scale-catalog/premium/clusterissuer/8.0.12/questions.yaml

667 lines
27 KiB
YAML
Raw Permalink Normal View History

2024-07-13 07:59:30 +00:00
groups:
- name: Image
description: |
Configured the images to be used for the Chart.
It's wise to use "digest pinned" tags and to avoid using "latest".
Checkout the following documentation for more information:
- https://truecharts.org/common/#images
- name: General
description: |
For TrueNAS SCALE We've grouped a number of settings here, that all effact how apps run in general.
Checkout the following documentation for more information:
- https://truecharts.org/common/global/
- https://truecharts.org/common/#tz
- https://truecharts.org/common/podoptions/
- Image Pull Secrets
- name: Workload
description: |
These settings configure how the actual Pods and containers are running.
Generally, on SCALE, we only expose a limited subset of these settings for the primary workload and container.
Checkout the following documentation for more information:
- https://truecharts.org/common/workload/
- https://truecharts.org/common/container/
- name: App Configuration
description: |
Every application has different values that may be required to run or have multiple options that the user may choose to enable or disable to change the behavior of the application.
Most options should have a Tooltip (Circled Question Mark) to further describe said option.
To find more information, lookup your chart-specific documentation in the Charts List: https://truecharts.org/charts/description-list/
- name: Services
description: |
Service and Networking options for any applications are contained here.
Some applications may have complicated networking setups with multiple options or some may have no options here at all.
Options here include the service and port configurations for the application, and more may be enabled or changed under the Advanced Settings and Show Expert Config boxes.
Checkout the following documentation for more information:
- https://truecharts.org/common/service/
- name: Networking
description: |
Contains advanced networking options that are not actively supported by the TrueCharts team.
Currently only contains scaleExternalInterfaces.
Checkout the following documentation for more information:
- https://truecharts.org/common/scaleexternalinterface/
- name: Persistence
description: |
Many applications will have certain options for storage to be configurable by the user, the main two being PVC and hostpath but may include other types.
This storage is called Persistence since it is not deleted upon restart or upgrade of an application.
Checkout the following documentation for more information:
- https://truecharts.org/common/persistence/
- https://truecharts.org/scale/guides/nfs-share/
- https://truecharts.org/general/faq/#why-pvc-is-recommended-over-hostpath
- name: Ingress
description: |
Ingress (more commonly known as Reverse Proxy) settings can be configured here. This is how Kubernetes connects your Applications in containers to FQDNs (fully qualified domain names).
If you choose to enable this you must have a "Ingress Provider" aka "Reverse Proxy" installed (We highly advice Traefik: https://truecharts.org/charts/premium/traefik/)
It also requiresa DNS service to actually resolve the DNS name of the FQDN specified.
Checkout the following documentation for more information:
- https://truecharts.org/common/ingress/
- name: SecurityContext
description: |
The security settings for each application and/or permissions that each application may have for the files/directories created.
Each application will come with predefined permissions but users may want to change certain setting depending on their usage or capabilities.
Unless necessary users are advised to keep this section mostly to defaults.
Checkout the following documentation for more information:
- https://truecharts.org/common/securitycontext/
- name: Resources
description: |
Resources limits that have been defined by each application are in this section.
Most will have a specific default that some users may want to change based on their specific hardware or needs.
This also contains the options to mount GPUs or, more precisely, "request" GPU's to be mounted.
Checkout the following documentation for more information:
- https://truecharts.org/common/resources/
- name: Devices
description: |
These are special "mountpoints" that can be used to mount miscelanious USB and PCI devices using special hostPath mounts.
For clearity we've decided to seperate this from persistence on SCALE.
Checkout the following documentation for more information:
- https://truecharts.org/common/persistence/device/
- https://truecharts.org/scale/guides/pci-passthrough/
- name: Middlewares
description: Traefik Middlewares
- name: StorageClass
description: |
StorageClasses define where to storage Storage.
Checkout the following documentation for more information:
- name: Metrics
description: |
Contains options to configure Prometheus metrics for the application.
Checkout the following documentation for more information:
- https://truecharts.org/common/metrics/
- name: Addons
description: |
Addons that are supplied by the TrueCharts team to add additional capabilities for users to use on top of the applications defaults.
Things included here are VPN addons, Codeserver for editing files inside the applications container, Netshoot for network troubelshooting, etc.
Generally not required for use but may be necessary or usefull at times for specific applications.
Checkout the following documentation for more information:
- https://truecharts.org/common/addons/
- https://truecharts.org/scale/guides/vpn-setup/
- name: Experimental
description: |
Experimental Configuration Options
Often these are not fully flushed-out, could randomly break or might not work at-all.
- name: Postgresql
description: |
For Postgresql we use "CloudNative-PG" as a backend, which has to be installed first.
Checkout the following documentation for more information:
- https://truecharts.org/common/cnpg/
- https://truecharts.org/scale/guides/sql-export/
- https://truecharts.org/scale/guides/recover-cnpg/
- name: Dependencies
description: |
contains dependency setting for which we, currently, do not have seperate catagories (yet)
- name: Documentation
description: |
We added this section to make everyone aware that OpenSource isn't always easy.
It doesn't keep existing without signficant ongoing support, so please consider supporting TrueCharts and other OpenSource projects.
Before installing, be sure you've followed the https://truecharts.org/scale/guides/getting-started/
We would also advice going over our https://truecharts.org/scale/guides/scale-intro/
and many of the other documentation pages...
questions:
- variable: global
group: General
label: "Global Settings"
schema:
additional_attrs: true
type: dict
attrs:
- variable: stopAll
label: Stop All
description: "Stops All Running pods and hibernates cnpg"
schema:
type: boolean
default: false
- variable: credentialsList
group: General
label: "Credentials (Experimental)"
schema:
type: list
default: []
items:
- variable: credentialsEntry
label: "Enter Credentials"
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
description: "Name"
schema:
type: string
required: true
default: ""
- variable: type
label: Type
description: "Type of Credential"
schema:
type: string
default: "s3"
enum:
- value: s3
description: s3 Storage
- variable: url
label: "url"
schema:
type: string
default: ""
required: true
- variable: path
label: "path"
description: "Path Prefix not needed for most cases"
schema:
type: string
default: ""
- variable: bucket
label: "bucket"
schema:
show_if: [["type", "=", "s3"]]
type: string
default: ""
required: true
- variable: accessKey
label: "accessKey"
schema:
show_if: [["type", "=", "s3"]]
type: string
default: ""
required: true
- variable: secretKey
label: "secretKey"
schema:
show_if: [["type", "=", "s3"]]
type: string
default: ""
required: true
- variable: encrKey
label: "encrKey"
description: "The Encryption key is needed for tools like volsync if not needed it will be ignored"
schema:
show_if: [["type", "=", "s3"]]
type: string
default: "MYSECRETPASSPHRASE"
required: true
- variable: operator
group: App Configuration
label: Operator Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: cert-manager
label: 'Cert-Manager'
schema:
type: dict
additional_attrs: true
attrs:
- variable: namespace
label: 'Namespace (change to ix-APPNAME of cert-manager)'
schema:
type: string
required: true
default: "ix-cert-manager"
- variable: clusterIssuer
group: App Configuration
label: Cluster Certificate Issuer
schema:
additional_attrs: true
type: dict
attrs:
- variable: ACME
label: 'ACME Issuer'
schema:
type: list
default: []
items:
- variable: ACMEEntry
label: 'ACME Issuer Entry'
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
description: "Name to give the issuer"
schema:
type: string
required: true
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
default: ""
- variable: type
label: Type or DNS-Provider
description: DNS Provider
schema:
type: string
default: cloudflare
enum:
- value: cloudflare
description: Cloudflare
- value: route53
description: Route53
- value: akamai
description: Akamai
- value: digitalocean
description: Digitalocean
- value: rfc2136
description: rfc2136 (Advanced)
- value: HTTP01
description: HTTP01 (Experimental)
- value: acmedns
description: ACME DNS (Advanced)
- variable: server
label: Server
description: "Server for ACME, for example: letsencrypt"
schema:
type: string
default: 'https://acme-v02.api.letsencrypt.org/directory'
enum:
- value: 'https://acme-v02.api.letsencrypt.org/directory'
description: Letsencrypt-Production
- value: 'https://acme-staging-v02.api.letsencrypt.org/directory'
description: Letsencrypt-Staging
- value: 'https://api.buypass.no/acme-v02/directory'
description: BuyPass-Production
- value: 'https://api.test4.buypass.no/acme-v02/directory'
description: BuyPass-Staging
- value: custom
description: Custom
- variable: customServer
label: Custom ACME Server (Advanced)
description: "This can be used to enter your own custom ACME server"
schema:
type: string
show_if: [["server", "=", "custom"]]
default: 'https://acme-staging-v02.api.letsencrypt.org/directory'
- variable: caBundle
label: Trusted CABundle for private ACME server
description: "Trusted CABundle for private ACME server, encoded in base64"
schema:
type: string
show_if: [["server", "=", "custom"]]
- variable: email
label: Email
description: "Email adress to use for certificate issuing must match your DNS provider email when required"
schema:
type: string
required: true
default: "something@example.com"
- variable: cfapikey
label: CloudFlare API key
description: "CloudFlare API Key"
schema:
show_if: [["type", "=", "cloudflare"]]
type: string
default: ""
- variable: cfapitoken
label: CloudFlare API Token
description: "CloudFlare API Token"
schema:
show_if: [["type", "=", "cloudflare"]]
type: string
default: ""
- variable: region
label: Route53 Region
description: "Route 53 Region"
schema:
show_if: [["type", "=", "route53"]]
type: string
required: true
default: "us-west-1"
- variable: accessKeyID
label: Route53 accessKeyID
description: "Route53 accessKeyID"
schema:
show_if: [["type", "=", "route53"]]
type: string
required: true
default: ""
- variable: route53SecretAccessKey
label: Route53 Secret Access Key
description: "Route53 Secret Access Key"
schema:
show_if: [["type", "=", "route53"]]
type: string
required: true
default: ""
- variable: role
label: Route53 Role (optional)
description: "Route53 Role"
schema:
show_if: [["type", "=", "route53"]]
type: string
default: ""
- variable: serviceConsumerDomain
label: Akamai Service Consumer Domain
description: "Akamai Service Consumer Domain"
schema:
show_if: [["type", "=", "akamai"]]
type: string
required: true
default: ""
- variable: akclientToken
label: Akamai Client Token
description: "Client Token"
schema:
show_if: [["type", "=", "akamai"]]
type: string
required: true
default: ""
- variable: akclientSecret
label: Akamai Client Secret
description: "Akamai Client Secret"
schema:
show_if: [["type", "=", "akamai"]]
type: string
required: true
default: ""
- variable: akaccessToken
label: Akamai Access Token
description: "Akamai Access Token"
schema:
show_if: [["type", "=", "akamai"]]
type: string
required: true
default: ""
- variable: doaccessToken
label: Digitalocean Access Token
description: "Digitalocean Access Token"
schema:
show_if: [["type", "=", "digitalocean"]]
type: string
required: true
default: ""
- variable: nameserver
label: rfc2136 Namesever
description: "rfc2136 Namesever"
schema:
show_if: [["type", "=", "rfc2136"]]
type: string
required: true
default: ""
- variable: tsigKeyName
label: rfc2136 tsig Key Name
description: "rfc2136 tsig Key Name"
schema:
show_if: [["type", "=", "rfc2136"]]
type: string
required: true
default: ""
- variable: tsigAlgorithm
label: rfc2136 tsig Algorithm
description: "rfc2136 tsig Algorithm"
schema:
show_if: [["type", "=", "rfc2136"]]
type: string
required: true
default: ""
- variable: rfctsigSecret
label: rfc2136 sig Secret
description: "rfc2136 sig Secret"
schema:
show_if: [["type", "=", "rfc2136"]]
type: string
required: true
default: ""
- variable: acmednsHost
label: ACME DNS host
description: "ACME DNS API server address"
schema:
show_if: [["type", "=", "acmedns"]]
type: string
required: true
default: "https://auth.acme-dns.io"
- variable: acmednsConfig
label: ACME DNS config
description: "ACME DNS per-domain auth configuration"
schema:
show_if: [["type", "=", "acmedns"]]
type: list
default: []
items:
- variable: acmednsEntry
label: 'ACME DNS entry'
schema:
type: dict
attrs:
- variable: domain
label: Domain
schema:
type: string
required: true
- variable: username
label: Username
schema:
type: string
required: true
- variable: password
label: Password
schema:
type: string
required: true
- variable: fulldomain
label: Full domain
schema:
type: string
required: true
- variable: subdomain
label: Subdomain
schema:
type: string
required: true
- variable: allowFrom
label: Allow from
schema:
type: list
default: []
items:
- variable: cidr
label: CIDR
schema:
type: ipaddr
cidr: true
required: true
- variable: CA
label: Certificate Authority Issuer
schema:
type: list
default: []
items:
- variable: CAEntry
label: 'CA Issuer Entry'
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
description: "Name to give the issuer"
schema:
type: string
required: true
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
default: ""
- variable: selfSigned
label: selfSigned
description: "Create Self Signed CA cert"
schema:
type: boolean
default: true
- variable: selfSignedCommonName
label: selfSigned CommonName
description: "Common name for selfSigned Certiticate Authority"
schema:
type: string
required: true
show_if: [["selfSigned", "=", true]]
default: "my-selfsigned-ca"
- variable: crt
label: "Custom CA cert (experimental)"
description: "certificate for Certiticate Authority"
schema:
type: string
required: true
max_length: 10240
show_if: [["selfSigned", "=", false]]
default: ""
- variable: key
label: "Custom CA key (experimental)"
description: "key Certiticate Authority"
schema:
type: string
required: true
max_length: 10240
show_if: [["selfSigned", "=", false]]
default: ""
- variable: selfSigned
label: 'SelfSigned Issuer'
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: enabled
description: "Enable self-signed issuer"
schema:
type: boolean
default: true
- variable: name
label: Name
description: "Name to give the issuer"
schema:
type: string
required: true
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
default: "selfsigned"
- variable: clusterCertificates
group: App Configuration
label: Cluster Wide Certificates (Advanced)
description: "Creates certificates for use within the entire cluster. Can be used to create wildcard certificates."
schema:
additional_attrs: true
type: dict
attrs:
- variable: certificates
label: Cluster Certificates
schema:
type: list
default: []
items:
- variable: CertEntry
label: 'Certificate Entry'
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enabled
schema:
type: boolean
default: true
- variable: name
label: Certificate Name
schema:
type: string
required: true
default: ""
- variable: certificateIssuer
label: Cert-Manager clusterIssuer
description: "One of the Cert-Manager clusterIssuers defined above"
schema:
type: string
required: true
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
default: "selfsigned"
- variable: hosts
label: Certificate Hosts
description: "NOTE: Creation of wildcard certificates with an ACME issuer requires a DNSO1 solver to be set up."
schema:
type: list
default: []
items:
- variable: host
label: Host
schema:
type: string
default: ""
required: true
- variable: customMetrics
group: Metrics
label: Prometheus Metrics
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enabled
description: Enable Prometheus Metrics
schema:
type: boolean
default: true