questions: # ================== # Distribution group # ================== - variable: global.distribution default: "openbanking" required: true type: enum label: Gluu Distribution description: "Gluu Distribution. Openbanking only contains Config-API and the Auth Server customized for Openbanking industry." group: "Global Settings" options: - "default" - "openbanking" # ======================== # OpenBanking Distribution # ======================== - variable: global.cnObExtSigningJwksUri required: true default: "https://keystore.openbankingtest.org.uk/keystore/openbanking.jwks" description: "Open banking external signing jwks uri. Used in SSA Validation." type: hostname group: "OpenBanking Distribution" label: Openbanking external signing JWKS URI show_if: "global.distribution=openbanking" subquestions: - variable: global.cnObExtSigningJwksCrt default: "" required: true group: "OpenBanking Distribution" description: "Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set." type: multiline label: Open banking external signing jwks AS certificate authority string - variable: global.cnObExtSigningJwksKey default: "" required: true group: "OpenBanking Distribution" description: "Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set." type: multiline label: Open banking external signing jwks AS key string - variable: global.cnObExtSigningJwksKeyPassPhrase default: "" required: true group: "OpenBanking Distribution" description: "Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set." type: password label: Open banking external signing jwks AS key passphrase min_length: 6 - variable: global.cnObExtSigningAlias default: "XkwIzWy44xWSlcWnMiEc8iq9s2G" required: true group: "OpenBanking Distribution" description: "Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G" type: string label: Open banking external signing AS Alias - variable: global.cnObStaticSigningKeyKid default: "Wy44xWSlcWnMiEc8iq9s2G" required: true group: "OpenBanking Distribution" description: "Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G" type: string label: Open banking signing AS kid show_if: "global.distribution=openbanking" - variable: global.cnObTransportAlias default: "" required: false group: "OpenBanking Distribution" description: "Open banking transport Alias used inside the JVM." type: string label: Open banking transport Alias used inside the JVM. show_if: "global.distribution=openbanking" subquestions: - variable: global.cnObTransportCrt default: "" required: true group: "OpenBanking Distribution" description: "Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64." type: multiline label: Open banking AS transport crt - variable: global.cnObTransportKey default: "" required: true group: "OpenBanking Distribution" description: "Open banking AS transport key. Used in SSA Validation. This must be encoded using base64." type: multiline label: Open banking AS transport key - variable: global.cnObTransportKeyPassPhrase default: "" required: true group: "OpenBanking Distribution" description: "Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64." type: password label: Open banking AS transport key passphrase min_length: 6 - variable: global.cnObTransportTrustStore default: "" required: true group: "OpenBanking Distribution" description: "Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64." type: multiline label: Open banking external signing jwks AS certificate authority string # ======================= # Optional Services group # ======================= - variable: global.admin-ui.enabled default: false type: boolean group: "Optional Services" required: false label: Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. This requires a license agreement with Gluu. show_if: "global.distribution=default" show_subquestion_if: true subquestions: - variable: global.admin-ui.adminUiApiKey default: "" required: true description: "Admin UI license API key. Obtain this from Gluu." type: multiline label: Admin UI license API key. Obtain this from Gluu - variable: global.admin-ui.adminUiProductCode default: "" required: true description: "Admin UI license product code. Obtain this from Gluu." type: multiline label: Admin UI license product code. Obtain this from Gluu. - variable: global.admin-ui.adminUiSharedKey default: "" required: true description: "Admin UI license shared key. Obtain this from Gluu." type: multiline label: Admin UI license shared key. Obtain this from Gluu. - variable: global.admin-ui.adminUiManagementKey default: "" required: true description: "Admin UI license management key. Obtain this from Gluu." type: multiline label: Admin UI license management key. Obtain this from Gluu. - variable: global.auth-server-key-rotation.enabled default: false type: boolean group: "Optional Services" required: true label: Enable Auth key rotation cronjob show_if: "global.distribution=default" show_subquestion_if: true subquestions: - variable: auth-server-key-rotation.keysLife default: 48 description: "Auth server key rotation keys life in hours." type: int label: Key life - variable: global.fido2.enabled default: false type: boolean group: "Optional Services" required: true show_if: "global.distribution=default" label: Enable Fido2 description: "FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments." - variable: global.config-api.enabled default: false type: boolean group: "Optional Services" required: true label: Enable ConfigAPI description: "Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS)." - variable: global.scim.enabled default: false type: boolean group: "Optional Services" required: true show_if: "global.distribution=default" label: Enable SCIM description: "System for Cross-domain Identity Management (SCIM) version 2.0" - variable: global.client-api.enabled default: false type: boolean group: "Optional Services" required: true label: Enable ClientAPI show_if: "global.distribution=default" description: "Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting." show_subquestion_if: true subquestions: - variable: config.configmap.cnClientApiApplicationCertCn default: "client-api" description: "Client API application keystore name" type: string label: Client API application keystore name - variable: config.configmap.cnClientApiAdminCertCn default: "client-api" description: "Client API admin keystore name" type: string label: Client API admin keystore name - variable: global.jackrabbit.enabled default: false type: boolean group: "Optional Services" required: true label: Enable Jackrabbit show_if: "global.distribution=default" show_subquestion_if: true description: "Needed for SAML. Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications. https://jackrabbit.apache.org/jcr/index.html ." subquestions: - variable: jackrabbit.storage.size default: "4Gi" description: "Size of Jackrabbit content repository volume storage." type: string label: Volume storage - variable: config.configmap.cnJackrabbitUrl default: "http://jackrabbit:8080" description: "Please enter jackrabbit url." type: hostname label: Jackrabbit URL - variable: config.configmap.cnJackrabbitAdminId default: "admin" description: "Jackrabbit admin user" type: string label: Jackrabbit Admin User valid_chars: "^[a-z]+$" - variable: jackrabbit.secrets.cnJackrabbitAdminPassword default: "Test1234#" description: "Jackrabbit admin password" type: password label: Jackrabbit Admin User Password min_length: 6 - variable: installer-settings.jackrabbit.clusterMode default: false type: boolean group: "Optional Services" required: true label: Enable Jackrabbit in Cluster Mode (HA) show_if: "global.jackrabbit.enabled=true" show_subquestion_if: true description: "Requires postgres." subquestions: - variable: config.configmap.cnJackrabbitPostgresUser default: "admin" description: "Jackrabbit postgres user" type: string label: Jackrabbit postgres user valid_chars: "^[a-z]+$" - variable: jackrabbit.secrets.cnJackrabbitPostgresPassword default: "admin" description: "Jackrabbit postgres password" type: password label: Jackrabbit postgres password - variable: config.configmap.cnJackrabbitPostgresDatabaseName default: "jackrabbit" description: "Jackrabbit postgres database name" type: string label: Jackrabbit postgres database name # ====================== # Test environment group # ====================== - variable: global.cloud.testEnviroment default: false type: boolean group: "Test Environment" required: true label: Test environment description: "Boolean flag if enabled will strip resources requests and limits from all services." # ================= # Persistence group # ================= - variable: global.cnPersistenceType default: "sql" required: true type: enum group: "Persistence" label: Gluu Persistence backend description: "Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner" options: - "ldap" - "couchbase" - "hybrid" - "spanner" - "sql" # LDAP - variable: global.opendj.enabled default: false type: boolean group: "Persistence" required: true label: Enable installation of OpenDJ description: "Boolean flag to enable/disable the OpenDJ chart." show_if: "global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid" - variable: config.configmap.cnLdapUrl default: "opendj:1636" type: hostname group: "Persistence" required: true label: OpenDJ remote URL description: "OpenDJ remote URL. This must be resolvable by the pods" show_if: "global.opendj.enabled=false&&global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid" - variable: config.configmap.cnPersistenceLdapMapping default: "default" required: false type: enum group: "Persistence" label: Gluu Persistence LDAP mapping description: "Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`." options: - "default" - "user" - "site" - "cache" - "token" - "session" show_if: "global.cnPersistenceType=hybrid" # Multi cluster ldap replication - variable: opendj.multiCluster.enabled default: false type: boolean group: "Persistence" required: true label: Enable OpenDJ multiCluster mode description: "Enable OpenDJ multiCluster mode. This flag enables loading keys under `opendj.multiCluster`" show_if: "global.opendj.enabled=true" show_subquestion_if: true subquestions: - variable: opendj.multiCluster.serfAdvertiseAddrSuffix default: "regional.gluu.org:30946s" type: hostname group: "Persistence" required: true description: "OpenDJ Serf advertise address suffix that will be added to each opendj replica. i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }}" label: OpenDJ Serf advertise address suffix - variable: opendj.multiCluster.replicaCount default: 1 type: int group: "Persistence" required: true description: "The number of opendj non scalable statefulsets to create. Each pod created must be resolvable as it follows the patterm RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} If set to 1, with a release name of gluu, the address of the pod would be gluu-opendj-regional-0-regional.gluu.org" label: The number of opendj non scalable statefulsets to create. - variable: opendj.multiCluster.clusterId default: "west" type: string group: "Persistence" required: true description: "This id needs to be unique to each kubernetes cluster in a multi cluster setup; west, east, south, north, region ...etc If left empty it will be randomly generated." label: Unique kubernetes cluster id - variable: opendj.multiCluster.serfPeers default: "['gluu-opendj-regional-0-regional.gluu.org:30946', 'gluu-opendj-regional-0-regional.gluu.org:31946']" type: string group: "Persistence" required: true description: "Serf peer addresses. One per replica." label: Serf peer addresses # SQL - variable: config.configmap.cnSqlDbDialect default: "default" required: false type: enum group: "Persistence" label: Gluu SQL Database dialect description: "SQL database dialect. `mysql` or `pgsql`. The former is still not supported yet!" options: - "mysql" - "pgsql" show_if: "global.cnPersistenceType=sql" - variable: config.configmap.cnSqlDbHost default: "my-release-mysql.default.svc.cluster.local" required: false type: hostname group: "Persistence" label: SQL database host uri description: "SQL database host uri" show_if: "global.cnPersistenceType=sql" - variable: config.configmap.cnSqlDbPort default: 3306 required: false type: int group: "Persistence" label: SQL database port description: "SQL database port" show_if: "global.cnPersistenceType=sql" - variable: config.configmap.cnSqlDbUser default: "gluu" group: "Persistence" description: "SQL database username" type: string label: SQL database username valid_chars: "^[a-z]+$" show_if: "global.cnPersistenceType=sql" - variable: config.configmap.cnSqldbUserPassword default: "Test1234#" group: "Persistence" description: "SQL password" type: password label: SQL password show_if: "global.cnPersistenceType=sql" - variable: config.configmap.cnSqlDbName default: "gluu" group: "Persistence" description: "SQL database name" type: string label: SQL database name show_if: "global.cnPersistenceType=sql" # Spanner - variable: config.configmap.cnGoogleSpannerInstanceId default: "" group: "Persistence" description: "The google spanner instance ID" type: string label: Google Spanner Instance ID show_if: "global.cnPersistenceType=spanner" - variable: config.configmap.cnGoogleSpannerDatabaseId default: "" group: "Persistence" description: "The google spanner database ID" type: string label: Google Spanner Database ID show_if: "global.cnPersistenceType=spanner" - variable: config.configmap.cnGoogleSecretManagerServiceAccount default: "" group: "Persistence" description: "The service account with access roles/secretmanager.admin to use Google secret manager and/or roles/spanner.databaseUser to use Spanner." type: multiline label: Google Spanner Service Account json show_if: "global.cnPersistenceType=spanner" - variable: config.configmap.cnGoogleProjectId default: "" group: "Persistence" description: "The Google Project ID" type: string label: Google Project ID show_if: "global.cnPersistenceType=spanner" #Couchbase - variable: config.configmap.cnCouchbaseCrt default: "" group: "Persistence" description: "Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required." type: multiline label: Couchbase certificate authority string show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" - variable: config.configmap.cnCouchbaseUrl default: "gluu.cbns.svc.cluster.local" required: false type: hostname group: "Persistence" label: Couchbase host uri description: "Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster" show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" - variable: config.configmap.cnCouchbaseBucketPrefix default: "gluu" type: string description: "The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu." group: "Persistence" required: true label: The prefix of Couchbase buckets show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" - variable: config.configmap.cnCouchbaseIndexNumReplica default: 0 type: int description: "The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1." group: "Persistence" required: true label: The number of replicas per index created show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" - variable: config.configmap.cnCouchbaseSuperUser default: "admin" group: "Persistence" description: "he Couchbase super user (admin) user name. This user is used during initialization only." type: string label: The Couchbase super user (admin) user name. valid_chars: "^[a-z]+$" show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" - variable: config.configmap.cnCouchbaseSuperUserPassword default: "Test1234#" group: "Persistence" description: "Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization and upgrade process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" type: password label: Couchbase password for the super users show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" - variable: config.configmap.cnCouchbaseUser default: "gluu" group: "Persistence" description: "Couchbase restricted user, used in Gluu operations with Couchbase. Used only when global.cnPersistenceType is hybrid or couchbase." type: string label: Couchbase restricted username valid_chars: "^[a-z]+$" show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" - variable: config.configmap.cnCouchbasePassword default: "Test1234#" group: "Persistence" description: "Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ." type: password label: Couchbase password for the restricted user show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" # ============================== # StorageClass and volume group # ============================== - variable: global.storageClass.provisioner default: "microk8s.io/hostpath" type: string group: "Volumes" required: true label: StorageClass provisioner show_if: "global.cnPersistenceType=ldap||global.jackrabbit.enabled=true" subquestions: - variable: global.storageClass.allowVolumeExpansion default: true type: boolean group: "Volumes" required: true label: StorageClass Volume expansion - variable: global.storageClass.reclaimPolicy default: "Retain" type: enum group: "Volumes" required: true label: StorageClass reclaimPolicy options: - "Delete" - "Retain" - variable: global.storageClass.volumeBindingMode default: "WaitForFirstConsumer" type: enum group: "Volumes" required: true options: - "WaitForFirstConsumer" - "Immediate" label: StorageClass volumeBindingMode # =========== # Cache group # =========== - variable: config.configmap.cnCacheType default: "NATIVE_PERSISTENCE" required: true type: enum group: "Cache" label: Gluu Cache description: "Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` ." options: - "NATIVE_PERSISTENCE" - "IN_MEMORY" - "REDIS" show_subquestion_if: "REDIS" subquestions: - variable: config.configmap.cnRedisType default: "STANDALONE" type: enum group: "Cache" required: false label: Redix service type description: "Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`." options: - "STANDALONE" - "CLUSTER" - variable: config.redisPassword default: "Test1234#" type: password group: "Cache" required: false label: Redis admin password description: "Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`." - variable: config.configmap.cnRedisUrl default: "redis.redis.svc.cluster.local:6379" required: false type: hostname group: "Cache" label: Redis URL description: "Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`." # ================== # Configuration group # ================== - variable: global.fqdn default: "demoexample.gluu.org" required: true type: hostname group: "Configuration" label: Gluu Installation FQDN description: "Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services." - variable: global.countryCode default: "US" required: true type: string group: "Configuration" label: Country code description: "Country code. Used for certificate creation." - variable: config.state default: "TX" required: true type: string group: "Configuration" label: State code description: "State code. Used for certificate creation." - variable: config.city default: "Austin" required: true type: string group: "Configuration" label: City description: "City. Used for certificate creation." - variable: config.email default: "support@gluu.org" required: true type: string group: "Configuration" label: Email description: "Email address of the administrator usually. Used for certificate creation." - variable: config.orgName default: "Gluu" required: true type: string group: "Configuration" label: Organization description: "Organization name. Used for certificate creation." - variable: config.adminPassword default: "Test1234#" type: password group: "Configuration" required: true label: Admin UI password description: "Admin password to log in to the UI." - variable: config.ldapPassword default: "Test1234#" type: password group: "Configuration" required: true label: LDAP password description: "LDAP admin password if OpenDJ is used for persistence" show_if: "global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid" - variable: global.isFqdnRegistered default: true required: true type: boolean group: "Configuration" label: Is the FQDN globally resolvable description: "Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically." - variable: config.migration.enabled default: false required: true type: boolean group: "Configuration" label: Migration from Gluu CE description: "Boolean flag to enable migration from CE" show_subquestion_if: true subquestions: - variable: config.migration.migrationDataFormat default: "ldif" type: enum group: "Configuration" required: false label: Migration data-format description: "Migration data-format depending on persistence backend." options: - "ldif" - "couchbase+json" - "spanner+avro" - "postgresql+json" - "mysql+json" - variable: config.migration.migrationDir default: "/ce-migration" required: false type: string group: "Configuration" label: Migration Directory description: "Directory holding all migration files" # =========================== # Ingress group(Istio, NGINX) # =========================== # =========== # Istio group # =========== - variable: global.istio.enabled default: false type: boolean group: "Istio" required: true description: "Boolean flag that enables using istio side cars with Gluu services." label: Use Istio side cars show_subquestion_if: true subquestions: - variable: global.istio.ingress default: false type: boolean group: "Istio" required: true description: "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available." label: Use Istio Ingress - variable: global.istio.namespace default: "istio-system" type: string group: "Istio" required: true description: "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available." label: Istio namespace - variable: config.configmap.lbAddr default: "" group: "Istio" description: "Istio loadbalancer address (eks) or ip (gke, aks, digital ocean, local)" type: hostname label: LB address or ip # =========== # NGINX group # =========== - variable: config.configmap.lbAddr default: "" group: "NGINX" show_if: "global.istio.ingress=false&&global.isFqdnRegistered=false" description: "loadbalancer address (eks) or ip (gke, aks, digital ocean, local)" type: hostname label: LB address or ip - variable: nginx-ingress.ingress.adminUiEnabled default: false type: boolean group: "NGINX" required: false show_if: "global.istio.ingress=false" description: "Enable Admin UI endpoints. COMING SOON." label: Enable Admin UI endpoints subquestions: - variable: nginx-ingress.ingress.openidConfigEnabled default: true type: boolean group: "NGINX" required: true description: "Enable endpoint /.well-known/openid-configuration" label: Enable endpoint /.well-known/openid-configuration - variable: nginx-ingress.ingress.uma2ConfigEnabled default: true type: boolean group: "NGINX" required: true description: "Enable endpoint /.well-known/uma2-configuration" label: Enable endpoint /.well-known/uma2-configuration - variable: nginx-ingress.ingress.webfingerEnabled default: true type: boolean group: "NGINX" required: true description: "Enable endpoint /.well-known/webfinger" label: Enable endpoint /.well-known/webfinger - variable: nginx-ingress.ingress.webdiscoveryEnabled default: true type: boolean group: "NGINX" required: true description: "Enable endpoint /.well-known/simple-web-discovery" label: Enable endpoint /.well-known/simple-web-discovery - variable: nginx-ingress.ingress.configApiEnabled default: true type: boolean group: "NGINX" required: true description: "Enable config API endpoints /jans-config-api" label: Enable config API endpoints /jans-config-api - variable: nginx-ingress.ingress.u2fConfigEnabled default: true type: boolean group: "NGINX" required: true description: "Enable endpoint /.well-known/fido-configuration" label: Enable endpoint /.well-known/fido-configuration - variable: nginx-ingress.ingress.authServerEnabled default: true type: boolean group: "NGINX" required: true description: "Enable Auth server endpoints /jans-auth" label: Enable Auth server endpoints /jans-auth - variable: nginx-ingress.ingress.fido2ConfigEnabled default: false type: boolean group: "NGINX" show_if: "global.distribution=default&&global.istio.ingress=false" required: true description: "Enable endpoint /.well-known/fido2-configuration" label: Enable endpoint /.well-known/fido2-configuration - variable: nginx-ingress.ingress.authServerProtectedToken default: true type: boolean group: "NGINX" show_if: "global.distribution=openbanking&&global.istio.ingress=false" required: true description: "Enable mTLS on Auth server endpoint /jans-auth/restv1/token" label: Enable mTLS on Auth server endpoint /jans-auth/restv1/token - variable: nginx-ingress.ingress.authServerProtectedRegister default: true type: boolean group: "NGINX" show_if: "global.distribution=openbanking&&global.istio.ingress=false" required: true description: "Enable mTLS on Auth server endpoint /jans-auth/restv1/register" label: Enable mTLS onn Auth server endpoint /jans-auth/restv1/register - variable: nginx-ingress.ingress.scimConfigEnabled default: false type: boolean group: "NGINX" show_if: "global.distribution=default&&global.istio.ingress=false" required: true description: "Enable endpoint /.well-known/scim-configuration" label: Enable endpoint /.well-known/scim-configuration - variable: nginx-ingress.ingress.scimEnabled default: false type: boolean group: "NGINX" show_if: "global.distribution=default&&global.istio.ingress=false" required: true description: "Enable SCIM endpoints /jans-scim" label: Enable SCIM endpoints /jans-scim # ============ # Images group # ============ # AuthServer - variable: auth-server.image.repository required: true type: string default: "janssenproject/auth-server" description: "The Auth Server Image repository" label: Auth Server image repo group: "Images" show_if: "global.auth-server.enabled=true" - variable: auth-server.image.pullPolicy required: true type: enum group: "Images" default: IfNotPresent description: "The Auth Server Image pull policy" label: Auth Server imagePullPolicy options: - "Always" - "IfNotPresent" - "Never" show_if: "global.auth-server.enabled=true" - variable: auth-server.image.tag required: true type: string default: "1.0.0-beta.13" description: "The Auth Server Image tag" label: Auth Server image tag group: "Images" show_if: "global.auth-server.enabled=true" # AuthServer KeyRotation - variable: auth-server-key-rotation.image.repository required: true type: string default: "janssenproject/certmanager" description: "The Auth Server KeyRotation Image repository" label: Auth Server KeyRotation image repo group: "Images" show_if: "global.auth-server-key-rotation.enabled=true" - variable: auth-server-key-rotation.image.pullPolicy required: true type: enum group: "Images" default: IfNotPresent description: "The Auth Server KeyRotation Image pull policy" label: Auth Server KeyRotation imagePullPolicy options: - "Always" - "IfNotPresent" - "Never" show_if: "global.auth-server-key-rotation.enabled=true" - variable: auth-server-key-rotation.image.tag required: true type: string default: "1.0.0-beta.13" description: "The Auth Server Image tag" label: Auth Server KeyRotation image tag group: "Images" show_if: "global.auth-server-key-rotation.enabled=true" # ClientAPI - variable: client-api.image.repository required: true type: string default: "janssenproject/client-api" description: "The ClientAPI Image repository" label: ClientAPI image repo group: "Images" show_if: "global.client-api.enabled=true" - variable: client-api.image.pullPolicy required: true type: enum group: "Images" default: IfNotPresent description: "The ClientAPI Image pull policy" label: ClientAPI imagePullPolicy options: - "Always" - "IfNotPresent" - "Never" show_if: "global.client-api.enabled=true" - variable: client-api.image.tag required: true type: string default: "1.0.0-beta.13" description: "The ClientAPI Image tag" label: ClientAPI image tag group: "Images" show_if: "global.client-api.enabled=true" # Configurator - variable: config.image.repository required: true type: string default: "janssenproject/configurator" description: "The Configurator Image repository" label: Configurator image repo group: "Images" show_if: "global.config.enabled=true" - variable: config.image.pullPolicy required: true type: enum group: "Images" default: IfNotPresent description: "The Configurator Image pull policy" label: Configurator imagePullPolicy options: - "Always" - "IfNotPresent" - "Never" show_if: "global.config.enabled=true" - variable: config.image.tag required: true type: string default: "1.0.0-beta.13" description: "The Configurator Image tag" label: Configurator image tag group: "Images" show_if: "global.config.enabled=true" # ConfigAPI - variable: config-api.image.repository required: true type: string default: "janssenproject/config-api" description: "The ConfigAPI Image repository" label: ConfigAPI image repo group: "Images" show_if: "global.config-api.enabled=true" - variable: config-api.image.pullPolicy required: true type: enum group: "Images" default: IfNotPresent description: "The ConfigAPI Image pull policy" label: ConfigAPI imagePullPolicy options: - "Always" - "IfNotPresent" - "Never" show_if: "global.config-api.enabled=true" - variable: config-api.image.tag required: true type: string default: "1.0.0-beta.13" description: "The ConfigAPI Image tag" label: ConfigAPI image tag group: "Images" show_if: "global.config-api.enabled=true" # Fido2 - variable: fido2.image.repository required: true type: string default: "janssenproject/fido2" description: "The Fido2 Image repository" label: Fido2 image repo group: "Images" show_if: "global.fido2.enabled=true" - variable: fido2.image.pullPolicy required: true type: enum group: "Images" default: IfNotPresent description: "The Fido2 Image pull policy" label: Fido2 imagePullPolicy options: - "Always" - "IfNotPresent" - "Never" show_if: "global.fido2.enabled=true" - variable: fido2.image.tag required: true type: string default: "1.0.0-beta.13" description: "The Fido2 Image tag" label: Fido2 image tag group: "Images" show_if: "global.fido2.enabled=true" # Jackrabbit - variable: jackrabbit.image.repository required: true type: string default: "janssenproject/jackrabbit" description: "The Jackrabbit Image repository" label: Jackrabbit image repo group: "Images" show_if: "global.jackrabbit.enabled=true" - variable: jackrabbit.image.pullPolicy required: true type: enum group: "Images" default: IfNotPresent description: "The Jackrabbit Image pull policy" label: Jackrabbit imagePullPolicy options: - "Always" - "IfNotPresent" - "Never" show_if: "global.jackrabbit.enabled=true" - variable: jackrabbit.image.tag required: true type: string default: "1.0.0-beta.13" description: "The Jackrabbit Image tag" label: Jackrabbit image tag group: "Images" show_if: "global.jackrabbit.enabled=true" # OpenDJ - variable: opendj.image.repository required: true type: string default: "gluufederation/opendj" description: "The OpenDJ Image repository" label: OpenDJ image repo group: "Images" show_if: "global.opendj.enabled=true" - variable: opendj.image.pullPolicy required: true type: enum group: "Images" default: IfNotPresent description: "The OpenDJ Image pull policy" label: OpenDJ imagePullPolicy options: - "Always" - "IfNotPresent" - "Never" show_if: "global.opendj.enabled=true" - variable: opendj.image.tag required: true type: string default: "5.0.0_dev" description: "The OpenDJ Image tag" label: OpenDJ image tag group: "Images" show_if: "global.opendj.enabled=true" # Persistence - variable: persistence.image.repository required: true type: string default: "janssenproject/persistence-loader" description: "The Persistence Image repository" label: Persistence image repo group: "Images" show_if: "global.persistence.enabled=true" - variable: persistence.image.pullPolicy required: true type: enum group: "Images" default: IfNotPresent description: "The Persistence Image pull policy" label: Persistence imagePullPolicy options: - "Always" - "IfNotPresent" - "Never" show_if: "global.persistence.enabled=true" - variable: persistence.image.tag required: true type: string default: "1.0.0-beta.13" description: "The Persistence Image tag" label: Persistence image tag group: "Images" show_if: "global.persistence.enabled=true" # SCIM - variable: scim.image.repository required: true type: string default: "janssenproject/scim" description: "The SCIM Image repository" label: SCIM image repo group: "Images" show_if: "global.scim.enabled=true" - variable: scim.image.pullPolicy required: true type: enum group: "Images" default: IfNotPresent description: "The SCIM Image pull policy" label: SCIM imagePullPolicy options: - "Always" - "IfNotPresent" - "Never" show_if: "global.scim.enabled=true" - variable: scim.image.tag required: true type: string default: "1.0.0-beta.13" description: "The SCIM Image tag" label: SCIM image tag group: "Images" show_if: "global.scim.enabled=true" # ============== # Replicas group # ============== # AuthServer - variable: auth-server.replicas default: 1 required: false type: int group: "Replicas" label: Auth-server Replicas description: "Service replica number." show_if: "global.auth-server.enabled=true" # ClientAPI - variable: client-api.replicas default: 1 required: false type: int group: "Replicas" label: ClientAPI Replicas description: "Service replica number." show_if: "global.client-api.enabled=true" # ConfigAPI - variable: config-api.replicas default: 1 required: false type: int group: "Replicas" label: ConfigAPI Replicas description: "Service replica number." show_if: "global.config-api.enabled=true" # ConfigAPI - variable: config-api.replicas default: 1 required: false type: int group: "Replicas" label: ConfigAPI Replicas description: "Service replica number." show_if: "global.config-api.enabled=true" # Fido2 - variable: fido2.replicas default: 1 required: false type: int group: "Replicas" label: Fido2 Replicas description: "Service replica number." show_if: "global.fido2.enabled=true" # Jackrabbit - variable: jackrabbit.replicas default: 1 required: false type: int group: "Replicas" label: Jackrabbit Replicas description: "Service replica number." show_if: "global.jackrabbit.enabled=true" # OpenDJ - variable: opendj.replicas default: 1 required: false type: int group: "Replicas" label: OpenDJ Replicas description: "Service replica number." show_if: "global.opendj.enabled=true&&opendj.multiCluster.enabled=false" # SCIM - variable: scim.replicas default: 1 required: false type: int group: "Replicas" label: SCIM Replicas description: "Service replica number." show_if: "global.scim.enabled=true"