296 lines
8.9 KiB
YAML
296 lines
8.9 KiB
YAML
questions:
|
|
# ========================
|
|
# SECRETS And Configuration
|
|
# ========================
|
|
|
|
### AWS Configuration
|
|
|
|
- variable: secrets.awsAccessKeyId
|
|
description: "AWS access key ID (required for AWS deployment)"
|
|
type: password
|
|
label: AWS Access Key ID
|
|
required: false
|
|
group: "AWS Configuration"
|
|
|
|
- variable: secrets.awsSecretAccessKey
|
|
description: "AWS access key secret (required for AWS deployment)"
|
|
type: password
|
|
label: AWS Secret Access Key
|
|
required: false
|
|
group: "AWS Configuration"
|
|
|
|
- variable: secrets.awsIamRole
|
|
description: "ARN of the AWS IAM role assumed by K10 to perform any AWS operation."
|
|
type: string
|
|
label: ARN of the AWS IAM role
|
|
required: false
|
|
group: "AWS Configuration"
|
|
|
|
- variable: awsConfig.assumeRoleDuration
|
|
description: "Duration of a session token generated by AWS for an IAM role"
|
|
type: string
|
|
label: Role Duration
|
|
required: false
|
|
default: ""
|
|
group: "AWS Configuration"
|
|
|
|
- variable: awsConfig.efsBackupVaultName
|
|
description: "Specifies the AWS EFS backup vault name"
|
|
type: string
|
|
label: EFS Backup Vault Name
|
|
required: false
|
|
default: "k10vault"
|
|
group: "AWS Configuration"
|
|
|
|
### Google Cloud Configuration
|
|
|
|
- variable: secrets.googleApiKey
|
|
description: "Required If cluster is deployed on Google Cloud"
|
|
type: multiline
|
|
label: Non-default base64 encoded GCP Service Account key file
|
|
required: false
|
|
group: "GoogleApi Configuration"
|
|
|
|
### Azure Configuration
|
|
|
|
- variable: secrets.azureTenantId
|
|
description: "Azure tenant ID (required for Azure deployment)"
|
|
type: string
|
|
label: Tenant ID
|
|
required: false
|
|
group: "Azure Configuration"
|
|
|
|
- variable: secrets.azureClientId
|
|
description: "Azure Service App ID"
|
|
type: password
|
|
label: Service App ID
|
|
required: false
|
|
group: "Azure Configuration"
|
|
|
|
- variable: secrets.azureClientSecret
|
|
description: "Azure Service App secret"
|
|
type: password
|
|
label: Service App secret
|
|
required: false
|
|
group: "Azure Configuration"
|
|
|
|
- variable: secrets.azureResourceGroup
|
|
description: "Resource Group name that was created for the Kubernetes cluster"
|
|
type: string
|
|
label: Resource Group
|
|
required: false
|
|
group: "Azure Configuration"
|
|
|
|
- variable: secrets.azureSubscriptionID
|
|
description: "Subscription ID in your Azure tenant"
|
|
type: string
|
|
label: Subscription ID
|
|
required: false
|
|
group: "Azure Configuration"
|
|
|
|
- variable: secrets.azureResourceMgrEndpoint
|
|
description: "Resource management endpoint for the Azure Stack instance"
|
|
type: string
|
|
label: Resource management endpoint
|
|
required: false
|
|
group: "Azure Configuration"
|
|
|
|
- variable: secrets.azureADEndpoint
|
|
description: "Azure Active Directory login endpoint"
|
|
type: string
|
|
label: Active Directory login endpoint
|
|
required: false
|
|
group: "Azure Configuration"
|
|
|
|
- variable: secrets.azureADResourceID
|
|
description: "Azure Active Directory resource ID to obtain AD tokens"
|
|
type: string
|
|
label: Active Directory resource ID
|
|
required: false
|
|
group: "Azure Configuration"
|
|
|
|
# ========================
|
|
# Authentication
|
|
# ========================
|
|
|
|
- variable: auth.basicAuth.enabled
|
|
description: "Configures basic authentication for the K10 dashboard"
|
|
type: boolean
|
|
label: Enable Basic Authentication
|
|
required: false
|
|
group: "Authentication"
|
|
show_subquestion_if: true
|
|
subquestions:
|
|
- variable: auth.basicAuth.htpasswd
|
|
description: "A username and password pair separated by a colon character"
|
|
type: password
|
|
label: Authentication Details (htpasswd)
|
|
- variable: auth.basicAuth.secretName
|
|
description: "Name of an existing Secret that contains a file generated with htpasswd"
|
|
type: string
|
|
label: Secret Name
|
|
|
|
- variable: auth.tokenAuth.enabled
|
|
description: "Configures token based authentication for the K10 dashboard"
|
|
type: boolean
|
|
label: Enable Token Based Authentication
|
|
required: false
|
|
group: "Authentication"
|
|
|
|
- variable: auth.oidcAuth.enabled
|
|
description: "Configures Open ID Connect based authentication for the K10 dashboard"
|
|
type: boolean
|
|
label: Enable OpenID Connect Based Authentication
|
|
required: false
|
|
group: "Authentication"
|
|
show_subquestion_if: true
|
|
subquestions:
|
|
- variable: auth.oidcAuth.providerURL
|
|
description: "URL for the OIDC Provider"
|
|
type: string
|
|
label: OIDC Provider URL
|
|
- variable: auth.oidcAuth.redirectURL
|
|
description: "URL for the K10 gateway Provider"
|
|
type: string
|
|
label: OIDC Redirect URL
|
|
- variable: auth.oidcAuth.scopes
|
|
description: "Space separated OIDC scopes required for userinfo. Example: `profile email`"
|
|
type: string
|
|
label: OIDC scopes
|
|
- variable: auth.oidcAuth.prompt
|
|
description: "The type of prompt to be used during authentication (none, consent, login, or select_account)"
|
|
type: enum
|
|
options:
|
|
- none
|
|
- consent
|
|
- login
|
|
- select_account
|
|
default: none
|
|
label: The type of prompt to be used during authentication (none, consent, login, or select_account)
|
|
- variable: auth.oidcAuth.clientID
|
|
description: "Client ID given by the OIDC provider for K10"
|
|
type: password
|
|
label: OIDC Client ID
|
|
- variable: auth.oidcAuth.clientSecret
|
|
description: "Client secret given by the OIDC provider for K10"
|
|
type: password
|
|
label: OIDC Client Secret
|
|
- variable: auth.oidcAuth.usernameClaim
|
|
description: "The claim to be used as the username"
|
|
type: string
|
|
label: OIDC UserName Claim
|
|
- variable: auth.oidcAuth.usernamePrefix
|
|
description: "Prefix that has to be used with the username obtained from the username claim"
|
|
type: string
|
|
label: OIDC UserName Prefix
|
|
- variable: auth.oidcAuth.groupClaim
|
|
description: "Name of a custom OpenID Connect claim for specifying user groups"
|
|
type: string
|
|
label: OIDC group Claim
|
|
- variable: auth.oidcAuth.groupPrefix
|
|
description: "All groups will be prefixed with this value to prevent conflicts"
|
|
type: string
|
|
label: OIDC group Prefix
|
|
|
|
# ========================
|
|
# External Gateway
|
|
# ========================
|
|
|
|
- variable: externalGateway.create
|
|
description: "Configures an external gateway for K10 API services"
|
|
type: boolean
|
|
label: Create External Gateway
|
|
required: false
|
|
group: "External Gateway"
|
|
show_subquestion_if: true
|
|
subquestions:
|
|
- variable: externalGateway.annotations
|
|
description: "Standard annotations for the services"
|
|
type: multiline
|
|
default: ""
|
|
label: Annotation
|
|
- variable: externalGateway.fqdn.name
|
|
description: "Domain name for the K10 API services"
|
|
type: string
|
|
label: Domain Name
|
|
- variable: externalGateway.fqdn.type
|
|
description: "Supported gateway type: `route53-mapper` or `external-dns`"
|
|
type: string
|
|
label: Gateway Type route53-mapper or external-dns
|
|
- variable: externalGateway.awsSSLCertARN
|
|
description: "ARN for the AWS ACM SSL certificate used in the K10 API server"
|
|
type: multiline
|
|
label: ARN for the AWS ACM SSL certificate
|
|
|
|
# ========================
|
|
# Storage Management
|
|
# ========================
|
|
|
|
- variable: global.persistence.storageClass
|
|
label: StorageClass Name
|
|
description: "Specifies StorageClass Name to be used for PVCs"
|
|
type: string
|
|
required: false
|
|
default: ""
|
|
group: "Storage Management"
|
|
|
|
- variable: prometheus.server.persistentVolume.storageClass
|
|
type: string
|
|
label: StorageClass Name for Prometheus PVC
|
|
description: "StorageClassName used to create Prometheus PVC. Setting this option overwrites global StorageClass value"
|
|
default: ""
|
|
required: false
|
|
group: "Storage Management"
|
|
|
|
- variable: prometheus.server.persistentVolume.enabled
|
|
type: boolean
|
|
label: Enable PVC for Prometheus server
|
|
description: "If true, K10 Prometheus server will create a Persistent Volume Claim"
|
|
default: true
|
|
required: false
|
|
group: "Storage Management"
|
|
|
|
- variable: global.persistence.enabled
|
|
type: boolean
|
|
label: Storage Enabled
|
|
description: "If true, K10 will use Persistent Volume Claim"
|
|
default: true
|
|
required: false
|
|
group: "Storage Management"
|
|
|
|
# ========================
|
|
# Service Account
|
|
# ========================
|
|
|
|
- variable: serviceAccount.name
|
|
description: "Name of a service account in the target namespace that has cluster-admin permissions. This is needed for the K10 to be able to protect cluster resources."
|
|
type: string
|
|
label: Service Account Name
|
|
required: false
|
|
group: "Service Account"
|
|
|
|
# ========================
|
|
# License
|
|
# ========================
|
|
|
|
- variable: license
|
|
description: "License string obtained from Kasten"
|
|
type: multiline
|
|
label: License String
|
|
group: "License"
|
|
- variable: eula.accept
|
|
description: "Whether to enable accept EULA before installation"
|
|
type: boolean
|
|
label: Enable accept EULA before installation
|
|
group: "License"
|
|
show_subquestion_if: true
|
|
subquestions:
|
|
- variable: eula.company
|
|
description: "Company name. Required field if EULA is accepted"
|
|
type: string
|
|
label: Company Name
|
|
- variable: eula.email
|
|
description: "Contact email. Required field if EULA is accepted"
|
|
type: string
|
|
label: Contact Email
|