4326 lines
189 KiB
YAML
Executable File
4326 lines
189 KiB
YAML
Executable File
groups:
|
||
- name: Container Image
|
||
description: Image to be used for container
|
||
- name: General Settings
|
||
description: General Deployment Settings
|
||
- name: Workload Settings
|
||
description: Workload Settings
|
||
- name: App Configuration
|
||
description: App Specific Config Options
|
||
- name: Networking and Services
|
||
description: Configure Network and Services for Container
|
||
- name: Storage and Persistence
|
||
description: Persist and Share Data that is Separate from the Container
|
||
- name: Ingress
|
||
description: Ingress Configuration
|
||
- name: Security and Permissions
|
||
description: Configure Security Context and Permissions
|
||
- name: Resources and Devices
|
||
description: "Specify Resources/Devices to be Allocated to Workload"
|
||
- name: Middlewares
|
||
description: Traefik Middlewares
|
||
- name: Metrics
|
||
description: Metrics
|
||
- name: Addons
|
||
description: Addon Configuration
|
||
- name: Backup Configuration
|
||
description: Configure Velero Backup Schedule
|
||
- name: Advanced
|
||
description: Advanced Configuration
|
||
- name: Postgresql
|
||
description: Postgresql
|
||
- name: Documentation
|
||
description: Documentation
|
||
|
||
portals:
|
||
open:
|
||
protocols:
|
||
- "$kubernetes-resource_configmap_tcportal-open_protocol"
|
||
host:
|
||
- "$kubernetes-resource_configmap_tcportal-open_host"
|
||
ports:
|
||
- "$kubernetes-resource_configmap_tcportal-open_port"
|
||
|
||
questions:
|
||
- variable: global
|
||
group: General Settings
|
||
label: "Global Settings"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: stopAll
|
||
label: Stop All
|
||
description: "Stops All Running pods and hibernates cnpg"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
|
||
- variable: workload
|
||
group: "Workload Settings"
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: main
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
|
||
- variable: type
|
||
label: Type (Advanced)
|
||
schema:
|
||
type: string
|
||
default: Deployment
|
||
enum:
|
||
- value: Deployment
|
||
description: Deployment
|
||
- value: DaemonSet
|
||
description: DaemonSet
|
||
|
||
- variable: replicas
|
||
label: Replicas (Advanced)
|
||
description: Set the number of Replicas
|
||
schema:
|
||
type: int
|
||
show_if: [["type", "!=", "DaemonSet"]]
|
||
default: 2
|
||
|
||
- variable: podSpec
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: containers
|
||
label: Containers
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
|
||
- variable: main
|
||
label: Main Container
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
|
||
- variable: envList
|
||
label: Extra Environment Variables
|
||
description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: envItem
|
||
label: Environment Variable
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: Name
|
||
schema:
|
||
type: string
|
||
- variable: value
|
||
label: Value
|
||
schema:
|
||
type: string
|
||
- variable: extraArgs
|
||
label: Extra Args
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: arg
|
||
label: Arg
|
||
schema:
|
||
type: string
|
||
|
||
- variable: advanced
|
||
label: Show Advanced Settings
|
||
description: Advanced settings are not covered by TrueCharts Support
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: command
|
||
label: Command
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: param
|
||
label: Param
|
||
schema:
|
||
type: string
|
||
|
||
- variable: TZ
|
||
label: Timezone
|
||
group: "General Settings"
|
||
schema:
|
||
type: string
|
||
default: "Etc/UTC"
|
||
$ref:
|
||
- "definitions/timezone"
|
||
|
||
- variable: podOptions
|
||
group: "General Settings"
|
||
label: "Global Pod Options (Advanced)"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: expertPodOpts
|
||
label: "Expert - Pod Options"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: hostNetwork
|
||
label: "Host Networking"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: dnsConfig
|
||
label: "DNS Configuration"
|
||
schema:
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: options
|
||
label: "Options"
|
||
schema:
|
||
type: list
|
||
default: [{"name": "ndots", "value": "1"}]
|
||
items:
|
||
- variable: optionsEntry
|
||
label: "Option Entry"
|
||
schema:
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: name
|
||
label: "Name"
|
||
schema:
|
||
type: string
|
||
required: true
|
||
- variable: value
|
||
label: "Value"
|
||
schema:
|
||
type: string
|
||
- variable: nameservers
|
||
label: "Nameservers"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: nsEntry
|
||
label: "Nameserver Entry"
|
||
schema:
|
||
type: string
|
||
required: true
|
||
- variable: searches
|
||
label: "Searches"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: searchEntry
|
||
label: "Search Entry"
|
||
schema:
|
||
type: string
|
||
required: true
|
||
|
||
- variable: imagePullSecretList
|
||
group: "General Settings"
|
||
label: "Image Pull Secrets"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: pullsecretentry
|
||
label: "Pull Secret"
|
||
schema:
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enabled
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
- variable: data
|
||
label: Data
|
||
schema:
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: registry
|
||
label: "Registry"
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: "https://index.docker.io/v1/"
|
||
- variable: username
|
||
label: "Username"
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: ""
|
||
- variable: password
|
||
label: "Password"
|
||
schema:
|
||
type: string
|
||
required: true
|
||
private: true
|
||
default: ""
|
||
- variable: email
|
||
label: "Email"
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: ""
|
||
|
||
- variable: domain
|
||
group: "App Configuration"
|
||
label: "Domain"
|
||
description: "The highest domain level possible, for example: domain.com when using app.domain.com"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: default_redirection_url
|
||
group: "App Configuration"
|
||
label: "Default Redirection URL"
|
||
description: "If user tries to authenticate without any referrer, this is used"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
valid_chars: '^https?:\/\/(.*)'
|
||
- variable: theme
|
||
group: "App Configuration"
|
||
label: "Theme"
|
||
schema:
|
||
type: string
|
||
default: "auto"
|
||
enum:
|
||
- value: "auto"
|
||
description: "auto"
|
||
- value: "light"
|
||
description: "light"
|
||
- value: "grey"
|
||
description: "grey"
|
||
- value: "dark"
|
||
description: "dark"
|
||
- variable: log
|
||
group: "App Configuration"
|
||
label: "Log Configuration"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: level
|
||
label: "Log Level"
|
||
schema:
|
||
type: string
|
||
default: "info"
|
||
enum:
|
||
- value: "info"
|
||
description: "info"
|
||
- value: "debug"
|
||
description: "debug"
|
||
- value: "trace"
|
||
description: "trace"
|
||
- variable: format
|
||
label: "Log Format"
|
||
schema:
|
||
type: string
|
||
default: "text"
|
||
enum:
|
||
- value: "json"
|
||
description: "json"
|
||
- value: "text"
|
||
description: "text"
|
||
- variable: server
|
||
group: "App Configuration"
|
||
label: "Server Configuration"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: write_buffer_size
|
||
label: "Write Buffer Size"
|
||
description: "Configures the maximum response size. The default of 4096 is generally sufficient for most use cases."
|
||
schema:
|
||
type: int
|
||
default: 4096
|
||
- variable: read_buffer_size
|
||
label: "Read Buffer Size"
|
||
description: "Configures the maximum request size. The default of 4096 is generally sufficient for most use cases."
|
||
schema:
|
||
type: int
|
||
default: 4096
|
||
- variable: totp
|
||
group: "App Configuration"
|
||
label: "TOTP Configuration"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: issuer
|
||
label: "Issuer"
|
||
description: "The issuer name displayed in the Authenticator application of your choice"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: period
|
||
label: "Period"
|
||
description: "The period in seconds a one-time password is current for"
|
||
schema:
|
||
type: int
|
||
default: 30
|
||
- variable: skew
|
||
label: "skew"
|
||
description: "Controls number of one-time passwords either side of the current one that are valid."
|
||
schema:
|
||
type: int
|
||
default: 1
|
||
- variable: password_policy
|
||
group: "App Configuration"
|
||
label: "Password Policy Configuration"
|
||
description: "Authelia allows administrators to configure an enforced password policy. Choose one of Standard or zxcvbn and not both, refer to upstream docs for more info "
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: "Enable"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: standard
|
||
label: Standard
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enabled
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: min_length
|
||
label: "Minimum Password Length"
|
||
description: "Minimum Password Length"
|
||
schema:
|
||
type: int
|
||
required: true
|
||
show_if: [["enabled", "=", true]]
|
||
default: 8
|
||
- variable: max_length
|
||
label: "Max Passsword Length"
|
||
description: "Max Password Length"
|
||
schema:
|
||
type: int
|
||
required: true
|
||
show_if: [["enabled", "=", true]]
|
||
default: 0
|
||
- variable: require_uppercase
|
||
label: "Require Upppercase"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_if: [["enabled", "=", true]]
|
||
required: true
|
||
- variable: require_lowercase
|
||
label: "Require Lowercase"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_if: [["enabled", "=", true]]
|
||
required: true
|
||
- variable: require_number
|
||
label: "Require Numbers"
|
||
description: "Require Numbers in the password"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_if: [["enabled", "=", true]]
|
||
required: true
|
||
- variable: require_special
|
||
label: "Require Special Characters"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: zxcvbn
|
||
label: zxcvbn
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enabled
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
required: true
|
||
- variable: min_score
|
||
label: "Min Score"
|
||
schema:
|
||
type: int
|
||
required: true
|
||
show_if: [["enabled", "=", true]]
|
||
default: 3
|
||
- variable: duo_api
|
||
group: "App Configuration"
|
||
label: "DUO API Configuration"
|
||
description: "Parameters used to contact the Duo API."
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: "Enable"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: hostname
|
||
label: "Hostname"
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: ""
|
||
- variable: integration_key
|
||
label: "integration_key"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: plain_api_key
|
||
label: "plain_api_key"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: session
|
||
group: "App Configuration"
|
||
label: "Session Provider"
|
||
description: "The session cookies identify the user once logged in."
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: "Cookie Name"
|
||
description: |
|
||
The name of the session cookie. By default this is set to authelia_session.
|
||
It’s mostly useful to change this if you are doing development or running multiple instances of Authelia.
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: "authelia_session"
|
||
- variable: same_site
|
||
label: "SameSite Value"
|
||
description: |
|
||
You can read about the SameSite cookie in detail on the MDN. In short setting SameSite to Lax is generally
|
||
the most desirable option for Authelia. None is not recommended unless you absolutely know what you’re doing
|
||
and trust all the protected apps. Strict is not going to work in many use cases and we have not tested it in
|
||
this state but it’s available as an option anyway.
|
||
schema:
|
||
type: string
|
||
default: "lax"
|
||
enum:
|
||
- value: "lax"
|
||
description: "lax"
|
||
- value: "strict"
|
||
description: "strict"
|
||
- variable: expiration
|
||
label: "Expiration Time"
|
||
description: |
|
||
The period of time before the cookie expires and the session is destroyed. This is overriden by
|
||
remember_me_duration when the remember me box is checked.
|
||
schema:
|
||
type: string
|
||
default: "1h"
|
||
required: true
|
||
- variable: inactivity
|
||
label: "Inactivity Time"
|
||
description: |
|
||
The period of time the user can be inactive for until the session is destroyed when the remember me box is
|
||
not checked or is otherwise disabled. Useful if you want long session timers but don’t want unused devices to be vulnerable.
|
||
schema:
|
||
type: string
|
||
default: "5m"
|
||
required: true
|
||
- variable: remember_me_duration
|
||
label: "Remember-Me duration"
|
||
description: |
|
||
The period of time before the cookie expires and the session is destroyed when the remember me box is checked, a user
|
||
selecting this option negates the inactivity timeout. Setting this to -1 disables this feature entirely.
|
||
schema:
|
||
type: string
|
||
default: "5M"
|
||
required: true
|
||
- variable: regulation
|
||
group: "App Configuration"
|
||
label: "Regulation Configuration"
|
||
description: "This mechanism prevents attackers from brute forcing the first factor."
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: max_retries
|
||
label: "Maximum Retries"
|
||
description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation."
|
||
schema:
|
||
type: int
|
||
default: 3
|
||
- variable: find_time
|
||
label: "Find Time"
|
||
description: |
|
||
The period of time analyzed for failed attempts. For example if you set max_retries to 3 and find_time to
|
||
2m this means the user must have 3 failed logins in 2 minutes.
|
||
schema:
|
||
type: string
|
||
default: "2m"
|
||
required: true
|
||
- variable: ban_time
|
||
label: "Ban Duration"
|
||
description: |
|
||
The period of time the user is banned for after meeting the max_retries and find_time configuration.
|
||
After this duration the account will be able to login again.
|
||
schema:
|
||
type: string
|
||
default: "5m"
|
||
required: true
|
||
- variable: authentication_backend
|
||
group: "App Configuration"
|
||
label: "Authentication Backend Provider"
|
||
description: |
|
||
Used for verifying user passwords and retrieve information such as email
|
||
address and groups users belong to.
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: disable_reset_password
|
||
label: "Disable Reset Password"
|
||
description: "Disable both the HTML element and the API for reset password functionality"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: refresh_interval
|
||
label: "Reset Interval"
|
||
description: "The amount of time to wait before we refresh data from the authentication backend"
|
||
schema:
|
||
type: string
|
||
default: "5m"
|
||
required: true
|
||
- variable: ldap
|
||
label: "LDAP backend configuration"
|
||
description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: "Enable"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: implementation
|
||
label: "Implementation"
|
||
description: "The LDAP implementation, this affects elements like the attribute utilized for resetting a password"
|
||
schema:
|
||
type: string
|
||
default: "custom"
|
||
enum:
|
||
- value: "activedirectory"
|
||
description: "Active Directory"
|
||
- value: "custom"
|
||
description: "Custom"
|
||
- variable: url
|
||
label: "URL"
|
||
description: "The url to the ldap server. Format: <scheme>://<address>[:<port>]"
|
||
schema:
|
||
type: string
|
||
default: "ldap://openldap.default.svc.cluster.local"
|
||
required: true
|
||
- variable: timeout
|
||
label: "Connection Timeout"
|
||
schema:
|
||
type: string
|
||
default: "5s"
|
||
required: true
|
||
- variable: start_tls
|
||
label: "Start TLS"
|
||
description: "Use StartTLS with the LDAP connection"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: tls
|
||
label: "TLS Settings"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: server_name
|
||
label: "Server Name"
|
||
description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: skip_verify
|
||
label: "Skip Certificate Verification"
|
||
description: "Skip verifying the server certificate (to allow a self-signed certificate)"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: minimum_version
|
||
label: "Minimum TLS version"
|
||
description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
|
||
schema:
|
||
type: string
|
||
default: "TLS1.2"
|
||
enum:
|
||
- value: "TLS1.0"
|
||
description: "TLS1.0"
|
||
- value: "TLS1.1"
|
||
description: "TLS1.1"
|
||
- value: "TLS1.2"
|
||
description: "TLS1.2"
|
||
- value: "TLS1.3"
|
||
description: "TLS1.3"
|
||
- variable: base_dn
|
||
label: "Base DN"
|
||
description: "The base dn for every LDAP query."
|
||
schema:
|
||
type: string
|
||
default: "DC=example,DC=com"
|
||
required: true
|
||
- variable: username_attribute
|
||
label: "Username Attribute"
|
||
description: "The attribute holding the username of the user"
|
||
schema:
|
||
type: string
|
||
default: "uid"
|
||
required: true
|
||
- variable: additional_users_dn
|
||
label: "Additional Users DN"
|
||
description: "An additional dn to define the scope to all users."
|
||
schema:
|
||
type: string
|
||
default: "OU=people"
|
||
required: true
|
||
- variable: users_filter
|
||
label: "Users Filter"
|
||
description: "The groups filter used in search queries to find the groups of the user."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: additional_groups_dn
|
||
label: "Additional Groups DN"
|
||
description: "An additional dn to define the scope of groups."
|
||
schema:
|
||
type: string
|
||
default: "OU=Groups"
|
||
required: true
|
||
- variable: groups_filter
|
||
label: "Groups Filter"
|
||
description: "The groups filter used in search queries to find the groups of the user."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: group_name_attribute
|
||
label: "Group name Attribute"
|
||
description: "The attribute holding the name of the group"
|
||
schema:
|
||
type: string
|
||
default: "cn"
|
||
required: true
|
||
- variable: mail_attribute
|
||
label: "Mail Attribute"
|
||
description: "The attribute holding the primary mail address of the user"
|
||
schema:
|
||
type: string
|
||
default: "mail"
|
||
required: true
|
||
- variable: display_name_attribute
|
||
label: "Display Name Attribute"
|
||
description: "he attribute holding the display name of the user. This will be used to greet an authenticated user."
|
||
schema:
|
||
type: string
|
||
default: "displayName"
|
||
- variable: user
|
||
label: "Admin User"
|
||
description: "The username of the admin user used to connect to LDAP."
|
||
schema:
|
||
type: string
|
||
default: "CN=admin,ou=people,DC=example,DC=com"
|
||
required: true
|
||
- variable: plain_password
|
||
label: "Password"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: file
|
||
label: "File backend configuration"
|
||
description: "With this backend, the users database is stored in a file which is updated when users reset their passwords."
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: "Enable"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: path
|
||
label: "Path"
|
||
schema:
|
||
type: string
|
||
default: "/config/users_database.yml"
|
||
required: true
|
||
- variable: password
|
||
label: "Password Settings"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: algorithm
|
||
label: "Algorithm"
|
||
schema:
|
||
type: string
|
||
default: "argon2id"
|
||
enum:
|
||
- value: "argon2id"
|
||
description: "argon2id"
|
||
- value: "sha512"
|
||
description: "sha512"
|
||
- variable: iterations
|
||
label: "Iterations"
|
||
schema:
|
||
type: int
|
||
default: 1
|
||
required: true
|
||
- variable: key_length
|
||
label: "Key Length"
|
||
schema:
|
||
type: int
|
||
default: 32
|
||
required: true
|
||
- variable: salt_length
|
||
label: "Salt Length"
|
||
schema:
|
||
type: int
|
||
default: 16
|
||
required: true
|
||
- variable: memory
|
||
label: "Memory"
|
||
schema:
|
||
type: int
|
||
default: 1024
|
||
required: true
|
||
- variable: parallelism
|
||
label: "Parallelism"
|
||
schema:
|
||
type: int
|
||
default: 8
|
||
required: true
|
||
- variable: notifier
|
||
group: "App Configuration"
|
||
label: "Notifier Configuration"
|
||
description: "Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration."
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: disable_startup_check
|
||
label: "Disable Startup Check"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: filesystem
|
||
label: "Filesystem Provider"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: "Enable"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: filename
|
||
label: "File Path"
|
||
schema:
|
||
type: string
|
||
default: "/config/notification.txt"
|
||
required: true
|
||
- variable: smtp
|
||
label: "SMTP Provider"
|
||
description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate."
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: "Enable"
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: host
|
||
label: "Host"
|
||
schema:
|
||
type: string
|
||
default: "smtp.mail.svc.cluster.local"
|
||
required: true
|
||
- variable: port
|
||
label: "Port"
|
||
schema:
|
||
type: int
|
||
default: 25
|
||
required: true
|
||
- variable: timeout
|
||
label: "Timeout"
|
||
schema:
|
||
type: string
|
||
default: "5s"
|
||
required: true
|
||
- variable: username
|
||
label: "Username"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: plain_password
|
||
label: "Password"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: sender
|
||
label: "Sender"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: identifier
|
||
label: "Identifier"
|
||
description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost."
|
||
schema:
|
||
type: string
|
||
default: "localhost"
|
||
required: true
|
||
- variable: subject
|
||
label: "Subject"
|
||
description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier"
|
||
schema:
|
||
type: string
|
||
default: "[Authelia] {title}"
|
||
required: true
|
||
- variable: startup_check_address
|
||
label: "Startup Check Address"
|
||
description: "This address is used during the startup check to verify the email configuration is correct."
|
||
schema:
|
||
type: string
|
||
default: "test@authelia.com"
|
||
required: true
|
||
- variable: disable_require_tls
|
||
label: "Disable Require TLS"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: disable_html_emails
|
||
label: "Disable HTML emails"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: tls
|
||
label: "TLS Settings"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: server_name
|
||
label: "Server Name"
|
||
description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: skip_verify
|
||
label: "Skip Certificate Verification"
|
||
description: "Skip verifying the server certificate (to allow a self-signed certificate)"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: minimum_version
|
||
label: "Minimum TLS version"
|
||
description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
|
||
schema:
|
||
type: string
|
||
default: "TLS1.2"
|
||
enum:
|
||
- value: "TLS1.0"
|
||
description: "TLS1.0"
|
||
- value: "TLS1.1"
|
||
description: "TLS1.1"
|
||
- value: "TLS1.2"
|
||
description: "TLS1.2"
|
||
- value: "TLS1.3"
|
||
description: "TLS1.3"
|
||
- variable: access_control
|
||
group: "App Configuration"
|
||
label: "Access Control Configuration"
|
||
description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users."
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: default_policy
|
||
label: "Default Policy"
|
||
description: |
|
||
The default policy defines the policy applied if no rules section apply to the information known about the request.
|
||
It is recommended that this is configured to deny for security reasons. Sites which you do not wish to secure at all
|
||
with Authelia should not be configured in your reverse proxy to perform authentication with Authelia at all for performance reasons.
|
||
schema:
|
||
type: string
|
||
default: "deny"
|
||
enum:
|
||
- value: "bypass"
|
||
description: "bypass"
|
||
- value: "one_factor"
|
||
description: "one_factor"
|
||
- value: "two_factor"
|
||
description: "two_factor"
|
||
- value: "deny"
|
||
description: "deny"
|
||
- variable: networks_access_control
|
||
label: "Networks"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: networkItem
|
||
label: "Network Item"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: "Name"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: networks
|
||
label: "Networks"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: network
|
||
label: "network"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: rules
|
||
label: "Rules"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: rulesItem
|
||
label: "Rule"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: domain
|
||
label: "Domains"
|
||
description: "Defines which domain or set of domains the rule applies to."
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: domainEntry
|
||
label: "Domain"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: domain_regex
|
||
label: "Domains RegEx"
|
||
description: "defines which domain or set of domains the rule applies to using regular expressions."
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: domainRegexEntry
|
||
label: "Domain RegEx"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: policy
|
||
label: "Policy"
|
||
description: |
|
||
The specific policy to apply to the selected rule. This is not criteria for a match, this is the
|
||
action to take when a match is made.
|
||
schema:
|
||
type: string
|
||
default: "two_factor"
|
||
enum:
|
||
- value: "bypass"
|
||
description: "bypass"
|
||
- value: "one_factor"
|
||
description: "one_factor"
|
||
- value: "two_factor"
|
||
description: "two_factor"
|
||
- value: "deny"
|
||
description: "deny"
|
||
- variable: subject
|
||
label: "Subject"
|
||
description: |
|
||
This criteria matches identifying characteristics about the subject. Currently this is either
|
||
user or groups the user belongs to. This allows you to effectively control exactly what each user is
|
||
authorized to access or to specifically require two-factor authentication to specific users. Subjects
|
||
are prefixed with either user: or group: to identify which part of the identity to check.
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: subjectitem
|
||
label: "Subject"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: networks
|
||
label: "Networks"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: network
|
||
label: "Network"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: resources
|
||
label: "Resources"
|
||
description: "is a list of regular expressions that matches a set of resources to apply the policy to"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: resource
|
||
label: "Resource"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: service
|
||
group: Networking and Services
|
||
label: Configure Service(s)
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
|
||
- variable: main
|
||
label: "Main Service"
|
||
description: "The Primary service on which the healthcheck runs, often the webUI"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enable the Service
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
hidden: true
|
||
- variable: type
|
||
label: Service Type
|
||
description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
|
||
schema:
|
||
type: string
|
||
default: LoadBalancer
|
||
enum:
|
||
- value: LoadBalancer
|
||
description: LoadBalancer (Expose Ports)
|
||
- value: ClusterIP
|
||
description: ClusterIP (Do Not Expose Ports)
|
||
|
||
- variable: loadBalancerIP
|
||
label: LoadBalancer IP
|
||
description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
|
||
schema:
|
||
show_if: [["type", "=", "LoadBalancer"]]
|
||
type: string
|
||
default: ""
|
||
- variable: ports
|
||
label: "Service's Port(s) Configuration"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
|
||
- variable: main
|
||
label: "Main Service Port Configuration"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: port
|
||
label: "Port"
|
||
description: "This port exposes the container port on the service"
|
||
schema:
|
||
type: int
|
||
default: 9091
|
||
required: true
|
||
- variable: serviceexpert
|
||
group: Networking and Services
|
||
label: Show Expert Config
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
|
||
- variable: scaleExternalInterface
|
||
description: Add External Interfaces
|
||
label: Add external Interfaces
|
||
group: Networking
|
||
schema:
|
||
type: list
|
||
items:
|
||
- variable: interfaceConfiguration
|
||
description: Interface Configuration
|
||
label: Interface Configuration
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
$ref:
|
||
- "normalize/interfaceConfiguration"
|
||
attrs:
|
||
- variable: hostInterface
|
||
description: Please Specify Host Interface
|
||
label: Host Interface
|
||
schema:
|
||
type: string
|
||
required: true
|
||
$ref:
|
||
- "definitions/interface"
|
||
- variable: ipam
|
||
description: Define how IP Address will be managed
|
||
label: IP Address Management
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
required: true
|
||
attrs:
|
||
- variable: type
|
||
description: Specify type for IPAM
|
||
label: IPAM Type
|
||
schema:
|
||
type: string
|
||
required: true
|
||
enum:
|
||
- value: dhcp
|
||
description: Use DHCP
|
||
- value: static
|
||
description: Use Static IP
|
||
- variable: staticIPConfigurations
|
||
label: Static IP Addresses
|
||
schema:
|
||
type: list
|
||
show_if: [["type", "=", "static"]]
|
||
items:
|
||
- variable: staticIP
|
||
label: Static IP
|
||
schema:
|
||
type: ipaddr
|
||
cidr: true
|
||
- variable: staticRoutes
|
||
label: Static Routes
|
||
schema:
|
||
type: list
|
||
show_if: [["type", "=", "static"]]
|
||
items:
|
||
- variable: staticRouteConfiguration
|
||
label: Static Route Configuration
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: destination
|
||
label: Destination
|
||
schema:
|
||
type: ipaddr
|
||
cidr: true
|
||
required: true
|
||
- variable: gateway
|
||
label: Gateway
|
||
schema:
|
||
type: ipaddr
|
||
cidr: false
|
||
required: true
|
||
|
||
- variable: serviceList
|
||
label: Add Manual Custom Services
|
||
group: Networking and Services
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: serviceListEntry
|
||
label: Custom Service
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enable the service
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
hidden: true
|
||
- variable: name
|
||
label: Name
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: type
|
||
label: Service Type
|
||
description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
|
||
schema:
|
||
type: string
|
||
default: LoadBalancer
|
||
enum:
|
||
- value: LoadBalancer
|
||
description: LoadBalancer (Expose Ports)
|
||
- value: ClusterIP
|
||
description: ClusterIP (Do Not Expose Ports)
|
||
- value: Simple
|
||
description: Deprecated CHANGE THIS
|
||
- variable: loadBalancerIP
|
||
label: LoadBalancer IP
|
||
description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
|
||
schema:
|
||
show_if: [["type", "=", "LoadBalancer"]]
|
||
type: string
|
||
default: ""
|
||
- variable: advancedsvcset
|
||
label: Show Advanced Service Settings
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: externalIPs
|
||
label: "External IP's"
|
||
description: "External IP's"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: externalIP
|
||
label: External IP
|
||
schema:
|
||
type: string
|
||
- variable: ipFamilyPolicy
|
||
label: IP Family Policy
|
||
description: Specify the IP Policy
|
||
schema:
|
||
type: string
|
||
default: SingleStack
|
||
enum:
|
||
- value: SingleStack
|
||
description: SingleStack
|
||
- value: PreferDualStack
|
||
description: PreferDualStack
|
||
- value: RequireDualStack
|
||
description: RequireDualStack
|
||
- variable: ipFamilies
|
||
label: IP Families
|
||
description: (Advanced) The IP Families that should be used
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: ipFamily
|
||
label: IP Family
|
||
schema:
|
||
type: string
|
||
- variable: portsList
|
||
label: Additional Service Ports
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: portsListEntry
|
||
label: Custom ports
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enable the Port
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
hidden: true
|
||
- variable: name
|
||
label: Port Name
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: protocol
|
||
label: Port Type
|
||
schema:
|
||
type: string
|
||
default: tcp
|
||
enum:
|
||
- value: http
|
||
description: HTTP
|
||
- value: https
|
||
description: HTTPS
|
||
- value: tcp
|
||
description: TCP
|
||
- value: udp
|
||
description: UDP
|
||
- variable: targetPort
|
||
label: Target Port
|
||
description: This port exposes the container port on the service
|
||
schema:
|
||
type: int
|
||
required: true
|
||
- variable: port
|
||
label: Container Port
|
||
schema:
|
||
type: int
|
||
required: true
|
||
|
||
- variable: persistence
|
||
label: Integrated Persistent Storage
|
||
description: Integrated Persistent Storage
|
||
group: Storage and Persistence
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
|
||
- variable: config
|
||
label: "App Config Storage"
|
||
description: "Stores the Application Configuration."
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: type
|
||
label: Type of Storage
|
||
description: Sets the persistence type, Anything other than PVC could break rollback!
|
||
schema:
|
||
type: string
|
||
default: pvc
|
||
enum:
|
||
- value: pvc
|
||
description: PVC
|
||
- value: hostPath
|
||
description: Host Path
|
||
- value: emptyDir
|
||
description: emptyDir
|
||
- value: nfs
|
||
description: NFS Share
|
||
- value: iscsi
|
||
description: iSCSI Share
|
||
- variable: server
|
||
label: NFS Server
|
||
schema:
|
||
show_if: [["type", "=", "nfs"]]
|
||
type: string
|
||
default: ""
|
||
- variable: path
|
||
label: Path on NFS Server
|
||
schema:
|
||
show_if: [["type", "=", "nfs"]]
|
||
type: string
|
||
default: ""
|
||
- variable: iscsi
|
||
label: iSCSI Options
|
||
schema:
|
||
show_if: [["type", "=", "iscsi"]]
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: targetPortal
|
||
label: targetPortal
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: ""
|
||
- variable: iqn
|
||
label: iqn
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: ""
|
||
- variable: lun
|
||
label: lun
|
||
schema:
|
||
type: int
|
||
default: 0
|
||
- variable: authSession
|
||
label: authSession
|
||
schema:
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: username
|
||
label: username
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: password
|
||
label: password
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: usernameInitiator
|
||
label: usernameInitiator
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: passwordInitiator
|
||
label: passwordInitiator
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: authDiscovery
|
||
label: authDiscovery
|
||
schema:
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: username
|
||
label: username
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: password
|
||
label: password
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: usernameInitiator
|
||
label: usernameInitiator
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: passwordInitiator
|
||
label: passwordInitiator
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
|
||
- variable: autoPermissions
|
||
label: Automatic Permissions Configuration
|
||
description: Automatically set permissions
|
||
schema:
|
||
show_if: [["type", "!=", "pvc"]]
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: enabled
|
||
label: enabled
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: chown
|
||
label: Run CHOWN
|
||
description: |
|
||
It will run CHOWN on the path with the given fsGroup
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: chmod
|
||
label: Run CHMOD
|
||
description: |
|
||
It will run CHMOD on the path with the given value</br>
|
||
Format should be 3 digits, e.g. 770
|
||
schema:
|
||
type: string
|
||
valid_chars: '[0-9]{3}'
|
||
default: ""
|
||
- variable: recursive
|
||
label: Recursive
|
||
description: |
|
||
It will run CHOWN and CHMOD recursively
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: readOnly
|
||
label: Read Only
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: hostPath
|
||
label: Host Path
|
||
description: Path inside the container the storage is mounted
|
||
schema:
|
||
show_if: [["type", "=", "hostPath"]]
|
||
type: hostpath
|
||
- variable: medium
|
||
label: EmptyDir Medium
|
||
schema:
|
||
show_if: [["type", "=", "emptyDir"]]
|
||
type: string
|
||
default: ""
|
||
enum:
|
||
- value: ""
|
||
description: Default
|
||
- value: Memory
|
||
description: Memory
|
||
- variable: size
|
||
label: Size quotum of Storage (Do NOT REDUCE after installation)
|
||
description: This value can ONLY be INCREASED after the installation
|
||
schema:
|
||
show_if: [["type", "=", "pvc"]]
|
||
type: string
|
||
default: 256Gi
|
||
- variable: storageClass
|
||
label: 'storageClass (Advanced)'
|
||
description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
|
||
schema:
|
||
show_if: [["type", "=", "pvc"]]
|
||
type: string
|
||
default: ""
|
||
- variable: static
|
||
label: 'Static Fixed PVC Bindings (Experimental)'
|
||
description: Link a PVC to a specific storage location
|
||
schema:
|
||
show_if: [["type", "=", "pvc"]]
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: mode
|
||
label: mode
|
||
description: |
|
||
disabled: use normal dynamic PVCs
|
||
smb: connect to an SMB share
|
||
nfs: connect to an NFS share
|
||
schema:
|
||
type: string
|
||
default: "disabled"
|
||
enum:
|
||
- value: disabled
|
||
description: disabled
|
||
- value: smb
|
||
description: smb
|
||
- value: nfs
|
||
description: nfs
|
||
- variable: server
|
||
label: Server
|
||
description: server to connect to
|
||
schema:
|
||
type: string
|
||
show_if: [["mode", "!=", "disabled"]]
|
||
default: "myserver"
|
||
- variable: share
|
||
label: Share
|
||
description: share to connect to
|
||
schema:
|
||
type: string
|
||
show_if: [["mode", "!=", "disabled"]]
|
||
default: "/myshare"
|
||
- variable: user
|
||
label: User
|
||
description: connecting user
|
||
schema:
|
||
type: string
|
||
show_if: [["mode", "=", "smb"]]
|
||
default: "myuser"
|
||
- variable: domain
|
||
label: Domain
|
||
description: user domain
|
||
schema:
|
||
type: string
|
||
show_if: [["mode", "=", "smb"]]
|
||
default: ""
|
||
- variable: password
|
||
label: Password
|
||
description: connecting password
|
||
schema:
|
||
type: string
|
||
show_if: [["mode", "=", "smb"]]
|
||
default: ""
|
||
- variable: volumeSnapshots
|
||
label: 'Volume Snapshots (Experimental)'
|
||
description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
|
||
schema:
|
||
show_if: [["type", "=", "pvc"]]
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: volumeSnapshotEntry
|
||
label: Custom volumeSnapshot
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: Name
|
||
description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
|
||
schema:
|
||
type: string
|
||
default: "mysnapshot"
|
||
required: true
|
||
- variable: volumeSnapshotClassName
|
||
label: 'volumeSnapshot Class Name (Advanced)'
|
||
description: For use with PVCs using a non-default storageClass
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
|
||
- variable: persistenceList
|
||
label: Additional App Storage
|
||
group: Storage and Persistence
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: persistenceListEntry
|
||
label: Custom Storage
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enable the storage
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
hidden: true
|
||
- variable: type
|
||
label: Type of Storage
|
||
description: Sets the persistence type, Anything other than PVC could break rollback!
|
||
schema:
|
||
type: string
|
||
default: hostPath
|
||
enum:
|
||
- value: pvc
|
||
description: PVC
|
||
- value: hostPath
|
||
description: Host Path
|
||
- value: emptyDir
|
||
description: emptyDir
|
||
- value: nfs
|
||
description: NFS Share
|
||
- variable: server
|
||
label: NFS Server
|
||
schema:
|
||
show_if: [["type", "=", "nfs"]]
|
||
type: string
|
||
default: ""
|
||
- variable: path
|
||
label: Path on NFS Server
|
||
schema:
|
||
show_if: [["type", "=", "nfs"]]
|
||
type: string
|
||
default: ""
|
||
- variable: iscsi
|
||
label: iSCSI Options
|
||
schema:
|
||
show_if: [["type", "=", "iscsi"]]
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: targetPortal
|
||
label: targetPortal
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: ""
|
||
- variable: iqn
|
||
label: iqn
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: ""
|
||
- variable: lun
|
||
label: lun
|
||
schema:
|
||
type: int
|
||
default: 0
|
||
- variable: authSession
|
||
label: authSession
|
||
schema:
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: username
|
||
label: username
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: password
|
||
label: password
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: usernameInitiator
|
||
label: usernameInitiator
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: passwordInitiator
|
||
label: passwordInitiator
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: authDiscovery
|
||
label: authDiscovery
|
||
schema:
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: username
|
||
label: username
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: password
|
||
label: password
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: usernameInitiator
|
||
label: usernameInitiator
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: passwordInitiator
|
||
label: passwordInitiator
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: autoPermissions
|
||
label: Automatic Permissions Configuration
|
||
description: Automatically set permissions
|
||
schema:
|
||
show_if: [["type", "!=", "pvc"]]
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: enabled
|
||
label: enabled
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: chown
|
||
label: Run CHOWN
|
||
description: |
|
||
It will run CHOWN on the path with the given fsGroup
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: chmod
|
||
label: Run CHMOD
|
||
description: |
|
||
It will run CHMOD on the path with the given value</br>
|
||
Format should be 3 digits, e.g. 770
|
||
schema:
|
||
type: string
|
||
valid_chars: '[0-9]{3}'
|
||
default: ""
|
||
- variable: recursive
|
||
label: Recursive
|
||
description: |
|
||
It will run CHOWN and CHMOD recursively
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: readOnly
|
||
label: Read Only
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: hostPath
|
||
label: Host Path
|
||
description: Path inside the container the storage is mounted
|
||
schema:
|
||
show_if: [["type", "=", "hostPath"]]
|
||
type: hostpath
|
||
- variable: mountPath
|
||
label: Mount Path
|
||
description: Path inside the container the storage is mounted
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
|
||
- variable: medium
|
||
label: EmptyDir Medium
|
||
schema:
|
||
show_if: [["type", "=", "emptyDir"]]
|
||
type: string
|
||
default: ""
|
||
enum:
|
||
- value: ""
|
||
description: Default
|
||
- value: Memory
|
||
description: Memory
|
||
- variable: size
|
||
label: Size Quotum of Storage
|
||
schema:
|
||
show_if: [["type", "=", "pvc"]]
|
||
type: string
|
||
default: 256Gi
|
||
- variable: storageClass
|
||
label: 'storageClass (Advanced)'
|
||
description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
|
||
schema:
|
||
show_if: [["type", "=", "pvc"]]
|
||
type: string
|
||
default: ""
|
||
- variable: static
|
||
label: 'Static Fixed PVC Bindings (Experimental)'
|
||
description: Link a PVC to a specific storage location
|
||
schema:
|
||
show_if: [["type", "=", "pvc"]]
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: mode
|
||
label: mode
|
||
description: |
|
||
disabled: use normal dynamic PVCs
|
||
smb: connect to an SMB share
|
||
nfs: connect to an NFS share
|
||
schema:
|
||
type: string
|
||
default: "disabled"
|
||
enum:
|
||
- value: "disabled"
|
||
description: disabled
|
||
- value: smb
|
||
description: smb
|
||
- value: nfs
|
||
description: nfs
|
||
- variable: server
|
||
label: Server
|
||
description: server to connect to
|
||
schema:
|
||
type: string
|
||
show_if: [["mode", "!=", "disabled"]]
|
||
default: "myserver"
|
||
- variable: share
|
||
label: Share
|
||
description: share to connect to
|
||
schema:
|
||
type: string
|
||
show_if: [["mode", "!=", "disabled"]]
|
||
default: "/myshare"
|
||
- variable: user
|
||
label: User
|
||
description: connecting user
|
||
schema:
|
||
type: string
|
||
show_if: [["mode", "=", "smb"]]
|
||
default: "myuser"
|
||
- variable: domain
|
||
label: Domain
|
||
description: user domain
|
||
schema:
|
||
type: string
|
||
show_if: [["mode", "=", "smb"]]
|
||
default: ""
|
||
- variable: password
|
||
label: Password
|
||
description: connecting password
|
||
schema:
|
||
type: string
|
||
show_if: [["mode", "=", "smb"]]
|
||
default: ""
|
||
- variable: volumeSnapshots
|
||
label: 'Volume Snapshots (Experimental)'
|
||
description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
|
||
schema:
|
||
show_if: [["type", "=", "pvc"]]
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: volumeSnapshotEntry
|
||
label: Custom volumeSnapshot
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: Name
|
||
description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
|
||
schema:
|
||
type: string
|
||
default: "mysnapshot"
|
||
required: true
|
||
- variable: volumeSnapshotClassName
|
||
label: 'volumeSnapshot Class Name (Advanced)'
|
||
description: For use with PVCs using a non-default storageClass
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
|
||
- variable: ingress
|
||
label: ""
|
||
group: Ingress
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
|
||
- variable: main
|
||
label: "Main Ingress"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enable Ingress
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: hosts
|
||
label: Hosts
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: hostEntry
|
||
label: Host
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: host
|
||
label: HostName
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: paths
|
||
label: Paths
|
||
schema:
|
||
type: list
|
||
default: [{path: "/", pathType: "Prefix"}]
|
||
items:
|
||
- variable: pathEntry
|
||
label: Host
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: path
|
||
label: Path
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: "/"
|
||
- variable: pathType
|
||
label: Path Type
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: Prefix
|
||
|
||
- variable: integrations
|
||
label: Integrations
|
||
description: Connect ingress with other charts
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: traefik
|
||
label: Traefik
|
||
description: Connect ingress with Traefik
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: enabled
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
- variable: allowCors
|
||
label: 'Allow Cross Origin Requests (advanced)'
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: entrypoints
|
||
label: Entrypoints
|
||
schema:
|
||
type: list
|
||
default: ["websecure"]
|
||
show_if: [["enabled", "=", true]]
|
||
items:
|
||
- variable: entrypoint
|
||
label: Entrypoint
|
||
schema:
|
||
type: string
|
||
- variable: middlewares
|
||
label: Middlewares
|
||
schema:
|
||
type: list
|
||
default: []
|
||
show_if: [["enabled", "=", true]]
|
||
items:
|
||
- variable: middleware
|
||
label: Middleware
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: name
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: namespace
|
||
label: 'namespace (optional)'
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: certManager
|
||
label: certManager
|
||
description: Connect ingress with certManager
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: enabled
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: certificateIssuer
|
||
label: certificateIssuer
|
||
description: defaults to chartname
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: homepage
|
||
label: Homepage
|
||
description: Connect ingress with Homepage
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: enabled
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: name
|
||
label: Name (Optional)
|
||
description: Defaults to chart name
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: description
|
||
label: Description (Optional)
|
||
description: Defaults to chart description
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: icon
|
||
label: Icon (Optional)
|
||
description: Defaults to chart icon
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: group
|
||
label: Group
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: "default"
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: widget
|
||
label: Widget Settings
|
||
schema:
|
||
type: dict
|
||
additional_attrs: true
|
||
show_if: [["enabled", "=", true]]
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enable Widget
|
||
description: When disabled all widget annotations are skipped.
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
- variable: custom
|
||
label: Options
|
||
schema:
|
||
type: dict
|
||
additional_attrs: true
|
||
attrs:
|
||
- variable: key
|
||
label: API-key (key)
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: customkv
|
||
label: Custom Options
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: option
|
||
label: Option
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: key
|
||
label: Key
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: value
|
||
label: Value
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: advanced
|
||
label: Show Advanced Settings
|
||
description: Advanced settings are not covered by TrueCharts Support
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: ingressClassName
|
||
label: (Advanced/Optional) IngressClass Name
|
||
schema:
|
||
type: string
|
||
show_if: [["advanced", "=", true]]
|
||
default: ""
|
||
- variable: tls
|
||
label: TLS-Settings
|
||
schema:
|
||
type: list
|
||
show_if: [["advanced", "=", true]]
|
||
default: []
|
||
items:
|
||
- variable: tlsEntry
|
||
label: Host
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: hosts
|
||
label: Certificate Hosts
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: host
|
||
label: Host
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
|
||
- variable: certificateIssuer
|
||
label: Use Cert-Manager clusterIssuer
|
||
description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: clusterCertificate
|
||
label: 'Cluster Certificate (Advanced)'
|
||
description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
|
||
schema:
|
||
type: string
|
||
show_if: [["certificateIssuer", "=", ""]]
|
||
default: ""
|
||
- variable: secretName
|
||
label: 'Use Custom Certificate Secret (Advanced)'
|
||
schema:
|
||
show_if: [["certificateIssuer", "=", ""]]
|
||
type: string
|
||
default: ""
|
||
|
||
- variable: ingressList
|
||
label: Add Manual Custom Ingresses
|
||
group: Ingress
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: ingressListEntry
|
||
label: Custom Ingress
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enable Ingress
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
hidden: true
|
||
- variable: name
|
||
label: Name
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: ingressClassName
|
||
label: IngressClass Name
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: hosts
|
||
label: Hosts
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: hostEntry
|
||
label: Host
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: host
|
||
label: HostName
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: paths
|
||
label: Paths
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: pathEntry
|
||
label: Host
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: path
|
||
label: Path
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: "/"
|
||
- variable: pathType
|
||
label: Path Type
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: Prefix
|
||
- variable: overrideService
|
||
label: Linked Service
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: Service Name
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: port
|
||
label: Service Port
|
||
schema:
|
||
type: int
|
||
- variable: tls
|
||
label: TLS-Settings
|
||
schema:
|
||
type: list
|
||
default: []
|
||
show_if: [["certificateIssuer", "=", ""]]
|
||
items:
|
||
- variable: tlsEntry
|
||
label: Host
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: hosts
|
||
label: Certificate Hosts
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: host
|
||
label: Host
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: certificateIssuer
|
||
label: Use Cert-Manager clusterIssuer
|
||
description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: clusterCertificate
|
||
label: 'Cluster Certificate (Advanced)'
|
||
description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
|
||
schema:
|
||
type: string
|
||
show_if: [["certificateIssuer", "=", ""]]
|
||
default: ""
|
||
- variable: secretName
|
||
label: Use Custom Secret (Advanced)
|
||
schema:
|
||
type: string
|
||
show_if: [["certificateIssuer", "=", ""]]
|
||
default: ""
|
||
- variable: integrations
|
||
label: Integrations
|
||
description: Connect ingress with other charts
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: traefik
|
||
label: Traefik
|
||
description: Connect ingress with Traefik
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: enabled
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
- variable: allowCors
|
||
label: "Allow Cross Origin Requests"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: entrypoints
|
||
label: Entrypoints
|
||
schema:
|
||
type: list
|
||
default: ["websecure"]
|
||
show_if: [["enabled", "=", true]]
|
||
items:
|
||
- variable: entrypoint
|
||
label: Entrypoint
|
||
schema:
|
||
type: string
|
||
- variable: middlewares
|
||
label: Middlewares
|
||
schema:
|
||
type: list
|
||
default: []
|
||
show_if: [["enabled", "=", true]]
|
||
items:
|
||
- variable: middleware
|
||
label: Middleware
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: name
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: namespace
|
||
label: namespace
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: certManager
|
||
label: certManager
|
||
description: Connect ingress with certManager
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: enabled
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
- variable: certificateIssuer
|
||
label: certificateIssuer
|
||
description: defaults to chartname
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: homepage
|
||
label: Homepage
|
||
description: Connect ingress with Homepage
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: enabled
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: name
|
||
label: Name
|
||
description: defaults to chartname
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: description
|
||
label: Description
|
||
description: defaults to chart description
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: group
|
||
label: Group
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: "default"
|
||
show_if: [["enabled", "=", true]]
|
||
|
||
- variable: securityContext
|
||
group: Security and Permissions
|
||
label: Security Context
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: container
|
||
label: Container
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
# Settings from questions.yaml get appended here on a per-app basis
|
||
|
||
- variable: runAsUser
|
||
label: "runAsUser"
|
||
description: "The UserID of the user running the application"
|
||
schema:
|
||
type: int
|
||
default: 568
|
||
- variable: runAsGroup
|
||
label: "runAsGroup"
|
||
description: "The groupID of the user running the application"
|
||
schema:
|
||
type: int
|
||
default: 568
|
||
# Settings from questions.yaml get appended here on a per-app basis
|
||
- variable: PUID
|
||
label: Process User ID - PUID
|
||
description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
|
||
schema:
|
||
type: int
|
||
show_if: [["runAsUser", "=", 0]]
|
||
default: 568
|
||
- variable: UMASK
|
||
label: UMASK
|
||
description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
|
||
schema:
|
||
type: string
|
||
default: "0022"
|
||
|
||
- variable: advanced
|
||
label: Show Advanced Settings
|
||
description: Advanced settings are not covered by TrueCharts Support
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: privileged
|
||
label: "Privileged mode"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: readOnlyRootFilesystem
|
||
label: "ReadOnly Root Filesystem"
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
|
||
- variable: pod
|
||
label: Pod
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: fsGroupChangePolicy
|
||
label: "When should we take ownership?"
|
||
schema:
|
||
type: string
|
||
default: OnRootMismatch
|
||
enum:
|
||
- value: OnRootMismatch
|
||
description: OnRootMismatch
|
||
- value: Always
|
||
description: Always
|
||
- variable: supplementalGroups
|
||
label: Supplemental Groups
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: supplementalGroupsEntry
|
||
label: Supplemental Group
|
||
schema:
|
||
type: int
|
||
# Settings from questions.yaml get appended here on a per-app basis
|
||
|
||
- variable: fsGroup
|
||
label: "fsGroup"
|
||
description: "The group that should own ALL storage."
|
||
schema:
|
||
type: int
|
||
default: 568
|
||
- variable: resources
|
||
group: Resources and Devices
|
||
label: "Resource Limits"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: limits
|
||
label: Advanced Limit Resource Consumption
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: cpu
|
||
label: CPU
|
||
description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
|
||
schema:
|
||
type: string
|
||
default: 4000m
|
||
valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
|
||
- variable: memory
|
||
label: RAM
|
||
description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
|
||
schema:
|
||
type: string
|
||
default: 8Gi
|
||
valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
|
||
- variable: 'gpu.intel.com/i915'
|
||
label: Add Intel i915 GPUs
|
||
schema:
|
||
type: int
|
||
default: 0
|
||
- variable: 'nvidia.com/gpu'
|
||
label: Add NVIDIA GPUs (Experimental)
|
||
schema:
|
||
type: int
|
||
default: 0
|
||
- variable: 'amd.com/gpu'
|
||
label: Add AMD GPUs
|
||
schema:
|
||
type: int
|
||
default: 0
|
||
- variable: requests
|
||
label: "Minimum Resources Required (request)"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
hidden: true
|
||
attrs:
|
||
- variable: cpu
|
||
label: CPU
|
||
description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
|
||
schema:
|
||
type: string
|
||
default: 10m
|
||
hidden: true
|
||
valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
|
||
- variable: memory
|
||
label: "RAM"
|
||
description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
|
||
schema:
|
||
type: string
|
||
default: 50Mi
|
||
hidden: true
|
||
valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
|
||
- variable: deviceList
|
||
label: Mount USB Devices
|
||
group: Resources and Devices
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: deviceListEntry
|
||
label: Device
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enable the Storage
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
- variable: type
|
||
label: (Advanced) Type of Storage
|
||
description: Sets the persistence type
|
||
schema:
|
||
type: string
|
||
default: device
|
||
hidden: true
|
||
- variable: readOnly
|
||
label: readOnly
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: hostPath
|
||
label: Host Device Path
|
||
description: Path to the device on the host system
|
||
schema:
|
||
type: path
|
||
- variable: mountPath
|
||
label: Container Device Path
|
||
description: Path inside the container the device is mounted
|
||
schema:
|
||
type: string
|
||
default: "/dev/ttyACM0"
|
||
|
||
- variable: cnpg
|
||
group: Postgresql
|
||
label: "CloudNative-PG (CNPG)"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: main
|
||
label: "Main Postgresql Database"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: hibernate
|
||
label: Hibernate
|
||
description: "enable to safely hibernate and shutdown the postgresql cluster"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: mode
|
||
label: Mode
|
||
description: 'Cluster mode of operation. Available modes: standalone - default mode. Creates new or updates an existing CNPG cluster. recovery - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup replica - Creates a replica cluster from an existing CNPG cluster. # TODO.'
|
||
schema:
|
||
type: string
|
||
default: "standalone"
|
||
enum:
|
||
- value: standalone
|
||
description: standalone
|
||
- value: replica
|
||
description: replica
|
||
- value: recovery
|
||
description: recovery
|
||
- variable: cluster
|
||
label: "Cluster Settings"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: instances
|
||
label: Instances
|
||
schema:
|
||
type: int
|
||
default: 1
|
||
- variable: singleNode
|
||
label: singleNode
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
hidden: true
|
||
- variable: storage
|
||
label: "Storage"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: size
|
||
label: Size
|
||
schema:
|
||
type: string
|
||
default: "256Gi"
|
||
- variable: walStorage
|
||
label: "WAL Storage"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: size
|
||
label: Size
|
||
schema:
|
||
type: string
|
||
default: "256Gi"
|
||
- variable: monitoring
|
||
label: "Monitoring Settings"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enablePodMonitor
|
||
label: "enablePodMonitor"
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
- variable: disableDefaultQueries
|
||
label: "disableDefaultQueries"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: pooler
|
||
label: "Pooler Settings"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enabled
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: instances
|
||
label: Instances
|
||
schema:
|
||
type: int
|
||
show_if: [["enabled", "=", true]]
|
||
default: 1
|
||
- variable: createRO
|
||
label: "Create ReadOnly Instance"
|
||
schema:
|
||
type: boolean
|
||
show_if: [["enabled", "=", true]]
|
||
default: false
|
||
- variable: backups
|
||
label: "Backup Settings (Experimental)"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: "enabled"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: serverName
|
||
label: "serverName"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: revision
|
||
label: "revision"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: endpointURL
|
||
label: "endpointURL"
|
||
schema:
|
||
type: string
|
||
show_if: [["enabled", "=", true]]
|
||
default: ""
|
||
- variable: destinationPath
|
||
label: "destinationPath"
|
||
schema:
|
||
type: string
|
||
show_if: [["enabled", "=", true]]
|
||
default: ""
|
||
- variable: retentionPolicy
|
||
label: "retentionPolicy"
|
||
schema:
|
||
type: string
|
||
show_if: [["enabled", "=", true]]
|
||
default: "30d"
|
||
- variable: provider
|
||
label: "provider"
|
||
schema:
|
||
type: string
|
||
show_if: [["enabled", "=", true]]
|
||
default: "s3"
|
||
enum:
|
||
- value: s3
|
||
description: S3
|
||
- value: azure
|
||
description: Azure
|
||
- value: google
|
||
description: Google
|
||
- variable: s3
|
||
label: "s3"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
show_if: [["provider", "=", "s3"]]
|
||
attrs:
|
||
- variable: region
|
||
label: "region"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: bucket
|
||
label: "bucket"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: path
|
||
label: "path"
|
||
schema:
|
||
type: string
|
||
default: "/"
|
||
- variable: accessKey
|
||
label: "accessKey"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: secretKey
|
||
label: "secretKey"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: azure
|
||
label: "azure (EXTREMELY EXPERIMENTAL)"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
show_if: [["provider", "=", "azure"]]
|
||
attrs:
|
||
- variable: path
|
||
label: "path"
|
||
schema:
|
||
type: string
|
||
default: "/"
|
||
- variable: connectionString
|
||
label: "connectionString"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: storageAccount
|
||
label: "storageAccount"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: storageKey
|
||
label: "storageKey"
|
||
schema:
|
||
type: string
|
||
show_if: [["enabled", "=", true]]
|
||
default: ""
|
||
- variable: storageSasToken
|
||
label: "storageSasToken"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: containerName
|
||
label: "containerName"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: serviceName
|
||
label: "serviceName"
|
||
schema:
|
||
type: string
|
||
default: "blob"
|
||
- variable: inheritFromAzureAD
|
||
label: "inheritFromAzureAD"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: google
|
||
label: "google (EXTREMELY EXPERIMENTAL)"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
show_if: [["provider", "=", "google"]]
|
||
attrs:
|
||
- variable: path
|
||
label: "path"
|
||
schema:
|
||
type: string
|
||
default: "/"
|
||
- variable: bucket
|
||
label: "bucket"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: gkeEnvironment
|
||
label: "gkeEnvironment"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: applicationCredentials
|
||
label: "applicationCredentials"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: recovery
|
||
label: "Recovery Settings (Experimental)"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: "enabled"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: serverName
|
||
label: "serverName"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: revision
|
||
label: "revision"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: endpointURL
|
||
label: "endpointURL"
|
||
schema:
|
||
type: string
|
||
show_if: [["enabled", "=", true]]
|
||
default: ""
|
||
- variable: method
|
||
label: "method"
|
||
schema:
|
||
type: string
|
||
show_if: [["enabled", "=", true]]
|
||
default: "object_store"
|
||
- variable: backupName
|
||
label: "backupName"
|
||
schema:
|
||
type: string
|
||
show_if: [["enabled", "=", true]]
|
||
default: ""
|
||
- variable: provider
|
||
label: "provider"
|
||
schema:
|
||
type: string
|
||
show_if: [["enabled", "=", true]]
|
||
default: "s3"
|
||
enum:
|
||
- value: s3
|
||
description: S3
|
||
- value: azure
|
||
description: Azure
|
||
- value: google
|
||
description: Google
|
||
- variable: s3
|
||
label: "s3"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
show_if: [["provider", "=", "s3"]]
|
||
attrs:
|
||
- variable: region
|
||
label: "region"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: bucket
|
||
label: "bucket"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: path
|
||
label: "path"
|
||
schema:
|
||
type: string
|
||
default: "/"
|
||
- variable: accessKey
|
||
label: "accessKey"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: secretKey
|
||
label: "secretKey"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: azure
|
||
label: "azure (EXTREMELY EXPERIMENTAL)"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
show_if: [["provider", "=", "azure"]]
|
||
attrs:
|
||
- variable: path
|
||
label: "path"
|
||
schema:
|
||
type: string
|
||
default: "/"
|
||
- variable: connectionString
|
||
label: "connectionString"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: storageAccount
|
||
label: "storageAccount"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: storageKey
|
||
label: "storageKey"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: storageSasToken
|
||
label: "storageSasToken"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: containerName
|
||
label: "containerName"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: serviceName
|
||
label: "serviceName"
|
||
schema:
|
||
type: string
|
||
default: "blob"
|
||
- variable: inheritFromAzureAD
|
||
label: "inheritFromAzureAD"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: google
|
||
label: "google (EXTREMELY EXPERIMENTAL)"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
show_if: [["provider", "=", "google"]]
|
||
attrs:
|
||
- variable: path
|
||
label: "path"
|
||
schema:
|
||
type: string
|
||
default: "/"
|
||
- variable: bucket
|
||
label: "bucket"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: gkeEnvironment
|
||
label: "gkeEnvironment"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: applicationCredentials
|
||
label: "applicationCredentials"
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
|
||
# - variable: horizontalPodAutoscaler
|
||
# group: Advanced
|
||
# label: (Advanced) Horizontal Pod Autoscaler
|
||
# schema:
|
||
# type: list
|
||
# default: []
|
||
# items:
|
||
# - variable: hpaEntry
|
||
# label: HPA Entry
|
||
# schema:
|
||
# additional_attrs: true
|
||
# type: dict
|
||
# attrs:
|
||
# - variable: name
|
||
# label: Name
|
||
# schema:
|
||
# type: string
|
||
# required: true
|
||
# default: ""
|
||
# - variable: enabled
|
||
# label: Enabled
|
||
# schema:
|
||
# type: boolean
|
||
# default: false
|
||
# show_subquestions_if: true
|
||
# subquestions:
|
||
# - variable: target
|
||
# label: Target
|
||
# description: Deployment name, Defaults to Main Deployment
|
||
# schema:
|
||
# type: string
|
||
# default: ""
|
||
# - variable: minReplicas
|
||
# label: Minimum Replicas
|
||
# schema:
|
||
# type: int
|
||
# default: 1
|
||
# - variable: maxReplicas
|
||
# label: Maximum Replicas
|
||
# schema:
|
||
# type: int
|
||
# default: 5
|
||
# - variable: targetCPUUtilizationPercentage
|
||
# label: Target CPU Utilization Percentage
|
||
# schema:
|
||
# type: int
|
||
# default: 80
|
||
# - variable: targetMemoryUtilizationPercentage
|
||
# label: Target Memory Utilization Percentage
|
||
# schema:
|
||
# type: int
|
||
# default: 80
|
||
- variable: networkPolicy
|
||
group: Advanced
|
||
label: (Advanced) Network Policy
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: netPolicyEntry
|
||
label: Network Policy Entry
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: Name
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: ""
|
||
- variable: enabled
|
||
label: Enabled
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: policyType
|
||
label: Policy Type
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
enum:
|
||
- value: ""
|
||
description: Default
|
||
- value: ingress
|
||
description: Ingress
|
||
- value: egress
|
||
description: Egress
|
||
- value: ingress-egress
|
||
description: Ingress and Egress
|
||
- variable: egress
|
||
label: Egress
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: egressEntry
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: to
|
||
label: To
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: toEntry
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: ipBlock
|
||
label: IP Block
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: cidr
|
||
label: CIDR
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: except
|
||
label: Except
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: exceptint
|
||
label: ""
|
||
schema:
|
||
type: string
|
||
- variable: namespaceSelector
|
||
label: Namespace Selector
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: matchExpressions
|
||
label: Match Expressions
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: expressionEntry
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: key
|
||
label: Key
|
||
schema:
|
||
type: string
|
||
- variable: operator
|
||
label: Operator
|
||
schema:
|
||
type: string
|
||
default: TCP
|
||
enum:
|
||
- value: In
|
||
description: In
|
||
- value: NotIn
|
||
description: NotIn
|
||
- value: Exists
|
||
description: Exists
|
||
- value: DoesNotExist
|
||
description: DoesNotExist
|
||
- variable: values
|
||
label: Values
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: value
|
||
label: ""
|
||
schema:
|
||
type: string
|
||
- variable: podSelector
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: matchExpressions
|
||
label: Match Expressions
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: expressionEntry
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: key
|
||
label: Key
|
||
schema:
|
||
type: string
|
||
- variable: operator
|
||
label: Operator
|
||
schema:
|
||
type: string
|
||
default: TCP
|
||
enum:
|
||
- value: In
|
||
description: In
|
||
- value: NotIn
|
||
description: NotIn
|
||
- value: Exists
|
||
description: Exists
|
||
- value: DoesNotExist
|
||
description: DoesNotExist
|
||
- variable: values
|
||
label: Values
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: value
|
||
label: ""
|
||
schema:
|
||
type: string
|
||
- variable: ports
|
||
label: Ports
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: portsEntry
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: port
|
||
label: Port
|
||
schema:
|
||
type: int
|
||
- variable: endPort
|
||
label: End Port
|
||
schema:
|
||
type: int
|
||
- variable: protocol
|
||
label: Protocol
|
||
schema:
|
||
type: string
|
||
default: TCP
|
||
enum:
|
||
- value: TCP
|
||
description: TCP
|
||
- value: UDP
|
||
description: UDP
|
||
- value: SCTP
|
||
description: SCTP
|
||
- variable: ingress
|
||
label: Ingress
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: ingressEntry
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: from
|
||
label: From
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: fromEntry
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: ipBlock
|
||
label: IP Block
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: cidr
|
||
label: CIDR
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: except
|
||
label: Except
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: exceptint
|
||
label: ""
|
||
schema:
|
||
type: string
|
||
- variable: namespaceSelector
|
||
label: Namespace Selector
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: matchExpressions
|
||
label: Match Expressions
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: expressionEntry
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: key
|
||
label: Key
|
||
schema:
|
||
type: string
|
||
- variable: operator
|
||
label: Operator
|
||
schema:
|
||
type: string
|
||
default: TCP
|
||
enum:
|
||
- value: In
|
||
description: In
|
||
- value: NotIn
|
||
description: NotIn
|
||
- value: Exists
|
||
description: Exists
|
||
- value: DoesNotExist
|
||
description: DoesNotExist
|
||
- variable: values
|
||
label: Values
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: value
|
||
label: ""
|
||
schema:
|
||
type: string
|
||
- variable: podSelector
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: matchExpressions
|
||
label: Match Expressions
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: expressionEntry
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: key
|
||
label: Key
|
||
schema:
|
||
type: string
|
||
- variable: operator
|
||
label: Operator
|
||
schema:
|
||
type: string
|
||
default: TCP
|
||
enum:
|
||
- value: In
|
||
description: In
|
||
- value: NotIn
|
||
description: NotIn
|
||
- value: Exists
|
||
description: Exists
|
||
- value: DoesNotExist
|
||
description: DoesNotExist
|
||
- variable: values
|
||
label: Values
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: value
|
||
label: ""
|
||
schema:
|
||
type: string
|
||
- variable: ports
|
||
label: Ports
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: portsEntry
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: port
|
||
label: Port
|
||
schema:
|
||
type: int
|
||
- variable: endPort
|
||
label: End Port
|
||
schema:
|
||
type: int
|
||
- variable: protocol
|
||
label: Protocol
|
||
schema:
|
||
type: string
|
||
default: TCP
|
||
enum:
|
||
- value: TCP
|
||
description: TCP
|
||
- value: UDP
|
||
description: UDP
|
||
- value: SCTP
|
||
description: SCTP
|
||
|
||
- variable: identity_providers
|
||
group: "Advanced"
|
||
label: "Authelia Identity Providers (BETA)"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: oidc
|
||
label: "OpenID Connect(BETA)"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: "Enabled"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: access_token_lifespan
|
||
label: "Access Token Lifespan"
|
||
schema:
|
||
type: string
|
||
default: "1h"
|
||
required: true
|
||
- variable: authorize_code_lifespan
|
||
label: "Authorize Code Lifespan"
|
||
schema:
|
||
type: string
|
||
default: "1m"
|
||
required: true
|
||
- variable: id_token_lifespan
|
||
label: "ID Token Lifespan"
|
||
schema:
|
||
type: string
|
||
default: "1h"
|
||
required: true
|
||
- variable: refresh_token_lifespan
|
||
label: "Refresh Token Lifespan"
|
||
schema:
|
||
type: string
|
||
default: "90m"
|
||
required: true
|
||
- variable: enable_client_debug_messages
|
||
label: "Enable Client Debug Messages"
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: clients
|
||
label: "Clients"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: clientEntry
|
||
label: "Client"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: id
|
||
label: "ID/Name"
|
||
description: "The ID is the OpenID Connect ClientID which is used to link an application to a configuration."
|
||
schema:
|
||
type: string
|
||
default: "myapp"
|
||
required: true
|
||
- variable: description
|
||
label: "Description"
|
||
description: "The description to show to users when they end up on the consent screen. Defaults to the ID above."
|
||
schema:
|
||
type: string
|
||
default: "My Application"
|
||
required: true
|
||
- variable: secret
|
||
label: "Secret"
|
||
description: "The client secret is a shared secret between Authelia and the consumer of this client."
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: public
|
||
label: "public"
|
||
description: "Sets the client to public. This should typically not be set, please see the documentation for usage."
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: authorization_policy
|
||
label: "Authorization Policy"
|
||
description: "The policy to require for this client; one_factor or two_factor."
|
||
schema:
|
||
type: string
|
||
default: "two_factor"
|
||
enum:
|
||
- value: "one_factor"
|
||
description: "one_factor"
|
||
- value: "two_factor"
|
||
description: "two_factor"
|
||
- variable: consent_mode
|
||
label: "Consent Mode"
|
||
description: |
|
||
Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or
|
||
implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.)
|
||
schema:
|
||
type: string
|
||
default: "auto"
|
||
enum:
|
||
- value: "auto"
|
||
description: "auto"
|
||
- value: "explicit"
|
||
description: "explicit"
|
||
- value: "implicit"
|
||
description: "implicit"
|
||
- variable: userinfo_signing_algorithm
|
||
label: "Userinfo Signing Algorithm"
|
||
description: "The algorithm used to sign userinfo endpoint responses for this client, either none or RS256."
|
||
schema:
|
||
type: string
|
||
default: "none"
|
||
enum:
|
||
- value: "none"
|
||
description: "none"
|
||
- value: "RS256"
|
||
description: "RS256"
|
||
- variable: audience
|
||
label: "Audience"
|
||
description: "Audience this client is allowed to request."
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: audienceEntry
|
||
label: ""
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: scopes
|
||
label: "Scopes"
|
||
description: "Scopes this client is allowed to request."
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: ScopeEntry
|
||
label: "Scope"
|
||
schema:
|
||
type: string
|
||
default: "openid"
|
||
required: true
|
||
- variable: redirect_uris
|
||
label: "redirect_uris"
|
||
description: "Redirect URI's specifies a list of valid case-sensitive callbacks for this client."
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: uriEntry
|
||
label: "Url"
|
||
schema:
|
||
type: string
|
||
default: "https://oidc.example.com/oauth2/callback"
|
||
required: true
|
||
- variable: grant_types
|
||
description: "Grant Types configures which grants this client can obtain."
|
||
label: "grant_types"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: grantEntry
|
||
label: "Grant"
|
||
schema:
|
||
type: string
|
||
default: "refresh_token"
|
||
required: true
|
||
- variable: response_types
|
||
description: "Response Types configures which responses this client can be sent."
|
||
label: "response_types"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: responseEntry
|
||
label: "type"
|
||
schema:
|
||
type: string
|
||
default: "code"
|
||
required: true
|
||
- variable: response_modes
|
||
description: "Response Modes configures which response modes this client supports."
|
||
label: "response_modes"
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: modeEntry
|
||
label: "Mode"
|
||
schema:
|
||
type: string
|
||
default: "form_post"
|
||
required: true
|
||
- variable: addons
|
||
group: Addons
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
|
||
- variable: codeserver
|
||
label: Codeserver
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enabled
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: service
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: type
|
||
label: Service Type
|
||
description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
|
||
schema:
|
||
type: string
|
||
default: LoadBalancer
|
||
enum:
|
||
- value: NodePort
|
||
description: Deprecated CHANGE THIS
|
||
- value: ClusterIP
|
||
description: ClusterIP
|
||
- value: LoadBalancer
|
||
description: LoadBalancer
|
||
- variable: loadBalancerIP
|
||
label: LoadBalancer IP
|
||
description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
|
||
schema:
|
||
show_if: [["type", "=", "LoadBalancer"]]
|
||
type: string
|
||
default: ""
|
||
- variable: ports
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: codeserver
|
||
label: ""
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: port
|
||
label: Port
|
||
schema:
|
||
type: int
|
||
default: 36107
|
||
- variable: ingress
|
||
label: "Ingress"
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enable Ingress
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: hosts
|
||
label: Hosts
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: hostEntry
|
||
label: Host
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: host
|
||
label: HostName
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: paths
|
||
label: Paths
|
||
schema:
|
||
type: list
|
||
default: [{path: "/", pathType: "Prefix"}]
|
||
items:
|
||
- variable: pathEntry
|
||
label: Host
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: path
|
||
label: Path
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: "/"
|
||
- variable: pathType
|
||
label: Path Type
|
||
schema:
|
||
type: string
|
||
required: true
|
||
default: Prefix
|
||
- variable: integrations
|
||
label: Integrations
|
||
description: Connect ingress with other charts
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: traefik
|
||
label: Traefik
|
||
description: Connect ingress with Traefik
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: enabled
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
- variable: allowCors
|
||
label: 'Allow Cross Origin Requests (advanced)'
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: entrypoints
|
||
label: Entrypoints
|
||
schema:
|
||
type: list
|
||
default: ["websecure"]
|
||
show_if: [["enabled", "=", true]]
|
||
items:
|
||
- variable: entrypoint
|
||
label: Entrypoint
|
||
schema:
|
||
type: string
|
||
- variable: middlewares
|
||
label: Middlewares
|
||
schema:
|
||
type: list
|
||
default: []
|
||
show_if: [["enabled", "=", true]]
|
||
items:
|
||
- variable: middleware
|
||
label: Middleware
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: name
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
- variable: namespace
|
||
label: 'namespace (optional)'
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: certManager
|
||
label: certManager
|
||
description: Connect ingress with certManager
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: enabled
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: certificateIssuer
|
||
label: certificateIssuer
|
||
description: defaults to chartname
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
show_if: [["enabled", "=", true]]
|
||
- variable: advanced
|
||
label: Show Advanced Settings
|
||
description: Advanced settings are not covered by TrueCharts Support
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: ingressClassName
|
||
label: (Advanced/Optional) IngressClass Name
|
||
schema:
|
||
type: string
|
||
show_if: [["advanced", "=", true]]
|
||
default: ""
|
||
- variable: tls
|
||
label: TLS-Settings
|
||
schema:
|
||
type: list
|
||
show_if: [["advanced", "=", true]]
|
||
default: []
|
||
items:
|
||
- variable: tlsEntry
|
||
label: Host
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: hosts
|
||
label: Certificate Hosts
|
||
schema:
|
||
type: list
|
||
default: []
|
||
items:
|
||
- variable: host
|
||
label: Host
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
required: true
|
||
|
||
- variable: certificateIssuer
|
||
label: Use Cert-Manager clusterIssuer
|
||
description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: clusterCertificate
|
||
label: 'Cluster Certificate (Advanced)'
|
||
description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
|
||
schema:
|
||
type: string
|
||
show_if: [["certificateIssuer", "=", ""]]
|
||
default: ""
|
||
- variable: secretName
|
||
label: 'Use Custom Certificate Secret (Advanced)'
|
||
schema:
|
||
show_if: [["certificateIssuer", "=", ""]]
|
||
type: string
|
||
default: ""
|
||
- variable: scaleCert
|
||
label: 'Use TrueNAS SCALE Certificate (Deprecated)'
|
||
schema:
|
||
show_if: [["certificateIssuer", "=", ""]]
|
||
type: int
|
||
$ref:
|
||
- "definitions/certificate"
|
||
- variable: envList
|
||
label: Codeserver Environment Variables
|
||
schema:
|
||
type: list
|
||
show_if: [["type", "!=", "disabled"]]
|
||
default: []
|
||
items:
|
||
- variable: envItem
|
||
label: Environment Variable
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: Name
|
||
schema:
|
||
type: string
|
||
required: true
|
||
- variable: value
|
||
label: Value
|
||
schema:
|
||
type: string
|
||
required: true
|
||
|
||
- variable: vpn
|
||
label: VPN
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: type
|
||
label: Type
|
||
schema:
|
||
type: string
|
||
default: disabled
|
||
enum:
|
||
- value: disabled
|
||
description: disabled
|
||
- value: gluetun
|
||
description: Gluetun
|
||
- value: tailscale
|
||
description: Tailscale
|
||
- value: openvpn
|
||
description: OpenVPN (Deprecated)
|
||
- value: wireguard
|
||
description: Wireguard (Deprecated)
|
||
- variable: openvpn
|
||
label: OpenVPN Settings
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
show_if: [["type", "=", "openvpn"]]
|
||
attrs:
|
||
- variable: username
|
||
label: Authentication Username (Optional)
|
||
description: Authentication Username, Optional
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: password
|
||
label: Authentication Password
|
||
description: Authentication Credentials
|
||
schema:
|
||
type: string
|
||
show_if: [["username", "!=", ""]]
|
||
default: ""
|
||
required: true
|
||
- variable: tailscale
|
||
label: Tailscale Settings
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
show_if: [["type", "=", "tailscale"]]
|
||
attrs:
|
||
- variable: authkey
|
||
label: Authentication Key
|
||
description: Provide an auth key to automatically authenticate the node as your user account.
|
||
schema:
|
||
type: string
|
||
private: true
|
||
default: ""
|
||
- variable: auth_once
|
||
label: Auth Once
|
||
description: Only attempt to log in if not already logged in.
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
- variable: accept_dns
|
||
label: Accept DNS
|
||
description: Accept DNS configuration from the admin console.
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: userspace
|
||
label: Userspace
|
||
description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
- variable: routes
|
||
label: Routes
|
||
description: Expose physical subnet routes to your entire Tailscale network.
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: dest_ip
|
||
label: Destination IP
|
||
description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: sock5_server
|
||
label: Sock5 Server
|
||
description: The address on which to listen for SOCKS5 proxying into the tailscale net.
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: outbound_http_proxy_listen
|
||
label: Outbound HTTP Proxy Listen
|
||
description: The address on which to listen for HTTP proxying into the tailscale net.
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: extra_args
|
||
label: Extra Args
|
||
description: Extra Args
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: daemon_extra_args
|
||
label: Tailscale Daemon Extra Args
|
||
description: Tailscale Daemon Extra Args
|
||
schema:
|
||
type: string
|
||
default: ""
|
||
- variable: killSwitch
|
||
label: Enable Killswitch
|
||
schema:
|
||
type: boolean
|
||
show_if: [["type", "!=", "disabled"]]
|
||
default: true
|
||
- variable: excludedNetworks_IPv4
|
||
label: Killswitch Excluded IPv4 networks
|
||
description: List of Killswitch Excluded IPv4 Addresses
|
||
schema:
|
||
type: list
|
||
show_if: [["type", "!=", "disabled"]]
|
||
default: []
|
||
items:
|
||
- variable: networkv4
|
||
label: IPv4 Network
|
||
schema:
|
||
type: string
|
||
required: true
|
||
- variable: excludedNetworks_IPv6
|
||
label: Killswitch Excluded IPv6 networks
|
||
description: "List of Killswitch Excluded IPv6 Addresses"
|
||
schema:
|
||
type: list
|
||
show_if: [["type", "!=", "disabled"]]
|
||
default: []
|
||
items:
|
||
- variable: networkv6
|
||
label: IPv6 Network
|
||
schema:
|
||
type: string
|
||
required: true
|
||
- variable: configFile
|
||
label: VPN Config File Location
|
||
schema:
|
||
type: string
|
||
show_if: [["type", "!=", "disabled"]]
|
||
default: ""
|
||
|
||
- variable: envList
|
||
label: VPN Environment Variables
|
||
schema:
|
||
type: list
|
||
show_if: [["type", "!=", "disabled"]]
|
||
default: []
|
||
items:
|
||
- variable: envItem
|
||
label: Environment Variable
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: Name
|
||
schema:
|
||
type: string
|
||
required: true
|
||
- variable: value
|
||
label: Value
|
||
schema:
|
||
type: string
|
||
required: true
|
||
max_length: 10240
|
||
|
||
- variable: netshoot
|
||
label: Netshoot
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: enabled
|
||
label: Enabled
|
||
schema:
|
||
type: boolean
|
||
default: false
|
||
show_subquestions_if: true
|
||
subquestions:
|
||
- variable: envList
|
||
label: Netshoot Environment Variables
|
||
schema:
|
||
type: list
|
||
show_if: [["type", "!=", "disabled"]]
|
||
default: []
|
||
items:
|
||
- variable: envItem
|
||
label: Environment Variable
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: name
|
||
label: Name
|
||
schema:
|
||
type: string
|
||
required: true
|
||
- variable: value
|
||
label: Value
|
||
schema:
|
||
type: string
|
||
required: true
|
||
|
||
- variable: docs
|
||
group: Documentation
|
||
label: Please read the documentation at https://truecharts.org
|
||
description: Please read the documentation at
|
||
<br /><a href="https://truecharts.org">https://truecharts.org</a>
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: confirmDocs
|
||
label: I have checked the documentation
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
- variable: donateNag
|
||
group: Documentation
|
||
label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
|
||
description: Please consider supporting TrueCharts, see
|
||
<br /><a href="https://truecharts.org/sponsor">https://truecharts.org/sponsor</a>
|
||
schema:
|
||
additional_attrs: true
|
||
type: dict
|
||
attrs:
|
||
- variable: confirmDonate
|
||
label: I have considered donating
|
||
schema:
|
||
type: boolean
|
||
default: true
|
||
hidden: true
|
||
|