attrs: - variable: limits label: Advanced Limit Resource Consumption schema: additional_attrs: true type: dict attrs: - variable: cpu label: CPU description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" schema: type: string default: 4000m valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' - variable: memory label: RAM description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" schema: type: string default: 8Gi valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' - variable: requests label: "Minimum Resources Required (request)" schema: additional_attrs: true type: dict hidden: true attrs: - variable: cpu label: CPU description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" schema: type: string default: 10m hidden: true valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' - variable: memory label: "RAM" description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" schema: type: string default: 50Mi hidden: true valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' - variable: deviceList label: Mount USB Devices group: Resources and Devices schema: type: list default: [] items: - variable: deviceListEntry label: Device schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enable the Storage schema: type: boolean default: true - variable: type label: (Advanced) Type of Storage description: Sets the persistence type schema: type: string default: hostPath hidden: true - variable: readOnly label: readOnly schema: type: boolean default: false - variable: hostPath label: Host Device Path description: Path to the device on the host system schema: type: path - variable: mountPath label: Container Device Path description: Path inside the container the device is mounted schema: type: string default: "/dev/ttyACM0" # Specify GPU configuration - variable: scaleGPU label: GPU Configuration group: Resources and Devices schema: type: dict $ref: - "definitions/gpuConfiguration" attrs: [] - variable: horizontalPodAutoscaler group: Advanced label: (Advanced) Horizontal Pod Autoscaler schema: type: list default: [] items: - variable: hpaEntry label: HPA Entry schema: additional_attrs: true type: dict attrs: - variable: name label: Name schema: type: string required: true default: "" - variable: enabled label: Enabled schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: target label: Target description: Deployment name, Defaults to Main Deployment schema: type: string default: "" - variable: minReplicas label: Minimum Replicas schema: type: int default: 1 - variable: maxReplicas label: Maximum Replicas schema: type: int default: 5 - variable: targetCPUUtilizationPercentage label: Target CPU Utilization Percentage schema: type: int default: 80 - variable: targetMemoryUtilizationPercentage label: Target Memory Utilization Percentage schema: type: int default: 80 - variable: networkPolicy group: Advanced label: (Advanced) Network Policy schema: type: list default: [] items: - variable: netPolicyEntry label: Network Policy Entry schema: additional_attrs: true type: dict attrs: - variable: name label: Name schema: type: string required: true default: "" - variable: enabled label: Enabled schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: policyType label: Policy Type schema: type: string default: "" enum: - value: "" description: Default - value: ingress description: Ingress - value: egress description: Egress - value: ingress-egress description: Ingress and Egress - variable: egress label: Egress schema: type: list default: [] items: - variable: egressEntry label: "" schema: additional_attrs: true type: dict attrs: - variable: to label: To schema: type: list default: [] items: - variable: toEntry label: "" schema: additional_attrs: true type: dict attrs: - variable: ipBlock label: IP Block schema: additional_attrs: true type: dict attrs: - variable: cidr label: CIDR schema: type: string default: "" - variable: except label: Except schema: type: list default: [] items: - variable: exceptint label: "" schema: type: string - variable: namespaceSelector label: Namespace Selector schema: additional_attrs: true type: dict attrs: - variable: matchExpressions label: Match Expressions schema: type: list default: [] items: - variable: expressionEntry label: "" schema: additional_attrs: true type: dict attrs: - variable: key label: Key schema: type: string - variable: operator label: Operator schema: type: string default: TCP enum: - value: In description: In - value: NotIn description: NotIn - value: Exists description: Exists - value: DoesNotExist description: DoesNotExist - variable: values label: Values schema: type: list default: [] items: - variable: value label: "" schema: type: string - variable: podSelector label: "" schema: additional_attrs: true type: dict attrs: - variable: matchExpressions label: Match Expressions schema: type: list default: [] items: - variable: expressionEntry label: "" schema: additional_attrs: true type: dict attrs: - variable: key label: Key schema: type: string - variable: operator label: Operator schema: type: string default: TCP enum: - value: In description: In - value: NotIn description: NotIn - value: Exists description: Exists - value: DoesNotExist description: DoesNotExist - variable: values label: Values schema: type: list default: [] items: - variable: value label: "" schema: type: string - variable: ports label: Ports schema: type: list default: [] items: - variable: portsEntry label: "" schema: additional_attrs: true type: dict attrs: - variable: port label: Port schema: type: int - variable: endPort label: End Port schema: type: int - variable: protocol label: Protocol schema: type: string default: TCP enum: - value: TCP description: TCP - value: UDP description: UDP - value: SCTP description: SCTP - variable: ingress label: Ingress schema: type: list default: [] items: - variable: ingressEntry label: "" schema: additional_attrs: true type: dict attrs: - variable: from label: From schema: type: list default: [] items: - variable: fromEntry label: "" schema: additional_attrs: true type: dict attrs: - variable: ipBlock label: IP Block schema: additional_attrs: true type: dict attrs: - variable: cidr label: CIDR schema: type: string default: "" - variable: except label: Except schema: type: list default: [] items: - variable: exceptint label: "" schema: type: string - variable: namespaceSelector label: Namespace Selector schema: additional_attrs: true type: dict attrs: - variable: matchExpressions label: Match Expressions schema: type: list default: [] items: - variable: expressionEntry label: "" schema: additional_attrs: true type: dict attrs: - variable: key label: Key schema: type: string - variable: operator label: Operator schema: type: string default: TCP enum: - value: In description: In - value: NotIn description: NotIn - value: Exists description: Exists - value: DoesNotExist description: DoesNotExist - variable: values label: Values schema: type: list default: [] items: - variable: value label: "" schema: type: string - variable: podSelector label: "" schema: additional_attrs: true type: dict attrs: - variable: matchExpressions label: Match Expressions schema: type: list default: [] items: - variable: expressionEntry label: "" schema: additional_attrs: true type: dict attrs: - variable: key label: Key schema: type: string - variable: operator label: Operator schema: type: string default: TCP enum: - value: In description: In - value: NotIn description: NotIn - value: Exists description: Exists - value: DoesNotExist description: DoesNotExist - variable: values label: Values schema: type: list default: [] items: - variable: value label: "" schema: type: string - variable: ports label: Ports schema: type: list default: [] items: - variable: portsEntry label: "" schema: additional_attrs: true type: dict attrs: - variable: port label: Port schema: type: int - variable: endPort label: End Port schema: type: int - variable: protocol label: Protocol schema: type: string default: TCP enum: - value: TCP description: TCP - value: UDP description: UDP - value: SCTP description: SCTP - variable: addons group: Addons label: "" schema: additional_attrs: true type: dict attrs: - variable: codeserver label: Codeserver schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enabled schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: git label: Git Settings schema: additional_attrs: true type: dict attrs: - variable: deployKey description: Raw SSH Private Key label: Deploy Key schema: type: string - variable: deployKeyBase64 description: Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence label: Deploy Key Base64 schema: type: string - variable: service label: "" schema: additional_attrs: true type: dict attrs: - variable: type label: Service Type description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" schema: type: string default: LoadBalancer enum: - value: NodePort description: Deprecated CHANGE THIS - value: ClusterIP description: ClusterIP - value: LoadBalancer description: LoadBalancer - variable: loadBalancerIP label: LoadBalancer IP description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" schema: show_if: [["type", "=", "LoadBalancer"]] type: string default: "" - variable: advancedsvcset label: Show Advanced Service Settings schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: externalIPs label: "External IP's" description: "External IP's" schema: type: list default: [] items: - variable: externalIP label: External IP schema: type: string - variable: ipFamilyPolicy label: IP Family Policy description: Specify the IP Policy schema: type: string default: SingleStack enum: - value: SingleStack description: SingleStack - value: PreferDualStack description: PreferDualStack - value: RequireDualStack description: RequireDualStack - variable: ipFamilies label: IP Families description: (Advanced) The IP Families that should be used schema: type: list default: [] items: - variable: ipFamily label: IP Family schema: type: string - variable: ports label: "" schema: additional_attrs: true type: dict attrs: - variable: codeserver label: "" schema: additional_attrs: true type: dict attrs: - variable: port label: Port schema: type: int default: 36107 - variable: nodePort description: Leave Empty to Disable label: nodePort DEPRECATED schema: type: int default: 36107 - variable: envList label: Codeserver Environment Variables schema: type: list show_if: [["type", "!=", "disabled"]] default: [] items: - variable: envItem label: Environment Variable schema: additional_attrs: true type: dict attrs: - variable: name label: Name schema: type: string required: true - variable: value label: Value schema: type: string required: true - variable: vpn label: VPN schema: additional_attrs: true type: dict attrs: - variable: type label: Type schema: type: string default: disabled enum: - value: disabled description: disabled - value: openvpn description: OpenVPN - value: wireguard description: Wireguard - value: tailscale description: Tailscale - variable: openvpn label: OpenVPN Settings schema: type: dict show_if: [["type", "=", "openvpn"]] attrs: - variable: username label: Authentication Username (Optional) description: Authentication Username, Optional schema: type: string default: "" - variable: password label: Authentication Password description: Authentication Credentials schema: type: string default: "" required: true - variable: tailscale label: Tailscale Settings schema: type: dict show_if: [["type", "=", "tailscale"]] attrs: - variable: authkey label: Authentication Key description: Provide an auth key to automatically authenticate the node as your user account. schema: type: string private: true default: "" - variable: auth_once label: Auth Once description: Only attempt to log in if not already logged in. schema: type: boolean default: true - variable: accept_dns label: Accept DNS description: Accept DNS configuration from the admin console. schema: type: boolean default: false - variable: userspace label: Userspace description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. schema: type: boolean default: false - variable: routes label: Routes description: Expose physical subnet routes to your entire Tailscale network. schema: type: string default: "" - variable: dest_ip label: Destination IP description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. schema: type: string default: "" - variable: sock5_server label: Sock5 Server description: The address on which to listen for SOCKS5 proxying into the tailscale net. schema: type: string default: "" - variable: outbound_http_proxy_listen label: Outbound HTTP Proxy Listen description: The address on which to listen for HTTP proxying into the tailscale net. schema: type: string default: "" - variable: extra_args label: Extra Args description: Extra Args schema: type: string default: "" - variable: daemon_extra_args label: Tailscale Daemon Extra Args description: Tailscale Daemon Extra Args schema: type: string default: "" - variable: killSwitch label: Enable Killswitch schema: type: boolean show_if: [["type", "!=", "disabled"]] default: true - variable: excludedNetworks_IPv4 label: Killswitch Excluded IPv4 networks description: List of Killswitch Excluded IPv4 Addresses schema: type: list show_if: [["type", "!=", "disabled"]] default: [] items: - variable: networkv4 label: IPv4 Network schema: type: string required: true - variable: excludedNetworks_IPv6 label: Killswitch Excluded IPv6 networks description: "List of Killswitch Excluded IPv6 Addresses" schema: type: list show_if: [["type", "!=", "disabled"]] default: [] items: - variable: networkv6 label: IPv6 Network schema: type: string required: true - variable: configFile label: VPN Config File Location schema: type: dict show_if: [["type", "!=", "disabled"]] attrs: - variable: enabled label: Enabled schema: type: boolean default: true hidden: true - variable: type label: Type schema: type: string default: hostPath hidden: true - variable: hostPathType label: hostPathType schema: type: string default: File hidden: true - variable: noMount label: noMount schema: type: boolean default: true hidden: true - variable: hostPath label: Full Path to File description: "Path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" schema: type: string default: "" - variable: envList label: VPN Environment Variables schema: type: list show_if: [["type", "!=", "disabled"]] default: [] items: - variable: envItem label: Environment Variable schema: additional_attrs: true type: dict attrs: - variable: name label: Name schema: type: string required: true - variable: value label: Value schema: type: string required: true - variable: docs group: Documentation label: Please read the documentation at https://truecharts.org description: Please read the documentation at
https://truecharts.org schema: additional_attrs: true type: dict attrs: - variable: confirmDocs label: I have checked the documentation schema: type: boolean default: true - variable: donateNag group: Documentation label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor description: Please consider supporting TrueCharts, see
https://truecharts.org/sponsor schema: additional_attrs: true type: dict attrs: - variable: confirmDonate label: I have considered donating schema: type: boolean default: true hidden: true - variable: identity_providers group: "Advanced" label: "Authelia Identity Providers (BETA)" schema: additional_attrs: true type: dict attrs: - variable: oidc label: "OpenID Connect(BETA)" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "enabled" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: access_token_lifespan label: "Access Token Lifespan" schema: type: string default: "1h" required: true - variable: authorize_code_lifespan label: "Authorize Code Lifespan" schema: type: string default: "1m" required: true - variable: id_token_lifespan label: "ID Token Lifespan" schema: type: string default: "1h" required: true - variable: refresh_token_lifespan label: "Refresh Token Lifespan" schema: type: string default: "90m" required: true - variable: enable_client_debug_messages label: "Enable Client Debug Messages" schema: type: boolean default: false - variable: clients label: "Clients" schema: type: list default: [] items: - variable: clientEntry label: "Client" schema: additional_attrs: true type: dict attrs: - variable: id label: "ID/Name" description: "The ID is the OpenID Connect ClientID which is used to link an application to a configuration." schema: type: string default: "myapp" required: true - variable: description label: "Description" description: "The description to show to users when they end up on the consent screen. Defaults to the ID above." schema: type: string default: "My Application" required: true - variable: secret label: "Secret" description: "The client secret is a shared secret between Authelia and the consumer of this client." schema: type: string default: "" required: true - variable: public label: "public" description: "Sets the client to public. This should typically not be set, please see the documentation for usage." schema: type: boolean default: false - variable: authorization_policy label: "Authorization Policy" description: "The policy to require for this client; one_factor or two_factor." schema: type: string default: "two_factor" enum: - value: "one_factor" description: "one_factor" - value: "two_factor" description: "two_factor" - variable: userinfo_signing_algorithm label: "Userinfo Signing Algorithm" description: "The algorithm used to sign userinfo endpoint responses for this client, either none or RS256." schema: type: string default: "none" enum: - value: "none" description: "none" - value: "RS256" description: "RS256" - variable: audience label: "Audience" description: "Audience this client is allowed to request." schema: type: list default: [] items: - variable: audienceEntry label: "" schema: type: string default: "" required: true - variable: scopes label: "Scopes" description: "Scopes this client is allowed to request." schema: type: list default: [] items: - variable: ScopeEntry label: "Scope" schema: type: string default: "openid" required: true - variable: redirect_uris label: "redirect_uris" description: "Redirect URI's specifies a list of valid case-sensitive callbacks for this client." schema: type: list default: [] items: - variable: uriEntry label: "Url" schema: type: string default: "https://oidc.example.com/oauth2/callback" required: true - variable: grant_types description: "Grant Types configures which grants this client can obtain." label: "grant_types" schema: type: list default: [] items: - variable: grantEntry label: "Grant" schema: type: string default: "refresh_token" required: true - variable: response_types description: "Response Types configures which responses this client can be sent." label: "response_types" schema: type: list default: [] items: - variable: responseEntry label: "type" schema: type: string default: "code" required: true - variable: response_modes description: "Response Modes configures which response modes this client supports." label: "response_modes" schema: type: list default: [] items: - variable: modeEntry label: "Mode" schema: type: string default: "form_post" required: true