questions: # ======================== # SECRETS And Configuration # ======================== ### AWS Configuration - variable: secrets.awsAccessKeyId description: "AWS access key ID (required for AWS deployment)" type: password label: AWS Access Key ID required: false group: "AWS Configuration" - variable: secrets.awsSecretAccessKey description: "AWS access key secret (required for AWS deployment)" type: password label: AWS Secret Access Key required: false group: "AWS Configuration" - variable: secrets.awsIamRole description: "ARN of the AWS IAM role assumed by K10 to perform any AWS operation." type: string label: ARN of the AWS IAM role required: false group: "AWS Configuration" - variable: awsConfig.assumeRoleDuration description: "Duration of a session token generated by AWS for an IAM role" type: string label: Role Duration required: false default: "" group: "AWS Configuration" - variable: awsConfig.efsBackupVaultName description: "Specifies the AWS EFS backup vault name" type: string label: EFS Backup Vault Name required: false default: "k10vault" group: "AWS Configuration" ### Google Cloud Configuration - variable: secrets.googleApiKey description: "Required If cluster is deployed on Google Cloud" type: multiline label: Non-default base64 encoded GCP Service Account key file required: false group: "GoogleApi Configuration" ### Azure Configuration - variable: secrets.azureTenantId description: "Azure tenant ID (required for Azure deployment)" type: string label: Tenant ID required: false group: "Azure Configuration" - variable: secrets.azureClientId description: "Azure Service App ID" type: password label: Service App ID required: false group: "Azure Configuration" - variable: secrets.azureClientSecret description: "Azure Service App secret" type: password label: Service App secret required: false group: "Azure Configuration" - variable: secrets.azureResourceGroup description: "Resource Group name that was created for the Kubernetes cluster" type: string label: Resource Group required: false group: "Azure Configuration" - variable: secrets.azureSubscriptionID description: "Subscription ID in your Azure tenant" type: string label: Subscription ID required: false group: "Azure Configuration" - variable: secrets.azureResourceMgrEndpoint description: "Resource management endpoint for the Azure Stack instance" type: string label: Resource management endpoint required: false group: "Azure Configuration" - variable: secrets.azureADEndpoint description: "Azure Active Directory login endpoint" type: string label: Active Directory login endpoint required: false group: "Azure Configuration" - variable: secrets.azureADResourceID description: "Azure Active Directory resource ID to obtain AD tokens" type: string label: Active Directory resource ID required: false group: "Azure Configuration" # ======================== # Authentication # ======================== - variable: auth.basicAuth.enabled description: "Configures basic authentication for the K10 dashboard" type: boolean label: Enable Basic Authentication required: false group: "Authentication" show_subquestion_if: true subquestions: - variable: auth.basicAuth.htpasswd description: "A username and password pair separated by a colon character" type: password label: Authentication Details (htpasswd) - variable: auth.basicAuth.secretName description: "Name of an existing Secret that contains a file generated with htpasswd" type: string label: Secret Name - variable: auth.tokenAuth.enabled description: "Configures token based authentication for the K10 dashboard" type: boolean label: Enable Token Based Authentication required: false group: "Authentication" - variable: auth.oidcAuth.enabled description: "Configures Open ID Connect based authentication for the K10 dashboard" type: boolean label: Enable OpenID Connect Based Authentication required: false group: "Authentication" show_subquestion_if: true subquestions: - variable: auth.oidcAuth.providerURL description: "URL for the OIDC Provider" type: string label: OIDC Provider URL - variable: auth.oidcAuth.redirectURL description: "URL for the K10 gateway Provider" type: string label: OIDC Redirect URL - variable: auth.oidcAuth.scopes description: "Space separated OIDC scopes required for userinfo. Example: `profile email`" type: string label: OIDC scopes - variable: auth.oidcAuth.prompt description: "The type of prompt to be used during authentication (none, consent, login, or select_account)" type: enum options: - none - consent - login - select_account default: none label: The type of prompt to be used during authentication (none, consent, login, or select_account) - variable: auth.oidcAuth.clientID description: "Client ID given by the OIDC provider for K10" type: password label: OIDC Client ID - variable: auth.oidcAuth.clientSecret description: "Client secret given by the OIDC provider for K10" type: password label: OIDC Client Secret - variable: auth.oidcAuth.usernameClaim description: "The claim to be used as the username" type: string label: OIDC UserName Claim - variable: auth.oidcAuth.usernamePrefix description: "Prefix that has to be used with the username obtained from the username claim" type: string label: OIDC UserName Prefix - variable: auth.oidcAuth.groupClaim description: "Name of a custom OpenID Connect claim for specifying user groups" type: string label: OIDC group Claim - variable: auth.oidcAuth.groupPrefix description: "All groups will be prefixed with this value to prevent conflicts" type: string label: OIDC group Prefix # ======================== # External Gateway # ======================== - variable: externalGateway.create description: "Configures an external gateway for K10 API services" type: boolean label: Create External Gateway required: false group: "External Gateway" show_subquestion_if: true subquestions: - variable: externalGateway.annotations description: "Standard annotations for the services" type: multiline default: "" label: Annotation - variable: externalGateway.fqdn.name description: "Domain name for the K10 API services" type: string label: Domain Name - variable: externalGateway.fqdn.type description: "Supported gateway type: `route53-mapper` or `external-dns`" type: string label: Gateway Type route53-mapper or external-dns - variable: externalGateway.awsSSLCertARN description: "ARN for the AWS ACM SSL certificate used in the K10 API server" type: multiline label: ARN for the AWS ACM SSL certificate # ======================== # Storage Management # ======================== - variable: global.persistence.storageClass label: StorageClass Name description: "Specifies StorageClass Name to be used for PVCs" type: string required: false default: "" group: "Storage Management" - variable: prometheus.server.persistentVolume.storageClass type: string label: StorageClass Name for Prometheus PVC description: "StorageClassName used to create Prometheus PVC. Setting this option overwrites global StorageClass value" default: "" required: false group: "Storage Management" - variable: prometheus.server.persistentVolume.enabled type: boolean label: Enable PVC for Prometheus server description: "If true, K10 Prometheus server will create a Persistent Volume Claim" default: true required: false group: "Storage Management" - variable: global.persistence.enabled type: boolean label: Storage Enabled description: "If true, K10 will use Persistent Volume Claim" default: true required: false group: "Storage Management" # ======================== # Service Account # ======================== - variable: serviceAccount.name description: "Name of a service account in the target namespace that has cluster-admin permissions. This is needed for the K10 to be able to protect cluster resources." type: string label: Service Account Name required: false group: "Service Account" # ======================== # License # ======================== - variable: license description: "License string obtained from Kasten" type: multiline label: License String group: "License" - variable: eula.accept description: "Whether to enable accept EULA before installation" type: boolean label: Enable accept EULA before installation group: "License" show_subquestion_if: true subquestions: - variable: eula.company description: "Company name. Required field if EULA is accepted" type: string label: Company Name - variable: eula.email description: "Contact email. Required field if EULA is accepted" type: string label: Contact Email