| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432 |
- groups:
- - name: 2FAuth Configuration
- description: Configure 2FAuth
- - name: Network Configuration
- description: Configure Network for 2FAuth
- - name: Storage Configuration
- description: Configure Storage for 2FAuth
- - name: Resources Configuration
- description: Configure Resources for 2FAuth
- portals:
- web_portal:
- protocols:
- - "$kubernetes-resource_configmap_portal_protocol"
- host:
- - "$kubernetes-resource_configmap_portal_host"
- ports:
- - "$kubernetes-resource_configmap_portal_port"
- path: "$kubernetes-resource_configmap_portal_path"
- questions:
- - variable: twofauthConfig
- label: ""
- group: 2FAuth Configuration
- schema:
- type: dict
- attrs:
- - variable: appName
- label: App Name
- description: The name of the 2FAuth.
- schema:
- type: string
- default: "2FAuth"
- required: true
- - variable: appUrl
- label: App URL
- description: |
- The URL that 2FAuth will be accessible from.</br>
- Example: </br>
- http://server.ip:30081</br>
- https://2fauth.example.com
- schema:
- type: uri
- default: ""
- required: true
- - variable: siteOwnerEmail
- label: Site Owner Email
- description: The email address of the site owner.
- schema:
- type: string
- default: ""
- required: true
- - variable: authenticationGuard
- label: Authentication Guard
- description: |
- When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all
- other built-in authentication checks. That means your proxy is fully responsible of the
- authentication process, 2FAuth will trust him as long as headers are presents.
- schema:
- type: string
- default: "web-guard"
- required: true
- enum:
- - value: "web-guard"
- description: Web Guard
- - value: "reverse-proxy-guard"
- description: Reverse Proxy Guard
- - variable: authProxyHeaderUser
- label: Authentication Proxy Header User
- description: |
- Name of the HTTP headers sent by the reverse proxy that identifies the authenticated
- user at proxy level. Check your proxy documentation to find out how these headers are named.
- schema:
- type: string
- default: ""
- show_if: [["authenticationGuard", "=", "reverse-proxy-guard"]]
- required: true
- - variable: authProxyHeaderEmail
- label: Authentication Proxy Header Email
- description: |
- Name of the HTTP headers sent by the reverse proxy that identifies the authenticated
- user at proxy level. Check your proxy documentation to find out how these headers are named.
- schema:
- type: string
- default: ""
- show_if: [["authenticationGuard", "=", "reverse-proxy-guard"]]
- required: true
- - variable: webauthnUserVerification
- label: WebAuthn User Verification
- description: |
- Most authenticators and smartphones will ask the user to actively verify
- themselves for log in. For example, through a touch plus pin code,
- password entry, or biometric recognition (e.g., presenting a fingerprint).
- The intent is to distinguish one user from any other.
- schema:
- type: string
- default: "preferred"
- required: true
- enum:
- - value: "preferred"
- description: Preferred
- - value: "required"
- description: Required
- - value: "discouraged"
- description: Discouraged
- - variable: trustedProxies
- label: Trusted Proxies
- description: The list of proxies IP to trust
- schema:
- type: list
- default: []
- items:
- - variable: trustedProxy
- label: Trusted Proxy
- schema:
- type: string
- required: true
- - variable: additionalEnvs
- label: Additional Environment Variables
- description: Configure additional environment variables for 2FAuth.
- schema:
- type: list
- default: []
- items:
- - variable: env
- label: Environment Variable
- schema:
- type: dict
- attrs:
- - variable: name
- label: Name
- schema:
- type: string
- required: true
- - variable: value
- label: Value
- schema:
- type: string
- required: true
- - variable: twofauthNetwork
- label: ""
- group: Network Configuration
- schema:
- type: dict
- attrs:
- - variable: webPort
- label: Web Port
- description: The port for the 2FAuth Web UI.
- schema:
- type: int
- default: 30081
- min: 9000
- max: 65535
- required: true
- - variable: hostNetwork
- label: Host Network
- description: |
- Bind to the host network. It's recommended to keep this disabled.</br>
- schema:
- type: boolean
- default: false
- - variable: twofauthStorage
- label: ""
- group: Storage Configuration
- schema:
- type: dict
- attrs:
- - variable: config
- label: 2FAuth Config Storage
- description: The path to store 2FAuth Configuration.
- schema:
- type: dict
- attrs:
- - variable: type
- label: Type
- description: |
- ixVolume: Is dataset created automatically by the system.</br>
- Host Path: Is a path that already exists on the system.
- schema:
- type: string
- required: true
- immutable: true
- default: "ixVolume"
- enum:
- - value: "hostPath"
- description: Host Path (Path that already exists on the system)
- - value: "ixVolume"
- description: ixVolume (Dataset created automatically by the system)
- - variable: ixVolumeConfig
- label: ixVolume Configuration
- description: The configuration for the ixVolume dataset.
- schema:
- type: dict
- show_if: [["type", "=", "ixVolume"]]
- $ref:
- - "normalize/ixVolume"
- attrs:
- - variable: aclEnable
- label: Enable ACL
- description: Enable ACL for the dataset.
- schema:
- type: boolean
- default: false
- - variable: datasetName
- label: Dataset Name
- description: The name of the dataset to use for storage.
- schema:
- type: string
- required: true
- immutable: true
- hidden: true
- default: "config"
- - variable: aclEntries
- label: ACL Configuration
- schema:
- type: dict
- show_if: [["aclEnable", "=", true]]
- attrs: []
- - variable: hostPathConfig
- label: Host Path Configuration
- schema:
- type: dict
- show_if: [["type", "=", "hostPath"]]
- attrs:
- - variable: aclEnable
- label: Enable ACL
- description: Enable ACL for the dataset.
- schema:
- type: boolean
- default: false
- - variable: acl
- label: ACL Configuration
- schema:
- type: dict
- show_if: [["aclEnable", "=", true]]
- attrs: []
- $ref:
- - "normalize/acl"
- - variable: hostPath
- label: Host Path
- description: The host path to use for storage.
- schema:
- type: hostpath
- show_if: [["aclEnable", "=", false]]
- required: true
- - variable: additionalStorages
- label: Additional Storage
- description: Additional storage for 2FAuth.
- schema:
- type: list
- default: []
- items:
- - variable: storageEntry
- label: Storage Entry
- schema:
- type: dict
- attrs:
- - variable: type
- label: Type
- description: |
- ixVolume: Is dataset created automatically by the system.</br>
- Host Path: Is a path that already exists on the system.</br>
- SMB Share: Is a SMB share that is mounted to a persistent volume claim.
- schema:
- type: string
- required: true
- default: "ixVolume"
- immutable: true
- enum:
- - value: "hostPath"
- description: Host Path (Path that already exists on the system)
- - value: "ixVolume"
- description: ixVolume (Dataset created automatically by the system)
- - value: "smb-pv-pvc"
- description: SMB Share (Mounts a persistent volume claim to a SMB share)
- - variable: readOnly
- label: Read Only
- description: Mount the volume as read only.
- schema:
- type: boolean
- default: false
- - variable: mountPath
- label: Mount Path
- description: The path inside the container to mount the storage.
- schema:
- type: path
- required: true
- - variable: hostPathConfig
- label: Host Path Configuration
- schema:
- type: dict
- show_if: [["type", "=", "hostPath"]]
- attrs:
- - variable: aclEnable
- label: Enable ACL
- description: Enable ACL for the dataset.
- schema:
- type: boolean
- default: false
- - variable: acl
- label: ACL Configuration
- schema:
- type: dict
- show_if: [["aclEnable", "=", true]]
- attrs: []
- $ref:
- - "normalize/acl"
- - variable: hostPath
- label: Host Path
- description: The host path to use for storage.
- schema:
- type: hostpath
- show_if: [["aclEnable", "=", false]]
- required: true
- - variable: ixVolumeConfig
- label: ixVolume Configuration
- description: The configuration for the ixVolume dataset.
- schema:
- type: dict
- show_if: [["type", "=", "ixVolume"]]
- $ref:
- - "normalize/ixVolume"
- attrs:
- - variable: aclEnable
- label: Enable ACL
- description: Enable ACL for the dataset.
- schema:
- type: boolean
- default: false
- - variable: datasetName
- label: Dataset Name
- description: The name of the dataset to use for storage.
- schema:
- type: string
- required: true
- immutable: true
- default: "storage_entry"
- - variable: aclEntries
- label: ACL Configuration
- schema:
- type: dict
- show_if: [["aclEnable", "=", true]]
- attrs: []
- - variable: smbConfig
- label: SMB Share Configuration
- description: The configuration for the SMB Share.
- schema:
- type: dict
- show_if: [["type", "=", "smb-pv-pvc"]]
- attrs:
- - variable: server
- label: Server
- description: The server for the SMB share.
- schema:
- type: string
- required: true
- - variable: share
- label: Share
- description: The share name for the SMB share.
- schema:
- type: string
- required: true
- - variable: domain
- label: Domain (Optional)
- description: The domain for the SMB share.
- schema:
- type: string
- - variable: username
- label: Username
- description: The username for the SMB share.
- schema:
- type: string
- required: true
- - variable: password
- label: Password
- description: The password for the SMB share.
- schema:
- type: string
- required: true
- private: true
- - variable: size
- label: Size (in Gi)
- description: The size of the volume quota.
- schema:
- type: int
- required: true
- min: 1
- default: 1
- - variable: resources
- group: Resources Configuration
- label: ""
- schema:
- type: dict
- attrs:
- - variable: limits
- label: Limits
- schema:
- type: dict
- attrs:
- - variable: cpu
- label: CPU
- description: CPU limit for 2FAuth.
- schema:
- type: string
- max_length: 6
- valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$'
- valid_chars_error: |
- Valid CPU limit formats are</br>
- - Plain Integer - eg. 1</br>
- - Float - eg. 0.5</br>
- - Milicpu - eg. 500m
- default: "4000m"
- required: true
- - variable: memory
- label: Memory
- description: Memory limit for 2FAuth.
- schema:
- type: string
- max_length: 12
- valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$'
- valid_chars_error: |
- Valid Memory limit formats are</br>
- - Suffixed with E/P/T/G/M/K - eg. 1G</br>
- - Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi</br>
- - Plain Integer in bytes - eg. 1024</br>
- - Exponent - eg. 134e6
- default: "8Gi"
- required: true
|
