4445 lines
194 KiB
YAML
4445 lines
194 KiB
YAML
|
groups:
|
|||
|
- name: Image
|
|||
|
description: |
|
|||
|
Configured the images to be used for the Chart.
|
|||
|
It's wise to use "digest pinned" tags and to avoid using "latest".
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/#images
|
|||
|
|
|||
|
|
|||
|
- name: General
|
|||
|
description: |
|
|||
|
For TrueNAS SCALE We've grouped a number of settings here, that all effact how apps run in general.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/global/
|
|||
|
- https://truecharts.org/common/#tz
|
|||
|
- https://truecharts.org/common/podoptions/
|
|||
|
- Image Pull Secrets
|
|||
|
|
|||
|
|
|||
|
- name: Workload
|
|||
|
description: |
|
|||
|
These settings configure how the actual Pods and containers are running.
|
|||
|
Generally, on SCALE, we only expose a limited subset of these settings for the primary workload and container.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/workload/
|
|||
|
- https://truecharts.org/common/container/
|
|||
|
|
|||
|
|
|||
|
- name: App Configuration
|
|||
|
description: |
|
|||
|
Every application has different values that may be required to run or have multiple options that the user may choose to enable or disable to change the behavior of the application.
|
|||
|
Most options should have a Tooltip (Circled Question Mark) to further describe said option.
|
|||
|
|
|||
|
To find more information, lookup your chart-specific documentation in the Charts List: https://truecharts.org/charts/description-list/
|
|||
|
|
|||
|
- name: Services
|
|||
|
description: |
|
|||
|
Service and Networking options for any applications are contained here.
|
|||
|
Some applications may have complicated networking setups with multiple options or some may have no options here at all.
|
|||
|
|
|||
|
Options here include the service and port configurations for the application, and more may be enabled or changed under the Advanced Settings and Show Expert Config boxes.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/service/
|
|||
|
|
|||
|
- name: Networking
|
|||
|
description: |
|
|||
|
Contains advanced networking options that are not actively supported by the TrueCharts team.
|
|||
|
Currently only contains scaleExternalInterfaces.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/scaleexternalinterface/
|
|||
|
|
|||
|
- name: Persistence
|
|||
|
description: |
|
|||
|
Many applications will have certain options for storage to be configurable by the user, the main two being PVC and hostpath but may include other types.
|
|||
|
This storage is called Persistence since it is not deleted upon restart or upgrade of an application.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/persistence/
|
|||
|
- https://truecharts.org/scale/guides/nfs-share/
|
|||
|
- https://truecharts.org/general/faq/#why-pvc-is-recommended-over-hostpath
|
|||
|
|
|||
|
|
|||
|
- name: Ingress
|
|||
|
description: |
|
|||
|
Ingress (more commonly known as Reverse Proxy) settings can be configured here. This is how Kubernetes connects your Applications in containers to FQDNs (fully qualified domain names).
|
|||
|
If you choose to enable this you must have a "Ingress Provider" aka "Reverse Proxy" installed (We highly advice Traefik: https://truecharts.org/charts/premium/traefik/)
|
|||
|
It also requiresa DNS service to actually resolve the DNS name of the FQDN specified.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/ingress/
|
|||
|
|
|||
|
|
|||
|
- name: SecurityContext
|
|||
|
description: |
|
|||
|
The security settings for each application and/or permissions that each application may have for the files/directories created.
|
|||
|
Each application will come with predefined permissions but users may want to change certain setting depending on their usage or capabilities.
|
|||
|
|
|||
|
Unless necessary users are advised to keep this section mostly to defaults.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/securitycontext/
|
|||
|
|
|||
|
|
|||
|
- name: Resources
|
|||
|
description: |
|
|||
|
Resources limits that have been defined by each application are in this section.
|
|||
|
Most will have a specific default that some users may want to change based on their specific hardware or needs.
|
|||
|
|
|||
|
This also contains the options to mount GPUs or, more precisely, "request" GPU's to be mounted.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/resources/
|
|||
|
|
|||
|
- name: Devices
|
|||
|
description: |
|
|||
|
These are special "mountpoints" that can be used to mount miscelanious USB and PCI devices using special hostPath mounts.
|
|||
|
For clearity we've decided to seperate this from persistence on SCALE.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/persistence/device/
|
|||
|
- https://truecharts.org/scale/guides/pci-passthrough/
|
|||
|
|
|||
|
- name: Middlewares
|
|||
|
description: Traefik Middlewares
|
|||
|
|
|||
|
- name: StorageClass
|
|||
|
description: |
|
|||
|
StorageClasses define where to storage Storage.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
|
|||
|
- name: Metrics
|
|||
|
description: |
|
|||
|
Contains options to configure Prometheus metrics for the application.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/metrics/
|
|||
|
|
|||
|
|
|||
|
- name: Addons
|
|||
|
description: |
|
|||
|
Addons that are supplied by the TrueCharts team to add additional capabilities for users to use on top of the application’s defaults.
|
|||
|
Things included here are VPN addons, Codeserver for editing files inside the application’s container, Netshoot for network troubelshooting, etc.
|
|||
|
|
|||
|
Generally not required for use but may be necessary or usefull at times for specific applications.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/addons/
|
|||
|
- https://truecharts.org/scale/guides/vpn-setup/
|
|||
|
|
|||
|
|
|||
|
- name: Experimental
|
|||
|
description: |
|
|||
|
Experimental Configuration Options
|
|||
|
Often these are not fully flushed-out, could randomly break or might not work at-all.
|
|||
|
|
|||
|
- name: Postgresql
|
|||
|
description: |
|
|||
|
For Postgresql we use "CloudNative-PG" as a backend, which has to be installed first.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/cnpg/
|
|||
|
- https://truecharts.org/scale/guides/sql-export/
|
|||
|
- https://truecharts.org/scale/guides/recover-cnpg/
|
|||
|
|
|||
|
- name: Dependencies
|
|||
|
description: |
|
|||
|
contains dependency setting for which we, currently, do not have seperate catagories (yet)
|
|||
|
|
|||
|
|
|||
|
- name: Documentation
|
|||
|
description: |
|
|||
|
We added this section to make everyone aware that OpenSource isn't always easy.
|
|||
|
It doesn't keep existing without signficant ongoing support, so please consider supporting TrueCharts and other OpenSource projects.
|
|||
|
|
|||
|
Before installing, be sure you've followed the https://truecharts.org/scale/guides/getting-started/
|
|||
|
We would also advice going over our https://truecharts.org/scale/guides/scale-intro/
|
|||
|
and many of the other documentation pages...
|
|||
|
|
|||
|
portals:
|
|||
|
open:
|
|||
|
protocols:
|
|||
|
- "$kubernetes-resource_configmap_tcportal-open_protocol"
|
|||
|
host:
|
|||
|
- "$kubernetes-resource_configmap_tcportal-open_host"
|
|||
|
ports:
|
|||
|
- "$kubernetes-resource_configmap_tcportal-open_port"
|
|||
|
|
|||
|
questions:
|
|||
|
- variable: global
|
|||
|
group: General
|
|||
|
label: "Global Settings"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: stopAll
|
|||
|
label: Stop All
|
|||
|
description: "Stops All Running pods and hibernates cnpg"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
|
|||
|
- variable: credentialsList
|
|||
|
group: General
|
|||
|
label: "Credentials (Experimental)"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: credentialsEntry
|
|||
|
label: "Enter Credentials"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
description: "Name"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: type
|
|||
|
label: Type
|
|||
|
description: "Type of Credential"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "s3"
|
|||
|
enum:
|
|||
|
- value: s3
|
|||
|
description: s3 Storage
|
|||
|
- variable: url
|
|||
|
label: "url"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: path
|
|||
|
label: "path"
|
|||
|
description: "Path Prefix not needed for most cases"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: bucket
|
|||
|
label: "bucket"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "s3"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: accessKey
|
|||
|
label: "accessKey"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "s3"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: secretKey
|
|||
|
label: "secretKey"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "s3"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: encrKey
|
|||
|
label: "encrKey"
|
|||
|
description: "The Encryption key is needed for tools like volsync if not needed it will be ignored"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "s3"]]
|
|||
|
type: string
|
|||
|
default: "MYSECRETPASSPHRASE"
|
|||
|
required: true
|
|||
|
|
|||
|
- variable: workload
|
|||
|
group: "Workload"
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: main
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
|
|||
|
- variable: type
|
|||
|
label: Type (Advanced)
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: Deployment
|
|||
|
enum:
|
|||
|
- value: Deployment
|
|||
|
description: Deployment
|
|||
|
- value: DaemonSet
|
|||
|
description: DaemonSet
|
|||
|
|
|||
|
- variable: replicas
|
|||
|
label: Replicas (Advanced)
|
|||
|
description: Set the number of Replicas
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
show_if: [["type", "!=", "DaemonSet"]]
|
|||
|
default: 2
|
|||
|
|
|||
|
- variable: podSpec
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: containers
|
|||
|
label: Containers
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
|
|||
|
- variable: main
|
|||
|
label: Main Container
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
|
|||
|
- variable: envList
|
|||
|
label: Extra Environment Variables
|
|||
|
description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: envItem
|
|||
|
label: Environment Variable
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: value
|
|||
|
label: Value
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: extraArgs
|
|||
|
label: Extra Args
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: arg
|
|||
|
label: Arg
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
|
|||
|
- variable: advanced
|
|||
|
label: Show Advanced Settings
|
|||
|
description: Advanced settings are not covered by TrueCharts Support
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: command
|
|||
|
label: Command
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: param
|
|||
|
label: Param
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
|
|||
|
- variable: TZ
|
|||
|
label: Timezone
|
|||
|
group: "General"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "Etc/UTC"
|
|||
|
$ref:
|
|||
|
- "definitions/timezone"
|
|||
|
|
|||
|
- variable: podOptions
|
|||
|
group: "General"
|
|||
|
label: "Global Pod Options (Advanced)"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: expertPodOpts
|
|||
|
label: "Expert - Pod Options"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: hostNetwork
|
|||
|
label: "Host Networking"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: dnsConfig
|
|||
|
label: "DNS Configuration"
|
|||
|
schema:
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: options
|
|||
|
label: "Options"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: [{"name": "ndots", "value": "1"}]
|
|||
|
items:
|
|||
|
- variable: optionsEntry
|
|||
|
label: "Option Entry"
|
|||
|
schema:
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: "Name"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
- variable: value
|
|||
|
label: "Value"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: nameservers
|
|||
|
label: "Nameservers"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: nsEntry
|
|||
|
label: "Nameserver Entry"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
- variable: searches
|
|||
|
label: "Searches"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: searchEntry
|
|||
|
label: "Search Entry"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
|
|||
|
- variable: imagePullSecretList
|
|||
|
group: "General"
|
|||
|
label: "Image Pull Secrets"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: pullsecretentry
|
|||
|
label: "Pull Secret"
|
|||
|
schema:
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: data
|
|||
|
label: Data
|
|||
|
schema:
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: registry
|
|||
|
label: "Registry"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: "https://index.docker.io/v1/"
|
|||
|
- variable: username
|
|||
|
label: "Username"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: password
|
|||
|
label: "Password"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
private: true
|
|||
|
default: ""
|
|||
|
- variable: email
|
|||
|
label: "Email"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
|
|||
|
- variable: domain
|
|||
|
group: "App Configuration"
|
|||
|
label: "Domain"
|
|||
|
description: "The highest domain level possible, for example: domain.com when using app.domain.com"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: default_redirection_url
|
|||
|
group: "App Configuration"
|
|||
|
label: "Default Redirection URL"
|
|||
|
description: "If user tries to authenticate without any referrer, this is used"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
valid_chars: '^https?:\/\/(.*)'
|
|||
|
- variable: theme
|
|||
|
group: "App Configuration"
|
|||
|
label: "Theme"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "auto"
|
|||
|
enum:
|
|||
|
- value: "auto"
|
|||
|
description: "auto"
|
|||
|
- value: "light"
|
|||
|
description: "light"
|
|||
|
- value: "grey"
|
|||
|
description: "grey"
|
|||
|
- value: "dark"
|
|||
|
description: "dark"
|
|||
|
- variable: log
|
|||
|
group: "App Configuration"
|
|||
|
label: "Log Configuration"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: level
|
|||
|
label: "Log Level"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "info"
|
|||
|
enum:
|
|||
|
- value: "info"
|
|||
|
description: "info"
|
|||
|
- value: "debug"
|
|||
|
description: "debug"
|
|||
|
- value: "trace"
|
|||
|
description: "trace"
|
|||
|
- variable: format
|
|||
|
label: "Log Format"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "text"
|
|||
|
enum:
|
|||
|
- value: "json"
|
|||
|
description: "json"
|
|||
|
- value: "text"
|
|||
|
description: "text"
|
|||
|
- variable: server
|
|||
|
group: "App Configuration"
|
|||
|
label: "Server Configuration"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: write_buffer_size
|
|||
|
label: "Write Buffer Size"
|
|||
|
description: "Configures the maximum response size. The default of 4096 is generally sufficient for most use cases."
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 4096
|
|||
|
- variable: read_buffer_size
|
|||
|
label: "Read Buffer Size"
|
|||
|
description: "Configures the maximum request size. The default of 4096 is generally sufficient for most use cases."
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 4096
|
|||
|
- variable: totp
|
|||
|
group: "App Configuration"
|
|||
|
label: "TOTP Configuration"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: issuer
|
|||
|
label: "Issuer"
|
|||
|
description: "The issuer name displayed in the Authenticator application of your choice"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: period
|
|||
|
label: "Period"
|
|||
|
description: "The period in seconds a one-time password is current for"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 30
|
|||
|
- variable: skew
|
|||
|
label: "skew"
|
|||
|
description: "Controls number of one-time passwords either side of the current one that are valid."
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 1
|
|||
|
- variable: password_policy
|
|||
|
group: "App Configuration"
|
|||
|
label: "Password Policy Configuration"
|
|||
|
description: "Authelia allows administrators to configure an enforced password policy. Choose one of Standard or zxcvbn and not both, refer to upstream docs for more info "
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: "Enable"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: standard
|
|||
|
label: Standard
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: min_length
|
|||
|
label: "Minimum Password Length"
|
|||
|
description: "Minimum Password Length"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
required: true
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
default: 8
|
|||
|
- variable: max_length
|
|||
|
label: "Max Passsword Length"
|
|||
|
description: "Max Password Length"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
required: true
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
default: 0
|
|||
|
- variable: require_uppercase
|
|||
|
label: "Require Upppercase"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
required: true
|
|||
|
- variable: require_lowercase
|
|||
|
label: "Require Lowercase"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
required: true
|
|||
|
- variable: require_number
|
|||
|
label: "Require Numbers"
|
|||
|
description: "Require Numbers in the password"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
required: true
|
|||
|
- variable: require_special
|
|||
|
label: "Require Special Characters"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: zxcvbn
|
|||
|
label: zxcvbn
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
required: true
|
|||
|
- variable: min_score
|
|||
|
label: "Min Score"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
required: true
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
default: 3
|
|||
|
- variable: duo_api
|
|||
|
group: "App Configuration"
|
|||
|
label: "DUO API Configuration"
|
|||
|
description: "Parameters used to contact the Duo API."
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: "Enable"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: hostname
|
|||
|
label: "Hostname"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: integration_key
|
|||
|
label: "integration_key"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: plain_api_key
|
|||
|
label: "plain_api_key"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: session
|
|||
|
group: "App Configuration"
|
|||
|
label: "Session Provider"
|
|||
|
description: "The session cookies identify the user once logged in."
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: "Cookie Name"
|
|||
|
description: |
|
|||
|
The name of the session cookie. By default this is set to authelia_session.
|
|||
|
It’s mostly useful to change this if you are doing development or running multiple instances of Authelia.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: "authelia_session"
|
|||
|
- variable: same_site
|
|||
|
label: "SameSite Value"
|
|||
|
description: |
|
|||
|
You can read about the SameSite cookie in detail on the MDN. In short setting SameSite to Lax is generally
|
|||
|
the most desirable option for Authelia. None is not recommended unless you absolutely know what you’re doing
|
|||
|
and trust all the protected apps. Strict is not going to work in many use cases and we have not tested it in
|
|||
|
this state but it’s available as an option anyway.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "lax"
|
|||
|
enum:
|
|||
|
- value: "lax"
|
|||
|
description: "lax"
|
|||
|
- value: "strict"
|
|||
|
description: "strict"
|
|||
|
- variable: expiration
|
|||
|
label: "Expiration Time"
|
|||
|
description: |
|
|||
|
The period of time before the cookie expires and the session is destroyed. This is overriden by
|
|||
|
remember_me_duration when the remember me box is checked.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "1h"
|
|||
|
required: true
|
|||
|
- variable: inactivity
|
|||
|
label: "Inactivity Time"
|
|||
|
description: |
|
|||
|
The period of time the user can be inactive for until the session is destroyed when the remember me box is
|
|||
|
not checked or is otherwise disabled. Useful if you want long session timers but don’t want unused devices to be vulnerable.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "5m"
|
|||
|
required: true
|
|||
|
- variable: remember_me_duration
|
|||
|
label: "Remember-Me duration"
|
|||
|
description: |
|
|||
|
The period of time before the cookie expires and the session is destroyed when the remember me box is checked, a user
|
|||
|
selecting this option negates the inactivity timeout. Setting this to -1 disables this feature entirely.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "5M"
|
|||
|
required: true
|
|||
|
- variable: regulation
|
|||
|
group: "App Configuration"
|
|||
|
label: "Regulation Configuration"
|
|||
|
description: "This mechanism prevents attackers from brute forcing the first factor."
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: max_retries
|
|||
|
label: "Maximum Retries"
|
|||
|
description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation."
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 3
|
|||
|
- variable: find_time
|
|||
|
label: "Find Time"
|
|||
|
description: |
|
|||
|
The period of time analyzed for failed attempts. For example if you set max_retries to 3 and find_time to
|
|||
|
2m this means the user must have 3 failed logins in 2 minutes.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "2m"
|
|||
|
required: true
|
|||
|
- variable: ban_time
|
|||
|
label: "Ban Duration"
|
|||
|
description: |
|
|||
|
The period of time the user is banned for after meeting the max_retries and find_time configuration.
|
|||
|
After this duration the account will be able to login again.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "5m"
|
|||
|
required: true
|
|||
|
- variable: authentication_backend
|
|||
|
group: "App Configuration"
|
|||
|
label: "Authentication Backend Provider"
|
|||
|
description: |
|
|||
|
Used for verifying user passwords and retrieve information such as email
|
|||
|
address and groups users belong to.
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: disable_reset_password
|
|||
|
label: "Disable Reset Password"
|
|||
|
description: "Disable both the HTML element and the API for reset password functionality"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: refresh_interval
|
|||
|
label: "Reset Interval"
|
|||
|
description: "The amount of time to wait before we refresh data from the authentication backend"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "5m"
|
|||
|
required: true
|
|||
|
- variable: ldap
|
|||
|
label: "LDAP backend configuration"
|
|||
|
description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: "Enable"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: implementation
|
|||
|
label: "Implementation"
|
|||
|
description: "The LDAP implementation, this affects elements like the attribute utilized for resetting a password"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "custom"
|
|||
|
enum:
|
|||
|
- value: "activedirectory"
|
|||
|
description: "Active Directory"
|
|||
|
- value: "custom"
|
|||
|
description: "Custom"
|
|||
|
- variable: url
|
|||
|
label: "URL"
|
|||
|
description: "The url to the ldap server. Format: <scheme>://<address>[:<port>]"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "ldap://openldap.default.svc.cluster.local"
|
|||
|
required: true
|
|||
|
- variable: timeout
|
|||
|
label: "Connection Timeout"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "5s"
|
|||
|
required: true
|
|||
|
- variable: start_tls
|
|||
|
label: "Start TLS"
|
|||
|
description: "Use StartTLS with the LDAP connection"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: tls
|
|||
|
label: "TLS Settings"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: server_name
|
|||
|
label: "Server Name"
|
|||
|
description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: skip_verify
|
|||
|
label: "Skip Certificate Verification"
|
|||
|
description: "Skip verifying the server certificate (to allow a self-signed certificate)"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: minimum_version
|
|||
|
label: "Minimum TLS version"
|
|||
|
description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "TLS1.2"
|
|||
|
enum:
|
|||
|
- value: "TLS1.0"
|
|||
|
description: "TLS1.0"
|
|||
|
- value: "TLS1.1"
|
|||
|
description: "TLS1.1"
|
|||
|
- value: "TLS1.2"
|
|||
|
description: "TLS1.2"
|
|||
|
- value: "TLS1.3"
|
|||
|
description: "TLS1.3"
|
|||
|
- variable: base_dn
|
|||
|
label: "Base DN"
|
|||
|
description: "The base dn for every LDAP query."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "DC=example,DC=com"
|
|||
|
required: true
|
|||
|
- variable: username_attribute
|
|||
|
label: "Username Attribute"
|
|||
|
description: "The attribute holding the username of the user"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "uid"
|
|||
|
required: true
|
|||
|
- variable: additional_users_dn
|
|||
|
label: "Additional Users DN"
|
|||
|
description: "An additional dn to define the scope to all users."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "OU=people"
|
|||
|
required: true
|
|||
|
- variable: users_filter
|
|||
|
label: "Users Filter"
|
|||
|
description: "The groups filter used in search queries to find the groups of the user."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: additional_groups_dn
|
|||
|
label: "Additional Groups DN"
|
|||
|
description: "An additional dn to define the scope of groups."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "OU=Groups"
|
|||
|
required: true
|
|||
|
- variable: groups_filter
|
|||
|
label: "Groups Filter"
|
|||
|
description: "The groups filter used in search queries to find the groups of the user."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: group_name_attribute
|
|||
|
label: "Group name Attribute"
|
|||
|
description: "The attribute holding the name of the group"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "cn"
|
|||
|
required: true
|
|||
|
- variable: mail_attribute
|
|||
|
label: "Mail Attribute"
|
|||
|
description: "The attribute holding the primary mail address of the user"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "mail"
|
|||
|
required: true
|
|||
|
- variable: display_name_attribute
|
|||
|
label: "Display Name Attribute"
|
|||
|
description: "he attribute holding the display name of the user. This will be used to greet an authenticated user."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "displayName"
|
|||
|
- variable: user
|
|||
|
label: "Admin User"
|
|||
|
description: "The username of the admin user used to connect to LDAP."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "CN=admin,ou=people,DC=example,DC=com"
|
|||
|
required: true
|
|||
|
- variable: plain_password
|
|||
|
label: "Password"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: file
|
|||
|
label: "File backend configuration"
|
|||
|
description: "With this backend, the users database is stored in a file which is updated when users reset their passwords."
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: "Enable"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: path
|
|||
|
label: "Path"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "/config/users_database.yml"
|
|||
|
required: true
|
|||
|
- variable: password
|
|||
|
label: "Password Settings"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: algorithm
|
|||
|
label: "Algorithm"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "argon2id"
|
|||
|
enum:
|
|||
|
- value: "argon2id"
|
|||
|
description: "argon2id"
|
|||
|
- value: "sha512"
|
|||
|
description: "sha512"
|
|||
|
- variable: iterations
|
|||
|
label: "Iterations"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 1
|
|||
|
required: true
|
|||
|
- variable: key_length
|
|||
|
label: "Key Length"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 32
|
|||
|
required: true
|
|||
|
- variable: salt_length
|
|||
|
label: "Salt Length"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 16
|
|||
|
required: true
|
|||
|
- variable: memory
|
|||
|
label: "Memory"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 1024
|
|||
|
required: true
|
|||
|
- variable: parallelism
|
|||
|
label: "Parallelism"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 8
|
|||
|
required: true
|
|||
|
- variable: notifier
|
|||
|
group: "App Configuration"
|
|||
|
label: "Notifier Configuration"
|
|||
|
description: "Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration."
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: disable_startup_check
|
|||
|
label: "Disable Startup Check"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: filesystem
|
|||
|
label: "Filesystem Provider"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: "Enable"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: filename
|
|||
|
label: "File Path"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "/config/notification.txt"
|
|||
|
required: true
|
|||
|
- variable: smtp
|
|||
|
label: "SMTP Provider"
|
|||
|
description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate."
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: "Enable"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: host
|
|||
|
label: "Host"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "smtp.mail.svc.cluster.local"
|
|||
|
required: true
|
|||
|
- variable: port
|
|||
|
label: "Port"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 25
|
|||
|
required: true
|
|||
|
- variable: timeout
|
|||
|
label: "Timeout"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "5s"
|
|||
|
required: true
|
|||
|
- variable: username
|
|||
|
label: "Username"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: plain_password
|
|||
|
label: "Password"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: sender
|
|||
|
label: "Sender"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: identifier
|
|||
|
label: "Identifier"
|
|||
|
description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "localhost"
|
|||
|
required: true
|
|||
|
- variable: subject
|
|||
|
label: "Subject"
|
|||
|
description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "[Authelia] {title}"
|
|||
|
required: true
|
|||
|
- variable: startup_check_address
|
|||
|
label: "Startup Check Address"
|
|||
|
description: "This address is used during the startup check to verify the email configuration is correct."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "test@authelia.com"
|
|||
|
required: true
|
|||
|
- variable: disable_require_tls
|
|||
|
label: "Disable Require TLS"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: disable_html_emails
|
|||
|
label: "Disable HTML emails"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: tls
|
|||
|
label: "TLS Settings"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: server_name
|
|||
|
label: "Server Name"
|
|||
|
description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: skip_verify
|
|||
|
label: "Skip Certificate Verification"
|
|||
|
description: "Skip verifying the server certificate (to allow a self-signed certificate)"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: minimum_version
|
|||
|
label: "Minimum TLS version"
|
|||
|
description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "TLS1.2"
|
|||
|
enum:
|
|||
|
- value: "TLS1.0"
|
|||
|
description: "TLS1.0"
|
|||
|
- value: "TLS1.1"
|
|||
|
description: "TLS1.1"
|
|||
|
- value: "TLS1.2"
|
|||
|
description: "TLS1.2"
|
|||
|
- value: "TLS1.3"
|
|||
|
description: "TLS1.3"
|
|||
|
- variable: access_control
|
|||
|
group: "App Configuration"
|
|||
|
label: "Access Control Configuration"
|
|||
|
description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users."
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: default_policy
|
|||
|
label: "Default Policy"
|
|||
|
description: |
|
|||
|
The default policy defines the policy applied if no rules section apply to the information known about the request.
|
|||
|
It is recommended that this is configured to deny for security reasons. Sites which you do not wish to secure at all
|
|||
|
with Authelia should not be configured in your reverse proxy to perform authentication with Authelia at all for performance reasons.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "deny"
|
|||
|
enum:
|
|||
|
- value: "bypass"
|
|||
|
description: "bypass"
|
|||
|
- value: "one_factor"
|
|||
|
description: "one_factor"
|
|||
|
- value: "two_factor"
|
|||
|
description: "two_factor"
|
|||
|
- value: "deny"
|
|||
|
description: "deny"
|
|||
|
- variable: networks_access_control
|
|||
|
label: "Networks"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: networkItem
|
|||
|
label: "Network Item"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: "Name"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: networks
|
|||
|
label: "Networks"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: network
|
|||
|
label: "network"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: rules
|
|||
|
label: "Rules"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: rulesItem
|
|||
|
label: "Rule"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: domain
|
|||
|
label: "Domains"
|
|||
|
description: "Defines which domain or set of domains the rule applies to."
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: domainEntry
|
|||
|
label: "Domain"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: domain_regex
|
|||
|
label: "Domains RegEx"
|
|||
|
description: "defines which domain or set of domains the rule applies to using regular expressions."
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: domainRegexEntry
|
|||
|
label: "Domain RegEx"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: policy
|
|||
|
label: "Policy"
|
|||
|
description: |
|
|||
|
The specific policy to apply to the selected rule. This is not criteria for a match, this is the
|
|||
|
action to take when a match is made.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "two_factor"
|
|||
|
enum:
|
|||
|
- value: "bypass"
|
|||
|
description: "bypass"
|
|||
|
- value: "one_factor"
|
|||
|
description: "one_factor"
|
|||
|
- value: "two_factor"
|
|||
|
description: "two_factor"
|
|||
|
- value: "deny"
|
|||
|
description: "deny"
|
|||
|
- variable: subject
|
|||
|
label: "Subject"
|
|||
|
description: |
|
|||
|
This criteria matches identifying characteristics about the subject. Currently this is either
|
|||
|
user or groups the user belongs to. This allows you to effectively control exactly what each user is
|
|||
|
authorized to access or to specifically require two-factor authentication to specific users. Subjects
|
|||
|
are prefixed with either user: or group: to identify which part of the identity to check.
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: subjectitem
|
|||
|
label: "Subject"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: networks
|
|||
|
label: "Networks"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: network
|
|||
|
label: "Network"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: resources
|
|||
|
label: "Resources"
|
|||
|
description: "is a list of regular expressions that matches a set of resources to apply the policy to"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: resource
|
|||
|
label: "Resource"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: service
|
|||
|
group: Services
|
|||
|
label: Configure Service(s)
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
|
|||
|
- variable: main
|
|||
|
label: "Main Service"
|
|||
|
description: "The Primary service on which the healthcheck runs, often the webUI"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable the Service
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
hidden: true
|
|||
|
- variable: type
|
|||
|
label: Service Type
|
|||
|
description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: LoadBalancer
|
|||
|
enum:
|
|||
|
- value: LoadBalancer
|
|||
|
description: LoadBalancer (Expose Ports)
|
|||
|
- value: ClusterIP
|
|||
|
description: ClusterIP (Do Not Expose Ports)
|
|||
|
|
|||
|
- variable: loadBalancerIP
|
|||
|
label: LoadBalancer IP
|
|||
|
description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "LoadBalancer"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: ports
|
|||
|
label: "Service's Port(s) Configuration"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
|
|||
|
- variable: main
|
|||
|
label: "Main Service Port Configuration"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: port
|
|||
|
label: "Port"
|
|||
|
description: "This port exposes the container port on the service"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 9091
|
|||
|
required: true
|
|||
|
- variable: scaleExternalInterface
|
|||
|
description: 'Add External Interfaces (Experimental, might change or be removed without further notice)'
|
|||
|
label: Add external Interfaces (Experimental)
|
|||
|
group: Networking
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
items:
|
|||
|
- variable: interfaceConfiguration
|
|||
|
description: Interface Configuration
|
|||
|
label: Interface Configuration
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
$ref:
|
|||
|
- "normalize/interfaceConfiguration"
|
|||
|
attrs:
|
|||
|
- variable: hostInterface
|
|||
|
description: Please Specify Host Interface
|
|||
|
label: Host Interface
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
$ref:
|
|||
|
- "definitions/interface"
|
|||
|
- variable: ipam
|
|||
|
description: Define how IP Address will be managed
|
|||
|
label: IP Address Management
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
required: true
|
|||
|
attrs:
|
|||
|
- variable: type
|
|||
|
description: Specify type for IPAM
|
|||
|
label: IPAM Type
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
enum:
|
|||
|
- value: dhcp
|
|||
|
description: Use DHCP
|
|||
|
- value: static
|
|||
|
description: Use Static IP
|
|||
|
- variable: staticIPConfigurations
|
|||
|
label: Static IP Addresses
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
show_if: [["type", "=", "static"]]
|
|||
|
items:
|
|||
|
- variable: staticIP
|
|||
|
label: Static IP
|
|||
|
schema:
|
|||
|
type: ipaddr
|
|||
|
cidr: true
|
|||
|
- variable: staticRoutes
|
|||
|
label: Static Routes
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
show_if: [["type", "=", "static"]]
|
|||
|
items:
|
|||
|
- variable: staticRouteConfiguration
|
|||
|
label: Static Route Configuration
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: destination
|
|||
|
label: Destination
|
|||
|
schema:
|
|||
|
type: ipaddr
|
|||
|
cidr: true
|
|||
|
required: true
|
|||
|
- variable: gateway
|
|||
|
label: Gateway
|
|||
|
schema:
|
|||
|
type: ipaddr
|
|||
|
cidr: false
|
|||
|
required: true
|
|||
|
|
|||
|
|
|||
|
- variable: serviceList
|
|||
|
label: Add Manual Custom Services
|
|||
|
group: Services
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: serviceListEntry
|
|||
|
label: Custom Service
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable the service
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
hidden: true
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: type
|
|||
|
label: Service Type
|
|||
|
description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: LoadBalancer
|
|||
|
enum:
|
|||
|
- value: LoadBalancer
|
|||
|
description: LoadBalancer (Expose Ports)
|
|||
|
- value: ClusterIP
|
|||
|
description: ClusterIP (Do Not Expose Ports)
|
|||
|
- value: Simple
|
|||
|
description: Deprecated CHANGE THIS
|
|||
|
- variable: loadBalancerIP
|
|||
|
label: LoadBalancer IP
|
|||
|
description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "LoadBalancer"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: advancedsvcset
|
|||
|
label: Show Advanced Service Settings
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: externalIPs
|
|||
|
label: "External IP's"
|
|||
|
description: "External IP's"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: externalIP
|
|||
|
label: External IP
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: ipFamilyPolicy
|
|||
|
label: IP Family Policy
|
|||
|
description: Specify the IP Policy
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: SingleStack
|
|||
|
enum:
|
|||
|
- value: SingleStack
|
|||
|
description: SingleStack
|
|||
|
- value: PreferDualStack
|
|||
|
description: PreferDualStack
|
|||
|
- value: RequireDualStack
|
|||
|
description: RequireDualStack
|
|||
|
- variable: ipFamilies
|
|||
|
label: IP Families
|
|||
|
description: (Advanced) The IP Families that should be used
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: ipFamily
|
|||
|
label: IP Family
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: portsList
|
|||
|
label: Additional Service Ports
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: portsListEntry
|
|||
|
label: Custom ports
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable the Port
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
hidden: true
|
|||
|
- variable: name
|
|||
|
label: Port Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: protocol
|
|||
|
label: Port Type
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: tcp
|
|||
|
enum:
|
|||
|
- value: http
|
|||
|
description: HTTP
|
|||
|
- value: https
|
|||
|
description: HTTPS
|
|||
|
- value: tcp
|
|||
|
description: TCP
|
|||
|
- value: udp
|
|||
|
description: UDP
|
|||
|
- variable: targetPort
|
|||
|
label: Target Port
|
|||
|
description: This port exposes the container port on the service
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
required: true
|
|||
|
- variable: port
|
|||
|
label: Container Port
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
required: true
|
|||
|
|
|||
|
- variable: persistence
|
|||
|
label: Integrated Persistent Storage
|
|||
|
description: Integrated Persistent Storage
|
|||
|
group: Persistence
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
|
|||
|
- variable: config
|
|||
|
label: "App Config Storage"
|
|||
|
description: "Stores the Application Configuration."
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: type
|
|||
|
label: Type of Storage
|
|||
|
description: Sets the persistence type, Anything other than PVC could break rollback!
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: pvc
|
|||
|
enum:
|
|||
|
- value: pvc
|
|||
|
description: PVC
|
|||
|
- value: hostPath
|
|||
|
description: Host Path
|
|||
|
- value: emptyDir
|
|||
|
description: emptyDir
|
|||
|
- value: nfs
|
|||
|
description: NFS Share
|
|||
|
- value: iscsi
|
|||
|
description: iSCSI Share
|
|||
|
- variable: server
|
|||
|
label: NFS Server
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "nfs"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: path
|
|||
|
label: Path on NFS Server
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "nfs"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: iscsi
|
|||
|
label: iSCSI Options
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "iscsi"]]
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: targetPortal
|
|||
|
label: targetPortal
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: iqn
|
|||
|
label: iqn
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: lun
|
|||
|
label: lun
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 0
|
|||
|
- variable: authSession
|
|||
|
label: authSession
|
|||
|
schema:
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: username
|
|||
|
label: username
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: password
|
|||
|
label: password
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: usernameInitiator
|
|||
|
label: usernameInitiator
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: passwordInitiator
|
|||
|
label: passwordInitiator
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: authDiscovery
|
|||
|
label: authDiscovery
|
|||
|
schema:
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: username
|
|||
|
label: username
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: password
|
|||
|
label: password
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: usernameInitiator
|
|||
|
label: usernameInitiator
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: passwordInitiator
|
|||
|
label: passwordInitiator
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
|
|||
|
- variable: autoPermissions
|
|||
|
label: Automatic Permissions Configuration
|
|||
|
description: Automatically set permissions
|
|||
|
schema:
|
|||
|
show_if: [["type", "!=", "pvc"]]
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: chown
|
|||
|
label: Run CHOWN
|
|||
|
description: |
|
|||
|
It will run CHOWN on the path with the given fsGroup
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: chmod
|
|||
|
label: Run CHMOD
|
|||
|
description: |
|
|||
|
It will run CHMOD on the path with the given value</br>
|
|||
|
Format should be 3 digits, e.g. 770
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
valid_chars: '[0-9]{3}'
|
|||
|
default: ""
|
|||
|
- variable: recursive
|
|||
|
label: Recursive
|
|||
|
description: |
|
|||
|
It will run CHOWN and CHMOD recursively
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: readOnly
|
|||
|
label: Read Only
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: hostPath
|
|||
|
label: Host Path
|
|||
|
description: Path inside the container the storage is mounted
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "hostPath"]]
|
|||
|
type: hostpath
|
|||
|
- variable: medium
|
|||
|
label: EmptyDir Medium
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "emptyDir"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
enum:
|
|||
|
- value: ""
|
|||
|
description: Default
|
|||
|
- value: Memory
|
|||
|
description: Memory
|
|||
|
- variable: size
|
|||
|
label: Size quotum of Storage (Do NOT REDUCE after installation)
|
|||
|
description: This value can ONLY be INCREASED after the installation
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "pvc"]]
|
|||
|
type: string
|
|||
|
default: 256Gi
|
|||
|
- variable: storageClass
|
|||
|
label: 'storageClass (Advanced)'
|
|||
|
description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "pvc"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: volsync
|
|||
|
label: 'VolSync (Experimental)'
|
|||
|
description: Backup, Restore and Synchronise PVC storage
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "pvc"]]
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: VolSyncEntry
|
|||
|
label: VolSync Configuration
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
description: "Name of backup configuration"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: type
|
|||
|
label: Type VolSync/Backup
|
|||
|
description: Sets the VolSync Type
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "restic"
|
|||
|
enum:
|
|||
|
- value: restic
|
|||
|
description: Restic
|
|||
|
- variable: credentials
|
|||
|
label: Credentials
|
|||
|
description: "Name of credentials in the credentials section"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: dest
|
|||
|
label: VolSync Destination (Restore)
|
|||
|
description: VolSYnc Destination is the location where data is the reciever and configures recovery of backups
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: src
|
|||
|
label: VolSync Source (Backup)
|
|||
|
description: VolSYnc Source is the location where data is the sender and creates backups to storage
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: static
|
|||
|
label: 'Static Fixed PVC Bindings (Experimental)'
|
|||
|
description: Link a PVC to a specific storage location
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "pvc"]]
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: mode
|
|||
|
label: mode
|
|||
|
description: |
|
|||
|
disabled: use normal dynamic PVCs
|
|||
|
smb: connect to an SMB share
|
|||
|
nfs: connect to an NFS share
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "disabled"
|
|||
|
enum:
|
|||
|
- value: disabled
|
|||
|
description: disabled
|
|||
|
- value: smb
|
|||
|
description: smb
|
|||
|
- value: nfs
|
|||
|
description: nfs
|
|||
|
- variable: server
|
|||
|
label: Server
|
|||
|
description: server to connect to
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["mode", "!=", "disabled"]]
|
|||
|
default: "myserver"
|
|||
|
- variable: share
|
|||
|
label: Share
|
|||
|
description: share to connect to
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["mode", "!=", "disabled"]]
|
|||
|
default: "/myshare"
|
|||
|
- variable: user
|
|||
|
label: User
|
|||
|
description: connecting user
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["mode", "=", "smb"]]
|
|||
|
default: "myuser"
|
|||
|
- variable: domain
|
|||
|
label: Domain
|
|||
|
description: user domain
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["mode", "=", "smb"]]
|
|||
|
default: ""
|
|||
|
- variable: password
|
|||
|
label: Password
|
|||
|
description: connecting password
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["mode", "=", "smb"]]
|
|||
|
default: ""
|
|||
|
- variable: volumeSnapshots
|
|||
|
label: 'Volume Snapshots (Experimental)'
|
|||
|
description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "pvc"]]
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: volumeSnapshotEntry
|
|||
|
label: Custom volumeSnapshot
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "mysnapshot"
|
|||
|
required: true
|
|||
|
- variable: volumeSnapshotClassName
|
|||
|
label: 'volumeSnapshot Class Name (Advanced)'
|
|||
|
description: For use with PVCs using a non-default storageClass
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
|
|||
|
- variable: persistenceList
|
|||
|
label: Additional App Storage
|
|||
|
group: Persistence
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: persistenceListEntry
|
|||
|
label: Custom Storage
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable the storage
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
hidden: true
|
|||
|
- variable: type
|
|||
|
label: Type of Storage
|
|||
|
description: Sets the persistence type, Anything other than PVC could break rollback!
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: hostPath
|
|||
|
enum:
|
|||
|
- value: pvc
|
|||
|
description: PVC
|
|||
|
- value: hostPath
|
|||
|
description: Host Path
|
|||
|
- value: emptyDir
|
|||
|
description: emptyDir
|
|||
|
- value: nfs
|
|||
|
description: NFS Share
|
|||
|
- variable: server
|
|||
|
label: NFS Server
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "nfs"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: path
|
|||
|
label: Path on NFS Server
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "nfs"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: iscsi
|
|||
|
label: iSCSI Options
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "iscsi"]]
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: targetPortal
|
|||
|
label: targetPortal
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: iqn
|
|||
|
label: iqn
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: lun
|
|||
|
label: lun
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 0
|
|||
|
- variable: authSession
|
|||
|
label: authSession
|
|||
|
schema:
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: username
|
|||
|
label: username
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: password
|
|||
|
label: password
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: usernameInitiator
|
|||
|
label: usernameInitiator
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: passwordInitiator
|
|||
|
label: passwordInitiator
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: authDiscovery
|
|||
|
label: authDiscovery
|
|||
|
schema:
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: username
|
|||
|
label: username
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: password
|
|||
|
label: password
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: usernameInitiator
|
|||
|
label: usernameInitiator
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: passwordInitiator
|
|||
|
label: passwordInitiator
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: autoPermissions
|
|||
|
label: Automatic Permissions Configuration
|
|||
|
description: Automatically set permissions
|
|||
|
schema:
|
|||
|
show_if: [["type", "!=", "pvc"]]
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: chown
|
|||
|
label: Run CHOWN
|
|||
|
description: |
|
|||
|
It will run CHOWN on the path with the given fsGroup
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: chmod
|
|||
|
label: Run CHMOD
|
|||
|
description: |
|
|||
|
It will run CHMOD on the path with the given value</br>
|
|||
|
Format should be 3 digits, e.g. 770
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
valid_chars: '[0-9]{3}'
|
|||
|
default: ""
|
|||
|
- variable: recursive
|
|||
|
label: Recursive
|
|||
|
description: |
|
|||
|
It will run CHOWN and CHMOD recursively
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: readOnly
|
|||
|
label: Read Only
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: hostPath
|
|||
|
label: Host Path
|
|||
|
description: Path inside the container the storage is mounted
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "hostPath"]]
|
|||
|
type: hostpath
|
|||
|
- variable: mountPath
|
|||
|
label: Mount Path
|
|||
|
description: Path inside the container the storage is mounted
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
|
|||
|
- variable: medium
|
|||
|
label: EmptyDir Medium
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "emptyDir"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
enum:
|
|||
|
- value: ""
|
|||
|
description: Default
|
|||
|
- value: Memory
|
|||
|
description: Memory
|
|||
|
- variable: size
|
|||
|
label: Size Quotum of Storage
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "pvc"]]
|
|||
|
type: string
|
|||
|
default: 256Gi
|
|||
|
- variable: storageClass
|
|||
|
label: 'storageClass (Advanced)'
|
|||
|
description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "pvc"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: volsync
|
|||
|
label: 'VolSync (Experimental)'
|
|||
|
description: Backup, Restore and Synchronise PVC storage
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "pvc"]]
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: VolSyncEntry
|
|||
|
label: VolSync Configuration
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
description: "Name of backup configuration"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: type
|
|||
|
label: Type VolSync/Backup
|
|||
|
description: Sets the VolSync Type
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "restic"
|
|||
|
enum:
|
|||
|
- value: restic
|
|||
|
description: Restic
|
|||
|
- variable: credentials
|
|||
|
label: Credentials
|
|||
|
description: "Name of credentials in the credentials section"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: dest
|
|||
|
label: VolSync Destination (Restore)
|
|||
|
description: VolSYnc Destination is the location where data is the reciever and configures recovery of backups
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: src
|
|||
|
label: VolSync Source (Backup)
|
|||
|
description: VolSYnc Source is the location where data is the sender and creates backups to storage
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: static
|
|||
|
label: 'Static Fixed PVC Bindings (Experimental)'
|
|||
|
description: Link a PVC to a specific storage location
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "pvc"]]
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: mode
|
|||
|
label: mode
|
|||
|
description: |
|
|||
|
disabled: use normal dynamic PVCs
|
|||
|
smb: connect to an SMB share
|
|||
|
nfs: connect to an NFS share
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "disabled"
|
|||
|
enum:
|
|||
|
- value: "disabled"
|
|||
|
description: disabled
|
|||
|
- value: smb
|
|||
|
description: smb
|
|||
|
- value: nfs
|
|||
|
description: nfs
|
|||
|
- variable: server
|
|||
|
label: Server
|
|||
|
description: server to connect to
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["mode", "!=", "disabled"]]
|
|||
|
default: "myserver"
|
|||
|
- variable: share
|
|||
|
label: Share
|
|||
|
description: share to connect to
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["mode", "!=", "disabled"]]
|
|||
|
default: "/myshare"
|
|||
|
- variable: user
|
|||
|
label: User
|
|||
|
description: connecting user
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["mode", "=", "smb"]]
|
|||
|
default: "myuser"
|
|||
|
- variable: domain
|
|||
|
label: Domain
|
|||
|
description: user domain
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["mode", "=", "smb"]]
|
|||
|
default: ""
|
|||
|
- variable: password
|
|||
|
label: Password
|
|||
|
description: connecting password
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["mode", "=", "smb"]]
|
|||
|
default: ""
|
|||
|
- variable: volumeSnapshots
|
|||
|
label: 'Volume Snapshots (Experimental)'
|
|||
|
description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "pvc"]]
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: volumeSnapshotEntry
|
|||
|
label: Custom volumeSnapshot
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "mysnapshot"
|
|||
|
required: true
|
|||
|
- variable: volumeSnapshotClassName
|
|||
|
label: 'volumeSnapshot Class Name (Advanced)'
|
|||
|
description: For use with PVCs using a non-default storageClass
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
|
|||
|
- variable: ingress
|
|||
|
label: ""
|
|||
|
group: Ingress
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
|
|||
|
- variable: main
|
|||
|
label: "Main Ingress"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable Ingress
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: hosts
|
|||
|
label: Hosts
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: hostEntry
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: host
|
|||
|
label: HostName
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: paths
|
|||
|
label: Paths
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: [{path: "/", pathType: "Prefix"}]
|
|||
|
items:
|
|||
|
- variable: pathEntry
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: path
|
|||
|
label: Path
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: "/"
|
|||
|
- variable: pathType
|
|||
|
label: Path Type
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: Prefix
|
|||
|
|
|||
|
- variable: integrations
|
|||
|
label: Integrations
|
|||
|
description: Connect ingress with other charts
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: traefik
|
|||
|
label: Traefik
|
|||
|
description: Connect ingress with Traefik
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: allowCors
|
|||
|
label: 'Allow Cross Origin Requests (advanced)'
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: entrypoints
|
|||
|
label: Entrypoints
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: ["websecure"]
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
items:
|
|||
|
- variable: entrypoint
|
|||
|
label: Entrypoint
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: middlewares
|
|||
|
label: Middlewares
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
items:
|
|||
|
- variable: middleware
|
|||
|
label: Middleware
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: namespace
|
|||
|
label: 'namespace (optional)'
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: certManager
|
|||
|
label: certManager
|
|||
|
description: Connect ingress with certManager
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: certificateIssuer
|
|||
|
label: certificateIssuer
|
|||
|
description: defaults to chartname
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: homepage
|
|||
|
label: Homepage
|
|||
|
description: Connect ingress with Homepage
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: name
|
|||
|
label: Name (Optional)
|
|||
|
description: Defaults to chart name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: description
|
|||
|
label: Description (Optional)
|
|||
|
description: Defaults to chart description
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: icon
|
|||
|
label: Icon (Optional)
|
|||
|
description: Defaults to chart icon
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: group
|
|||
|
label: Group
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: "default"
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: widget
|
|||
|
label: Widget Settings
|
|||
|
schema:
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable Widget
|
|||
|
description: When disabled all widget annotations are skipped.
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: custom
|
|||
|
label: Options
|
|||
|
schema:
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: key
|
|||
|
label: API-key (key)
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: customkv
|
|||
|
label: Custom Options
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: option
|
|||
|
label: Option
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: key
|
|||
|
label: Key
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: value
|
|||
|
label: Value
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: advanced
|
|||
|
label: Show Advanced Settings
|
|||
|
description: Advanced settings are not covered by TrueCharts Support
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: ingressClassName
|
|||
|
label: (Advanced/Optional) IngressClass Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["advanced", "=", true]]
|
|||
|
default: ""
|
|||
|
- variable: tls
|
|||
|
label: TLS-Settings
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
show_if: [["advanced", "=", true]]
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: tlsEntry
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: hosts
|
|||
|
label: Certificate Hosts
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: host
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
|
|||
|
- variable: certificateIssuer
|
|||
|
label: Use Cert-Manager clusterIssuer
|
|||
|
description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: clusterCertificate
|
|||
|
label: 'Cluster Certificate (Advanced)'
|
|||
|
description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["certificateIssuer", "=", ""]]
|
|||
|
default: ""
|
|||
|
- variable: secretName
|
|||
|
label: 'Use Custom Certificate Secret (Advanced)'
|
|||
|
schema:
|
|||
|
show_if: [["certificateIssuer", "=", ""]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
|
|||
|
- variable: ingressList
|
|||
|
label: Add Manual Custom Ingresses
|
|||
|
group: Ingress
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: ingressListEntry
|
|||
|
label: Custom Ingress
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable Ingress
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
hidden: true
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: ingressClassName
|
|||
|
label: IngressClass Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: hosts
|
|||
|
label: Hosts
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: hostEntry
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: host
|
|||
|
label: HostName
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: paths
|
|||
|
label: Paths
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: pathEntry
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: path
|
|||
|
label: Path
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: "/"
|
|||
|
- variable: pathType
|
|||
|
label: Path Type
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: Prefix
|
|||
|
- variable: overrideService
|
|||
|
label: Linked Service
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Service Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: port
|
|||
|
label: Service Port
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
- variable: tls
|
|||
|
label: TLS-Settings
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
show_if: [["certificateIssuer", "=", ""]]
|
|||
|
items:
|
|||
|
- variable: tlsEntry
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: hosts
|
|||
|
label: Certificate Hosts
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: host
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: certificateIssuer
|
|||
|
label: Use Cert-Manager clusterIssuer
|
|||
|
description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: clusterCertificate
|
|||
|
label: 'Cluster Certificate (Advanced)'
|
|||
|
description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["certificateIssuer", "=", ""]]
|
|||
|
default: ""
|
|||
|
- variable: secretName
|
|||
|
label: Use Custom Secret (Advanced)
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["certificateIssuer", "=", ""]]
|
|||
|
default: ""
|
|||
|
- variable: integrations
|
|||
|
label: Integrations
|
|||
|
description: Connect ingress with other charts
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: traefik
|
|||
|
label: Traefik
|
|||
|
description: Connect ingress with Traefik
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: allowCors
|
|||
|
label: "Allow Cross Origin Requests"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: entrypoints
|
|||
|
label: Entrypoints
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: ["websecure"]
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
items:
|
|||
|
- variable: entrypoint
|
|||
|
label: Entrypoint
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: middlewares
|
|||
|
label: Middlewares
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
items:
|
|||
|
- variable: middleware
|
|||
|
label: Middleware
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: namespace
|
|||
|
label: namespace
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: certManager
|
|||
|
label: certManager
|
|||
|
description: Connect ingress with certManager
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: certificateIssuer
|
|||
|
label: certificateIssuer
|
|||
|
description: defaults to chartname
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: homepage
|
|||
|
label: Homepage
|
|||
|
description: Connect ingress with Homepage
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
description: defaults to chartname
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: description
|
|||
|
label: Description
|
|||
|
description: defaults to chart description
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: group
|
|||
|
label: Group
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: "default"
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
|
|||
|
- variable: securityContext
|
|||
|
group: SecurityContext
|
|||
|
label: Security Context
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: container
|
|||
|
label: Container
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
# Settings from questions.yaml get appended here on a per-app basis
|
|||
|
|
|||
|
- variable: runAsUser
|
|||
|
label: "runAsUser"
|
|||
|
description: "The UserID of the user running the application"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 568
|
|||
|
- variable: runAsGroup
|
|||
|
label: "runAsGroup"
|
|||
|
description: "The groupID of the user running the application"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 568
|
|||
|
# Settings from questions.yaml get appended here on a per-app basis
|
|||
|
- variable: PUID
|
|||
|
label: Process User ID - PUID
|
|||
|
description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
show_if: [["runAsUser", "=", 0]]
|
|||
|
default: 568
|
|||
|
- variable: UMASK
|
|||
|
label: UMASK
|
|||
|
description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "0022"
|
|||
|
|
|||
|
- variable: advanced
|
|||
|
label: Show Advanced Settings
|
|||
|
description: Advanced settings are not covered by TrueCharts Support
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: privileged
|
|||
|
label: "Privileged mode"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: readOnlyRootFilesystem
|
|||
|
label: "ReadOnly Root Filesystem"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
|
|||
|
- variable: pod
|
|||
|
label: Pod
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: fsGroupChangePolicy
|
|||
|
label: "When should we take ownership?"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: OnRootMismatch
|
|||
|
enum:
|
|||
|
- value: OnRootMismatch
|
|||
|
description: OnRootMismatch
|
|||
|
- value: Always
|
|||
|
description: Always
|
|||
|
- variable: supplementalGroups
|
|||
|
label: Supplemental Groups
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: supplementalGroupsEntry
|
|||
|
label: Supplemental Group
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
# Settings from questions.yaml get appended here on a per-app basis
|
|||
|
|
|||
|
- variable: fsGroup
|
|||
|
label: "fsGroup"
|
|||
|
description: "The group that should own ALL storage."
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 568
|
|||
|
- variable: resources
|
|||
|
group: Resources
|
|||
|
label: "Resource Limits"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: limits
|
|||
|
label: Advanced Limit Resource Consumption
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: cpu
|
|||
|
label: CPU
|
|||
|
description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: 4000m
|
|||
|
valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
|
|||
|
- variable: memory
|
|||
|
label: RAM
|
|||
|
description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: 8Gi
|
|||
|
valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
|
|||
|
- variable: 'gpu.intel.com/i915'
|
|||
|
label: Add Intel i915 GPUs
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 0
|
|||
|
- variable: 'nvidia.com/gpu'
|
|||
|
label: Add NVIDIA GPUs (Experimental)
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 0
|
|||
|
- variable: 'amd.com/gpu'
|
|||
|
label: Add AMD GPUs
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 0
|
|||
|
- variable: requests
|
|||
|
label: "Minimum Resources Required (request)"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
hidden: true
|
|||
|
attrs:
|
|||
|
- variable: cpu
|
|||
|
label: CPU
|
|||
|
description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: 10m
|
|||
|
hidden: true
|
|||
|
valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
|
|||
|
- variable: memory
|
|||
|
label: "RAM"
|
|||
|
description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: 50Mi
|
|||
|
hidden: true
|
|||
|
valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
|
|||
|
- variable: deviceList
|
|||
|
label: Mount USB Devices
|
|||
|
group: Devices
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: deviceListEntry
|
|||
|
label: Device
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable the Storage
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: type
|
|||
|
label: (Advanced) Type of Storage
|
|||
|
description: Sets the persistence type
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: device
|
|||
|
hidden: true
|
|||
|
- variable: readOnly
|
|||
|
label: readOnly
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: hostPath
|
|||
|
label: Host Device Path
|
|||
|
description: Path to the device on the host system
|
|||
|
schema:
|
|||
|
type: path
|
|||
|
- variable: mountPath
|
|||
|
label: Container Device Path
|
|||
|
description: Path inside the container the device is mounted
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "/dev/ttyACM0"
|
|||
|
|
|||
|
- variable: cnpg
|
|||
|
group: Postgresql
|
|||
|
label: "CloudNative-PG (CNPG)"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: main
|
|||
|
label: "Main Postgresql Database"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: hibernate
|
|||
|
label: Hibernate
|
|||
|
description: "enable to safely hibernate and shutdown the postgresql cluster"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: mode
|
|||
|
label: Mode
|
|||
|
description: 'Cluster mode of operation. Available modes: standalone - default mode. Creates new or updates an existing CNPG cluster. recovery - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup replica - Creates a replica cluster from an existing CNPG cluster. # TODO.'
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "standalone"
|
|||
|
enum:
|
|||
|
- value: standalone
|
|||
|
description: standalone
|
|||
|
- value: replica
|
|||
|
description: replica
|
|||
|
- value: recovery
|
|||
|
description: recovery
|
|||
|
- variable: pgVersion
|
|||
|
label: Postgres Version
|
|||
|
description: "Set the Postgresql version used"
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 16
|
|||
|
required: true
|
|||
|
- variable: password
|
|||
|
label: Password
|
|||
|
description: "Set the password for the database-user"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "PLACEHOLDERPASSWORD"
|
|||
|
required: true
|
|||
|
- variable: cluster
|
|||
|
label: "Cluster Settings"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: instances
|
|||
|
label: Instances
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 1
|
|||
|
- variable: singleNode
|
|||
|
label: singleNode
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
hidden: true
|
|||
|
- variable: storage
|
|||
|
label: "Storage"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: size
|
|||
|
label: Size
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "256Gi"
|
|||
|
- variable: walStorage
|
|||
|
label: "WAL Storage"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: size
|
|||
|
label: Size
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "256Gi"
|
|||
|
- variable: monitoring
|
|||
|
label: "Monitoring Settings"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enablePodMonitor
|
|||
|
label: "enablePodMonitor"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: disableDefaultQueries
|
|||
|
label: "disableDefaultQueries"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: pooler
|
|||
|
label: "Pooler Settings"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: instances
|
|||
|
label: Instances
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
default: 1
|
|||
|
- variable: createRO
|
|||
|
label: "Create ReadOnly Instance"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
default: false
|
|||
|
- variable: backups
|
|||
|
label: "Backup Settings (Experimental)"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: "enabled"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: revision
|
|||
|
label: "revision"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: retentionPolicy
|
|||
|
label: "retentionPolicy"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
default: "30d"
|
|||
|
- variable: credentials
|
|||
|
label: "Credentials"
|
|||
|
description: "Name of the credentials in the credentials section"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: recovery
|
|||
|
label: "Recovery Settings (Experimental)"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: "enabled"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: serverName
|
|||
|
label: "serverName"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: revision
|
|||
|
label: "revision"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: method
|
|||
|
label: "method"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
default: "object_store"
|
|||
|
- variable: backupName
|
|||
|
label: "backupName"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
default: ""
|
|||
|
- variable: credentials
|
|||
|
label: "Credentials"
|
|||
|
description: "Name of the credentials in the credentials section"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
|
|||
|
# - variable: horizontalPodAutoscaler
|
|||
|
# group: Experimental
|
|||
|
# label: (Advanced) Horizontal Pod Autoscaler
|
|||
|
# schema:
|
|||
|
# type: list
|
|||
|
# default: []
|
|||
|
# items:
|
|||
|
# - variable: hpaEntry
|
|||
|
# label: HPA Entry
|
|||
|
# schema:
|
|||
|
# additional_attrs: true
|
|||
|
# type: dict
|
|||
|
# attrs:
|
|||
|
# - variable: name
|
|||
|
# label: Name
|
|||
|
# schema:
|
|||
|
# type: string
|
|||
|
# required: true
|
|||
|
# default: ""
|
|||
|
# - variable: enabled
|
|||
|
# label: Enabled
|
|||
|
# schema:
|
|||
|
# type: boolean
|
|||
|
# default: false
|
|||
|
# show_subquestions_if: true
|
|||
|
# subquestions:
|
|||
|
# - variable: target
|
|||
|
# label: Target
|
|||
|
# description: Deployment name, Defaults to Main Deployment
|
|||
|
# schema:
|
|||
|
# type: string
|
|||
|
# default: ""
|
|||
|
# - variable: minReplicas
|
|||
|
# label: Minimum Replicas
|
|||
|
# schema:
|
|||
|
# type: int
|
|||
|
# default: 1
|
|||
|
# - variable: maxReplicas
|
|||
|
# label: Maximum Replicas
|
|||
|
# schema:
|
|||
|
# type: int
|
|||
|
# default: 5
|
|||
|
# - variable: targetCPUUtilizationPercentage
|
|||
|
# label: Target CPU Utilization Percentage
|
|||
|
# schema:
|
|||
|
# type: int
|
|||
|
# default: 80
|
|||
|
# - variable: targetMemoryUtilizationPercentage
|
|||
|
# label: Target Memory Utilization Percentage
|
|||
|
# schema:
|
|||
|
# type: int
|
|||
|
# default: 80
|
|||
|
- variable: networkPolicy
|
|||
|
group: Experimental
|
|||
|
label: (Advanced) Network Policy
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: netPolicyEntry
|
|||
|
label: Network Policy Entry
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: enabled
|
|||
|
label: Enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: policyType
|
|||
|
label: Policy Type
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
enum:
|
|||
|
- value: ""
|
|||
|
description: Default
|
|||
|
- value: ingress
|
|||
|
description: Ingress
|
|||
|
- value: egress
|
|||
|
description: Egress
|
|||
|
- value: ingress-egress
|
|||
|
description: Ingress and Egress
|
|||
|
- variable: egress
|
|||
|
label: Egress
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: egressEntry
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: to
|
|||
|
label: To
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: toEntry
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: ipBlock
|
|||
|
label: IP Block
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: cidr
|
|||
|
label: CIDR
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: except
|
|||
|
label: Except
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: exceptint
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: namespaceSelector
|
|||
|
label: Namespace Selector
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: matchExpressions
|
|||
|
label: Match Expressions
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: expressionEntry
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: key
|
|||
|
label: Key
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: operator
|
|||
|
label: Operator
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: TCP
|
|||
|
enum:
|
|||
|
- value: In
|
|||
|
description: In
|
|||
|
- value: NotIn
|
|||
|
description: NotIn
|
|||
|
- value: Exists
|
|||
|
description: Exists
|
|||
|
- value: DoesNotExist
|
|||
|
description: DoesNotExist
|
|||
|
- variable: values
|
|||
|
label: Values
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: value
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: podSelector
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: matchExpressions
|
|||
|
label: Match Expressions
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: expressionEntry
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: key
|
|||
|
label: Key
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: operator
|
|||
|
label: Operator
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: TCP
|
|||
|
enum:
|
|||
|
- value: In
|
|||
|
description: In
|
|||
|
- value: NotIn
|
|||
|
description: NotIn
|
|||
|
- value: Exists
|
|||
|
description: Exists
|
|||
|
- value: DoesNotExist
|
|||
|
description: DoesNotExist
|
|||
|
- variable: values
|
|||
|
label: Values
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: value
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: ports
|
|||
|
label: Ports
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: portsEntry
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: port
|
|||
|
label: Port
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
- variable: endPort
|
|||
|
label: End Port
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
- variable: protocol
|
|||
|
label: Protocol
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: TCP
|
|||
|
enum:
|
|||
|
- value: TCP
|
|||
|
description: TCP
|
|||
|
- value: UDP
|
|||
|
description: UDP
|
|||
|
- value: SCTP
|
|||
|
description: SCTP
|
|||
|
- variable: ingress
|
|||
|
label: Ingress
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: ingressEntry
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: from
|
|||
|
label: From
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: fromEntry
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: ipBlock
|
|||
|
label: IP Block
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: cidr
|
|||
|
label: CIDR
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: except
|
|||
|
label: Except
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: exceptint
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: namespaceSelector
|
|||
|
label: Namespace Selector
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: matchExpressions
|
|||
|
label: Match Expressions
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: expressionEntry
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: key
|
|||
|
label: Key
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: operator
|
|||
|
label: Operator
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: TCP
|
|||
|
enum:
|
|||
|
- value: In
|
|||
|
description: In
|
|||
|
- value: NotIn
|
|||
|
description: NotIn
|
|||
|
- value: Exists
|
|||
|
description: Exists
|
|||
|
- value: DoesNotExist
|
|||
|
description: DoesNotExist
|
|||
|
- variable: values
|
|||
|
label: Values
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: value
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: podSelector
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: matchExpressions
|
|||
|
label: Match Expressions
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: expressionEntry
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: key
|
|||
|
label: Key
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: operator
|
|||
|
label: Operator
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: TCP
|
|||
|
enum:
|
|||
|
- value: In
|
|||
|
description: In
|
|||
|
- value: NotIn
|
|||
|
description: NotIn
|
|||
|
- value: Exists
|
|||
|
description: Exists
|
|||
|
- value: DoesNotExist
|
|||
|
description: DoesNotExist
|
|||
|
- variable: values
|
|||
|
label: Values
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: value
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: ports
|
|||
|
label: Ports
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: portsEntry
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: port
|
|||
|
label: Port
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
- variable: endPort
|
|||
|
label: End Port
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
- variable: protocol
|
|||
|
label: Protocol
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: TCP
|
|||
|
enum:
|
|||
|
- value: TCP
|
|||
|
description: TCP
|
|||
|
- value: UDP
|
|||
|
description: UDP
|
|||
|
- value: SCTP
|
|||
|
description: SCTP
|
|||
|
|
|||
|
- variable: identity_providers
|
|||
|
group: "Experimental"
|
|||
|
label: "Authelia Identity Providers (BETA)"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: oidc
|
|||
|
label: "OpenID Connect(BETA)"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: "Enabled"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: access_token_lifespan
|
|||
|
label: "Access Token Lifespan"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "1h"
|
|||
|
required: true
|
|||
|
- variable: authorize_code_lifespan
|
|||
|
label: "Authorize Code Lifespan"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "1m"
|
|||
|
required: true
|
|||
|
- variable: id_token_lifespan
|
|||
|
label: "ID Token Lifespan"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "1h"
|
|||
|
required: true
|
|||
|
- variable: refresh_token_lifespan
|
|||
|
label: "Refresh Token Lifespan"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "90m"
|
|||
|
required: true
|
|||
|
- variable: enable_client_debug_messages
|
|||
|
label: "Enable Client Debug Messages"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: clients
|
|||
|
label: "Clients"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: clientEntry
|
|||
|
label: "Client"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: id
|
|||
|
label: "ID/Name"
|
|||
|
description: "The ID is the OpenID Connect ClientID which is used to link an application to a configuration."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "myapp"
|
|||
|
required: true
|
|||
|
- variable: description
|
|||
|
label: "Description"
|
|||
|
description: "The description to show to users when they end up on the consent screen. Defaults to the ID above."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "My Application"
|
|||
|
required: true
|
|||
|
- variable: secret
|
|||
|
label: "Secret"
|
|||
|
description: "The client secret is a shared secret between Authelia and the consumer of this client."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: public
|
|||
|
label: "public"
|
|||
|
description: "Sets the client to public. This should typically not be set, please see the documentation for usage."
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: authorization_policy
|
|||
|
label: "Authorization Policy"
|
|||
|
description: "The policy to require for this client; one_factor or two_factor."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "two_factor"
|
|||
|
enum:
|
|||
|
- value: "one_factor"
|
|||
|
description: "one_factor"
|
|||
|
- value: "two_factor"
|
|||
|
description: "two_factor"
|
|||
|
- variable: consent_mode
|
|||
|
label: "Consent Mode"
|
|||
|
description: |
|
|||
|
Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or
|
|||
|
implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.)
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "auto"
|
|||
|
enum:
|
|||
|
- value: "auto"
|
|||
|
description: "auto"
|
|||
|
- value: "explicit"
|
|||
|
description: "explicit"
|
|||
|
- value: "implicit"
|
|||
|
description: "implicit"
|
|||
|
- variable: userinfo_signing_algorithm
|
|||
|
label: "Userinfo Signing Algorithm"
|
|||
|
description: "The algorithm used to sign userinfo endpoint responses for this client, either none or RS256."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "none"
|
|||
|
enum:
|
|||
|
- value: "none"
|
|||
|
description: "none"
|
|||
|
- value: "RS256"
|
|||
|
description: "RS256"
|
|||
|
- variable: audience
|
|||
|
label: "Audience"
|
|||
|
description: "Audience this client is allowed to request."
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: audienceEntry
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: scopes
|
|||
|
label: "Scopes"
|
|||
|
description: "Scopes this client is allowed to request."
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: ScopeEntry
|
|||
|
label: "Scope"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "openid"
|
|||
|
required: true
|
|||
|
- variable: redirect_uris
|
|||
|
label: "redirect_uris"
|
|||
|
description: "Redirect URI's specifies a list of valid case-sensitive callbacks for this client."
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: uriEntry
|
|||
|
label: "Url"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "https://oidc.example.com/oauth2/callback"
|
|||
|
required: true
|
|||
|
- variable: grant_types
|
|||
|
description: "Grant Types configures which grants this client can obtain."
|
|||
|
label: "grant_types"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: grantEntry
|
|||
|
label: "Grant"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "refresh_token"
|
|||
|
required: true
|
|||
|
- variable: response_types
|
|||
|
description: "Response Types configures which responses this client can be sent."
|
|||
|
label: "response_types"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: responseEntry
|
|||
|
label: "type"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "code"
|
|||
|
required: true
|
|||
|
- variable: response_modes
|
|||
|
description: "Response Modes configures which response modes this client supports."
|
|||
|
label: "response_modes"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: modeEntry
|
|||
|
label: "Mode"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: "form_post"
|
|||
|
required: true
|
|||
|
- variable: token_endpoint_auth_method
|
|||
|
description: "The supported client authentication methods this client supports."
|
|||
|
label: "token_endpoint_auth_method"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
enum:
|
|||
|
- value: "client_secret_basic"
|
|||
|
description: "client_secret_basic"
|
|||
|
- value: "client_secret_post"
|
|||
|
description: "client_secret_post"
|
|||
|
- value: "client_secret_jwt"
|
|||
|
description: "client_secret_jwt"
|
|||
|
- value: "private_key_jwt"
|
|||
|
description: "private_key_jwt"
|
|||
|
- value: "none"
|
|||
|
description: "none"
|
|||
|
- variable: require_pkce
|
|||
|
label: "Require PKCE"
|
|||
|
description: "This configuration option enforces the use of PKCE for this registered client."
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: pkce_challange_method
|
|||
|
label: "PKCE Challange Method"
|
|||
|
description: "This setting enforces the use of the specified PKCE challenge method for this individual client."
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: S256
|
|||
|
enum:
|
|||
|
- value: "plain"
|
|||
|
description: "plain"
|
|||
|
- value: "S256"
|
|||
|
description: "S256"
|
|||
|
- variable: addons
|
|||
|
group: Addons
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
|
|||
|
- variable: codeserver
|
|||
|
label: Codeserver
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: service
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: type
|
|||
|
label: Service Type
|
|||
|
description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: LoadBalancer
|
|||
|
enum:
|
|||
|
- value: NodePort
|
|||
|
description: Deprecated CHANGE THIS
|
|||
|
- value: ClusterIP
|
|||
|
description: ClusterIP
|
|||
|
- value: LoadBalancer
|
|||
|
description: LoadBalancer
|
|||
|
- variable: loadBalancerIP
|
|||
|
label: LoadBalancer IP
|
|||
|
description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "LoadBalancer"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: ports
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: codeserver
|
|||
|
label: ""
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: port
|
|||
|
label: Port
|
|||
|
schema:
|
|||
|
type: int
|
|||
|
default: 36107
|
|||
|
- variable: ingress
|
|||
|
label: "Ingress"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enable Ingress
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: hosts
|
|||
|
label: Hosts
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: hostEntry
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: host
|
|||
|
label: HostName
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: paths
|
|||
|
label: Paths
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: [{path: "/", pathType: "Prefix"}]
|
|||
|
items:
|
|||
|
- variable: pathEntry
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: path
|
|||
|
label: Path
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: "/"
|
|||
|
- variable: pathType
|
|||
|
label: Path Type
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: Prefix
|
|||
|
- variable: integrations
|
|||
|
label: Integrations
|
|||
|
description: Connect ingress with other charts
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: traefik
|
|||
|
label: Traefik
|
|||
|
description: Connect ingress with Traefik
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: allowCors
|
|||
|
label: 'Allow Cross Origin Requests (advanced)'
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: entrypoints
|
|||
|
label: Entrypoints
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: ["websecure"]
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
items:
|
|||
|
- variable: entrypoint
|
|||
|
label: Entrypoint
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
- variable: middlewares
|
|||
|
label: Middlewares
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
items:
|
|||
|
- variable: middleware
|
|||
|
label: Middleware
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: namespace
|
|||
|
label: 'namespace (optional)'
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: certManager
|
|||
|
label: certManager
|
|||
|
description: Connect ingress with certManager
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: certificateIssuer
|
|||
|
label: certificateIssuer
|
|||
|
description: defaults to chartname
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
show_if: [["enabled", "=", true]]
|
|||
|
- variable: advanced
|
|||
|
label: Show Advanced Settings
|
|||
|
description: Advanced settings are not covered by TrueCharts Support
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: ingressClassName
|
|||
|
label: (Advanced/Optional) IngressClass Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["advanced", "=", true]]
|
|||
|
default: ""
|
|||
|
- variable: tls
|
|||
|
label: TLS-Settings
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
show_if: [["advanced", "=", true]]
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: tlsEntry
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: hosts
|
|||
|
label: Certificate Hosts
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: host
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
|
|||
|
- variable: certificateIssuer
|
|||
|
label: Use Cert-Manager clusterIssuer
|
|||
|
description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: clusterCertificate
|
|||
|
label: 'Cluster Certificate (Advanced)'
|
|||
|
description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["certificateIssuer", "=", ""]]
|
|||
|
default: ""
|
|||
|
- variable: secretName
|
|||
|
label: 'Use Custom Certificate Secret (Advanced)'
|
|||
|
schema:
|
|||
|
show_if: [["certificateIssuer", "=", ""]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: scaleCert
|
|||
|
label: 'Use TrueNAS SCALE Certificate (Deprecated)'
|
|||
|
schema:
|
|||
|
show_if: [["certificateIssuer", "=", ""]]
|
|||
|
type: int
|
|||
|
$ref:
|
|||
|
- "definitions/certificate"
|
|||
|
- variable: envList
|
|||
|
label: Codeserver Environment Variables
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
show_if: [["type", "!=", "disabled"]]
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: envItem
|
|||
|
label: Environment Variable
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
- variable: value
|
|||
|
label: Value
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
|
|||
|
- variable: vpn
|
|||
|
label: VPN
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: type
|
|||
|
label: Type
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: disabled
|
|||
|
enum:
|
|||
|
- value: disabled
|
|||
|
description: disabled
|
|||
|
- value: gluetun
|
|||
|
description: Gluetun
|
|||
|
- value: tailscale
|
|||
|
description: Tailscale
|
|||
|
- value: openvpn
|
|||
|
description: OpenVPN (Deprecated)
|
|||
|
- value: wireguard
|
|||
|
description: Wireguard (Deprecated)
|
|||
|
- variable: openvpn
|
|||
|
label: OpenVPN Settings
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
show_if: [["type", "=", "openvpn"]]
|
|||
|
attrs:
|
|||
|
- variable: username
|
|||
|
label: Authentication Username (Optional)
|
|||
|
description: Authentication Username, Optional
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: password
|
|||
|
label: Authentication Password
|
|||
|
description: Authentication Credentials
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["username", "!=", ""]]
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: tailscale
|
|||
|
label: Tailscale Settings
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
show_if: [["type", "=", "tailscale"]]
|
|||
|
attrs:
|
|||
|
- variable: authkey
|
|||
|
label: Authentication Key
|
|||
|
description: Provide an auth key to automatically authenticate the node as your user account.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
private: true
|
|||
|
default: ""
|
|||
|
- variable: auth_once
|
|||
|
label: Auth Once
|
|||
|
description: Only attempt to log in if not already logged in.
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: accept_dns
|
|||
|
label: Accept DNS
|
|||
|
description: Accept DNS configuration from the admin console.
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: userspace
|
|||
|
label: Userspace
|
|||
|
description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
- variable: routes
|
|||
|
label: Routes
|
|||
|
description: Expose physical subnet routes to your entire Tailscale network.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: dest_ip
|
|||
|
label: Destination IP
|
|||
|
description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: sock5_server
|
|||
|
label: Sock5 Server
|
|||
|
description: The address on which to listen for SOCKS5 proxying into the tailscale net.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: outbound_http_proxy_listen
|
|||
|
label: Outbound HTTP Proxy Listen
|
|||
|
description: The address on which to listen for HTTP proxying into the tailscale net.
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: extra_args
|
|||
|
label: Extra Args
|
|||
|
description: Extra Args
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: daemon_extra_args
|
|||
|
label: Tailscale Daemon Extra Args
|
|||
|
description: Tailscale Daemon Extra Args
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: killSwitch
|
|||
|
label: Enable Killswitch
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
show_if: [["type", "!=", "disabled"]]
|
|||
|
default: true
|
|||
|
- variable: excludedNetworks_IPv4
|
|||
|
label: Killswitch Excluded IPv4 networks
|
|||
|
description: List of Killswitch Excluded IPv4 Addresses
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
show_if: [["type", "!=", "disabled"]]
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: networkv4
|
|||
|
label: IPv4 Network
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
- variable: excludedNetworks_IPv6
|
|||
|
label: Killswitch Excluded IPv6 networks
|
|||
|
description: "List of Killswitch Excluded IPv6 Addresses"
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
show_if: [["type", "!=", "disabled"]]
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: networkv6
|
|||
|
label: IPv6 Network
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
- variable: configFile
|
|||
|
label: VPN Config File Location
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["type", "!=", "disabled"]]
|
|||
|
default: ""
|
|||
|
|
|||
|
- variable: envList
|
|||
|
label: VPN Environment Variables
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
show_if: [["type", "!=", "disabled"]]
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: envItem
|
|||
|
label: Environment Variable
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
- variable: value
|
|||
|
label: Value
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
max_length: 10240
|
|||
|
|
|||
|
- variable: netshoot
|
|||
|
label: Netshoot
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
show_subquestions_if: true
|
|||
|
subquestions:
|
|||
|
- variable: envList
|
|||
|
label: Netshoot Environment Variables
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
show_if: [["type", "!=", "disabled"]]
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: envItem
|
|||
|
label: Environment Variable
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
- variable: value
|
|||
|
label: Value
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
|
|||
|
- variable: docs
|
|||
|
group: Documentation
|
|||
|
label: Please read the documentation at https://truecharts.org
|
|||
|
description: Please read the documentation at
|
|||
|
<br /><a href="https://truecharts.org">https://truecharts.org</a>
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: confirmDocs
|
|||
|
label: I have checked the documentation
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: donateNag
|
|||
|
group: Documentation
|
|||
|
label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
|
|||
|
description: Please consider supporting TrueCharts, see
|
|||
|
<br /><a href="https://truecharts.org/sponsor">https://truecharts.org/sponsor</a>
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: confirmDonate
|
|||
|
label: I have considered donating
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
hidden: true
|
|||
|
|