rancher-partner-charts/charts/kasten/k10/questions.yaml

questions:
# ========================
# SECRETS And Configuration
# ========================

### AWS Configuration

- variable: secrets.awsAccessKeyId
  description: "AWS access key ID (required for AWS deployment)"
  type: password
  label: AWS Access Key ID
  required: false
  group: "AWS Configuration"

- variable: secrets.awsSecretAccessKey
  description: "AWS access key secret (required for AWS deployment)"
  type: password
  label: AWS Secret Access Key
  required: false
  group: "AWS Configuration"

- variable: secrets.awsIamRole
  description: "ARN of the AWS IAM role assumed by K10 to perform any AWS operation."
  type: string
  label: ARN of the AWS IAM role
  required: false
  group: "AWS Configuration"

- variable: awsConfig.assumeRoleDuration
  description: "Duration of a session token generated by AWS for an IAM role"
  type: string
  label: Role Duration
  required: false
  default: ""
  group: "AWS Configuration"

- variable: awsConfig.efsBackupVaultName
  description: "Specifies the AWS EFS backup vault name"
  type: string
  label: EFS Backup Vault Name
  required: false
  default: "k10vault"
  group: "AWS Configuration"

### Google Cloud Configuration

- variable: secrets.googleApiKey
  description: "Required If cluster is deployed on Google Cloud"
  type: multiline
  label: Non-default base64 encoded GCP Service Account key file
  required: false
  group: "GoogleApi Configuration"

### Azure Configuration

- variable: secrets.azureTenantId
  description: "Azure tenant ID (required for Azure deployment)"
  type: string
  label: Tenant ID
  required: false
  group: "Azure Configuration"

- variable: secrets.azureClientId
  description: "Azure Service App ID"
  type: password
  label: Service App ID
  required: false
  group: "Azure Configuration"

- variable: secrets.azureClientSecret
  description: "Azure Service App secret"
  type: password
  label: Service App secret
  required: false
  group: "Azure Configuration"

- variable: secrets.azureResourceGroup
  description: "Resource Group name that was created for the Kubernetes cluster"
  type: string
  label: Resource Group
  required: false
  group: "Azure Configuration"

- variable: secrets.azureSubscriptionID
  description: "Subscription ID in your Azure tenant"
  type: string
  label: Subscription ID
  required: false
  group: "Azure Configuration"

- variable: secrets.azureResourceMgrEndpoint
  description: "Resource management endpoint for the Azure Stack instance"
  type: string
  label: Resource management endpoint
  required: false
  group: "Azure Configuration"

- variable: secrets.azureADEndpoint
  description: "Azure Active Directory login endpoint"
  type: string
  label: Active Directory login endpoint
  required: false
  group: "Azure Configuration"

- variable: secrets.azureADResourceID
  description: "Azure Active Directory resource ID to obtain AD tokens"
  type: string
  label: Active Directory resource ID
  required: false
  group: "Azure Configuration"

# ========================
# Authentication
# ========================
 
- variable: auth.basicAuth.enabled
  description: "Configures basic authentication for the K10 dashboard"
  type: boolean
  label: Enable Basic Authentication
  required: false
  group: "Authentication"
  show_subquestion_if: true
  subquestions:
  - variable: auth.basicAuth.htpasswd
    description: "A username and password pair separated by a colon character"
    type: password
    label: Authentication Details (htpasswd)
  - variable: auth.basicAuth.secretName
    description: "Name of an existing Secret that contains a file generated with htpasswd"
    type: string
    label: Secret Name

- variable: auth.tokenAuth.enabled
  description: "Configures token based authentication for the K10 dashboard"
  type: boolean
  label: Enable Token Based Authentication
  required: false
  group: "Authentication"

- variable: auth.oidcAuth.enabled
  description: "Configures Open ID Connect based authentication for the K10 dashboard"
  type: boolean
  label: Enable OpenID Connect Based Authentication
  required: false
  group: "Authentication"
  show_subquestion_if: true
  subquestions:
  - variable: auth.oidcAuth.providerURL
    description: "URL for the OIDC Provider"
    type: string
    label: OIDC Provider URL
  - variable: auth.oidcAuth.redirectURL
    description: "URL for the K10 gateway Provider"
    type: string
    label: OIDC Redirect URL
  - variable: auth.oidcAuth.scopes
    description: "Space separated OIDC scopes required for userinfo. Example: `profile email`"
    type: string
    label: OIDC scopes
  - variable: auth.oidcAuth.prompt
    description: "The type of prompt to be used during authentication (none, consent, login, or select_account)"
    type: enum
    options:
      - none
      - consent
      - login
      - select_account
    default: none
    label: The type of prompt to be used during authentication (none, consent, login, or select_account)
  - variable: auth.oidcAuth.clientID
    description: "Client ID given by the OIDC provider for K10"
    type: password
    label: OIDC Client ID 
  - variable: auth.oidcAuth.clientSecret
    description: "Client secret given by the OIDC provider for K10"
    type: password
    label: OIDC Client Secret
  - variable: auth.oidcAuth.usernameClaim
    description: "The claim to be used as the username"
    type: string
    label: OIDC UserName Claim
  - variable: auth.oidcAuth.usernamePrefix
    description: "Prefix that has to be used with the username obtained from the username claim"
    type: string
    label: OIDC UserName Prefix
  - variable: auth.oidcAuth.groupClaim
    description: "Name of a custom OpenID Connect claim for specifying user groups"
    type: string
    label: OIDC group Claim
  - variable: auth.oidcAuth.groupPrefix
    description: "All groups will be prefixed with this value to prevent conflicts"
    type: string
    label: OIDC group Prefix

# ========================
# External Gateway
# ========================

- variable: externalGateway.create
  description: "Configures an external gateway for K10 API services"
  type: boolean
  label: Create External Gateway
  required: false
  group: "External Gateway"
  show_subquestion_if: true
  subquestions:
  - variable: externalGateway.annotations
    description: "Standard annotations for the services"
    type: multiline
    default: ""
    label: Annotation
  - variable: externalGateway.fqdn.name
    description: "Domain name for the K10 API services"
    type: string
    label: Domain Name
  - variable: externalGateway.fqdn.type
    description: "Supported gateway type: `route53-mapper` or `external-dns`"
    type: string
    label: Gateway Type route53-mapper or external-dns
  - variable: externalGateway.awsSSLCertARN
    description: "ARN for the AWS ACM SSL certificate used in the K10 API server"
    type: multiline
    label: ARN for the AWS ACM SSL certificate

# ========================
# Storage Management
# ========================

- variable: global.persistence.storageClass
  label: StorageClass Name
  description: "Specifies StorageClass Name to be used for PVCs"
  type: string
  required: false
  default: ""
  group: "Storage Management"

- variable: prometheus.server.persistentVolume.storageClass
  type: string
  label: StorageClass Name for Prometheus PVC
  description: "StorageClassName used to create Prometheus PVC. Setting this option overwrites global StorageClass value"
  default: ""
  required: false
  group: "Storage Management"

- variable: prometheus.server.persistentVolume.enabled
  type: boolean
  label: Enable PVC for Prometheus server
  description: "If true, K10 Prometheus server will create a Persistent Volume Claim"
  default: true
  required: false
  group: "Storage Management"

- variable: global.persistence.enabled
  type: boolean
  label: Storage Enabled
  description: "If true, K10 will use Persistent Volume Claim"
  default: true
  required: false
  group: "Storage Management"

# ========================
# Service Account
# ======================== 

- variable: serviceAccount.name
  description: "Name of a service account in the target namespace that has cluster-admin permissions. This is needed for the K10 to be able to protect cluster resources."
  type: string
  label: Service Account Name
  required: false
  group: "Service Account"

# ========================
# License
# ========================

- variable: license
  description: "License string obtained from Kasten"
  type: multiline
  label: License String
  group: "License"
- variable: eula.accept
  description: "Whether to enable accept EULA before installation"
  type: boolean
  label: Enable accept EULA before installation
  group: "License"
  show_subquestion_if: true
  subquestions:
  - variable: eula.company
    description: "Company name. Required field if EULA is accepted"
    type: string
    label: Company Name
  - variable: eula.email
    description: "Contact email. Required field if EULA is accepted"
    type: string
    label: Contact Email
Result of running make charts 2022-03-04 08:23:13 +00:00			`questions:`
			`# ========================`
			`# SECRETS And Configuration`
			`# ========================`

			`### AWS Configuration`

			`- variable: secrets.awsAccessKeyId`
			`description: "AWS access key ID (required for AWS deployment)"`
			`type: password`
			`label: AWS Access Key ID`
			`required: false`
			`group: "AWS Configuration"`

			`- variable: secrets.awsSecretAccessKey`
			`description: "AWS access key secret (required for AWS deployment)"`
			`type: password`
			`label: AWS Secret Access Key`
			`required: false`
			`group: "AWS Configuration"`

			`- variable: secrets.awsIamRole`
			`description: "ARN of the AWS IAM role assumed by K10 to perform any AWS operation."`
			`type: string`
			`label: ARN of the AWS IAM role`
			`required: false`
			`group: "AWS Configuration"`

			`- variable: awsConfig.assumeRoleDuration`
			`description: "Duration of a session token generated by AWS for an IAM role"`
			`type: string`
			`label: Role Duration`
			`required: false`
			`default: ""`
			`group: "AWS Configuration"`

			`- variable: awsConfig.efsBackupVaultName`
			`description: "Specifies the AWS EFS backup vault name"`
			`type: string`
			`label: EFS Backup Vault Name`
			`required: false`
			`default: "k10vault"`
			`group: "AWS Configuration"`

			`### Google Cloud Configuration`

			`- variable: secrets.googleApiKey`
			`description: "Required If cluster is deployed on Google Cloud"`
			`type: multiline`
			`label: Non-default base64 encoded GCP Service Account key file`
			`required: false`
			`group: "GoogleApi Configuration"`

			`### Azure Configuration`

			`- variable: secrets.azureTenantId`
			`description: "Azure tenant ID (required for Azure deployment)"`
			`type: string`
			`label: Tenant ID`
			`required: false`
			`group: "Azure Configuration"`

			`- variable: secrets.azureClientId`
			`description: "Azure Service App ID"`
			`type: password`
			`label: Service App ID`
			`required: false`
			`group: "Azure Configuration"`

			`- variable: secrets.azureClientSecret`
			`description: "Azure Service App secret"`
			`type: password`
			`label: Service App secret`
			`required: false`
			`group: "Azure Configuration"`

			`- variable: secrets.azureResourceGroup`
			`description: "Resource Group name that was created for the Kubernetes cluster"`
			`type: string`
			`label: Resource Group`
			`required: false`
			`group: "Azure Configuration"`

			`- variable: secrets.azureSubscriptionID`
			`description: "Subscription ID in your Azure tenant"`
			`type: string`
			`label: Subscription ID`
			`required: false`
			`group: "Azure Configuration"`

			`- variable: secrets.azureResourceMgrEndpoint`
			`description: "Resource management endpoint for the Azure Stack instance"`
			`type: string`
			`label: Resource management endpoint`
			`required: false`
			`group: "Azure Configuration"`

			`- variable: secrets.azureADEndpoint`
			`description: "Azure Active Directory login endpoint"`
			`type: string`
			`label: Active Directory login endpoint`
			`required: false`
			`group: "Azure Configuration"`

			`- variable: secrets.azureADResourceID`
			`description: "Azure Active Directory resource ID to obtain AD tokens"`
			`type: string`
			`label: Active Directory resource ID`
			`required: false`
			`group: "Azure Configuration"`

			`# ========================`
			`# Authentication`
			`# ========================`

			`- variable: auth.basicAuth.enabled`
			`description: "Configures basic authentication for the K10 dashboard"`
			`type: boolean`
			`label: Enable Basic Authentication`
			`required: false`
			`group: "Authentication"`
			`show_subquestion_if: true`
			`subquestions:`
			`- variable: auth.basicAuth.htpasswd`
			`description: "A username and password pair separated by a colon character"`
			`type: password`
			`label: Authentication Details (htpasswd)`
			`- variable: auth.basicAuth.secretName`
			`description: "Name of an existing Secret that contains a file generated with htpasswd"`
			`type: string`
			`label: Secret Name`

			`- variable: auth.tokenAuth.enabled`
			`description: "Configures token based authentication for the K10 dashboard"`
			`type: boolean`
			`label: Enable Token Based Authentication`
			`required: false`
			`group: "Authentication"`

			`- variable: auth.oidcAuth.enabled`
			`description: "Configures Open ID Connect based authentication for the K10 dashboard"`
			`type: boolean`
			`label: Enable OpenID Connect Based Authentication`
			`required: false`
			`group: "Authentication"`
			`show_subquestion_if: true`
			`subquestions:`
			`- variable: auth.oidcAuth.providerURL`
			`description: "URL for the OIDC Provider"`
			`type: string`
			`label: OIDC Provider URL`
			`- variable: auth.oidcAuth.redirectURL`
			`description: "URL for the K10 gateway Provider"`
			`type: string`
			`label: OIDC Redirect URL`
			`- variable: auth.oidcAuth.scopes`
			description: "Space separated OIDC scopes required for userinfo. Example: `profile email`"
			`type: string`
			`label: OIDC scopes`
			`- variable: auth.oidcAuth.prompt`
			`description: "The type of prompt to be used during authentication (none, consent, login, or select_account)"`
			`type: enum`
			`options:`
			`- none`
			`- consent`
			`- login`
			`- select_account`
			`default: none`
			`label: The type of prompt to be used during authentication (none, consent, login, or select_account)`
			`- variable: auth.oidcAuth.clientID`
			`description: "Client ID given by the OIDC provider for K10"`
			`type: password`
			`label: OIDC Client ID`
			`- variable: auth.oidcAuth.clientSecret`
			`description: "Client secret given by the OIDC provider for K10"`
			`type: password`
			`label: OIDC Client Secret`
			`- variable: auth.oidcAuth.usernameClaim`
			`description: "The claim to be used as the username"`
			`type: string`
			`label: OIDC UserName Claim`
			`- variable: auth.oidcAuth.usernamePrefix`
			`description: "Prefix that has to be used with the username obtained from the username claim"`
			`type: string`
			`label: OIDC UserName Prefix`
			`- variable: auth.oidcAuth.groupClaim`
			`description: "Name of a custom OpenID Connect claim for specifying user groups"`
			`type: string`
			`label: OIDC group Claim`
			`- variable: auth.oidcAuth.groupPrefix`
			`description: "All groups will be prefixed with this value to prevent conflicts"`
			`type: string`
			`label: OIDC group Prefix`

			`# ========================`
			`# External Gateway`
			`# ========================`

			`- variable: externalGateway.create`
			`description: "Configures an external gateway for K10 API services"`
			`type: boolean`
			`label: Create External Gateway`
			`required: false`
			`group: "External Gateway"`
			`show_subquestion_if: true`
			`subquestions:`
			`- variable: externalGateway.annotations`
			`description: "Standard annotations for the services"`
			`type: multiline`
			`default: ""`
			`label: Annotation`
			`- variable: externalGateway.fqdn.name`
			`description: "Domain name for the K10 API services"`
			`type: string`
			`label: Domain Name`
			`- variable: externalGateway.fqdn.type`
			description: "Supported gateway type: `route53-mapper` or `external-dns`"
			`type: string`
			`label: Gateway Type route53-mapper or external-dns`
			`- variable: externalGateway.awsSSLCertARN`
			`description: "ARN for the AWS ACM SSL certificate used in the K10 API server"`
			`type: multiline`
			`label: ARN for the AWS ACM SSL certificate`

			`# ========================`
			`# Storage Management`
			`# ========================`

			`- variable: global.persistence.storageClass`
			`label: StorageClass Name`
			`description: "Specifies StorageClass Name to be used for PVCs"`
			`type: string`
			`required: false`
			`default: ""`
			`group: "Storage Management"`

			`- variable: prometheus.server.persistentVolume.storageClass`
			`type: string`
			`label: StorageClass Name for Prometheus PVC`
			`description: "StorageClassName used to create Prometheus PVC. Setting this option overwrites global StorageClass value"`
			`default: ""`
			`required: false`
			`group: "Storage Management"`

			`- variable: prometheus.server.persistentVolume.enabled`
			`type: boolean`
			`label: Enable PVC for Prometheus server`
			`description: "If true, K10 Prometheus server will create a Persistent Volume Claim"`
			`default: true`
			`required: false`
			`group: "Storage Management"`

			`- variable: global.persistence.enabled`
			`type: boolean`
			`label: Storage Enabled`
			`description: "If true, K10 will use Persistent Volume Claim"`
			`default: true`
			`required: false`
			`group: "Storage Management"`

			`# ========================`
			`# Service Account`
			`# ========================`

			`- variable: serviceAccount.name`
			`description: "Name of a service account in the target namespace that has cluster-admin permissions. This is needed for the K10 to be able to protect cluster resources."`
			`type: string`
			`label: Service Account Name`
			`required: false`
			`group: "Service Account"`

			`# ========================`
			`# License`
			`# ========================`

			`- variable: license`
			`description: "License string obtained from Kasten"`
			`type: multiline`
			`label: License String`
			`group: "License"`
			`- variable: eula.accept`
			`description: "Whether to enable accept EULA before installation"`
			`type: boolean`
			`label: Enable accept EULA before installation`
			`group: "License"`
			`show_subquestion_if: true`
			`subquestions:`
			`- variable: eula.company`
			`description: "Company name. Required field if EULA is accepted"`
			`type: string`
			`label: Company Name`
			`- variable: eula.email`
			`description: "Contact email. Required field if EULA is accepted"`
			`type: string`
			`label: Contact Email`