groups: - name: 2FAuth Configuration description: Configure 2FAuth - name: Network Configuration description: Configure Network for 2FAuth - name: Storage Configuration description: Configure Storage for 2FAuth - name: Resources Configuration description: Configure Resources for 2FAuth portals: web_portal: protocols: - "$kubernetes-resource_configmap_portal_protocol" host: - "$kubernetes-resource_configmap_portal_host" ports: - "$kubernetes-resource_configmap_portal_port" path: "$kubernetes-resource_configmap_portal_path" questions: - variable: twofauthConfig label: "" group: 2FAuth Configuration schema: type: dict attrs: - variable: appName label: App Name description: The name of the 2FAuth. schema: type: string default: "2FAuth" required: true - variable: appUrl label: App URL description: | The URL that 2FAuth will be accessible from.
Example:
http://server.ip:30081
https://2fauth.example.com schema: type: uri default: "" required: true - variable: siteOwnerEmail label: Site Owner Email description: The email address of the site owner. schema: type: string default: "" required: true - variable: authenticationGuard label: Authentication Guard description: | When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will trust him as long as headers are presents. schema: type: string default: "web-guard" required: true enum: - value: "web-guard" description: Web Guard - value: "reverse-proxy-guard" description: Reverse Proxy Guard - variable: authProxyHeaderUser label: Authentication Proxy Header User description: | Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level. Check your proxy documentation to find out how these headers are named. schema: type: string default: "" show_if: [["authenticationGuard", "=", "reverse-proxy-guard"]] required: true - variable: authProxyHeaderEmail label: Authentication Proxy Header Email description: | Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level. Check your proxy documentation to find out how these headers are named. schema: type: string default: "" show_if: [["authenticationGuard", "=", "reverse-proxy-guard"]] required: true - variable: webauthnUserVerification label: WebAuthn User Verification description: | Most authenticators and smartphones will ask the user to actively verify themselves for log in. For example, through a touch plus pin code, password entry, or biometric recognition (e.g., presenting a fingerprint). The intent is to distinguish one user from any other. schema: type: string default: "preferred" required: true enum: - value: "preferred" description: Preferred - value: "required" description: Required - value: "discouraged" description: Discouraged - variable: trustedProxies label: Trusted Proxies description: The list of proxies IP to trust schema: type: list default: [] items: - variable: trustedProxy label: Trusted Proxy schema: type: string required: true - variable: additionalEnvs label: Additional Environment Variables description: Configure additional environment variables for 2FAuth. schema: type: list default: [] items: - variable: env label: Environment Variable schema: type: dict attrs: - variable: name label: Name schema: type: string required: true - variable: value label: Value schema: type: string required: true - variable: twofauthNetwork label: "" group: Network Configuration schema: type: dict attrs: - variable: webPort label: Web Port description: The port for the 2FAuth Web UI. schema: type: int default: 30081 min: 9000 max: 65535 required: true - variable: hostNetwork label: Host Network description: | Bind to the host network. It's recommended to keep this disabled.
schema: type: boolean default: false - variable: twofauthStorage label: "" group: Storage Configuration schema: type: dict attrs: - variable: config label: 2FAuth Config Storage description: The path to store 2FAuth Configuration. schema: type: dict attrs: - variable: type label: Type description: | ixVolume: Is dataset created automatically by the system.
Host Path: Is a path that already exists on the system. schema: type: string required: true immutable: true default: "ixVolume" enum: - value: "hostPath" description: Host Path (Path that already exists on the system) - value: "ixVolume" description: ixVolume (Dataset created automatically by the system) - variable: ixVolumeConfig label: ixVolume Configuration description: The configuration for the ixVolume dataset. schema: type: dict show_if: [["type", "=", "ixVolume"]] $ref: - "normalize/ixVolume" attrs: - variable: aclEnable label: Enable ACL description: Enable ACL for the dataset. schema: type: boolean default: false - variable: datasetName label: Dataset Name description: The name of the dataset to use for storage. schema: type: string required: true immutable: true hidden: true default: "config" - variable: aclEntries label: ACL Configuration schema: type: dict show_if: [["aclEnable", "=", true]] attrs: [] - variable: hostPathConfig label: Host Path Configuration schema: type: dict show_if: [["type", "=", "hostPath"]] attrs: - variable: aclEnable label: Enable ACL description: Enable ACL for the dataset. schema: type: boolean default: false - variable: acl label: ACL Configuration schema: type: dict show_if: [["aclEnable", "=", true]] attrs: [] $ref: - "normalize/acl" - variable: hostPath label: Host Path description: The host path to use for storage. schema: type: hostpath show_if: [["aclEnable", "=", false]] required: true - variable: additionalStorages label: Additional Storage description: Additional storage for 2FAuth. schema: type: list default: [] items: - variable: storageEntry label: Storage Entry schema: type: dict attrs: - variable: type label: Type description: | ixVolume: Is dataset created automatically by the system.
Host Path: Is a path that already exists on the system.
SMB Share: Is a SMB share that is mounted to a persistent volume claim. schema: type: string required: true default: "ixVolume" immutable: true enum: - value: "hostPath" description: Host Path (Path that already exists on the system) - value: "ixVolume" description: ixVolume (Dataset created automatically by the system) - value: "smb-pv-pvc" description: SMB Share (Mounts a persistent volume claim to a SMB share) - variable: readOnly label: Read Only description: Mount the volume as read only. schema: type: boolean default: false - variable: mountPath label: Mount Path description: The path inside the container to mount the storage. schema: type: path required: true - variable: hostPathConfig label: Host Path Configuration schema: type: dict show_if: [["type", "=", "hostPath"]] attrs: - variable: aclEnable label: Enable ACL description: Enable ACL for the dataset. schema: type: boolean default: false - variable: acl label: ACL Configuration schema: type: dict show_if: [["aclEnable", "=", true]] attrs: [] $ref: - "normalize/acl" - variable: hostPath label: Host Path description: The host path to use for storage. schema: type: hostpath show_if: [["aclEnable", "=", false]] required: true - variable: ixVolumeConfig label: ixVolume Configuration description: The configuration for the ixVolume dataset. schema: type: dict show_if: [["type", "=", "ixVolume"]] $ref: - "normalize/ixVolume" attrs: - variable: aclEnable label: Enable ACL description: Enable ACL for the dataset. schema: type: boolean default: false - variable: datasetName label: Dataset Name description: The name of the dataset to use for storage. schema: type: string required: true immutable: true default: "storage_entry" - variable: aclEntries label: ACL Configuration schema: type: dict show_if: [["aclEnable", "=", true]] attrs: [] - variable: smbConfig label: SMB Share Configuration description: The configuration for the SMB Share. schema: type: dict show_if: [["type", "=", "smb-pv-pvc"]] attrs: - variable: server label: Server description: The server for the SMB share. schema: type: string required: true - variable: share label: Share description: The share name for the SMB share. schema: type: string required: true - variable: domain label: Domain (Optional) description: The domain for the SMB share. schema: type: string - variable: username label: Username description: The username for the SMB share. schema: type: string required: true - variable: password label: Password description: The password for the SMB share. schema: type: string required: true private: true - variable: size label: Size (in Gi) description: The size of the volume quota. schema: type: int required: true min: 1 default: 1 - variable: resources group: Resources Configuration label: "" schema: type: dict attrs: - variable: limits label: Limits schema: type: dict attrs: - variable: cpu label: CPU description: CPU limit for 2FAuth. schema: type: string max_length: 6 valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$' valid_chars_error: | Valid CPU limit formats are
- Plain Integer - eg. 1
- Float - eg. 0.5
- Milicpu - eg. 500m default: "4000m" required: true - variable: memory label: Memory description: Memory limit for 2FAuth. schema: type: string max_length: 12 valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$' valid_chars_error: | Valid Memory limit formats are
- Suffixed with E/P/T/G/M/K - eg. 1G
- Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi
- Plain Integer in bytes - eg. 1024
- Exponent - eg. 134e6 default: "8Gi" required: true