scale-catalog/premium/authelia/24.1.3/questions.yaml

4445 lines
194 KiB
YAML
Raw Permalink Normal View History

2024-07-13 07:59:30 +00:00
groups:
- name: Image
description: |
Configured the images to be used for the Chart.
It's wise to use "digest pinned" tags and to avoid using "latest".
Checkout the following documentation for more information:
- https://truecharts.org/common/#images
- name: General
description: |
For TrueNAS SCALE We've grouped a number of settings here, that all effact how apps run in general.
Checkout the following documentation for more information:
- https://truecharts.org/common/global/
- https://truecharts.org/common/#tz
- https://truecharts.org/common/podoptions/
- Image Pull Secrets
- name: Workload
description: |
These settings configure how the actual Pods and containers are running.
Generally, on SCALE, we only expose a limited subset of these settings for the primary workload and container.
Checkout the following documentation for more information:
- https://truecharts.org/common/workload/
- https://truecharts.org/common/container/
- name: App Configuration
description: |
Every application has different values that may be required to run or have multiple options that the user may choose to enable or disable to change the behavior of the application.
Most options should have a Tooltip (Circled Question Mark) to further describe said option.
To find more information, lookup your chart-specific documentation in the Charts List: https://truecharts.org/charts/description-list/
- name: Services
description: |
Service and Networking options for any applications are contained here.
Some applications may have complicated networking setups with multiple options or some may have no options here at all.
Options here include the service and port configurations for the application, and more may be enabled or changed under the Advanced Settings and Show Expert Config boxes.
Checkout the following documentation for more information:
- https://truecharts.org/common/service/
- name: Networking
description: |
Contains advanced networking options that are not actively supported by the TrueCharts team.
Currently only contains scaleExternalInterfaces.
Checkout the following documentation for more information:
- https://truecharts.org/common/scaleexternalinterface/
- name: Persistence
description: |
Many applications will have certain options for storage to be configurable by the user, the main two being PVC and hostpath but may include other types.
This storage is called Persistence since it is not deleted upon restart or upgrade of an application.
Checkout the following documentation for more information:
- https://truecharts.org/common/persistence/
- https://truecharts.org/scale/guides/nfs-share/
- https://truecharts.org/general/faq/#why-pvc-is-recommended-over-hostpath
- name: Ingress
description: |
Ingress (more commonly known as Reverse Proxy) settings can be configured here. This is how Kubernetes connects your Applications in containers to FQDNs (fully qualified domain names).
If you choose to enable this you must have a "Ingress Provider" aka "Reverse Proxy" installed (We highly advice Traefik: https://truecharts.org/charts/premium/traefik/)
It also requiresa DNS service to actually resolve the DNS name of the FQDN specified.
Checkout the following documentation for more information:
- https://truecharts.org/common/ingress/
- name: SecurityContext
description: |
The security settings for each application and/or permissions that each application may have for the files/directories created.
Each application will come with predefined permissions but users may want to change certain setting depending on their usage or capabilities.
Unless necessary users are advised to keep this section mostly to defaults.
Checkout the following documentation for more information:
- https://truecharts.org/common/securitycontext/
- name: Resources
description: |
Resources limits that have been defined by each application are in this section.
Most will have a specific default that some users may want to change based on their specific hardware or needs.
This also contains the options to mount GPUs or, more precisely, "request" GPU's to be mounted.
Checkout the following documentation for more information:
- https://truecharts.org/common/resources/
- name: Devices
description: |
These are special "mountpoints" that can be used to mount miscelanious USB and PCI devices using special hostPath mounts.
For clearity we've decided to seperate this from persistence on SCALE.
Checkout the following documentation for more information:
- https://truecharts.org/common/persistence/device/
- https://truecharts.org/scale/guides/pci-passthrough/
- name: Middlewares
description: Traefik Middlewares
- name: StorageClass
description: |
StorageClasses define where to storage Storage.
Checkout the following documentation for more information:
- name: Metrics
description: |
Contains options to configure Prometheus metrics for the application.
Checkout the following documentation for more information:
- https://truecharts.org/common/metrics/
- name: Addons
description: |
Addons that are supplied by the TrueCharts team to add additional capabilities for users to use on top of the applications defaults.
Things included here are VPN addons, Codeserver for editing files inside the applications container, Netshoot for network troubelshooting, etc.
Generally not required for use but may be necessary or usefull at times for specific applications.
Checkout the following documentation for more information:
- https://truecharts.org/common/addons/
- https://truecharts.org/scale/guides/vpn-setup/
- name: Experimental
description: |
Experimental Configuration Options
Often these are not fully flushed-out, could randomly break or might not work at-all.
- name: Postgresql
description: |
For Postgresql we use "CloudNative-PG" as a backend, which has to be installed first.
Checkout the following documentation for more information:
- https://truecharts.org/common/cnpg/
- https://truecharts.org/scale/guides/sql-export/
- https://truecharts.org/scale/guides/recover-cnpg/
- name: Dependencies
description: |
contains dependency setting for which we, currently, do not have seperate catagories (yet)
- name: Documentation
description: |
We added this section to make everyone aware that OpenSource isn't always easy.
It doesn't keep existing without signficant ongoing support, so please consider supporting TrueCharts and other OpenSource projects.
Before installing, be sure you've followed the https://truecharts.org/scale/guides/getting-started/
We would also advice going over our https://truecharts.org/scale/guides/scale-intro/
and many of the other documentation pages...
portals:
open:
protocols:
- "$kubernetes-resource_configmap_tcportal-open_protocol"
host:
- "$kubernetes-resource_configmap_tcportal-open_host"
ports:
- "$kubernetes-resource_configmap_tcportal-open_port"
questions:
- variable: global
group: General
label: "Global Settings"
schema:
additional_attrs: true
type: dict
attrs:
- variable: stopAll
label: Stop All
description: "Stops All Running pods and hibernates cnpg"
schema:
type: boolean
default: false
- variable: credentialsList
group: General
label: "Credentials (Experimental)"
schema:
type: list
default: []
items:
- variable: credentialsEntry
label: "Enter Credentials"
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
description: "Name"
schema:
type: string
required: true
default: ""
- variable: type
label: Type
description: "Type of Credential"
schema:
type: string
default: "s3"
enum:
- value: s3
description: s3 Storage
- variable: url
label: "url"
schema:
type: string
default: ""
required: true
- variable: path
label: "path"
description: "Path Prefix not needed for most cases"
schema:
type: string
default: ""
- variable: bucket
label: "bucket"
schema:
show_if: [["type", "=", "s3"]]
type: string
default: ""
required: true
- variable: accessKey
label: "accessKey"
schema:
show_if: [["type", "=", "s3"]]
type: string
default: ""
required: true
- variable: secretKey
label: "secretKey"
schema:
show_if: [["type", "=", "s3"]]
type: string
default: ""
required: true
- variable: encrKey
label: "encrKey"
description: "The Encryption key is needed for tools like volsync if not needed it will be ignored"
schema:
show_if: [["type", "=", "s3"]]
type: string
default: "MYSECRETPASSPHRASE"
required: true
- variable: workload
group: "Workload"
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: Type (Advanced)
schema:
type: string
default: Deployment
enum:
- value: Deployment
description: Deployment
- value: DaemonSet
description: DaemonSet
- variable: replicas
label: Replicas (Advanced)
description: Set the number of Replicas
schema:
type: int
show_if: [["type", "!=", "DaemonSet"]]
default: 2
- variable: podSpec
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: containers
label: Containers
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: Main Container
schema:
additional_attrs: true
type: dict
attrs:
- variable: envList
label: Extra Environment Variables
description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
schema:
type: list
default: []
items:
- variable: envItem
label: Environment Variable
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
- variable: value
label: Value
schema:
type: string
- variable: extraArgs
label: Extra Args
schema:
type: list
default: []
items:
- variable: arg
label: Arg
schema:
type: string
- variable: advanced
label: Show Advanced Settings
description: Advanced settings are not covered by TrueCharts Support
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: command
label: Command
schema:
type: list
default: []
items:
- variable: param
label: Param
schema:
type: string
- variable: TZ
label: Timezone
group: "General"
schema:
type: string
default: "Etc/UTC"
$ref:
- "definitions/timezone"
- variable: podOptions
group: "General"
label: "Global Pod Options (Advanced)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: expertPodOpts
label: "Expert - Pod Options"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostNetwork
label: "Host Networking"
schema:
type: boolean
default: false
- variable: dnsConfig
label: "DNS Configuration"
schema:
type: dict
additional_attrs: true
attrs:
- variable: options
label: "Options"
schema:
type: list
default: [{"name": "ndots", "value": "1"}]
items:
- variable: optionsEntry
label: "Option Entry"
schema:
type: dict
additional_attrs: true
attrs:
- variable: name
label: "Name"
schema:
type: string
required: true
- variable: value
label: "Value"
schema:
type: string
- variable: nameservers
label: "Nameservers"
schema:
type: list
default: []
items:
- variable: nsEntry
label: "Nameserver Entry"
schema:
type: string
required: true
- variable: searches
label: "Searches"
schema:
type: list
default: []
items:
- variable: searchEntry
label: "Search Entry"
schema:
type: string
required: true
- variable: imagePullSecretList
group: "General"
label: "Image Pull Secrets"
schema:
type: list
default: []
items:
- variable: pullsecretentry
label: "Pull Secret"
schema:
type: dict
additional_attrs: true
attrs:
- variable: enabled
label: Enabled
schema:
type: boolean
default: true
- variable: data
label: Data
schema:
type: dict
additional_attrs: true
attrs:
- variable: registry
label: "Registry"
schema:
type: string
required: true
default: "https://index.docker.io/v1/"
- variable: username
label: "Username"
schema:
type: string
required: true
default: ""
- variable: password
label: "Password"
schema:
type: string
required: true
private: true
default: ""
- variable: email
label: "Email"
schema:
type: string
required: true
default: ""
- variable: domain
group: "App Configuration"
label: "Domain"
description: "The highest domain level possible, for example: domain.com when using app.domain.com"
schema:
type: string
default: ""
required: true
- variable: default_redirection_url
group: "App Configuration"
label: "Default Redirection URL"
description: "If user tries to authenticate without any referrer, this is used"
schema:
type: string
default: ""
valid_chars: '^https?:\/\/(.*)'
- variable: theme
group: "App Configuration"
label: "Theme"
schema:
type: string
default: "auto"
enum:
- value: "auto"
description: "auto"
- value: "light"
description: "light"
- value: "grey"
description: "grey"
- value: "dark"
description: "dark"
- variable: log
group: "App Configuration"
label: "Log Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: level
label: "Log Level"
schema:
type: string
default: "info"
enum:
- value: "info"
description: "info"
- value: "debug"
description: "debug"
- value: "trace"
description: "trace"
- variable: format
label: "Log Format"
schema:
type: string
default: "text"
enum:
- value: "json"
description: "json"
- value: "text"
description: "text"
- variable: server
group: "App Configuration"
label: "Server Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: write_buffer_size
label: "Write Buffer Size"
description: "Configures the maximum response size. The default of 4096 is generally sufficient for most use cases."
schema:
type: int
default: 4096
- variable: read_buffer_size
label: "Read Buffer Size"
description: "Configures the maximum request size. The default of 4096 is generally sufficient for most use cases."
schema:
type: int
default: 4096
- variable: totp
group: "App Configuration"
label: "TOTP Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: issuer
label: "Issuer"
description: "The issuer name displayed in the Authenticator application of your choice"
schema:
type: string
default: ""
- variable: period
label: "Period"
description: "The period in seconds a one-time password is current for"
schema:
type: int
default: 30
- variable: skew
label: "skew"
description: "Controls number of one-time passwords either side of the current one that are valid."
schema:
type: int
default: 1
- variable: password_policy
group: "App Configuration"
label: "Password Policy Configuration"
description: "Authelia allows administrators to configure an enforced password policy. Choose one of Standard or zxcvbn and not both, refer to upstream docs for more info "
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enable"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: standard
label: Standard
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enabled
schema:
type: boolean
default: false
- variable: min_length
label: "Minimum Password Length"
description: "Minimum Password Length"
schema:
type: int
required: true
show_if: [["enabled", "=", true]]
default: 8
- variable: max_length
label: "Max Passsword Length"
description: "Max Password Length"
schema:
type: int
required: true
show_if: [["enabled", "=", true]]
default: 0
- variable: require_uppercase
label: "Require Upppercase"
schema:
type: boolean
default: false
show_if: [["enabled", "=", true]]
required: true
- variable: require_lowercase
label: "Require Lowercase"
schema:
type: boolean
default: false
show_if: [["enabled", "=", true]]
required: true
- variable: require_number
label: "Require Numbers"
description: "Require Numbers in the password"
schema:
type: boolean
default: false
show_if: [["enabled", "=", true]]
required: true
- variable: require_special
label: "Require Special Characters"
schema:
type: boolean
default: false
show_if: [["enabled", "=", true]]
- variable: zxcvbn
label: zxcvbn
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enabled
schema:
type: boolean
default: false
required: true
- variable: min_score
label: "Min Score"
schema:
type: int
required: true
show_if: [["enabled", "=", true]]
default: 3
- variable: duo_api
group: "App Configuration"
label: "DUO API Configuration"
description: "Parameters used to contact the Duo API."
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enable"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostname
label: "Hostname"
schema:
type: string
required: true
default: ""
- variable: integration_key
label: "integration_key"
schema:
type: string
default: ""
required: true
- variable: plain_api_key
label: "plain_api_key"
schema:
type: string
default: ""
required: true
- variable: session
group: "App Configuration"
label: "Session Provider"
description: "The session cookies identify the user once logged in."
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: "Cookie Name"
description: |
The name of the session cookie. By default this is set to authelia_session.
Its mostly useful to change this if you are doing development or running multiple instances of Authelia.
schema:
type: string
required: true
default: "authelia_session"
- variable: same_site
label: "SameSite Value"
description: |
You can read about the SameSite cookie in detail on the MDN. In short setting SameSite to Lax is generally
the most desirable option for Authelia. None is not recommended unless you absolutely know what youre doing
and trust all the protected apps. Strict is not going to work in many use cases and we have not tested it in
this state but its available as an option anyway.
schema:
type: string
default: "lax"
enum:
- value: "lax"
description: "lax"
- value: "strict"
description: "strict"
- variable: expiration
label: "Expiration Time"
description: |
The period of time before the cookie expires and the session is destroyed. This is overriden by
remember_me_duration when the remember me box is checked.
schema:
type: string
default: "1h"
required: true
- variable: inactivity
label: "Inactivity Time"
description: |
The period of time the user can be inactive for until the session is destroyed when the remember me box is
not checked or is otherwise disabled. Useful if you want long session timers but dont want unused devices to be vulnerable.
schema:
type: string
default: "5m"
required: true
- variable: remember_me_duration
label: "Remember-Me duration"
description: |
The period of time before the cookie expires and the session is destroyed when the remember me box is checked, a user
selecting this option negates the inactivity timeout. Setting this to -1 disables this feature entirely.
schema:
type: string
default: "5M"
required: true
- variable: regulation
group: "App Configuration"
label: "Regulation Configuration"
description: "This mechanism prevents attackers from brute forcing the first factor."
schema:
additional_attrs: true
type: dict
attrs:
- variable: max_retries
label: "Maximum Retries"
description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation."
schema:
type: int
default: 3
- variable: find_time
label: "Find Time"
description: |
The period of time analyzed for failed attempts. For example if you set max_retries to 3 and find_time to
2m this means the user must have 3 failed logins in 2 minutes.
schema:
type: string
default: "2m"
required: true
- variable: ban_time
label: "Ban Duration"
description: |
The period of time the user is banned for after meeting the max_retries and find_time configuration.
After this duration the account will be able to login again.
schema:
type: string
default: "5m"
required: true
- variable: authentication_backend
group: "App Configuration"
label: "Authentication Backend Provider"
description: |
Used for verifying user passwords and retrieve information such as email
address and groups users belong to.
schema:
additional_attrs: true
type: dict
attrs:
- variable: disable_reset_password
label: "Disable Reset Password"
description: "Disable both the HTML element and the API for reset password functionality"
schema:
type: boolean
default: false
- variable: refresh_interval
label: "Reset Interval"
description: "The amount of time to wait before we refresh data from the authentication backend"
schema:
type: string
default: "5m"
required: true
- variable: ldap
label: "LDAP backend configuration"
description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enable"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: implementation
label: "Implementation"
description: "The LDAP implementation, this affects elements like the attribute utilized for resetting a password"
schema:
type: string
default: "custom"
enum:
- value: "activedirectory"
description: "Active Directory"
- value: "custom"
description: "Custom"
- variable: url
label: "URL"
description: "The url to the ldap server. Format: <scheme>://<address>[:<port>]"
schema:
type: string
default: "ldap://openldap.default.svc.cluster.local"
required: true
- variable: timeout
label: "Connection Timeout"
schema:
type: string
default: "5s"
required: true
- variable: start_tls
label: "Start TLS"
description: "Use StartTLS with the LDAP connection"
schema:
type: boolean
default: false
- variable: tls
label: "TLS Settings"
schema:
additional_attrs: true
type: dict
attrs:
- variable: server_name
label: "Server Name"
description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
schema:
type: string
default: ""
- variable: skip_verify
label: "Skip Certificate Verification"
description: "Skip verifying the server certificate (to allow a self-signed certificate)"
schema:
type: boolean
default: false
- variable: minimum_version
label: "Minimum TLS version"
description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
schema:
type: string
default: "TLS1.2"
enum:
- value: "TLS1.0"
description: "TLS1.0"
- value: "TLS1.1"
description: "TLS1.1"
- value: "TLS1.2"
description: "TLS1.2"
- value: "TLS1.3"
description: "TLS1.3"
- variable: base_dn
label: "Base DN"
description: "The base dn for every LDAP query."
schema:
type: string
default: "DC=example,DC=com"
required: true
- variable: username_attribute
label: "Username Attribute"
description: "The attribute holding the username of the user"
schema:
type: string
default: "uid"
required: true
- variable: additional_users_dn
label: "Additional Users DN"
description: "An additional dn to define the scope to all users."
schema:
type: string
default: "OU=people"
required: true
- variable: users_filter
label: "Users Filter"
description: "The groups filter used in search queries to find the groups of the user."
schema:
type: string
default: ""
required: true
- variable: additional_groups_dn
label: "Additional Groups DN"
description: "An additional dn to define the scope of groups."
schema:
type: string
default: "OU=Groups"
required: true
- variable: groups_filter
label: "Groups Filter"
description: "The groups filter used in search queries to find the groups of the user."
schema:
type: string
default: ""
required: true
- variable: group_name_attribute
label: "Group name Attribute"
description: "The attribute holding the name of the group"
schema:
type: string
default: "cn"
required: true
- variable: mail_attribute
label: "Mail Attribute"
description: "The attribute holding the primary mail address of the user"
schema:
type: string
default: "mail"
required: true
- variable: display_name_attribute
label: "Display Name Attribute"
description: "he attribute holding the display name of the user. This will be used to greet an authenticated user."
schema:
type: string
default: "displayName"
- variable: user
label: "Admin User"
description: "The username of the admin user used to connect to LDAP."
schema:
type: string
default: "CN=admin,ou=people,DC=example,DC=com"
required: true
- variable: plain_password
label: "Password"
schema:
type: string
default: ""
required: true
- variable: file
label: "File backend configuration"
description: "With this backend, the users database is stored in a file which is updated when users reset their passwords."
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enable"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: path
label: "Path"
schema:
type: string
default: "/config/users_database.yml"
required: true
- variable: password
label: "Password Settings"
schema:
additional_attrs: true
type: dict
attrs:
- variable: algorithm
label: "Algorithm"
schema:
type: string
default: "argon2id"
enum:
- value: "argon2id"
description: "argon2id"
- value: "sha512"
description: "sha512"
- variable: iterations
label: "Iterations"
schema:
type: int
default: 1
required: true
- variable: key_length
label: "Key Length"
schema:
type: int
default: 32
required: true
- variable: salt_length
label: "Salt Length"
schema:
type: int
default: 16
required: true
- variable: memory
label: "Memory"
schema:
type: int
default: 1024
required: true
- variable: parallelism
label: "Parallelism"
schema:
type: int
default: 8
required: true
- variable: notifier
group: "App Configuration"
label: "Notifier Configuration"
description: "Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration."
schema:
additional_attrs: true
type: dict
attrs:
- variable: disable_startup_check
label: "Disable Startup Check"
schema:
type: boolean
default: false
- variable: filesystem
label: "Filesystem Provider"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enable"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: filename
label: "File Path"
schema:
type: string
default: "/config/notification.txt"
required: true
- variable: smtp
label: "SMTP Provider"
description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate."
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enable"
schema:
type: boolean
default: true
show_subquestions_if: true
subquestions:
- variable: host
label: "Host"
schema:
type: string
default: "smtp.mail.svc.cluster.local"
required: true
- variable: port
label: "Port"
schema:
type: int
default: 25
required: true
- variable: timeout
label: "Timeout"
schema:
type: string
default: "5s"
required: true
- variable: username
label: "Username"
schema:
type: string
default: ""
- variable: plain_password
label: "Password"
schema:
type: string
default: ""
- variable: sender
label: "Sender"
schema:
type: string
default: ""
required: true
- variable: identifier
label: "Identifier"
description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost."
schema:
type: string
default: "localhost"
required: true
- variable: subject
label: "Subject"
description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier"
schema:
type: string
default: "[Authelia] {title}"
required: true
- variable: startup_check_address
label: "Startup Check Address"
description: "This address is used during the startup check to verify the email configuration is correct."
schema:
type: string
default: "test@authelia.com"
required: true
- variable: disable_require_tls
label: "Disable Require TLS"
schema:
type: boolean
default: false
- variable: disable_html_emails
label: "Disable HTML emails"
schema:
type: boolean
default: false
- variable: tls
label: "TLS Settings"
schema:
additional_attrs: true
type: dict
attrs:
- variable: server_name
label: "Server Name"
description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
schema:
type: string
default: ""
- variable: skip_verify
label: "Skip Certificate Verification"
description: "Skip verifying the server certificate (to allow a self-signed certificate)"
schema:
type: boolean
default: false
- variable: minimum_version
label: "Minimum TLS version"
description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
schema:
type: string
default: "TLS1.2"
enum:
- value: "TLS1.0"
description: "TLS1.0"
- value: "TLS1.1"
description: "TLS1.1"
- value: "TLS1.2"
description: "TLS1.2"
- value: "TLS1.3"
description: "TLS1.3"
- variable: access_control
group: "App Configuration"
label: "Access Control Configuration"
description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users."
schema:
additional_attrs: true
type: dict
attrs:
- variable: default_policy
label: "Default Policy"
description: |
The default policy defines the policy applied if no rules section apply to the information known about the request.
It is recommended that this is configured to deny for security reasons. Sites which you do not wish to secure at all
with Authelia should not be configured in your reverse proxy to perform authentication with Authelia at all for performance reasons.
schema:
type: string
default: "deny"
enum:
- value: "bypass"
description: "bypass"
- value: "one_factor"
description: "one_factor"
- value: "two_factor"
description: "two_factor"
- value: "deny"
description: "deny"
- variable: networks_access_control
label: "Networks"
schema:
type: list
default: []
items:
- variable: networkItem
label: "Network Item"
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: "Name"
schema:
type: string
default: ""
required: true
- variable: networks
label: "Networks"
schema:
type: list
default: []
items:
- variable: network
label: "network"
schema:
type: string
default: ""
required: true
- variable: rules
label: "Rules"
schema:
type: list
default: []
items:
- variable: rulesItem
label: "Rule"
schema:
additional_attrs: true
type: dict
attrs:
- variable: domain
label: "Domains"
description: "Defines which domain or set of domains the rule applies to."
schema:
type: list
default: []
items:
- variable: domainEntry
label: "Domain"
schema:
type: string
default: ""
required: true
- variable: domain_regex
label: "Domains RegEx"
description: "defines which domain or set of domains the rule applies to using regular expressions."
schema:
type: list
default: []
items:
- variable: domainRegexEntry
label: "Domain RegEx"
schema:
type: string
default: ""
required: true
- variable: policy
label: "Policy"
description: |
The specific policy to apply to the selected rule. This is not criteria for a match, this is the
action to take when a match is made.
schema:
type: string
default: "two_factor"
enum:
- value: "bypass"
description: "bypass"
- value: "one_factor"
description: "one_factor"
- value: "two_factor"
description: "two_factor"
- value: "deny"
description: "deny"
- variable: subject
label: "Subject"
description: |
This criteria matches identifying characteristics about the subject. Currently this is either
user or groups the user belongs to. This allows you to effectively control exactly what each user is
authorized to access or to specifically require two-factor authentication to specific users. Subjects
are prefixed with either user: or group: to identify which part of the identity to check.
schema:
type: list
default: []
items:
- variable: subjectitem
label: "Subject"
schema:
type: string
default: ""
required: true
- variable: networks
label: "Networks"
schema:
type: list
default: []
items:
- variable: network
label: "Network"
schema:
type: string
default: ""
required: true
- variable: resources
label: "Resources"
description: "is a list of regular expressions that matches a set of resources to apply the policy to"
schema:
type: list
default: []
items:
- variable: resource
label: "Resource"
schema:
type: string
default: ""
required: true
- variable: service
group: Services
label: Configure Service(s)
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable the Service
schema:
type: boolean
default: true
hidden: true
- variable: type
label: Service Type
description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
schema:
type: string
default: LoadBalancer
enum:
- value: LoadBalancer
description: LoadBalancer (Expose Ports)
- value: ClusterIP
description: ClusterIP (Do Not Expose Ports)
- variable: loadBalancerIP
label: LoadBalancer IP
description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
schema:
show_if: [["type", "=", "LoadBalancer"]]
type: string
default: ""
- variable: ports
label: "Service's Port(s) Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 9091
required: true
- variable: scaleExternalInterface
description: 'Add External Interfaces (Experimental, might change or be removed without further notice)'
label: Add external Interfaces (Experimental)
group: Networking
schema:
type: list
items:
- variable: interfaceConfiguration
description: Interface Configuration
label: Interface Configuration
schema:
additional_attrs: true
type: dict
$ref:
- "normalize/interfaceConfiguration"
attrs:
- variable: hostInterface
description: Please Specify Host Interface
label: Host Interface
schema:
type: string
required: true
$ref:
- "definitions/interface"
- variable: ipam
description: Define how IP Address will be managed
label: IP Address Management
schema:
additional_attrs: true
type: dict
required: true
attrs:
- variable: type
description: Specify type for IPAM
label: IPAM Type
schema:
type: string
required: true
enum:
- value: dhcp
description: Use DHCP
- value: static
description: Use Static IP
- variable: staticIPConfigurations
label: Static IP Addresses
schema:
type: list
show_if: [["type", "=", "static"]]
items:
- variable: staticIP
label: Static IP
schema:
type: ipaddr
cidr: true
- variable: staticRoutes
label: Static Routes
schema:
type: list
show_if: [["type", "=", "static"]]
items:
- variable: staticRouteConfiguration
label: Static Route Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: destination
label: Destination
schema:
type: ipaddr
cidr: true
required: true
- variable: gateway
label: Gateway
schema:
type: ipaddr
cidr: false
required: true
- variable: serviceList
label: Add Manual Custom Services
group: Services
schema:
type: list
default: []
items:
- variable: serviceListEntry
label: Custom Service
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable the service
schema:
type: boolean
default: true
hidden: true
- variable: name
label: Name
schema:
type: string
default: ""
- variable: type
label: Service Type
description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
schema:
type: string
default: LoadBalancer
enum:
- value: LoadBalancer
description: LoadBalancer (Expose Ports)
- value: ClusterIP
description: ClusterIP (Do Not Expose Ports)
- value: Simple
description: Deprecated CHANGE THIS
- variable: loadBalancerIP
label: LoadBalancer IP
description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
schema:
show_if: [["type", "=", "LoadBalancer"]]
type: string
default: ""
- variable: advancedsvcset
label: Show Advanced Service Settings
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: externalIPs
label: "External IP's"
description: "External IP's"
schema:
type: list
default: []
items:
- variable: externalIP
label: External IP
schema:
type: string
- variable: ipFamilyPolicy
label: IP Family Policy
description: Specify the IP Policy
schema:
type: string
default: SingleStack
enum:
- value: SingleStack
description: SingleStack
- value: PreferDualStack
description: PreferDualStack
- value: RequireDualStack
description: RequireDualStack
- variable: ipFamilies
label: IP Families
description: (Advanced) The IP Families that should be used
schema:
type: list
default: []
items:
- variable: ipFamily
label: IP Family
schema:
type: string
- variable: portsList
label: Additional Service Ports
schema:
type: list
default: []
items:
- variable: portsListEntry
label: Custom ports
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable the Port
schema:
type: boolean
default: true
hidden: true
- variable: name
label: Port Name
schema:
type: string
default: ""
- variable: protocol
label: Port Type
schema:
type: string
default: tcp
enum:
- value: http
description: HTTP
- value: https
description: HTTPS
- value: tcp
description: TCP
- value: udp
description: UDP
- variable: targetPort
label: Target Port
description: This port exposes the container port on the service
schema:
type: int
required: true
- variable: port
label: Container Port
schema:
type: int
required: true
- variable: persistence
label: Integrated Persistent Storage
description: Integrated Persistent Storage
group: Persistence
schema:
additional_attrs: true
type: dict
attrs:
- variable: config
label: "App Config Storage"
description: "Stores the Application Configuration."
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: Type of Storage
description: Sets the persistence type, Anything other than PVC could break rollback!
schema:
type: string
default: pvc
enum:
- value: pvc
description: PVC
- value: hostPath
description: Host Path
- value: emptyDir
description: emptyDir
- value: nfs
description: NFS Share
- value: iscsi
description: iSCSI Share
- variable: server
label: NFS Server
schema:
show_if: [["type", "=", "nfs"]]
type: string
default: ""
- variable: path
label: Path on NFS Server
schema:
show_if: [["type", "=", "nfs"]]
type: string
default: ""
- variable: iscsi
label: iSCSI Options
schema:
show_if: [["type", "=", "iscsi"]]
type: dict
additional_attrs: true
attrs:
- variable: targetPortal
label: targetPortal
schema:
type: string
required: true
default: ""
- variable: iqn
label: iqn
schema:
type: string
required: true
default: ""
- variable: lun
label: lun
schema:
type: int
default: 0
- variable: authSession
label: authSession
schema:
type: dict
additional_attrs: true
attrs:
- variable: username
label: username
schema:
type: string
default: ""
- variable: password
label: password
schema:
type: string
default: ""
- variable: usernameInitiator
label: usernameInitiator
schema:
type: string
default: ""
- variable: passwordInitiator
label: passwordInitiator
schema:
type: string
default: ""
- variable: authDiscovery
label: authDiscovery
schema:
type: dict
additional_attrs: true
attrs:
- variable: username
label: username
schema:
type: string
default: ""
- variable: password
label: password
schema:
type: string
default: ""
- variable: usernameInitiator
label: usernameInitiator
schema:
type: string
default: ""
- variable: passwordInitiator
label: passwordInitiator
schema:
type: string
default: ""
- variable: autoPermissions
label: Automatic Permissions Configuration
description: Automatically set permissions
schema:
show_if: [["type", "!=", "pvc"]]
type: dict
additional_attrs: true
attrs:
- variable: enabled
label: enabled
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: chown
label: Run CHOWN
description: |
It will run CHOWN on the path with the given fsGroup
schema:
type: boolean
default: false
- variable: chmod
label: Run CHMOD
description: |
It will run CHMOD on the path with the given value</br>
Format should be 3 digits, e.g. 770
schema:
type: string
valid_chars: '[0-9]{3}'
default: ""
- variable: recursive
label: Recursive
description: |
It will run CHOWN and CHMOD recursively
schema:
type: boolean
default: false
- variable: readOnly
label: Read Only
schema:
type: boolean
default: false
- variable: hostPath
label: Host Path
description: Path inside the container the storage is mounted
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: medium
label: EmptyDir Medium
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: Default
- value: Memory
description: Memory
- variable: size
label: Size quotum of Storage (Do NOT REDUCE after installation)
description: This value can ONLY be INCREASED after the installation
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: 256Gi
- variable: storageClass
label: 'storageClass (Advanced)'
description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: ""
- variable: volsync
label: 'VolSync (Experimental)'
description: Backup, Restore and Synchronise PVC storage
schema:
show_if: [["type", "=", "pvc"]]
type: list
default: []
items:
- variable: VolSyncEntry
label: VolSync Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
description: "Name of backup configuration"
schema:
type: string
default: ""
required: true
- variable: type
label: Type VolSync/Backup
description: Sets the VolSync Type
schema:
type: string
default: "restic"
enum:
- value: restic
description: Restic
- variable: credentials
label: Credentials
description: "Name of credentials in the credentials section"
schema:
type: string
default: ""
required: true
- variable: dest
label: VolSync Destination (Restore)
description: VolSYnc Destination is the location where data is the reciever and configures recovery of backups
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable
schema:
type: boolean
default: true
- variable: src
label: VolSync Source (Backup)
description: VolSYnc Source is the location where data is the sender and creates backups to storage
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable
schema:
type: boolean
default: true
- variable: static
label: 'Static Fixed PVC Bindings (Experimental)'
description: Link a PVC to a specific storage location
schema:
show_if: [["type", "=", "pvc"]]
type: dict
additional_attrs: true
attrs:
- variable: mode
label: mode
description: |
disabled: use normal dynamic PVCs
smb: connect to an SMB share
nfs: connect to an NFS share
schema:
type: string
default: "disabled"
enum:
- value: disabled
description: disabled
- value: smb
description: smb
- value: nfs
description: nfs
- variable: server
label: Server
description: server to connect to
schema:
type: string
show_if: [["mode", "!=", "disabled"]]
default: "myserver"
- variable: share
label: Share
description: share to connect to
schema:
type: string
show_if: [["mode", "!=", "disabled"]]
default: "/myshare"
- variable: user
label: User
description: connecting user
schema:
type: string
show_if: [["mode", "=", "smb"]]
default: "myuser"
- variable: domain
label: Domain
description: user domain
schema:
type: string
show_if: [["mode", "=", "smb"]]
default: ""
- variable: password
label: Password
description: connecting password
schema:
type: string
show_if: [["mode", "=", "smb"]]
default: ""
- variable: volumeSnapshots
label: 'Volume Snapshots (Experimental)'
description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
schema:
show_if: [["type", "=", "pvc"]]
type: list
default: []
items:
- variable: volumeSnapshotEntry
label: Custom volumeSnapshot
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
schema:
type: string
default: "mysnapshot"
required: true
- variable: volumeSnapshotClassName
label: 'volumeSnapshot Class Name (Advanced)'
description: For use with PVCs using a non-default storageClass
schema:
type: string
default: ""
- variable: persistenceList
label: Additional App Storage
group: Persistence
schema:
type: list
default: []
items:
- variable: persistenceListEntry
label: Custom Storage
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable the storage
schema:
type: boolean
default: true
hidden: true
- variable: type
label: Type of Storage
description: Sets the persistence type, Anything other than PVC could break rollback!
schema:
type: string
default: hostPath
enum:
- value: pvc
description: PVC
- value: hostPath
description: Host Path
- value: emptyDir
description: emptyDir
- value: nfs
description: NFS Share
- variable: server
label: NFS Server
schema:
show_if: [["type", "=", "nfs"]]
type: string
default: ""
- variable: path
label: Path on NFS Server
schema:
show_if: [["type", "=", "nfs"]]
type: string
default: ""
- variable: iscsi
label: iSCSI Options
schema:
show_if: [["type", "=", "iscsi"]]
type: dict
additional_attrs: true
attrs:
- variable: targetPortal
label: targetPortal
schema:
type: string
required: true
default: ""
- variable: iqn
label: iqn
schema:
type: string
required: true
default: ""
- variable: lun
label: lun
schema:
type: int
default: 0
- variable: authSession
label: authSession
schema:
type: dict
additional_attrs: true
attrs:
- variable: username
label: username
schema:
type: string
default: ""
- variable: password
label: password
schema:
type: string
default: ""
- variable: usernameInitiator
label: usernameInitiator
schema:
type: string
default: ""
- variable: passwordInitiator
label: passwordInitiator
schema:
type: string
default: ""
- variable: authDiscovery
label: authDiscovery
schema:
type: dict
additional_attrs: true
attrs:
- variable: username
label: username
schema:
type: string
default: ""
- variable: password
label: password
schema:
type: string
default: ""
- variable: usernameInitiator
label: usernameInitiator
schema:
type: string
default: ""
- variable: passwordInitiator
label: passwordInitiator
schema:
type: string
default: ""
- variable: autoPermissions
label: Automatic Permissions Configuration
description: Automatically set permissions
schema:
show_if: [["type", "!=", "pvc"]]
type: dict
additional_attrs: true
attrs:
- variable: enabled
label: enabled
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: chown
label: Run CHOWN
description: |
It will run CHOWN on the path with the given fsGroup
schema:
type: boolean
default: false
- variable: chmod
label: Run CHMOD
description: |
It will run CHMOD on the path with the given value</br>
Format should be 3 digits, e.g. 770
schema:
type: string
valid_chars: '[0-9]{3}'
default: ""
- variable: recursive
label: Recursive
description: |
It will run CHOWN and CHMOD recursively
schema:
type: boolean
default: false
- variable: readOnly
label: Read Only
schema:
type: boolean
default: false
- variable: hostPath
label: Host Path
description: Path inside the container the storage is mounted
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: mountPath
label: Mount Path
description: Path inside the container the storage is mounted
schema:
type: string
default: ""
required: true
valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
- variable: medium
label: EmptyDir Medium
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: Default
- value: Memory
description: Memory
- variable: size
label: Size Quotum of Storage
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: 256Gi
- variable: storageClass
label: 'storageClass (Advanced)'
description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
schema:
show_if: [["type", "=", "pvc"]]
type: string
default: ""
- variable: volsync
label: 'VolSync (Experimental)'
description: Backup, Restore and Synchronise PVC storage
schema:
show_if: [["type", "=", "pvc"]]
type: list
default: []
items:
- variable: VolSyncEntry
label: VolSync Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
description: "Name of backup configuration"
schema:
type: string
default: ""
required: true
- variable: type
label: Type VolSync/Backup
description: Sets the VolSync Type
schema:
type: string
default: "restic"
enum:
- value: restic
description: Restic
- variable: credentials
label: Credentials
description: "Name of credentials in the credentials section"
schema:
type: string
default: ""
required: true
- variable: dest
label: VolSync Destination (Restore)
description: VolSYnc Destination is the location where data is the reciever and configures recovery of backups
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable
schema:
type: boolean
default: true
- variable: src
label: VolSync Source (Backup)
description: VolSYnc Source is the location where data is the sender and creates backups to storage
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable
schema:
type: boolean
default: true
- variable: static
label: 'Static Fixed PVC Bindings (Experimental)'
description: Link a PVC to a specific storage location
schema:
show_if: [["type", "=", "pvc"]]
type: dict
additional_attrs: true
attrs:
- variable: mode
label: mode
description: |
disabled: use normal dynamic PVCs
smb: connect to an SMB share
nfs: connect to an NFS share
schema:
type: string
default: "disabled"
enum:
- value: "disabled"
description: disabled
- value: smb
description: smb
- value: nfs
description: nfs
- variable: server
label: Server
description: server to connect to
schema:
type: string
show_if: [["mode", "!=", "disabled"]]
default: "myserver"
- variable: share
label: Share
description: share to connect to
schema:
type: string
show_if: [["mode", "!=", "disabled"]]
default: "/myshare"
- variable: user
label: User
description: connecting user
schema:
type: string
show_if: [["mode", "=", "smb"]]
default: "myuser"
- variable: domain
label: Domain
description: user domain
schema:
type: string
show_if: [["mode", "=", "smb"]]
default: ""
- variable: password
label: Password
description: connecting password
schema:
type: string
show_if: [["mode", "=", "smb"]]
default: ""
- variable: volumeSnapshots
label: 'Volume Snapshots (Experimental)'
description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
schema:
show_if: [["type", "=", "pvc"]]
type: list
default: []
items:
- variable: volumeSnapshotEntry
label: Custom volumeSnapshot
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
schema:
type: string
default: "mysnapshot"
required: true
- variable: volumeSnapshotClassName
label: 'volumeSnapshot Class Name (Advanced)'
description: For use with PVCs using a non-default storageClass
schema:
type: string
default: ""
- variable: ingress
label: ""
group: Ingress
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Ingress"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable Ingress
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hosts
label: Hosts
schema:
type: list
default: []
items:
- variable: hostEntry
label: Host
schema:
additional_attrs: true
type: dict
attrs:
- variable: host
label: HostName
schema:
type: string
default: ""
required: true
- variable: paths
label: Paths
schema:
type: list
default: [{path: "/", pathType: "Prefix"}]
items:
- variable: pathEntry
label: Host
schema:
additional_attrs: true
type: dict
attrs:
- variable: path
label: Path
schema:
type: string
required: true
default: "/"
- variable: pathType
label: Path Type
schema:
type: string
required: true
default: Prefix
- variable: integrations
label: Integrations
description: Connect ingress with other charts
schema:
additional_attrs: true
type: dict
attrs:
- variable: traefik
label: Traefik
description: Connect ingress with Traefik
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: enabled
schema:
type: boolean
default: true
- variable: allowCors
label: 'Allow Cross Origin Requests (advanced)'
schema:
type: boolean
default: false
show_if: [["enabled", "=", true]]
- variable: entrypoints
label: Entrypoints
schema:
type: list
default: ["websecure"]
show_if: [["enabled", "=", true]]
items:
- variable: entrypoint
label: Entrypoint
schema:
type: string
- variable: middlewares
label: Middlewares
schema:
type: list
default: []
show_if: [["enabled", "=", true]]
items:
- variable: middleware
label: Middleware
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: name
schema:
type: string
default: ""
required: true
- variable: namespace
label: 'namespace (optional)'
schema:
type: string
default: ""
- variable: certManager
label: certManager
description: Connect ingress with certManager
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: enabled
schema:
type: boolean
default: false
- variable: certificateIssuer
label: certificateIssuer
description: defaults to chartname
schema:
type: string
default: ""
show_if: [["enabled", "=", true]]
- variable: homepage
label: Homepage
description: Connect ingress with Homepage
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: enabled
schema:
type: boolean
default: false
- variable: name
label: Name (Optional)
description: Defaults to chart name
schema:
type: string
default: ""
show_if: [["enabled", "=", true]]
- variable: description
label: Description (Optional)
description: Defaults to chart description
schema:
type: string
default: ""
show_if: [["enabled", "=", true]]
- variable: icon
label: Icon (Optional)
description: Defaults to chart icon
schema:
type: string
default: ""
show_if: [["enabled", "=", true]]
- variable: group
label: Group
schema:
type: string
required: true
default: "default"
show_if: [["enabled", "=", true]]
- variable: widget
label: Widget Settings
schema:
type: dict
additional_attrs: true
show_if: [["enabled", "=", true]]
attrs:
- variable: enabled
label: Enable Widget
description: When disabled all widget annotations are skipped.
schema:
type: boolean
default: true
- variable: custom
label: Options
schema:
type: dict
additional_attrs: true
attrs:
- variable: key
label: API-key (key)
schema:
type: string
default: ""
- variable: customkv
label: Custom Options
schema:
type: list
default: []
items:
- variable: option
label: Option
schema:
additional_attrs: true
type: dict
attrs:
- variable: key
label: Key
schema:
type: string
default: ""
required: true
- variable: value
label: Value
schema:
type: string
default: ""
required: true
- variable: advanced
label: Show Advanced Settings
description: Advanced settings are not covered by TrueCharts Support
schema:
type: boolean
default: false
- variable: ingressClassName
label: (Advanced/Optional) IngressClass Name
schema:
type: string
show_if: [["advanced", "=", true]]
default: ""
- variable: tls
label: TLS-Settings
schema:
type: list
show_if: [["advanced", "=", true]]
default: []
items:
- variable: tlsEntry
label: Host
schema:
additional_attrs: true
type: dict
attrs:
- variable: hosts
label: Certificate Hosts
schema:
type: list
default: []
items:
- variable: host
label: Host
schema:
type: string
default: ""
required: true
- variable: certificateIssuer
label: Use Cert-Manager clusterIssuer
description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
schema:
type: string
default: ""
- variable: clusterCertificate
label: 'Cluster Certificate (Advanced)'
description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
schema:
type: string
show_if: [["certificateIssuer", "=", ""]]
default: ""
- variable: secretName
label: 'Use Custom Certificate Secret (Advanced)'
schema:
show_if: [["certificateIssuer", "=", ""]]
type: string
default: ""
- variable: ingressList
label: Add Manual Custom Ingresses
group: Ingress
schema:
type: list
default: []
items:
- variable: ingressListEntry
label: Custom Ingress
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable Ingress
schema:
type: boolean
default: true
hidden: true
- variable: name
label: Name
schema:
type: string
default: ""
- variable: ingressClassName
label: IngressClass Name
schema:
type: string
default: ""
- variable: hosts
label: Hosts
schema:
type: list
default: []
items:
- variable: hostEntry
label: Host
schema:
additional_attrs: true
type: dict
attrs:
- variable: host
label: HostName
schema:
type: string
default: ""
required: true
- variable: paths
label: Paths
schema:
type: list
default: []
items:
- variable: pathEntry
label: Host
schema:
additional_attrs: true
type: dict
attrs:
- variable: path
label: Path
schema:
type: string
required: true
default: "/"
- variable: pathType
label: Path Type
schema:
type: string
required: true
default: Prefix
- variable: overrideService
label: Linked Service
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Service Name
schema:
type: string
default: ""
- variable: port
label: Service Port
schema:
type: int
- variable: tls
label: TLS-Settings
schema:
type: list
default: []
show_if: [["certificateIssuer", "=", ""]]
items:
- variable: tlsEntry
label: Host
schema:
additional_attrs: true
type: dict
attrs:
- variable: hosts
label: Certificate Hosts
schema:
type: list
default: []
items:
- variable: host
label: Host
schema:
type: string
default: ""
required: true
- variable: certificateIssuer
label: Use Cert-Manager clusterIssuer
description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
schema:
type: string
default: ""
- variable: clusterCertificate
label: 'Cluster Certificate (Advanced)'
description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
schema:
type: string
show_if: [["certificateIssuer", "=", ""]]
default: ""
- variable: secretName
label: Use Custom Secret (Advanced)
schema:
type: string
show_if: [["certificateIssuer", "=", ""]]
default: ""
- variable: integrations
label: Integrations
description: Connect ingress with other charts
schema:
additional_attrs: true
type: dict
attrs:
- variable: traefik
label: Traefik
description: Connect ingress with Traefik
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: enabled
schema:
type: boolean
default: true
- variable: allowCors
label: "Allow Cross Origin Requests"
schema:
type: boolean
default: false
show_if: [["enabled", "=", true]]
- variable: entrypoints
label: Entrypoints
schema:
type: list
default: ["websecure"]
show_if: [["enabled", "=", true]]
items:
- variable: entrypoint
label: Entrypoint
schema:
type: string
- variable: middlewares
label: Middlewares
schema:
type: list
default: []
show_if: [["enabled", "=", true]]
items:
- variable: middleware
label: Middleware
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: name
schema:
type: string
default: ""
required: true
- variable: namespace
label: namespace
schema:
type: string
default: ""
- variable: certManager
label: certManager
description: Connect ingress with certManager
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: enabled
schema:
type: boolean
default: true
- variable: certificateIssuer
label: certificateIssuer
description: defaults to chartname
schema:
type: string
default: ""
show_if: [["enabled", "=", true]]
- variable: homepage
label: Homepage
description: Connect ingress with Homepage
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: enabled
schema:
type: boolean
default: false
- variable: name
label: Name
description: defaults to chartname
schema:
type: string
default: ""
show_if: [["enabled", "=", true]]
- variable: description
label: Description
description: defaults to chart description
schema:
type: string
default: ""
show_if: [["enabled", "=", true]]
- variable: group
label: Group
schema:
type: string
required: true
default: "default"
show_if: [["enabled", "=", true]]
- variable: securityContext
group: SecurityContext
label: Security Context
schema:
additional_attrs: true
type: dict
attrs:
- variable: container
label: Container
schema:
additional_attrs: true
type: dict
attrs:
# Settings from questions.yaml get appended here on a per-app basis
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 568
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 568
# Settings from questions.yaml get appended here on a per-app basis
- variable: PUID
label: Process User ID - PUID
description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
schema:
type: int
show_if: [["runAsUser", "=", 0]]
default: 568
- variable: UMASK
label: UMASK
description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
schema:
type: string
default: "0022"
- variable: advanced
label: Show Advanced Settings
description: Advanced settings are not covered by TrueCharts Support
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: privileged
label: "Privileged mode"
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: true
- variable: pod
label: Pod
schema:
additional_attrs: true
type: dict
attrs:
- variable: fsGroupChangePolicy
label: "When should we take ownership?"
schema:
type: string
default: OnRootMismatch
enum:
- value: OnRootMismatch
description: OnRootMismatch
- value: Always
description: Always
- variable: supplementalGroups
label: Supplemental Groups
schema:
type: list
default: []
items:
- variable: supplementalGroupsEntry
label: Supplemental Group
schema:
type: int
# Settings from questions.yaml get appended here on a per-app basis
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 568
- variable: resources
group: Resources
label: "Resource Limits"
schema:
additional_attrs: true
type: dict
attrs:
- variable: limits
label: Advanced Limit Resource Consumption
schema:
additional_attrs: true
type: dict
attrs:
- variable: cpu
label: CPU
description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
schema:
type: string
default: 4000m
valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
- variable: memory
label: RAM
description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
schema:
type: string
default: 8Gi
valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
- variable: 'gpu.intel.com/i915'
label: Add Intel i915 GPUs
schema:
type: int
default: 0
- variable: 'nvidia.com/gpu'
label: Add NVIDIA GPUs (Experimental)
schema:
type: int
default: 0
- variable: 'amd.com/gpu'
label: Add AMD GPUs
schema:
type: int
default: 0
- variable: requests
label: "Minimum Resources Required (request)"
schema:
additional_attrs: true
type: dict
hidden: true
attrs:
- variable: cpu
label: CPU
description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
schema:
type: string
default: 10m
hidden: true
valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
- variable: memory
label: "RAM"
description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
schema:
type: string
default: 50Mi
hidden: true
valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
- variable: deviceList
label: Mount USB Devices
group: Devices
schema:
type: list
default: []
items:
- variable: deviceListEntry
label: Device
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable the Storage
schema:
type: boolean
default: true
- variable: type
label: (Advanced) Type of Storage
description: Sets the persistence type
schema:
type: string
default: device
hidden: true
- variable: readOnly
label: readOnly
schema:
type: boolean
default: false
- variable: hostPath
label: Host Device Path
description: Path to the device on the host system
schema:
type: path
- variable: mountPath
label: Container Device Path
description: Path inside the container the device is mounted
schema:
type: string
default: "/dev/ttyACM0"
- variable: cnpg
group: Postgresql
label: "CloudNative-PG (CNPG)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Postgresql Database"
schema:
additional_attrs: true
type: dict
attrs:
- variable: hibernate
label: Hibernate
description: "enable to safely hibernate and shutdown the postgresql cluster"
schema:
type: boolean
default: false
- variable: mode
label: Mode
description: 'Cluster mode of operation. Available modes: standalone - default mode. Creates new or updates an existing CNPG cluster. recovery - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup replica - Creates a replica cluster from an existing CNPG cluster. # TODO.'
schema:
type: string
default: "standalone"
enum:
- value: standalone
description: standalone
- value: replica
description: replica
- value: recovery
description: recovery
- variable: pgVersion
label: Postgres Version
description: "Set the Postgresql version used"
schema:
type: int
default: 16
required: true
- variable: password
label: Password
description: "Set the password for the database-user"
schema:
type: string
default: "PLACEHOLDERPASSWORD"
required: true
- variable: cluster
label: "Cluster Settings"
schema:
additional_attrs: true
type: dict
attrs:
- variable: instances
label: Instances
schema:
type: int
default: 1
- variable: singleNode
label: singleNode
schema:
type: boolean
default: true
hidden: true
- variable: storage
label: "Storage"
schema:
additional_attrs: true
type: dict
attrs:
- variable: size
label: Size
schema:
type: string
default: "256Gi"
- variable: walStorage
label: "WAL Storage"
schema:
additional_attrs: true
type: dict
attrs:
- variable: size
label: Size
schema:
type: string
default: "256Gi"
- variable: monitoring
label: "Monitoring Settings"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enablePodMonitor
label: "enablePodMonitor"
schema:
type: boolean
default: true
- variable: disableDefaultQueries
label: "disableDefaultQueries"
schema:
type: boolean
default: false
- variable: pooler
label: "Pooler Settings"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enabled
schema:
type: boolean
default: false
- variable: instances
label: Instances
schema:
type: int
show_if: [["enabled", "=", true]]
default: 1
- variable: createRO
label: "Create ReadOnly Instance"
schema:
type: boolean
show_if: [["enabled", "=", true]]
default: false
- variable: backups
label: "Backup Settings (Experimental)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "enabled"
schema:
type: boolean
default: false
- variable: revision
label: "revision"
schema:
type: string
default: ""
- variable: retentionPolicy
label: "retentionPolicy"
schema:
type: string
show_if: [["enabled", "=", true]]
default: "30d"
- variable: credentials
label: "Credentials"
description: "Name of the credentials in the credentials section"
schema:
type: string
show_if: [["enabled", "=", true]]
default: ""
required: true
- variable: recovery
label: "Recovery Settings (Experimental)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "enabled"
schema:
type: boolean
default: false
- variable: serverName
label: "serverName"
schema:
type: string
default: ""
- variable: revision
label: "revision"
schema:
type: string
default: ""
- variable: method
label: "method"
schema:
type: string
show_if: [["enabled", "=", true]]
default: "object_store"
- variable: backupName
label: "backupName"
schema:
type: string
show_if: [["enabled", "=", true]]
default: ""
- variable: credentials
label: "Credentials"
description: "Name of the credentials in the credentials section"
schema:
type: string
show_if: [["enabled", "=", true]]
default: ""
required: true
# - variable: horizontalPodAutoscaler
# group: Experimental
# label: (Advanced) Horizontal Pod Autoscaler
# schema:
# type: list
# default: []
# items:
# - variable: hpaEntry
# label: HPA Entry
# schema:
# additional_attrs: true
# type: dict
# attrs:
# - variable: name
# label: Name
# schema:
# type: string
# required: true
# default: ""
# - variable: enabled
# label: Enabled
# schema:
# type: boolean
# default: false
# show_subquestions_if: true
# subquestions:
# - variable: target
# label: Target
# description: Deployment name, Defaults to Main Deployment
# schema:
# type: string
# default: ""
# - variable: minReplicas
# label: Minimum Replicas
# schema:
# type: int
# default: 1
# - variable: maxReplicas
# label: Maximum Replicas
# schema:
# type: int
# default: 5
# - variable: targetCPUUtilizationPercentage
# label: Target CPU Utilization Percentage
# schema:
# type: int
# default: 80
# - variable: targetMemoryUtilizationPercentage
# label: Target Memory Utilization Percentage
# schema:
# type: int
# default: 80
- variable: networkPolicy
group: Experimental
label: (Advanced) Network Policy
schema:
type: list
default: []
items:
- variable: netPolicyEntry
label: Network Policy Entry
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
required: true
default: ""
- variable: enabled
label: Enabled
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: policyType
label: Policy Type
schema:
type: string
default: ""
enum:
- value: ""
description: Default
- value: ingress
description: Ingress
- value: egress
description: Egress
- value: ingress-egress
description: Ingress and Egress
- variable: egress
label: Egress
schema:
type: list
default: []
items:
- variable: egressEntry
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: to
label: To
schema:
type: list
default: []
items:
- variable: toEntry
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: ipBlock
label: IP Block
schema:
additional_attrs: true
type: dict
attrs:
- variable: cidr
label: CIDR
schema:
type: string
default: ""
- variable: except
label: Except
schema:
type: list
default: []
items:
- variable: exceptint
label: ""
schema:
type: string
- variable: namespaceSelector
label: Namespace Selector
schema:
additional_attrs: true
type: dict
attrs:
- variable: matchExpressions
label: Match Expressions
schema:
type: list
default: []
items:
- variable: expressionEntry
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: key
label: Key
schema:
type: string
- variable: operator
label: Operator
schema:
type: string
default: TCP
enum:
- value: In
description: In
- value: NotIn
description: NotIn
- value: Exists
description: Exists
- value: DoesNotExist
description: DoesNotExist
- variable: values
label: Values
schema:
type: list
default: []
items:
- variable: value
label: ""
schema:
type: string
- variable: podSelector
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: matchExpressions
label: Match Expressions
schema:
type: list
default: []
items:
- variable: expressionEntry
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: key
label: Key
schema:
type: string
- variable: operator
label: Operator
schema:
type: string
default: TCP
enum:
- value: In
description: In
- value: NotIn
description: NotIn
- value: Exists
description: Exists
- value: DoesNotExist
description: DoesNotExist
- variable: values
label: Values
schema:
type: list
default: []
items:
- variable: value
label: ""
schema:
type: string
- variable: ports
label: Ports
schema:
type: list
default: []
items:
- variable: portsEntry
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: Port
schema:
type: int
- variable: endPort
label: End Port
schema:
type: int
- variable: protocol
label: Protocol
schema:
type: string
default: TCP
enum:
- value: TCP
description: TCP
- value: UDP
description: UDP
- value: SCTP
description: SCTP
- variable: ingress
label: Ingress
schema:
type: list
default: []
items:
- variable: ingressEntry
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: from
label: From
schema:
type: list
default: []
items:
- variable: fromEntry
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: ipBlock
label: IP Block
schema:
additional_attrs: true
type: dict
attrs:
- variable: cidr
label: CIDR
schema:
type: string
default: ""
- variable: except
label: Except
schema:
type: list
default: []
items:
- variable: exceptint
label: ""
schema:
type: string
- variable: namespaceSelector
label: Namespace Selector
schema:
additional_attrs: true
type: dict
attrs:
- variable: matchExpressions
label: Match Expressions
schema:
type: list
default: []
items:
- variable: expressionEntry
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: key
label: Key
schema:
type: string
- variable: operator
label: Operator
schema:
type: string
default: TCP
enum:
- value: In
description: In
- value: NotIn
description: NotIn
- value: Exists
description: Exists
- value: DoesNotExist
description: DoesNotExist
- variable: values
label: Values
schema:
type: list
default: []
items:
- variable: value
label: ""
schema:
type: string
- variable: podSelector
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: matchExpressions
label: Match Expressions
schema:
type: list
default: []
items:
- variable: expressionEntry
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: key
label: Key
schema:
type: string
- variable: operator
label: Operator
schema:
type: string
default: TCP
enum:
- value: In
description: In
- value: NotIn
description: NotIn
- value: Exists
description: Exists
- value: DoesNotExist
description: DoesNotExist
- variable: values
label: Values
schema:
type: list
default: []
items:
- variable: value
label: ""
schema:
type: string
- variable: ports
label: Ports
schema:
type: list
default: []
items:
- variable: portsEntry
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: Port
schema:
type: int
- variable: endPort
label: End Port
schema:
type: int
- variable: protocol
label: Protocol
schema:
type: string
default: TCP
enum:
- value: TCP
description: TCP
- value: UDP
description: UDP
- value: SCTP
description: SCTP
- variable: identity_providers
group: "Experimental"
label: "Authelia Identity Providers (BETA)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: oidc
label: "OpenID Connect(BETA)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enabled"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: access_token_lifespan
label: "Access Token Lifespan"
schema:
type: string
default: "1h"
required: true
- variable: authorize_code_lifespan
label: "Authorize Code Lifespan"
schema:
type: string
default: "1m"
required: true
- variable: id_token_lifespan
label: "ID Token Lifespan"
schema:
type: string
default: "1h"
required: true
- variable: refresh_token_lifespan
label: "Refresh Token Lifespan"
schema:
type: string
default: "90m"
required: true
- variable: enable_client_debug_messages
label: "Enable Client Debug Messages"
schema:
type: boolean
default: false
- variable: clients
label: "Clients"
schema:
type: list
default: []
items:
- variable: clientEntry
label: "Client"
schema:
additional_attrs: true
type: dict
attrs:
- variable: id
label: "ID/Name"
description: "The ID is the OpenID Connect ClientID which is used to link an application to a configuration."
schema:
type: string
default: "myapp"
required: true
- variable: description
label: "Description"
description: "The description to show to users when they end up on the consent screen. Defaults to the ID above."
schema:
type: string
default: "My Application"
required: true
- variable: secret
label: "Secret"
description: "The client secret is a shared secret between Authelia and the consumer of this client."
schema:
type: string
default: ""
required: true
- variable: public
label: "public"
description: "Sets the client to public. This should typically not be set, please see the documentation for usage."
schema:
type: boolean
default: false
- variable: authorization_policy
label: "Authorization Policy"
description: "The policy to require for this client; one_factor or two_factor."
schema:
type: string
default: "two_factor"
enum:
- value: "one_factor"
description: "one_factor"
- value: "two_factor"
description: "two_factor"
- variable: consent_mode
label: "Consent Mode"
description: |
Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or
implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.)
schema:
type: string
default: "auto"
enum:
- value: "auto"
description: "auto"
- value: "explicit"
description: "explicit"
- value: "implicit"
description: "implicit"
- variable: userinfo_signing_algorithm
label: "Userinfo Signing Algorithm"
description: "The algorithm used to sign userinfo endpoint responses for this client, either none or RS256."
schema:
type: string
default: "none"
enum:
- value: "none"
description: "none"
- value: "RS256"
description: "RS256"
- variable: audience
label: "Audience"
description: "Audience this client is allowed to request."
schema:
type: list
default: []
items:
- variable: audienceEntry
label: ""
schema:
type: string
default: ""
required: true
- variable: scopes
label: "Scopes"
description: "Scopes this client is allowed to request."
schema:
type: list
default: []
items:
- variable: ScopeEntry
label: "Scope"
schema:
type: string
default: "openid"
required: true
- variable: redirect_uris
label: "redirect_uris"
description: "Redirect URI's specifies a list of valid case-sensitive callbacks for this client."
schema:
type: list
default: []
items:
- variable: uriEntry
label: "Url"
schema:
type: string
default: "https://oidc.example.com/oauth2/callback"
required: true
- variable: grant_types
description: "Grant Types configures which grants this client can obtain."
label: "grant_types"
schema:
type: list
default: []
items:
- variable: grantEntry
label: "Grant"
schema:
type: string
default: "refresh_token"
required: true
- variable: response_types
description: "Response Types configures which responses this client can be sent."
label: "response_types"
schema:
type: list
default: []
items:
- variable: responseEntry
label: "type"
schema:
type: string
default: "code"
required: true
- variable: response_modes
description: "Response Modes configures which response modes this client supports."
label: "response_modes"
schema:
type: list
default: []
items:
- variable: modeEntry
label: "Mode"
schema:
type: string
default: "form_post"
required: true
- variable: token_endpoint_auth_method
description: "The supported client authentication methods this client supports."
label: "token_endpoint_auth_method"
schema:
type: string
default: ""
enum:
- value: "client_secret_basic"
description: "client_secret_basic"
- value: "client_secret_post"
description: "client_secret_post"
- value: "client_secret_jwt"
description: "client_secret_jwt"
- value: "private_key_jwt"
description: "private_key_jwt"
- value: "none"
description: "none"
- variable: require_pkce
label: "Require PKCE"
description: "This configuration option enforces the use of PKCE for this registered client."
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: pkce_challange_method
label: "PKCE Challange Method"
description: "This setting enforces the use of the specified PKCE challenge method for this individual client."
schema:
type: string
default: S256
enum:
- value: "plain"
description: "plain"
- value: "S256"
description: "S256"
- variable: addons
group: Addons
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: codeserver
label: Codeserver
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enabled
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: service
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: Service Type
description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
schema:
type: string
default: LoadBalancer
enum:
- value: NodePort
description: Deprecated CHANGE THIS
- value: ClusterIP
description: ClusterIP
- value: LoadBalancer
description: LoadBalancer
- variable: loadBalancerIP
label: LoadBalancer IP
description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
schema:
show_if: [["type", "=", "LoadBalancer"]]
type: string
default: ""
- variable: ports
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: codeserver
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: Port
schema:
type: int
default: 36107
- variable: ingress
label: "Ingress"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enable Ingress
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hosts
label: Hosts
schema:
type: list
default: []
items:
- variable: hostEntry
label: Host
schema:
additional_attrs: true
type: dict
attrs:
- variable: host
label: HostName
schema:
type: string
default: ""
required: true
- variable: paths
label: Paths
schema:
type: list
default: [{path: "/", pathType: "Prefix"}]
items:
- variable: pathEntry
label: Host
schema:
additional_attrs: true
type: dict
attrs:
- variable: path
label: Path
schema:
type: string
required: true
default: "/"
- variable: pathType
label: Path Type
schema:
type: string
required: true
default: Prefix
- variable: integrations
label: Integrations
description: Connect ingress with other charts
schema:
additional_attrs: true
type: dict
attrs:
- variable: traefik
label: Traefik
description: Connect ingress with Traefik
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: enabled
schema:
type: boolean
default: true
- variable: allowCors
label: 'Allow Cross Origin Requests (advanced)'
schema:
type: boolean
default: false
show_if: [["enabled", "=", true]]
- variable: entrypoints
label: Entrypoints
schema:
type: list
default: ["websecure"]
show_if: [["enabled", "=", true]]
items:
- variable: entrypoint
label: Entrypoint
schema:
type: string
- variable: middlewares
label: Middlewares
schema:
type: list
default: []
show_if: [["enabled", "=", true]]
items:
- variable: middleware
label: Middleware
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: name
schema:
type: string
default: ""
required: true
- variable: namespace
label: 'namespace (optional)'
schema:
type: string
default: ""
- variable: certManager
label: certManager
description: Connect ingress with certManager
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: enabled
schema:
type: boolean
default: false
- variable: certificateIssuer
label: certificateIssuer
description: defaults to chartname
schema:
type: string
default: ""
show_if: [["enabled", "=", true]]
- variable: advanced
label: Show Advanced Settings
description: Advanced settings are not covered by TrueCharts Support
schema:
type: boolean
default: false
- variable: ingressClassName
label: (Advanced/Optional) IngressClass Name
schema:
type: string
show_if: [["advanced", "=", true]]
default: ""
- variable: tls
label: TLS-Settings
schema:
type: list
show_if: [["advanced", "=", true]]
default: []
items:
- variable: tlsEntry
label: Host
schema:
additional_attrs: true
type: dict
attrs:
- variable: hosts
label: Certificate Hosts
schema:
type: list
default: []
items:
- variable: host
label: Host
schema:
type: string
default: ""
required: true
- variable: certificateIssuer
label: Use Cert-Manager clusterIssuer
description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
schema:
type: string
default: ""
- variable: clusterCertificate
label: 'Cluster Certificate (Advanced)'
description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
schema:
type: string
show_if: [["certificateIssuer", "=", ""]]
default: ""
- variable: secretName
label: 'Use Custom Certificate Secret (Advanced)'
schema:
show_if: [["certificateIssuer", "=", ""]]
type: string
default: ""
- variable: scaleCert
label: 'Use TrueNAS SCALE Certificate (Deprecated)'
schema:
show_if: [["certificateIssuer", "=", ""]]
type: int
$ref:
- "definitions/certificate"
- variable: envList
label: Codeserver Environment Variables
schema:
type: list
show_if: [["type", "!=", "disabled"]]
default: []
items:
- variable: envItem
label: Environment Variable
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
required: true
- variable: value
label: Value
schema:
type: string
required: true
- variable: vpn
label: VPN
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: Type
schema:
type: string
default: disabled
enum:
- value: disabled
description: disabled
- value: gluetun
description: Gluetun
- value: tailscale
description: Tailscale
- value: openvpn
description: OpenVPN (Deprecated)
- value: wireguard
description: Wireguard (Deprecated)
- variable: openvpn
label: OpenVPN Settings
schema:
additional_attrs: true
type: dict
show_if: [["type", "=", "openvpn"]]
attrs:
- variable: username
label: Authentication Username (Optional)
description: Authentication Username, Optional
schema:
type: string
default: ""
- variable: password
label: Authentication Password
description: Authentication Credentials
schema:
type: string
show_if: [["username", "!=", ""]]
default: ""
required: true
- variable: tailscale
label: Tailscale Settings
schema:
additional_attrs: true
type: dict
show_if: [["type", "=", "tailscale"]]
attrs:
- variable: authkey
label: Authentication Key
description: Provide an auth key to automatically authenticate the node as your user account.
schema:
type: string
private: true
default: ""
- variable: auth_once
label: Auth Once
description: Only attempt to log in if not already logged in.
schema:
type: boolean
default: true
- variable: accept_dns
label: Accept DNS
description: Accept DNS configuration from the admin console.
schema:
type: boolean
default: false
- variable: userspace
label: Userspace
description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
schema:
type: boolean
default: false
- variable: routes
label: Routes
description: Expose physical subnet routes to your entire Tailscale network.
schema:
type: string
default: ""
- variable: dest_ip
label: Destination IP
description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
schema:
type: string
default: ""
- variable: sock5_server
label: Sock5 Server
description: The address on which to listen for SOCKS5 proxying into the tailscale net.
schema:
type: string
default: ""
- variable: outbound_http_proxy_listen
label: Outbound HTTP Proxy Listen
description: The address on which to listen for HTTP proxying into the tailscale net.
schema:
type: string
default: ""
- variable: extra_args
label: Extra Args
description: Extra Args
schema:
type: string
default: ""
- variable: daemon_extra_args
label: Tailscale Daemon Extra Args
description: Tailscale Daemon Extra Args
schema:
type: string
default: ""
- variable: killSwitch
label: Enable Killswitch
schema:
type: boolean
show_if: [["type", "!=", "disabled"]]
default: true
- variable: excludedNetworks_IPv4
label: Killswitch Excluded IPv4 networks
description: List of Killswitch Excluded IPv4 Addresses
schema:
type: list
show_if: [["type", "!=", "disabled"]]
default: []
items:
- variable: networkv4
label: IPv4 Network
schema:
type: string
required: true
- variable: excludedNetworks_IPv6
label: Killswitch Excluded IPv6 networks
description: "List of Killswitch Excluded IPv6 Addresses"
schema:
type: list
show_if: [["type", "!=", "disabled"]]
default: []
items:
- variable: networkv6
label: IPv6 Network
schema:
type: string
required: true
- variable: configFile
label: VPN Config File Location
schema:
type: string
show_if: [["type", "!=", "disabled"]]
default: ""
- variable: envList
label: VPN Environment Variables
schema:
type: list
show_if: [["type", "!=", "disabled"]]
default: []
items:
- variable: envItem
label: Environment Variable
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
required: true
- variable: value
label: Value
schema:
type: string
required: true
max_length: 10240
- variable: netshoot
label: Netshoot
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enabled
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: envList
label: Netshoot Environment Variables
schema:
type: list
show_if: [["type", "!=", "disabled"]]
default: []
items:
- variable: envItem
label: Environment Variable
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
required: true
- variable: value
label: Value
schema:
type: string
required: true
- variable: docs
group: Documentation
label: Please read the documentation at https://truecharts.org
description: Please read the documentation at
<br /><a href="https://truecharts.org">https://truecharts.org</a>
schema:
additional_attrs: true
type: dict
attrs:
- variable: confirmDocs
label: I have checked the documentation
schema:
type: boolean
default: true
- variable: donateNag
group: Documentation
label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
description: Please consider supporting TrueCharts, see
<br /><a href="https://truecharts.org/sponsor">https://truecharts.org/sponsor</a>
schema:
additional_attrs: true
type: dict
attrs:
- variable: confirmDonate
label: I have considered donating
schema:
type: boolean
default: true
hidden: true