diff --git a/incubator/authentik/4.0.0/CHANGELOG.md b/incubator/authentik/4.0.0/CHANGELOG.md new file mode 100644 index 0000000000..aacc334902 --- /dev/null +++ b/incubator/authentik/4.0.0/CHANGELOG.md @@ -0,0 +1,99 @@ +# Changelog + + + +## [authentik-4.0.0](https://github.com/truecharts/charts/compare/authentik-3.0.16...authentik-4.0.0) (2022-09-03) + +### Feat + +- BREAKING CHANGE move to k8s integration instead of manual ([#3673](https://github.com/truecharts/charts/issues/3673)) + + + + +## [authentik-3.0.16](https://github.com/truecharts/charts/compare/authentik-3.0.15...authentik-3.0.16) (2022-09-01) + +### Fix + +- geoip disable rofs ([#3651](https://github.com/truecharts/charts/issues/3651)) + + + + +## [authentik-3.0.15](https://github.com/truecharts/charts/compare/authentik-3.0.14...authentik-3.0.15) (2022-08-30) + +### Chore + +- update helm general non-major ([#3639](https://github.com/truecharts/charts/issues/3639)) + + + + +## [authentik-3.0.14](https://github.com/truecharts/charts/compare/authentik-3.0.13...authentik-3.0.14) (2022-08-30) + +### Chore + +- update helm chart common to v10.5.5 ([#3626](https://github.com/truecharts/charts/issues/3626)) + + + + +## [authentik-3.0.13](https://github.com/truecharts/charts/compare/authentik-3.0.12...authentik-3.0.13) (2022-08-30) + +### Chore + +- update helm general non-major ([#3624](https://github.com/truecharts/charts/issues/3624)) + + + + +## [authentik-3.0.12](https://github.com/truecharts/charts/compare/authentik-3.0.10...authentik-3.0.12) (2022-08-29) + +### Chore + +- update helm general non-major ([#3621](https://github.com/truecharts/charts/issues/3621)) + - update helm general non-major ([#3619](https://github.com/truecharts/charts/issues/3619)) + + + + +## [authentik-3.0.10](https://github.com/truecharts/charts/compare/authentik-3.0.8...authentik-3.0.10) (2022-08-26) + +### Fix + +- some cleanup ([#3586](https://github.com/truecharts/charts/issues/3586)) + + + + +## [authentik-3.0.8](https://github.com/truecharts/charts/compare/authentik-3.0.7...authentik-3.0.8) (2022-08-23) + +### Chore + +- update helm general non-major helm releases ([#3545](https://github.com/truecharts/charts/issues/3545)) + + + + +## [authentik-3.0.7](https://github.com/truecharts/charts/compare/authentik-3.0.6...authentik-3.0.7) (2022-08-20) + +### Chore + +- update docker general non-major docker tags ([#3518](https://github.com/truecharts/charts/issues/3518)) + + + + +## [authentik-3.0.6](https://github.com/truecharts/charts/compare/authentik-3.0.5...authentik-3.0.6) (2022-08-17) + +### Chore + +- update helm general non-major helm releases ([#3484](https://github.com/truecharts/charts/issues/3484)) + - update docker general non-major ([#3478](https://github.com/truecharts/charts/issues/3478)) + + + + +## [authentik-3.0.5](https://github.com/truecharts/charts/compare/authentik-3.0.4...authentik-3.0.5) (2022-08-12) + +### Chore diff --git a/incubator/authentik/4.0.0/Chart.lock b/incubator/authentik/4.0.0/Chart.lock new file mode 100644 index 0000000000..759c1e6d6a --- /dev/null +++ b/incubator/authentik/4.0.0/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: common + repository: https://library-charts.truecharts.org + version: 10.5.7 +- name: postgresql + repository: https://charts.truecharts.org/ + version: 8.0.69 +- name: redis + repository: https://charts.truecharts.org + version: 3.0.67 +digest: sha256:a7b58cb33aa354a7d43b4870f6afa004db737cb9526084e9ac7374ed04da40fd +generated: "2022-09-03T19:00:55.161839592Z" diff --git a/incubator/authentik/4.0.0/Chart.yaml b/incubator/authentik/4.0.0/Chart.yaml new file mode 100644 index 0000000000..4cecd2125e --- /dev/null +++ b/incubator/authentik/4.0.0/Chart.yaml @@ -0,0 +1,35 @@ +apiVersion: v2 +appVersion: "2022.8.2" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 10.5.7 + - condition: postgresql.enabled + name: postgresql + repository: https://charts.truecharts.org/ + version: 8.0.69 + - condition: redis.enabled + name: redis + repository: https://charts.truecharts.org + version: 3.0.67 +description: authentik is an open-source Identity Provider focused on flexibility and versatility. +home: https://truecharts.org/docs/charts/incubator/authentik +icon: https://truecharts.org/img/hotlink-ok/chart-icons/authentik.png +keywords: + - authentik +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: authentik +sources: + - https://github.com/truecharts/charts/tree/master/charts/incubator/authentik + - https://github.com/goauthentik/authentik + - https://goauthentik.io/docs/ +version: 4.0.0 +annotations: + truecharts.org/catagories: | + - authentication + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/incubator/authentik/4.0.0/README.md b/incubator/authentik/4.0.0/README.md new file mode 100644 index 0000000000..163865fb0b --- /dev/null +++ b/incubator/authentik/4.0.0/README.md @@ -0,0 +1,111 @@ +# authentik + +![Version: 4.0.0](https://img.shields.io/badge/Version-4.0.0-informational?style=flat-square) ![AppVersion: 2022.8.2](https://img.shields.io/badge/AppVersion-2022.8.2-informational?style=flat-square) + +authentik is an open-source Identity Provider focused on flexibility and versatility. + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. + +This readme is just an automatically generated general guide on installing our Helm Charts and Apps. +For more information, please click here: [authentik](https://truecharts.org/docs/charts/incubator/authentik) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=1.16.0-0` + +## Dependencies + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.truecharts.org/ | postgresql | 8.0.69 | +| https://charts.truecharts.org | redis | 3.0.67 | +| https://library-charts.truecharts.org | common | 10.5.7 | + +## Installing the Chart + +### TrueNAS SCALE + +To install this Chart on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Quick-Start%20Guides/Installing-an-App). + +### Helm + +To install the chart with the release name `authentik` + +```console +helm repo add TrueCharts https://charts.truecharts.org +helm repo update +helm install authentik TrueCharts/authentik +``` + +## Uninstall + +### TrueNAS SCALE + +**Upgrading, Rolling Back and Uninstalling the Chart** + +To upgrade, rollback or delete this Chart from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Quick-Start%20Guides/Upgrade-rollback-delete-an-App). + +### Helm + +To uninstall the `authentik` deployment + +```console +helm uninstall authentik +``` + +## Configuration + +### Helm + +#### Available Settings + +Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values. +Other values may be used from the [values.yaml](https://github.com/truecharts/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common). + +#### Configure using the command line + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +```console +helm install authentik \ + --set env.TZ="America/New York" \ + TrueCharts/authentik +``` + +#### Configure using a yaml file + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. + +```console +helm install authentik TrueCharts/authentik -f values.yaml +``` + +#### Connecting to other charts + +If you need to connect this Chart to other Charts on TrueNAS SCALE, please refer to our [Linking Charts Internally](https://truecharts.org/docs/manual/SCALE%20Apps/Quick-Start%20Guides/linking-apps) quick-start guide. + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/docs/manual/SCALE%20Apps/Quick-Start%20Guides/Important-MUST-READ). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/apps/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/docs/about/sponsor) or contributing back to the project any way you can! + +--- + +All Rights Reserved - The TrueCharts Project diff --git a/incubator/authentik/4.0.0/app-readme.md b/incubator/authentik/4.0.0/app-readme.md new file mode 100644 index 0000000000..cfb42f121f --- /dev/null +++ b/incubator/authentik/4.0.0/app-readme.md @@ -0,0 +1,8 @@ +authentik is an open-source Identity Provider focused on flexibility and versatility. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/docs/charts/incubator/authentik](https://truecharts.org/docs/charts/incubator/authentik) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/docs/about/sponsor) or contributing back to the project any way you can! diff --git a/incubator/authentik/4.0.0/charts/common-10.5.7.tgz b/incubator/authentik/4.0.0/charts/common-10.5.7.tgz new file mode 100644 index 0000000000..20a5750c09 Binary files /dev/null and b/incubator/authentik/4.0.0/charts/common-10.5.7.tgz differ diff --git a/incubator/authentik/4.0.0/charts/postgresql-8.0.69.tgz b/incubator/authentik/4.0.0/charts/postgresql-8.0.69.tgz new file mode 100644 index 0000000000..0b98e94f79 Binary files /dev/null and b/incubator/authentik/4.0.0/charts/postgresql-8.0.69.tgz differ diff --git a/incubator/authentik/4.0.0/charts/redis-3.0.67.tgz b/incubator/authentik/4.0.0/charts/redis-3.0.67.tgz new file mode 100644 index 0000000000..41113c3970 Binary files /dev/null and b/incubator/authentik/4.0.0/charts/redis-3.0.67.tgz differ diff --git a/incubator/authentik/4.0.0/ix_values.yaml b/incubator/authentik/4.0.0/ix_values.yaml new file mode 100644 index 0000000000..327b2041e6 --- /dev/null +++ b/incubator/authentik/4.0.0/ix_values.yaml @@ -0,0 +1,224 @@ +image: + repository: tccr.io/truecharts/authentik + tag: 2022.8.2@sha256:ff1f86ee6a26866e2806321fa98f45d4bce01d89e622f505085edc8831518f89 + pullPolicy: IfNotPresent + +geoipImage: + repository: tccr.io/truecharts/geoipupdate + tag: v4.9@sha256:ce42b4252c8cd4a9e39275fd7c3312e5df7bda0d7034df565af4362d7e0d26ce + pullPolicy: IfNotPresent + +extraArgs: ["server"] + +podSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + +workerContainer: + enabled: true + +authentik: + credentials: + password: "supersecret" + token: "supersecretapitoken" + outposts: + container_image_base: tccr.io/truecharts/authentik-%(type)s:%(version)s + discover: true + general: + disable_update_check: false + disable_startup_analytics: true + allow_user_name_change: true + allow_user_mail_change: true + allow_user_username_change: true + gdpr_compliance: true + impersonation: true + avatars: "gravatar" + token_length: 128 + # Use single quotes for footer_links + footer_links: '[{"name": "Link Name", "href": "https://mylink.com"}]' + mail: + host: "" + port: 25 + tls: false + ssl: false + timeout: 10 + user: "" + pass: "" + from: "" + error_reporting: + enabled: false + send_pii: false + environment: "customer" + logging: + log_level: "info" + ldap: + tls_ciphers: "null" + metrics: + enabled: true + # LDAP Outpost listens on 9300. To avoid conflicts + # This sets internal Authentik metrics port to 9301 + internalPort: 9301 + +geoip: + enabled: false + account_id: "" + license_key: "" + proxy: "" + proxy_user_pass: "" + edition_ids: "GeoLite2-City" + frequency: 8 + host_server: "updates.maxmind.com" + preserve_file_times: false + verbose: false + +serviceAccount: + main: + enabled: true + +rbac: + main: + enabled: true + rules: + - apiGroups: + - "" + resources: + - secrets + - services + - configmaps + verbs: + - get + - create + - delete + - list + - patch + - apiGroups: + - extensions + - apps + resources: + - deployments + verbs: + - get + - create + - delete + - list + - patch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - create + - delete + - list + - patch + - apiGroups: + - traefik.containo.us + resources: + - middlewares + verbs: + - get + - create + - delete + - list + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - delete + - list + - patch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + +envFrom: + - secretRef: + name: '{{ include "tc.common.names.fullname" . }}-authentik-secret' + - configMapRef: + name: '{{ include "tc.common.names.fullname" . }}-authentik-config' + +probes: + liveness: + enabled: true + custom: true + spec: + exec: + command: + - /lifecycle/ak + - healthcheck + readiness: + enabled: true + custom: true + spec: + exec: + command: + - /lifecycle/ak + - healthcheck + startup: + enabled: true + custom: true + spec: + exec: + command: + - /lifecycle/ak + - healthcheck + +service: + main: + ports: + main: + protocol: HTTPS + port: 10229 + targetPort: 9443 + http: + enabled: true + ports: + http: + enabled: true + protocol: HTTP + port: 10230 + targetPort: 9000 + metrics: + enabled: true + ports: + metrics: + enabled: true + protocol: HTTP + port: 10231 + targetPort: 9301 + +persistence: + media: + enabled: true + mountPath: "/media" + templates: + enabled: true + mountPath: "/templates" + certs: + enabled: true + mountPath: "/certs" + geoip: + enabled: true + mountPath: "/geoip" + +postgresql: + enabled: true + existingSecret: "dbcreds" + postgresqlUsername: authentik + postgresqlDatabase: authentik + +redis: + enabled: true + existingSecret: "rediscreds" + +portal: + enabled: true diff --git a/incubator/authentik/4.0.0/questions.yaml b/incubator/authentik/4.0.0/questions.yaml new file mode 100644 index 0000000000..a2ea7aaca6 --- /dev/null +++ b/incubator/authentik/4.0.0/questions.yaml @@ -0,0 +1,3582 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: Controller + description: Configure Workload Deployment + - name: Container Configuration + description: Additional Container Configuration + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" +questions: + - variable: global + label: Global Settings + group: Controller + schema: + type: dict + hidden: true + attrs: + - variable: isSCALE + label: Flag this is SCALE + schema: + type: boolean + default: true + hidden: true + - variable: controller + group: Controller + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: Show Advanced Controller Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: Please specify type of workload to deploy + label: (Advanced) Controller Type + schema: + type: string + required: true + enum: + - value: deployment + description: Deployment + - value: statefulset + description: Statefulset + - value: daemonset + description: Daemonset + default: deployment + - variable: replicas + description: Number of desired pod replicas + label: Desired Replicas + schema: + type: int + required: true + default: 1 + - variable: strategy + description: Please specify type of workload to deploy + label: (Advanced) Update Strategy + schema: + type: string + required: true + enum: + - value: Recreate + description: "Recreate: Kill existing pods before creating new ones" + - value: RollingUpdate + description: "RollingUpdate: Create new pods and then kill old ones" + - value: OnDelete + description: "(Legacy) OnDelete: ignore .spec.template changes" + default: Recreate + - variable: expert + label: Show Expert Configuration Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: Controller Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Controller Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: customextraargs + group: Controller + label: "Extra Args" + description: "Do not click this unless you know what you are doing" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: authentik + group: "Container Configuration" + label: "Authentik Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: credentials + label: "Credentials" + schema: + additional_attrs: true + type: dict + attrs: + - variable: password + label: "Password (Initial install only)" + description: "Password for user. Can be used for any flow executor" + schema: + type: string + private: true + required: true + default: "" + - variable: token + label: "Token (Initial install only)" + description: "The string you specify for this variable is the token key you can use to authenticate yourself to the API" + schema: + type: string + private: true + required: true + default: "" + - variable: general + label: "General" + schema: + additional_attrs: true + type: dict + attrs: + - variable: disable_update_check + label: "Disable Update Check" + description: "Disable the inbuilt update-checker" + schema: + type: boolean + default: false + - variable: disable_startup_analytics + label: "Disable Startup Analytics" + description: "Disable startup analytics" + schema: + type: boolean + default: true + - variable: allow_user_name_change + label: "Allow User Name Change" + description: "Enable the ability for users to change their Name" + schema: + type: boolean + default: true + - variable: allow_user_mail_change + label: "Allow User Mail Change" + description: "Enable the ability for users to change their Email address" + schema: + type: boolean + default: true + - variable: allow_user_username_change + label: "Allow User Username Change" + description: "Enable the ability for users to change their Usernames" + schema: + type: boolean + default: true + - variable: gdpr_compliance + label: "GDPR Compliance" + description: "When enabled, all the events caused by a user will be deleted upon the user's deletion" + schema: + type: boolean + default: true + - variable: impersonation + label: "Impersonation" + description: "Globally enable/disable impersonation" + schema: + type: boolean + default: true + - variable: avatars + label: "Avatars" + description: "Configure how authentik should show avatars for users" + schema: + type: string + default: "gravatar" + - variable: token_length + label: "Token Length" + description: "Configure the length of generated tokens" + schema: + type: int + default: 128 + - variable: footer_links + label: "Footer Links" + description: "This option configures the footer links on the flow executor pages" + schema: + type: string + default: "" + - variable: mail + label: "e-Mail" + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: "Mail Server Host" + description: "Sets host of mail server" + schema: + type: string + default: "" + - variable: port + label: "Mail Server Port" + description: "Sets port of mail server" + schema: + type: int + default: 25 + - variable: tls + label: "Use TLS for authentication" + description: "Sets tls for mail server authentication" + schema: + type: boolean + default: false + - variable: ssl + label: "Use SSL for authentication" + description: "Sets ssl for mail server authentication" + schema: + type: boolean + default: false + - variable: timeout + label: "Timeout of authentication" + description: "Sets timeout for mail server authentication" + schema: + type: int + default: 10 + - variable: user + label: "Username" + description: "Sets username of mail server" + schema: + type: string + default: "" + - variable: pass + label: "Password" + description: "Sets password of mail server" + schema: + type: string + private: true + default: "" + - variable: from + label: "From Address" + description: "Email address authentik will send from" + schema: + type: string + default: "" + - variable: error_reporting + label: "Error Reporting" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Reporting" + description: "Enables error reporting" + schema: + type: boolean + default: false + show_subquestions_if: + subquestions: + - variable: send_pii + label: "Send Personal Data" + description: "Whether or not to send personal data, like usernames" + schema: + type: boolean + default: false + - variable: environment + label: "Environment" + description: "Unique environment that is attached to your error reports, should be set to your email address for example." + schema: + type: string + default: "customer" + - variable: logging + label: "Logging" + schema: + additional_attrs: true + type: dict + attrs: + - variable: log_level + label: "Log Level" + description: "Log level for the server and worker containers" + schema: + type: string + default: "info" + enum: + - value: trace + description: "trace" + - value: debug + description: "debug" + - value: info + description: "info" + - value: warning + description: "warning" + - value: error + description: "error" + - variable: metrics + label: "Metrics" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Metrics Endpoint" + description: "Enables metrics endpoint for Authentik and embedded outpost" + schema: + type: boolean + default: false + - variable: ldap + label: "LDAP" + schema: + additional_attrs: true + type: dict + attrs: + - variable: tls_ciphers + label: "TLS Ciphers" + description: "Allows configuration of TLS Ciphers for LDAP connections used by LDAP sources. Setting applies to all sources" + schema: + type: string + default: "null" + - variable: geoip + group: "Container Configuration" + label: "GeoIP Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable GeoIP Container" + description: "Enables GeoIP container" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: account_id + label: "Account ID" + description: "Your MaxMind account ID" + schema: + type: string + private: true + required: true + default: "" + - variable: license_key + label: "License Key" + description: "Your case-sensitive MaxMind license key" + schema: + type: string + private: true + required: true + default: "" + - variable: edition_ids + label: "Edition IDs" + description: "List of space-separated database edition IDs. Edition IDs may consist of letters, digits, and dashes" + schema: + type: string + required: true + default: "GeoLite2-City" + - variable: frequency + label: "Frequency" + description: "The number of hours between geoipupdate runs" + schema: + type: int + min: 1 + default: 8 + - variable: host_server + label: "Host Server" + description: "The host name of the server to use" + schema: + type: string + default: "updates.maxmind.com" + - variable: preserve_file_times + label: "Preserve File Times" + description: "Whether to preserve modification times of files downloaded from the server" + schema: + type: boolean + default: false + - variable: verbose + label: "Verbose" + description: "Enable verbose mode. Prints out the steps that geoipupdate takes" + schema: + type: boolean + default: false + - variable: proxy + label: "Proxy" + description: "The proxy host name or IP address" + schema: + type: string + default: "" + - variable: proxy_user_pass + label: "Proxy Pass" + description: "The proxy user name and password, separated by a colon" + schema: + type: string + private: true + default: "" + - variable: TZ + label: Timezone + group: Container Configuration + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + group: Container Configuration + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: expertpodconf + group: Container Configuration + label: Show Expert Configuration + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: tty + label: Enable TTY + description: Determines whether containers in a pod runs with TTY enabled. By default pod has it disabled. + group: Workload Details + schema: + type: boolean + default: false + - variable: stdin + label: Enable STDIN + description: Determines whether containers in a pod runs with stdin enabled. By default pod has it disabled. + group: Workload Details + schema: + type: boolean + default: false + - variable: termination + group: Container Configuration + label: Termination settings + schema: + additional_attrs: true + type: dict + attrs: + - variable: gracePeriodSeconds + label: Grace Period Seconds + schema: + type: int + default: 10 + - variable: podLabelsList + group: Container Configuration + label: Pod Labels + schema: + type: list + default: [] + items: + - variable: podLabelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: podAnnotationsList + group: Container Configuration + label: Pod Annotations + schema: + type: list + default: [] + items: + - variable: podAnnotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: Simple + enum: + - value: Simple + description: Simple + - value: ClusterIP + description: ClusterIP + - value: NodePort + description: NodePort (Advanced) + - value: LoadBalancer + description: LoadBalancer (Advanced) + - variable: loadBalancerIP + label: LoadBalancer IP + description: LoadBalancerIP + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: (Advanced) Specify the IP Policy + schema: + show_if: [["type", "!=", "Simple"]] + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: (Advanced) IP Families + description: (Advanced) The IP Families that should be used + schema: + show_if: [["type", "!=", "Simple"]] + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10229 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: HTTPS + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 9443 + - variable: http + label: "http Service" + description: "The http service." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: Simple + enum: + - value: Simple + description: Simple + - value: ClusterIP + description: ClusterIP + - value: NodePort + description: NodePort (Advanced) + - value: LoadBalancer + description: LoadBalancer (Advanced) + - variable: loadBalancerIP + label: LoadBalancer IP + description: LoadBalancerIP + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: (Advanced) Specify the IP Policy + schema: + show_if: [["type", "!=", "Simple"]] + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: (Advanced) IP Families + description: (Advanced) The IP Families that should be used + schema: + show_if: [["type", "!=", "Simple"]] + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: http + label: "http Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10230 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: HTTP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 9000 + - variable: metrics + label: "metrics Service" + description: "The metrics service." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: Simple + enum: + - value: Simple + description: Simple + - value: ClusterIP + description: ClusterIP + - value: NodePort + description: NodePort (Advanced) + - value: LoadBalancer + description: LoadBalancer (Advanced) + - variable: loadBalancerIP + label: LoadBalancer IP + description: LoadBalancerIP + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: (Advanced) Specify the IP Policy + schema: + show_if: [["type", "!=", "Simple"]] + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: (Advanced) IP Families + description: (Advanced) The IP Families that should be used + schema: + show_if: [["type", "!=", "Simple"]] + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: metrics + label: "metrics Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10231 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: HTTP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 9301 + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: Networking and Services + label: Host-Networking (Complicated) + schema: + type: boolean + default: false + - variable: externalInterfaces + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + show_subquestions_if: static + subquestions: + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: dnsPolicy + group: Networking and Services + label: dnsPolicy + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ClusterFirst + description: ClusterFirst + - value: ClusterFirstWithHostNet + description: ClusterFirstWithHostNet + - value: None + description: None + - variable: dnsConfig + label: DNS Configuration + group: Networking and Services + description: Specify custom DNS configuration which will be applied to the pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: nameservers + label: Name Servers + schema: + default: [] + type: list + items: + - variable: nameserver + label: Name Server + schema: + type: string + - variable: options + label: Options + schema: + default: [] + type: list + items: + - variable: option + label: Option Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: searches + label: Searches + schema: + default: [] + type: list + items: + - variable: search + label: Search Entry + schema: + type: string + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: Simple + enum: + - value: Simple + description: Simple + - value: NodePort + description: NodePort + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: LoadBalancerIP + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: TCP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort + schema: + type: int + min: 9000 + max: 65535 + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: media + label: "App Media Storage" + description: "Stores the Application Media." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: simplePVC + enum: + - value: simplePVC + description: PVC (simple) + - value: simpleHP + description: Host Path (simple) + - value: emptyDir + description: emptyDir + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissionsSimple + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: false + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPathSimple + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 999Gi + - variable: hostPathType + label: (Advanced) hostPath Type + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: DirectoryOrCreate + description: DirectoryOrCreate + - value: Directory + description: Directory + - value: FileOrCreate + description: FileOrCreate + - value: File + description: File + - value: Socket + description: Socket + - value: CharDevice + description: CharDevice + - value: BlockDevice + description: BlockDevice + - variable: storageClass + label: (Advanced) storageClass + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: SCALE-ZFS + - variable: accessMode + label: (Advanced) Access Mode + description: Allow or disallow multiple PVC's writhing to the same PV + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: ReadWriteOnce + enum: + - value: ReadWriteOnce + description: ReadWriteOnce + - value: ReadOnlyMany + description: ReadOnlyMany + - value: ReadWriteMany + description: ReadWriteMany + - variable: advanced + label: Show Advanced Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: templates + label: "App Templates Storage" + description: "Stores the Application Templates." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: simplePVC + enum: + - value: simplePVC + description: PVC (simple) + - value: simpleHP + description: Host Path (simple) + - value: emptyDir + description: emptyDir + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissionsSimple + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: false + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPathSimple + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 999Gi + - variable: hostPathType + label: (Advanced) hostPath Type + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: DirectoryOrCreate + description: DirectoryOrCreate + - value: Directory + description: Directory + - value: FileOrCreate + description: FileOrCreate + - value: File + description: File + - value: Socket + description: Socket + - value: CharDevice + description: CharDevice + - value: BlockDevice + description: BlockDevice + - variable: storageClass + label: (Advanced) storageClass + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: SCALE-ZFS + - variable: accessMode + label: (Advanced) Access Mode + description: Allow or disallow multiple PVC's writhing to the same PV + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: ReadWriteOnce + enum: + - value: ReadWriteOnce + description: ReadWriteOnce + - value: ReadOnlyMany + description: ReadOnlyMany + - value: ReadWriteMany + description: ReadWriteMany + - variable: advanced + label: Show Advanced Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: certs + label: "App Certs Storage" + description: "Stores the Application Certs." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: simplePVC + enum: + - value: simplePVC + description: PVC (simple) + - value: simpleHP + description: Host Path (simple) + - value: emptyDir + description: emptyDir + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissionsSimple + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: false + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPathSimple + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 999Gi + - variable: hostPathType + label: (Advanced) hostPath Type + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: DirectoryOrCreate + description: DirectoryOrCreate + - value: Directory + description: Directory + - value: FileOrCreate + description: FileOrCreate + - value: File + description: File + - value: Socket + description: Socket + - value: CharDevice + description: CharDevice + - value: BlockDevice + description: BlockDevice + - variable: storageClass + label: (Advanced) storageClass + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: SCALE-ZFS + - variable: accessMode + label: (Advanced) Access Mode + description: Allow or disallow multiple PVC's writhing to the same PV + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: ReadWriteOnce + enum: + - value: ReadWriteOnce + description: ReadWriteOnce + - value: ReadOnlyMany + description: ReadOnlyMany + - value: ReadWriteMany + description: ReadWriteMany + - variable: advanced + label: Show Advanced Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: geoip + label: "App GeoIP Storage" + description: "Stores the Application GeoIP." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: simplePVC + enum: + - value: simplePVC + description: PVC (simple) + - value: simpleHP + description: Host Path (simple) + - value: emptyDir + description: emptyDir + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissionsSimple + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: false + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPathSimple + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 999Gi + - variable: hostPathType + label: (Advanced) hostPath Type + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: DirectoryOrCreate + description: DirectoryOrCreate + - value: Directory + description: Directory + - value: FileOrCreate + description: FileOrCreate + - value: File + description: File + - value: Socket + description: Socket + - value: CharDevice + description: CharDevice + - value: BlockDevice + description: BlockDevice + - variable: storageClass + label: (Advanced) storageClass + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: SCALE-ZFS + - variable: accessMode + label: (Advanced) Access Mode + description: Allow or disallow multiple PVC's writhing to the same PV + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: ReadWriteOnce + enum: + - value: ReadWriteOnce + description: ReadWriteOnce + - value: ReadOnlyMany + description: ReadOnlyMany + - value: ReadWriteMany + description: ReadWriteMany + - variable: advanced + label: Show Advanced Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name (Optional) + description: "Not required, please set to config when mounting /config or temp when mounting /tmp" + schema: + type: string + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: simpleHP + enum: + - value: simplePVC + description: PVC (Simple) + - value: simpleHP + description: Host Path (Simple) + - value: emptyDir + description: emptyDir + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissionsSimple + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPathSimple + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 999Gi + - variable: hostPathType + label: (Advanced) Host Path Type + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: DirectoryOrCreate + description: DirectoryOrCreate + - value: Directory + description: Directory + - value: FileOrCreate + description: FileOrCreate + - value: File + description: File + - value: Socket + description: Socket + - value: CharDevice + description: CharDevice + - value: BlockDevice + description: BlockDevice + - variable: storageClass + label: (Advanced) StorageClass + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: SCALE-ZFS + - variable: accessMode + label: (Advanced) Access Mode + description: Allow or disallow multiple PVC's writhing to the same PV + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: ReadWriteOnce + enum: + - value: ReadWriteOnce + description: ReadWriteOnce + - value: ReadOnlyMany + description: ReadOnlyMany + - value: ReadWriteMany + description: ReadWriteMany + - variable: advanced + label: Show Advanced Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: expert + label: Show Expert Configuration Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enableFixedMiddlewares + description: These middlewares enforce a number of best practices. + label: Enable Default Middlewares + schema: + type: boolean + default: true + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: security + label: Container Security Settings + group: Security and Permissions + schema: + type: dict + additional_attrs: true + attrs: + - variable: editsecurity + label: Change PUID / UMASK values + description: By enabling this you override default set values. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "002" + - variable: advancedSecurity + label: Show Advanced Security Settings + group: Security and Permissions + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: true + - variable: capabilities + label: Capabilities + schema: + additional_attrs: true + type: dict + attrs: + - variable: drop + label: Drop Capability + schema: + type: list + default: [] + items: + - variable: dropEntry + label: "" + schema: + type: string + - variable: add + label: Add Capability + schema: + type: list + default: [] + items: + - variable: addEntry + label: "" + schema: + type: string + - variable: podSecurityContext + group: Security and Permissions + label: Pod Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 1000 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID this App of the user running the application" + schema: + type: int + default: 1000 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + + - variable: advancedresources + label: Set Custom Resource Limits/Requests (Advanced) + group: Resources and Devices + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: resources + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 10m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 50Mi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: hostPath + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + # Specify GPU configuration + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] +# - variable: autoscaling +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: networkPolicy +# group: Advanced +# label: (Advanced) Network Policy +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: policyType +# label: Policy Type +# schema: +# type: string +# default: "" +# enum: +# - value: "" +# description: Default +# - value: ingress +# description: Ingress +# - value: egress +# description: Egress +# - value: ingress-egress +# description: Ingress and Egress +# - variable: egress +# label: Egress +# schema: +# type: list +# default: [] +# items: +# - variable: egressEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: to +# label: To +# schema: +# type: list +# default: [] +# items: +# - variable: toEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: ipBlock +# label: IP Block +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: cidr +# label: CIDR +# schema: +# type: string +# default: "" +# - variable: except +# label: Except +# schema: +# type: list +# default: [] +# items: +# - variable: exceptint +# label: "" +# schema: +# type: string +# - variable: namespaceSelector +# label: Namespace Selector +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: podSelector +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: ports +# label: Ports +# schema: +# type: list +# default: [] +# items: +# - variable: portsEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: port +# label: Port +# schema: +# type: int +# - variable: endPort +# label: End Port +# schema: +# type: int +# - variable: protocol +# label: Protocol +# schema: +# type: string +# default: TCP +# enum: +# - value: TCP +# description: TCP +# - value: UDP +# description: UDP +# - value: SCTP +# description: SCTP +# - variable: ingress +# label: Ingress +# schema: +# type: list +# default: [] +# items: +# - variable: ingressEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: from +# label: From +# schema: +# type: list +# default: [] +# items: +# - variable: fromEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: ipBlock +# label: IP Block +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: cidr +# label: CIDR +# schema: +# type: string +# default: "" +# - variable: except +# label: Except +# schema: +# type: list +# default: [] +# items: +# - variable: exceptint +# label: "" +# schema: +# type: string +# - variable: namespaceSelector +# label: Namespace Selector +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: podSelector +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: ports +# label: Ports +# schema: +# type: list +# default: [] +# items: +# - variable: portsEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: port +# label: Port +# schema: +# type: int +# - variable: endPort +# label: End Port +# schema: +# type: int +# - variable: protocol +# label: Protocol +# schema: +# type: string +# default: TCP +# enum: +# - value: TCP +# description: TCP +# - value: UDP +# description: UDP +# - value: SCTP +# description: SCTP + + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: openvpn + description: OpenVPN + - value: wireguard + description: Wireguard + - value: tailscale + description: Tailscale + - variable: openvpn + label: OpenVPN Settings + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: Sock5 Server + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: dict + show_if: [["type", "!=", "disabled"]] + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type + schema: + type: string + default: hostPath + hidden: true + - variable: hostPathType + label: hostPathType + schema: + type: string + default: File + hidden: true + - variable: noMount + label: noMount + schema: + type: boolean + default: true + hidden: true + - variable: hostPath + label: Full Path to File + description: "Path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" + schema: + type: string + default: "" + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: git + label: Git Settings + schema: + additional_attrs: true + type: dict + attrs: + - variable: deployKey + description: Raw SSH Private Key + label: Deploy Key + schema: + type: string + - variable: deployKeyBase64 + description: Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence + label: Deploy Key Base64 + schema: + type: string + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: NodePort + enum: + - value: NodePort + description: NodePort + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: LoadBalancerIP + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: nodePort + description: Leave Empty to Disable + label: "nodePort" + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: promtail + label: Promtail + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: loki + label: Loki URL + schema: + type: string + required: true + - variable: logs + label: Log Paths + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: path + label: Path + schema: + type: string + required: true + - variable: args + label: Promtail Command Line Arguments + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + required: true + - variable: envList + label: Promtail Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/docs/about/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/docs/about/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/incubator/authentik/4.0.0/templates/_config.tpl b/incubator/authentik/4.0.0/templates/_config.tpl new file mode 100644 index 0000000000..671b022698 --- /dev/null +++ b/incubator/authentik/4.0.0/templates/_config.tpl @@ -0,0 +1,84 @@ +{{/* Define the configmap */}} +{{- define "authentik.config" -}} + +{{- $authentikConfigName := printf "%s-authentik-config" (include "tc.common.names.fullname" .) }} +{{- $geoipConfigName := printf "%s-geoip-config" (include "tc.common.names.fullname" .) }} + +--- +{{/* This configmap are loaded on both main authentik container and worker */}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $authentikConfigName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +data: + {{/* Dependencies */}} + AUTHENTIK_REDIS__HOST: {{ printf "%v-%v" .Release.Name "redis" }} + AUTHENTIK_REDIS__PORT: "6379" + AUTHENTIK_POSTGRESQL__NAME: {{ .Values.postgresql.postgresqlDatabase }} + AUTHENTIK_POSTGRESQL__USER: {{ .Values.postgresql.postgresqlUsername }} + AUTHENTIK_POSTGRESQL__HOST: {{ printf "%v-%v" .Release.Name "postgresql" }} + AUTHENTIK_POSTGRESQL__PORT: "5432" + {{/* Mail */}} + {{- with .Values.authentik.mail.port }} + AUTHENTIK_EMAIL__PORT: {{ . | quote }} + {{- end }} + AUTHENTIK_EMAIL__USE_TLS: {{ .Values.authentik.mail.tls | quote }} + AUTHENTIK_EMAIL__USE_SSL: {{ .Values.authentik.mail.ssl | quote }} + {{- with .Values.authentik.mail.timeout }} + AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }} + {{- end }} + {{/* Logging */}} + {{- with .Values.authentik.logging.log_level }} + AUTHENTIK_LOG_LEVEL: {{ . }} + {{- end }} + {{/* General */}} + AUTHENTIK_DISABLE_STARTUP_ANALYTICS: {{ .Values.authentik.general.disable_startup_analytics | quote }} + AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disable_update_check | quote }} + {{- with .Values.authentik.general.avatars }} + AUTHENTIK_AVATARS: {{ . }} + {{- end }} + AUTHENTIK_DEFAULT_USER_CHANGE_NAME: {{ .Values.authentik.general.allow_user_name_change | quote }} + AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: {{ .Values.authentik.general.allow_user_mail_change | quote }} + AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: {{ .Values.authentik.general.allow_user_username_change | quote }} + AUTHENTIK_GDPR_COMPLIANCE: {{ .Values.authentik.general.gdpr_compliance | quote }} + AUTHENTIK_IMPERSONATION: {{ .Values.authentik.general.impersonation | quote }} + AUTHENTIK_DEFAULT_TOKEN_LENGTH: {{ .Values.authentik.general.token_length | quote }} + {{- with .Values.authentik.general.footer_links }} + AUTHENTIK_FOOTER_LINKS: {{ . | squote }} + {{- end }} + {{/* Error Reporting */}} + AUTHENTIK_ERROR_REPORTING__ENABLED: {{ .Values.authentik.error_reporting.enabled | quote }} + AUTHENTIK_ERROR_REPORTING__SEND_PII: {{ .Values.authentik.error_reporting.send_pii | quote }} + {{- with .Values.authentik.error_reporting.environment }} + AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: {{ . }} + {{- end }} + {{/* LDAP */}} + {{- with .Values.authentik.ldap.tls_ciphers }} + AUTHENTIK_LDAP__TLS__CIPHERS: {{ . | quote }} + {{- end }} + {{/* Metrics */}} + AUTHENTIK_LISTEN__METRICS: {{ .Values.authentik.metrics.internalPort | quote }} + {{/* Metrics */}} + AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE: {{ .Values.authentik.outposts.container_image_base | quote }} + AUTHENTIK_OUTPOSTS__DISCOVER: {{ .Values.authentik.outposts.discover | quote }} +--- +{{/* This configmap is loaded on geoip container */}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $geoipConfigName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +data: + {{- with .Values.geoip.edition_ids }} + GEOIPUPDATE_EDITION_IDS: {{ . }} + {{- end }} + GEOIPUPDATE_FREQUENCY: {{ .Values.geoip.frequency | quote }} + {{- with .Values.geoip.host_server }} + GEOIPUPDATE_HOST: {{ . }} + {{- end }} + GEOIPUPDATE_PRESERVE_FILE_TIMES: '{{ ternary "1" "0" .Values.geoip.preserve_file_times }}' + GEOIPUPDATE_VERBOSE: '{{ ternary "1" "0" .Values.geoip.verbose }}' +{{- end }} diff --git a/incubator/authentik/4.0.0/templates/_geoip.tpl b/incubator/authentik/4.0.0/templates/_geoip.tpl new file mode 100644 index 0000000000..64a4ee9bc8 --- /dev/null +++ b/incubator/authentik/4.0.0/templates/_geoip.tpl @@ -0,0 +1,20 @@ +{{/* Define the geoip container */}} +{{- define "authentik.geoip" -}} +image: {{ .Values.geoipImage.repository }}:{{ .Values.geoipImage.tag }} +imagePullPolicy: '{{ .Values.geoipImage.pullPolicy }}' +securityContext: + runAsUser: 0 + runAsGroup: 0 + readOnlyRootFilesystem: false + runAsNonRoot: false +volumeMounts: + - name: geoip + mountPath: "/usr/share/GeoIP" +envFrom: + - secretRef: + name: '{{ include "tc.common.names.fullname" . }}-geoip-secret' + - configMapRef: + name: '{{ include "tc.common.names.fullname" . }}-geoip-config' +{{/* TODO: Add healthchecks */}} +{{/* TODO: https://github.com/maxmind/geoipupdate/issues/105 */}} +{{- end -}} diff --git a/incubator/authentik/4.0.0/templates/_secret.tpl b/incubator/authentik/4.0.0/templates/_secret.tpl new file mode 100644 index 0000000000..c2f8dbf071 --- /dev/null +++ b/incubator/authentik/4.0.0/templates/_secret.tpl @@ -0,0 +1,70 @@ +{{/* Define the secret */}} +{{- define "authentik.secret" -}} + +{{- $authentikSecretName := printf "%s-authentik-secret" (include "tc.common.names.fullname" .) }} +{{- $geoipSecretName := printf "%s-geoip-secret" (include "tc.common.names.fullname" .) }} + +--- +{{/* This secrets are loaded on both main authentik container and worker */}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ $authentikSecretName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +data: + {{/* Secret Key */}} + {{- with (lookup "v1" "Secret" .Release.Namespace $authentikSecretName) }} + AUTHENTIK_SECRET_KEY: {{ index .data "AUTHENTIK_SECRET_KEY" }} + {{- else }} + AUTHENTIK_SECRET_KEY: {{ randAlphaNum 32 | b64enc }} + {{- end }} + {{/* Dependencies */}} + AUTHENTIK_POSTGRESQL__PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" | b64enc }} + AUTHENTIK_REDIS__PASSWORD: {{ .Values.redis.redisPassword | trimAll "\"" | b64enc }} + {{/* Credentials */}} + {{- with .Values.authentik.credentials.password }} + AUTHENTIK_BOOTSTRAP_PASSWORD: {{ . | b64enc }} + {{- end }} + {{- with .Values.authentik.credentials.token }} + AUTHENTIK_BOOTSTRAP_TOKEN: {{ . | b64enc }} + {{- end }} + {{/* Mail */}} + {{- with .Values.authentik.mail.host }} + AUTHENTIK_EMAIL__HOST: {{ . | b64enc }} + {{- end }} + {{- with .Values.authentik.mail.user }} + AUTHENTIK_EMAIL__USERNAME: {{ . | b64enc }} + {{- end }} + {{- with .Values.authentik.mail.pass }} + AUTHENTIK_EMAIL__PASSWORD: {{ . | b64enc }} + {{- end }} + {{- with .Values.authentik.mail.from }} + AUTHENTIK_EMAIL__FROM: {{ . | b64enc }} + {{- end }} +--- +{{/* This secrets are loaded on geoip container */}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ $geoipSecretName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +data: + {{/* Credentials */}} + {{- with .Values.geoip.account_id }} + GEOIPUPDATE_ACCOUNT_ID: {{ . | b64enc }} + {{- end }} + {{- with .Values.geoip.license_key }} + GEOIPUPDATE_LICENSE_KEY: {{ . | b64enc }} + {{- end }} + {{/* Proxy */}} + {{- with .Values.geoip.proxy }} + GEOIPUPDATE_PROXY: {{ . | b64enc }} + {{- end }} + {{- with .Values.geoip.proxy_user_pass }} + GEOIPUPDATE_PROXY_USER_PASSWORD: {{ . | b64enc }} + {{- end }} +{{- end }} diff --git a/incubator/authentik/4.0.0/templates/_worker.tpl b/incubator/authentik/4.0.0/templates/_worker.tpl new file mode 100644 index 0000000000..2a00d08c0b --- /dev/null +++ b/incubator/authentik/4.0.0/templates/_worker.tpl @@ -0,0 +1,52 @@ +{{/* Define the worker container */}} +{{- define "authentik.worker" -}} +image: {{ .Values.image.repository }}:{{ .Values.image.tag }} +imagePullPolicy: '{{ .Values.image.pullPolicy }}' +securityContext: + runAsUser: {{ .Values.podSecurityContext.runAsUser }} + runAsGroup: {{ .Values.podSecurityContext.runAsGroup }} + readOnlyRootFilesystem: false + runAsNonRoot: true +args: ["worker"] +envFrom: + - secretRef: + name: '{{ include "tc.common.names.fullname" . }}-authentik-secret' + - configMapRef: + name: '{{ include "tc.common.names.fullname" . }}-authentik-config' +volumeMounts: + - name: media + mountPath: "/media" + - name: templates + mountPath: "/templates" + - name: certs + mountPath: "/certs" + - name: geoip + mountPath: "/geoip" +readinessProbe: + exec: + command: + - /lifecycle/ak + - healthcheck + initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }} + periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }} + timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }} + failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }} +livenessProbe: + exec: + command: + - /lifecycle/ak + - healthcheck + initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }} + periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }} + timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }} + failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }} +startupProbe: + exec: + command: + - /lifecycle/ak + - healthcheck + initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }} + periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }} + timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }} + failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }} +{{- end -}} diff --git a/incubator/authentik/4.0.0/templates/common.yaml b/incubator/authentik/4.0.0/templates/common.yaml new file mode 100644 index 0000000000..b712df5a4a --- /dev/null +++ b/incubator/authentik/4.0.0/templates/common.yaml @@ -0,0 +1,25 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.common.loader.init" . }} + +{{/* Render secret */}} +{{- include "authentik.secret" . }} + +{{/* Render config */}} +{{- include "authentik.config" . }} + +{{- if .Values.authentik.metrics.enabled -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" ( .Values.service.metrics.ports.metrics.targetPort | quote) -}} +{{- end -}} + +{{- if .Values.workerContainer.enabled -}} +{{- $_ := set .Values.additionalContainers "worker" (include "authentik.worker" . | fromYaml) -}} +{{- end -}} + +{{- if .Values.geoip.enabled -}} +{{- $_ := set .Values.additionalContainers "geoip" (include "authentik.geoip" . | fromYaml) -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.common.loader.apply" . }} diff --git a/incubator/authentik/4.0.0/values.yaml b/incubator/authentik/4.0.0/values.yaml new file mode 100644 index 0000000000..e69de29bb2