596 lines
25 KiB
YAML
596 lines
25 KiB
YAML
|
groups:
|
|||
|
- name: Image
|
|||
|
description: |
|
|||
|
Configured the images to be used for the Chart.
|
|||
|
It's wise to use "digest pinned" tags and to avoid using "latest".
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/#images
|
|||
|
|
|||
|
|
|||
|
- name: General
|
|||
|
description: |
|
|||
|
For TrueNAS SCALE We've grouped a number of settings here, that all effact how apps run in general.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/global/
|
|||
|
- https://truecharts.org/common/#tz
|
|||
|
- https://truecharts.org/common/podoptions/
|
|||
|
- Image Pull Secrets
|
|||
|
|
|||
|
|
|||
|
- name: Workload
|
|||
|
description: |
|
|||
|
These settings configure how the actual Pods and containers are running.
|
|||
|
Generally, on SCALE, we only expose a limited subset of these settings for the primary workload and container.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/workload/
|
|||
|
- https://truecharts.org/common/container/
|
|||
|
|
|||
|
|
|||
|
- name: App Configuration
|
|||
|
description: |
|
|||
|
Every application has different values that may be required to run or have multiple options that the user may choose to enable or disable to change the behavior of the application.
|
|||
|
Most options should have a Tooltip (Circled Question Mark) to further describe said option.
|
|||
|
|
|||
|
To find more information, lookup your chart-specific documentation in the Charts List: https://truecharts.org/charts/description-list/
|
|||
|
|
|||
|
- name: Services
|
|||
|
description: |
|
|||
|
Service and Networking options for any applications are contained here.
|
|||
|
Some applications may have complicated networking setups with multiple options or some may have no options here at all.
|
|||
|
|
|||
|
Options here include the service and port configurations for the application, and more may be enabled or changed under the Advanced Settings and Show Expert Config boxes.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/service/
|
|||
|
|
|||
|
- name: Networking
|
|||
|
description: |
|
|||
|
Contains advanced networking options that are not actively supported by the TrueCharts team.
|
|||
|
Currently only contains scaleExternalInterfaces.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/scaleexternalinterface/
|
|||
|
|
|||
|
- name: Persistence
|
|||
|
description: |
|
|||
|
Many applications will have certain options for storage to be configurable by the user, the main two being PVC and hostpath but may include other types.
|
|||
|
This storage is called Persistence since it is not deleted upon restart or upgrade of an application.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/persistence/
|
|||
|
- https://truecharts.org/scale/guides/nfs-share/
|
|||
|
- https://truecharts.org/general/faq/#why-pvc-is-recommended-over-hostpath
|
|||
|
|
|||
|
|
|||
|
- name: Ingress
|
|||
|
description: |
|
|||
|
Ingress (more commonly known as Reverse Proxy) settings can be configured here. This is how Kubernetes connects your Applications in containers to FQDNs (fully qualified domain names).
|
|||
|
If you choose to enable this you must have a "Ingress Provider" aka "Reverse Proxy" installed (We highly advice Traefik: https://truecharts.org/charts/premium/traefik/)
|
|||
|
It also requiresa DNS service to actually resolve the DNS name of the FQDN specified.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/ingress/
|
|||
|
|
|||
|
|
|||
|
- name: SecurityContext
|
|||
|
description: |
|
|||
|
The security settings for each application and/or permissions that each application may have for the files/directories created.
|
|||
|
Each application will come with predefined permissions but users may want to change certain setting depending on their usage or capabilities.
|
|||
|
|
|||
|
Unless necessary users are advised to keep this section mostly to defaults.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/securitycontext/
|
|||
|
|
|||
|
|
|||
|
- name: Resources
|
|||
|
description: |
|
|||
|
Resources limits that have been defined by each application are in this section.
|
|||
|
Most will have a specific default that some users may want to change based on their specific hardware or needs.
|
|||
|
|
|||
|
This also contains the options to mount GPUs or, more precisely, "request" GPU's to be mounted.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/resources/
|
|||
|
|
|||
|
- name: Devices
|
|||
|
description: |
|
|||
|
These are special "mountpoints" that can be used to mount miscelanious USB and PCI devices using special hostPath mounts.
|
|||
|
For clearity we've decided to seperate this from persistence on SCALE.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/persistence/device/
|
|||
|
- https://truecharts.org/scale/guides/pci-passthrough/
|
|||
|
|
|||
|
- name: Middlewares
|
|||
|
description: Traefik Middlewares
|
|||
|
|
|||
|
- name: StorageClass
|
|||
|
description: |
|
|||
|
StorageClasses define where to storage Storage.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
|
|||
|
- name: Metrics
|
|||
|
description: |
|
|||
|
Contains options to configure Prometheus metrics for the application.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/metrics/
|
|||
|
|
|||
|
|
|||
|
- name: Addons
|
|||
|
description: |
|
|||
|
Addons that are supplied by the TrueCharts team to add additional capabilities for users to use on top of the application’s defaults.
|
|||
|
Things included here are VPN addons, Codeserver for editing files inside the application’s container, Netshoot for network troubelshooting, etc.
|
|||
|
|
|||
|
Generally not required for use but may be necessary or usefull at times for specific applications.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/addons/
|
|||
|
- https://truecharts.org/scale/guides/vpn-setup/
|
|||
|
|
|||
|
|
|||
|
- name: Experimental
|
|||
|
description: |
|
|||
|
Experimental Configuration Options
|
|||
|
Often these are not fully flushed-out, could randomly break or might not work at-all.
|
|||
|
|
|||
|
- name: Postgresql
|
|||
|
description: |
|
|||
|
For Postgresql we use "CloudNative-PG" as a backend, which has to be installed first.
|
|||
|
|
|||
|
Checkout the following documentation for more information:
|
|||
|
- https://truecharts.org/common/cnpg/
|
|||
|
- https://truecharts.org/scale/guides/sql-export/
|
|||
|
- https://truecharts.org/scale/guides/recover-cnpg/
|
|||
|
|
|||
|
- name: Dependencies
|
|||
|
description: |
|
|||
|
contains dependency setting for which we, currently, do not have seperate catagories (yet)
|
|||
|
|
|||
|
|
|||
|
- name: Documentation
|
|||
|
description: |
|
|||
|
We added this section to make everyone aware that OpenSource isn't always easy.
|
|||
|
It doesn't keep existing without signficant ongoing support, so please consider supporting TrueCharts and other OpenSource projects.
|
|||
|
|
|||
|
Before installing, be sure you've followed the https://truecharts.org/scale/guides/getting-started/
|
|||
|
We would also advice going over our https://truecharts.org/scale/guides/scale-intro/
|
|||
|
and many of the other documentation pages...
|
|||
|
|
|||
|
questions:
|
|||
|
- variable: global
|
|||
|
group: General
|
|||
|
label: "Global Settings"
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: stopAll
|
|||
|
label: Stop All
|
|||
|
description: "Stops All Running pods and hibernates cnpg"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: false
|
|||
|
|
|||
|
- variable: operator
|
|||
|
group: App Configuration
|
|||
|
label: Operator Configuration
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: cert-manager
|
|||
|
label: 'Cert-Manager'
|
|||
|
schema:
|
|||
|
type: dict
|
|||
|
additional_attrs: true
|
|||
|
attrs:
|
|||
|
- variable: namespace
|
|||
|
label: 'Namespace (change to ix-APPNAME of cert-manager)'
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: "ix-cert-manager"
|
|||
|
- variable: clusterIssuer
|
|||
|
group: App Configuration
|
|||
|
label: Cluster Certificate Issuer
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: ACME
|
|||
|
label: 'ACME Issuer'
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: ACMEEntry
|
|||
|
label: 'ACME Issuer Entry'
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
description: "Name to give the issuer"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
|||
|
default: ""
|
|||
|
- variable: type
|
|||
|
label: Type or DNS-Provider
|
|||
|
description: DNS Provider
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: cloudflare
|
|||
|
enum:
|
|||
|
- value: cloudflare
|
|||
|
description: Cloudflare
|
|||
|
- value: route53
|
|||
|
description: Route53
|
|||
|
- value: akamai
|
|||
|
description: Akamai
|
|||
|
- value: digitalocean
|
|||
|
description: Digitalocean
|
|||
|
- value: rfc2136
|
|||
|
description: rfc2136 (Advanced)
|
|||
|
- value: HTTP01
|
|||
|
description: HTTP01 (Experimental)
|
|||
|
- value: acmedns
|
|||
|
description: ACME DNS (Advanced)
|
|||
|
- variable: server
|
|||
|
label: Server
|
|||
|
description: "Server for ACME, for example: letsencrypt"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: 'Letsencrypt-Production'
|
|||
|
enum:
|
|||
|
- value: 'https://acme-v02.api.letsencrypt.org/directory'
|
|||
|
description: Letsencrypt-Production
|
|||
|
- value: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
|||
|
description: Letsencrypt-Staging
|
|||
|
- value: 'https://api.buypass.no/acme-v02/directory'
|
|||
|
description: BuyPass-Production
|
|||
|
- value: 'https://api.test4.buypass.no/acme-v02/directory'
|
|||
|
description: BuyPass-Staging
|
|||
|
- value: custom
|
|||
|
description: Custom
|
|||
|
- variable: customServer
|
|||
|
label: Custom ACME Server (Advanced)
|
|||
|
description: "This can be used to enter your own custom ACME server"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["server", "=", "custom"]]
|
|||
|
default: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
|||
|
- variable: caBundle
|
|||
|
label: Trusted CABundle for private ACME server
|
|||
|
description: "Trusted CABundle for private ACME server, encoded in base64"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
show_if: [["server", "=", "custom"]]
|
|||
|
- variable: email
|
|||
|
label: Email
|
|||
|
description: "Email adress to use for certificate issuing must match your DNS provider email when required"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: "something@example.com"
|
|||
|
- variable: cfapikey
|
|||
|
label: CloudFlare API key
|
|||
|
description: "CloudFlare API Key"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "cloudflare"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: cfapitoken
|
|||
|
label: CloudFlare API Token
|
|||
|
description: "CloudFlare API Token"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "cloudflare"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: region
|
|||
|
label: Route53 Region
|
|||
|
description: "Route 53 Region"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "route53"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: "us-west-1"
|
|||
|
- variable: accessKeyID
|
|||
|
label: Route53 accessKeyID
|
|||
|
description: "Route53 accessKeyID"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "route53"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: route53SecretAccessKey
|
|||
|
label: Route53 Secret Access Key
|
|||
|
description: "Route53 Secret Access Key"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "route53"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: role
|
|||
|
label: Route53 Role (optional)
|
|||
|
description: "Route53 Role"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "route53"]]
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
- variable: serviceConsumerDomain
|
|||
|
label: Akamai Service Consumer Domain
|
|||
|
description: "Akamai Service Consumer Domain"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "akamai"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: akclientToken
|
|||
|
label: Akamai Client Token
|
|||
|
description: "Client Token"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "akamai"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: akclientSecret
|
|||
|
label: Akamai Client Secret
|
|||
|
description: "Akamai Client Secret"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "akamai"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: akaccessToken
|
|||
|
label: Akamai Access Token
|
|||
|
description: "Akamai Access Token"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "akamai"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: doaccessToken
|
|||
|
label: Digitalocean Access Token
|
|||
|
description: "Digitalocean Access Token"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "digitalocean"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: nameserver
|
|||
|
label: rfc2136 Namesever
|
|||
|
description: "rfc2136 Namesever"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "rfc2136"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: tsigKeyName
|
|||
|
label: rfc2136 tsig Key Name
|
|||
|
description: "rfc2136 tsig Key Name"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "rfc2136"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: tsigAlgorithm
|
|||
|
label: rfc2136 tsig Algorithm
|
|||
|
description: "rfc2136 tsig Algorithm"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "rfc2136"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: rfctsigSecret
|
|||
|
label: rfc2136 sig Secret
|
|||
|
description: "rfc2136 sig Secret"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "rfc2136"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: acmednsHost
|
|||
|
label: ACME DNS host
|
|||
|
description: "ACME DNS API server address"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "acmedns"]]
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: "https://auth.acme-dns.io"
|
|||
|
- variable: acmednsConfig
|
|||
|
label: ACME DNS config
|
|||
|
description: "ACME DNS per-domain auth configuration"
|
|||
|
schema:
|
|||
|
show_if: [["type", "=", "acmedns"]]
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: acmednsEntry
|
|||
|
label: 'ACME DNS entry'
|
|||
|
schema:
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: domain
|
|||
|
label: Domain
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
- variable: username
|
|||
|
label: Username
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
- variable: password
|
|||
|
label: Password
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
- variable: fulldomain
|
|||
|
label: Full domain
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
- variable: subdomain
|
|||
|
label: Subdomain
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
- variable: allowFrom
|
|||
|
label: Allow from
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: cidr
|
|||
|
label: CIDR
|
|||
|
schema:
|
|||
|
type: ipaddr
|
|||
|
cidr: true
|
|||
|
required: true
|
|||
|
- variable: CA
|
|||
|
label: Certificate Authority Issuer
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: CAEntry
|
|||
|
label: 'CA Issuer Entry'
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
description: "Name to give the issuer"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
|||
|
default: ""
|
|||
|
- variable: selfSigned
|
|||
|
label: selfSigned
|
|||
|
description: "Create Self Signed CA cert"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: selfSignedCommonName
|
|||
|
label: selfSigned CommonName
|
|||
|
description: "Common name for selfSigned Certiticate Authority"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
show_if: [["selfSigned", "=", true]]
|
|||
|
default: "my-selfsigned-ca"
|
|||
|
- variable: crt
|
|||
|
label: "Custom CA cert (experimental)"
|
|||
|
description: "certificate for Certiticate Authority"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
max_length: 10240
|
|||
|
show_if: [["selfSigned", "=", false]]
|
|||
|
default: ""
|
|||
|
- variable: key
|
|||
|
label: "Custom CA key (experimental)"
|
|||
|
description: "key Certiticate Authority"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
max_length: 10240
|
|||
|
show_if: [["selfSigned", "=", false]]
|
|||
|
default: ""
|
|||
|
- variable: selfSigned
|
|||
|
label: 'SelfSigned Issuer'
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: enabled
|
|||
|
description: "Enable self-signed issuer"
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: name
|
|||
|
label: Name
|
|||
|
description: "Name to give the issuer"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
|||
|
default: "selfsigned"
|
|||
|
- variable: clusterCertificates
|
|||
|
group: App Configuration
|
|||
|
label: Cluster Wide Certificates (Advanced)
|
|||
|
description: "Creates certificates for use within the entire cluster. Can be used to create wildcard certificates."
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: certificates
|
|||
|
label: Cluster Certificates
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: CertEntry
|
|||
|
label: 'Certificate Entry'
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enabled
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|
|||
|
- variable: name
|
|||
|
label: Certificate Name
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
default: ""
|
|||
|
- variable: certificateIssuer
|
|||
|
label: Cert-Manager clusterIssuer
|
|||
|
description: "One of the Cert-Manager clusterIssuers defined above"
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
required: true
|
|||
|
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
|||
|
default: "selfsigned"
|
|||
|
- variable: hosts
|
|||
|
label: Certificate Hosts
|
|||
|
description: "NOTE: Creation of wildcard certificates with an ACME issuer requires a DNSO1 solver to be set up."
|
|||
|
schema:
|
|||
|
type: list
|
|||
|
default: []
|
|||
|
items:
|
|||
|
- variable: host
|
|||
|
label: Host
|
|||
|
schema:
|
|||
|
type: string
|
|||
|
default: ""
|
|||
|
required: true
|
|||
|
- variable: customMetrics
|
|||
|
group: Metrics
|
|||
|
label: Prometheus Metrics
|
|||
|
schema:
|
|||
|
additional_attrs: true
|
|||
|
type: dict
|
|||
|
attrs:
|
|||
|
- variable: enabled
|
|||
|
label: Enabled
|
|||
|
description: Enable Prometheus Metrics
|
|||
|
schema:
|
|||
|
type: boolean
|
|||
|
default: true
|