andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/packages/gluu/flex/overlay/questions.yaml

1210 lines
39 KiB
YAML
Raw Blame History

questions:
# ==================
# License SSA group
# ==================
- variable: global.licenseSsa
default: ""
required: true
type: string
label: License SSA
description: "Before initiating the setup, please contact Gluu to obtain a valid license or trial license. Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT placed here in which you can use to install. This must be base64 encoded."
group: "License SSA"
# ==================
# Distribution group
# ==================
- variable: global.distribution
default: "openbanking"
required: true
type: enum
label: Gluu Distribution
description: "Gluu Distribution. Openbanking only contains Config-API and the Auth Server customized for Openbanking industry."
group: "Global Settings"
options:
- "default"
- "openbanking"
# ========================
# OpenBanking Distribution
# ========================
- variable: global.cnObExtSigningJwksUri
required: true
default: "https://keystore.openbankingtest.org.uk/keystore/openbanking.jwks"
description: "Open banking external signing jwks uri. Used in SSA Validation."
type: hostname
group: "OpenBanking Distribution"
label: Openbanking external signing JWKS URI
show_if: "global.distribution=openbanking"
subquestions:
- variable: global.cnObExtSigningJwksCrt
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set."
type: multiline
label: Open banking external signing jwks AS certificate authority string
- variable: global.cnObExtSigningJwksKey
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set."
type: multiline
label: Open banking external signing jwks AS key string
- variable: global.cnObExtSigningJwksKeyPassPhrase
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set."
type: password
label: Open banking external signing jwks AS key passphrase
min_length: 6
- variable: global.cnObExtSigningAlias
default: "XkwIzWy44xWSlcWnMiEc8iq9s2G"
required: true
group: "OpenBanking Distribution"
description: "Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G"
type: string
label: Open banking external signing AS Alias
- variable: global.cnObStaticSigningKeyKid
default: "Wy44xWSlcWnMiEc8iq9s2G"
required: true
group: "OpenBanking Distribution"
description: "Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G"
type: string
label: Open banking signing AS kid
show_if: "global.distribution=openbanking"
- variable: global.cnObTransportAlias
default: ""
required: false
group: "OpenBanking Distribution"
description: "Open banking transport Alias used inside the JVM."
type: string
label: Open banking transport Alias used inside the JVM.
show_if: "global.distribution=openbanking"
subquestions:
- variable: global.cnObTransportCrt
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64."
type: multiline
label: Open banking AS transport crt
- variable: global.cnObTransportKey
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking AS transport key. Used in SSA Validation. This must be encoded using base64."
type: multiline
label: Open banking AS transport key
- variable: global.cnObTransportKeyPassPhrase
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64."
type: password
label: Open banking AS transport key passphrase
min_length: 6
- variable: global.cnObTransportTrustStore
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64."
type: multiline
label: Open banking external signing jwks AS certificate authority string
# =======================
# Optional Services group
# =======================
- variable: global.admin-ui.enabled
default: false
type: boolean
group: "Optional Services"
required: false
label: Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. This requires a license agreement with Gluu.
show_if: "global.distribution=default"
show_subquestion_if: true
- variable: global.auth-server-key-rotation.enabled
default: true
type: boolean
group: "Optional Services"
required: true
label: Enable Auth key rotation cronjob. Disable this if using the OB distribution.
show_if: "global.distribution=default"
show_subquestion_if: true
subquestions:
- variable: auth-server-key-rotation.keysLife
default: 48
description: "Auth server key rotation keys life in hours."
type: int
label: Key life
- variable: global.fido2.enabled
default: false
type: boolean
group: "Optional Services"
required: true
show_if: "global.distribution=default"
label: Enable Fido2
description: "FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments."
- variable: global.config-api.enabled
default: false
type: boolean
group: "Optional Services"
required: true
label: Enable ConfigAPI
description: "Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS)."
- variable: global.casa.enabled
default: false
type: boolean
group: "Optional Services"
required: true
label: Enable Casa
description: "Gluu Casa ('Casa') is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server."
- variable: global.scim.enabled
default: false
type: boolean
group: "Optional Services"
required: true
show_if: "global.distribution=default"
label: Enable SCIM
description: "System for Cross-domain Identity Management (SCIM) version 2.0"
# ======================
# Test environment group
# ======================
- variable: global.cloud.testEnviroment
default: false
type: boolean
group: "Test Environment"
required: true
label: Test environment
description: "Boolean flag if enabled will strip resources requests and limits from all services."
# =================
# Persistence group
# =================
- variable: global.cnPersistenceType
default: "sql"
required: true
type: enum
group: "Persistence"
label: Gluu Persistence backend
description: "Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner"
options:
- "ldap"
- "couchbase"
- "hybrid"
- "spanner"
- "sql"
# LDAP
- variable: global.opendj.enabled
default: false
type: boolean
group: "Persistence"
required: true
label: Enable installation of OpenDJ
description: "Boolean flag to enable/disable the OpenDJ chart."
show_if: "global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnLdapUrl
default: "opendj:1636"
type: hostname
group: "Persistence"
required: true
label: OpenDJ remote URL
description: "OpenDJ remote URL. This must be resolvable by the pods"
show_if: "global.opendj.enabled=false&&global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnPersistenceHybridMapping
default: "{}"
required: false
type: enum
group: "Persistence"
label: Gluu Persistence LDAP mapping
description: "Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`."
options:
- "default"
- "user"
- "site"
- "cache"
- "token"
- "session"
show_if: "global.cnPersistenceType=hybrid"
# SQL
- variable: config.configmap.cnSqlDbDialect
default: "default"
required: false
type: enum
group: "Persistence"
label: Gluu SQL Database dialect
description: "SQL database dialect. `mysql` or `pgsql`."
options:
- "pgsql"
- "mysql"
show_if: "global.cnPersistenceType=sql"
- variable: config.configmap.cnSqlDbHost
default: "postgresql.default.svc.cluster.local"
required: false
type: hostname
group: "Persistence"
label: SQL database host uri
description: "SQL database host uri"
show_if: "global.cnPersistenceType=sql"
- variable: config.configmap.cnSqlDbPort
default: 5432
required: false
type: int
group: "Persistence"
label: SQL database port
description: "SQL database port"
show_if: "global.cnPersistenceType=sql"
- variable: config.configmap.cnSqlDbUser
default: "gluu"
group: "Persistence"
description: "SQL database username"
type: string
label: SQL database username
valid_chars: "^[a-z]+$"
show_if: "global.cnPersistenceType=sql"
- variable: config.configmap.cnSqldbUserPassword
default: "Test1234#"
group: "Persistence"
description: "SQL password"
type: password
label: SQL password
show_if: "global.cnPersistenceType=sql"
- variable: config.configmap.cnSqlDbName
default: "gluu"
group: "Persistence"
description: "SQL database name"
type: string
label: SQL database name
show_if: "global.cnPersistenceType=sql"
# Spanner
- variable: config.configmap.cnGoogleSpannerInstanceId
default: ""
group: "Persistence"
description: "The google spanner instance ID"
type: string
label: Google Spanner Instance ID
show_if: "global.cnPersistenceType=spanner"
- variable: config.configmap.cnGoogleSpannerDatabaseId
default: ""
group: "Persistence"
description: "The google spanner database ID"
type: string
label: Google Spanner Database ID
show_if: "global.cnPersistenceType=spanner"
- variable: config.configmap.cnGoogleSecretManagerServiceAccount
default: ""
group: "Persistence"
description: "The service account with access roles/secretmanager.admin to use Google secret manager and/or roles/spanner.databaseUser to use Spanner."
type: multiline
label: Google Spanner Service Account json
show_if: "global.cnPersistenceType=spanner"
- variable: config.configmap.cnGoogleProjectId
default: ""
group: "Persistence"
description: "The Google Project ID"
type: string
label: Google Project ID
show_if: "global.cnPersistenceType=spanner"
#Couchbase
- variable: config.configmap.cnCouchbaseCrt
default: ""
group: "Persistence"
description: "Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required."
type: multiline
label: Couchbase certificate authority string
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbaseUrl
default: "gluu.cbns.svc.cluster.local"
required: false
type: hostname
group: "Persistence"
label: Couchbase host uri
description: "Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster"
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbaseBucketPrefix
default: "gluu"
type: string
description: "The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu."
group: "Persistence"
required: true
label: The prefix of Couchbase buckets
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbaseIndexNumReplica
default: 0
type: int
description: "The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1."
group: "Persistence"
required: true
label: The number of replicas per index created
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbaseSuperUser
default: "admin"
group: "Persistence"
description: "he Couchbase super user (admin) user name. This user is used during initialization only."
type: string
label: The Couchbase super user (admin) user name.
valid_chars: "^[a-z]+$"
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbaseSuperUserPassword
default: "Test1234#"
group: "Persistence"
description: "Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization and upgrade process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol"
type: password
label: Couchbase password for the super users
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbaseUser
default: "gluu"
group: "Persistence"
description: "Couchbase restricted user, used in Gluu operations with Couchbase. Used only when global.cnPersistenceType is hybrid or couchbase."
type: string
label: Couchbase restricted username
valid_chars: "^[a-z]+$"
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbasePassword
default: "Test1234#"
group: "Persistence"
description: "Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ."
type: password
label: Couchbase password for the restricted user
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
# ==============================
# StorageClass and volume group
# ==============================
- variable: global.storageClass.provisioner
default: "microk8s.io/hostpath"
type: string
group: "Volumes"
required: true
label: StorageClass provisioner
show_if: "global.cnPersistenceType=ldap"
subquestions:
- variable: global.storageClass.allowVolumeExpansion
default: true
type: boolean
group: "Volumes"
required: true
label: StorageClass Volume expansion
- variable: global.storageClass.reclaimPolicy
default: "Retain"
type: enum
group: "Volumes"
required: true
label: StorageClass reclaimPolicy
options:
- "Delete"
- "Retain"
- variable: global.storageClass.volumeBindingMode
default: "WaitForFirstConsumer"
type: enum
group: "Volumes"
required: true
options:
- "WaitForFirstConsumer"
- "Immediate"
label: StorageClass volumeBindingMode
# ===========
# Cache group
# ===========
- variable: config.configmap.cnCacheType
default: "NATIVE_PERSISTENCE"
required: true
type: enum
group: "Cache"
label: Gluu Cache
description: "Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` ."
options:
- "NATIVE_PERSISTENCE"
- "IN_MEMORY"
- "REDIS"
show_subquestion_if: "REDIS"
subquestions:
- variable: config.configmap.cnRedisType
default: "STANDALONE"
type: enum
group: "Cache"
required: false
label: Redix service type
description: "Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`."
options:
- "STANDALONE"
- "CLUSTER"
- variable: config.redisPassword
default: "Test1234#"
type: password
group: "Cache"
required: false
label: Redis admin password
description: "Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`."
- variable: config.configmap.cnRedisUrl
default: "redis.redis.svc.cluster.local:6379"
required: false
type: hostname
group: "Cache"
label: Redis URL
description: "Redis URL and port number <url>:<port>. Can be used when `config.configmap.cnCacheType` is set to `REDIS`."
# ==================
# Configuration group
# ==================
- variable: global.fqdn
default: "demoexample.gluu.org"
required: true
type: hostname
group: "Configuration"
label: Gluu Installation FQDN
description: "Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services."
- variable: global.countryCode
default: "US"
required: true
type: string
group: "Configuration"
label: Country code
description: "Country code. Used for certificate creation."
- variable: config.state
default: "TX"
required: true
type: string
group: "Configuration"
label: State code
description: "State code. Used for certificate creation."
- variable: config.city
default: "Austin"
required: true
type: string
group: "Configuration"
label: City
description: "City. Used for certificate creation."
- variable: config.email
default: "support@gluu.org"
required: true
type: string
group: "Configuration"
label: Email
description: "Email address of the administrator usually. Used for certificate creation."
- variable: config.orgName
default: "Gluu"
required: true
type: string
group: "Configuration"
label: Organization
description: "Organization name. Used for certificate creation."
- variable: config.adminPassword
default: "Test1234#"
type: password
group: "Configuration"
required: true
label: Admin UI password
description: "Admin password to log in to the UI."
- variable: config.ldapPassword
default: "Test1234#"
type: password
group: "Configuration"
required: true
label: LDAP password
description: "LDAP admin password if OpenDJ is used for persistence"
show_if: "global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid"
- variable: global.isFqdnRegistered
default: true
required: true
type: boolean
group: "Configuration"
label: Is the FQDN globally resolvable
description: "Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically."
- variable: config.migration.enabled
default: false
required: true
type: boolean
group: "Configuration"
label: Migration from Gluu CE
description: "Boolean flag to enable migration from CE"
show_subquestion_if: true
subquestions:
- variable: config.migration.migrationDataFormat
default: "ldif"
type: enum
group: "Configuration"
required: false
label: Migration data-format
description: "Migration data-format depending on persistence backend."
options:
- "ldif"
- "couchbase+json"
- "spanner+avro"
- "postgresql+json"
- "mysql+json"
- variable: config.migration.migrationDir
default: "/ce-migration"
required: false
type: string
group: "Configuration"
label: Migration Directory
description: "Directory holding all migration files"
# Configmap
- variable: global.configAdapterName
default: "kubernetes"
required: true
type: enum
group: "Configuration"
label: Gluu configuration backend
description: "The config backend adapter that will hold Gluu configuration layer. aws|google|kubernetes"
options:
- "aws"
- "google"
- "kubernetes"
# Secret
- variable: global.configSecretAdapter
default: "kubernetes"
required: true
type: enum
group: "Configuration"
label: Gluu secret backend
description: "The config backend adapter that will hold Gluu secret layer. aws|google|kubernetes"
options:
- "aws"
- "google"
- "kubernetes"
# Google
- variable: config.configmap.cnGoogleSecretManagerServiceAccount
default: ""
type: string
group: "Configuration"
required: true
label: Service account base64 encoded
description: "Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer."
show_if: "global.configAdapterName=google||global.configSecretAdapter=google"
- variable: config.configmap.cnGoogleProjectId
default: ""
type: string
group: "Configuration"
required: true
label: Project ID
description: "Project id of the Google project the secret manager belongs to"
show_if: "global.configAdapterName=google||global.configSecretAdapter=google"
- variable: config.configmap.cnGoogleSecretVersionId
default: "latest"
type: string
group: "Configuration"
required: true
label: Secrets version
description: "Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way."
show_if: "global.configAdapterName=google||global.configSecretAdapter=google"
- variable: config.configmap.cnGoogleSecretNamePrefix
default: "gluu"
type: string
group: "Configuration"
required: true
label: Secrets name prefix
description: "Prefix for Gluu secret in Google Secret Manager. Defaults to gluu"
show_if: "global.configAdapterName=google||global.configSecretAdapter=google"
# AWS
- variable: config.configmap.cnAwsAccessKeyId
default: ""
type: string
group: "Configuration"
required: true
label: AWS IAM Account Access Key ID
description: "AWS Access key id that belongs to an IAM user with SecretsManagerReadWrite policy"
show_if: "global.configAdapterName=aws||global.configSecretAdapter=aws"
- variable: config.configmap.cnAwsSecretAccessKey
default: ""
type: string
group: "Configuration"
required: true
label: AWS IAM Secret Access Key
description: "AWS Secret Access key that belongs to an IAM user with SecretsManagerReadWrite policy"
show_if: "global.configAdapterName=aws||global.configSecretAdapter=aws"
- variable: config.configmap.cnAwsSecretsNamePrefix
default: "gluu"
type: string
group: "Configuration"
required: true
label: Secrets name prefix
description: "Prefix for Gluu secret in AWS Secrets Manager. Defaults to gluu"
show_if: "global.configAdapterName=aws||global.configSecretAdapter=aws"
- variable: config.configmap.cnAwsProfile
default: "gluu"
type: string
group: "Configuration"
required: true
label: AWS named profile
description: "The aws named profile to use. Has to be created first. This is a sensible default and it's good to leave it as is. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html"
show_if: "global.configAdapterName=aws||global.configSecretAdapter=aws"
- variable: config.configmap.cnAwsDefaultRegion
default: "us-west-1"
type: string
group: "Configuration"
required: true
label: Default region
description: "The default AWS Region to use, for example, `us-west-1` or `us-west-2`"
show_if: "global.configAdapterName=aws||global.configSecretAdapter=aws"
- variable: config.configmap.cnAwsSecretsEndpointUrl
default: ""
type: string
group: "Configuration"
required: false
label: Secrets Manager Endpoint URL
description: "The URL of AWS secretsmanager service. If omitted, it will use the one in the specified default region. Example: https://secretsmanager.us-west-1.amazonaws.com"
show_if: "global.configAdapterName=aws||global.configSecretAdapter=aws"
# ===========================
# Ingress group(Istio, NGINX)
# ===========================
# ===========
# Istio group
# ===========
- variable: global.istio.enabled
default: false
type: boolean
group: "Istio"
required: true
description: "Boolean flag that enables using istio side cars with Gluu services."
label: Use Istio side cars
show_subquestion_if: true
subquestions:
- variable: global.istio.ingress
default: false
type: boolean
group: "Istio"
required: true
description: "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available."
label: Use Istio Ingress
- variable: global.istio.namespace
default: "istio-system"
type: string
group: "Istio"
required: true
description: "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available."
label: Istio namespace
- variable: config.configmap.lbAddr
default: ""
group: "Istio"
description: "Istio loadbalancer address (eks) or ip (gke, aks, digital ocean, local)"
type: hostname
label: LB address or ip
# ===========
# NGINX group
# ===========
- variable: config.configmap.lbAddr
default: ""
group: "NGINX"
show_if: "global.istio.ingress=false&&global.isFqdnRegistered=false"
description: "loadbalancer address (eks) or ip (gke, aks, digital ocean, local)"
type: hostname
label: LB address or ip
# ===========
# Ingress group
# ===========
- variable: global.admin-ui.ingress.adminUiEnabled
default: false
type: boolean
group: "Ingress"
required: false
description: "Enable Admin UI endpoints."
label: Enable Admin UI endpoints
subquestions:
# auth-server
- variable: global.auth-server.ingress.authServerEnabled
default: true
type: boolean
group: "Ingress"
required: true
description: "Enable Auth server endpoints /jans-auth"
label: Enable Auth server endpoints /jans-auth
- variable: global.auth-server.ingress.openidConfigEnabled
default: true
type: boolean
group: "Ingress"
required: true
description: "Enable endpoint /.well-known/openid-configuration"
label: Enable endpoint /.well-known/openid-configuration
- variable: global.auth-server.ingress.deviceCodeEnabled
default: true
type: boolean
group: "Ingress"
required: true
description: "Enable endpoint /device-code"
label: Enable endpoint /device-code
- variable: global.auth-server.ingress.firebaseMessagingEnabled
default: true
type: boolean
group: "Ingress"
required: true
description: "Enable endpoint /firebase-messaging-sw.js"
label: Enable endpoint /firebase-messaging-sw.js
- variable: global.auth-server.ingress.uma2ConfigEnabled
default: true
type: boolean
group: "Ingress"
required: true
description: "Enable endpoint /.well-known/uma2-configuration"
label: Enable endpoint /.well-known/uma2-configuration
- variable: global.auth-server.ingress.webfingerEnabled
default: true
type: boolean
group: "Ingress"
required: true
description: "Enable endpoint /.well-known/webfinger"
label: Enable endpoint /.well-known/webfinger
- variable: global.auth-server.ingress.webdiscoveryEnabled
default: true
type: boolean
group: "Ingress"
required: true
description: "Enable endpoint /.well-known/simple-web-discovery"
label: Enable endpoint /.well-known/simple-web-discovery
- variable: global.auth-server.ingress.u2fConfigEnabled
default: true
type: boolean
group: "Ingress"
required: true
description: "Enable endpoint /.well-known/fido-configuration"
label: Enable endpoint /.well-known/fido-configuration
# config-api
- variable: global.config-api.ingress.configApiEnabled
default: true
type: boolean
group: "Ingress"
required: true
description: "Enable config API endpoints /jans-config-api"
label: Enable config API endpoints /jans-config-api
#fido2
- variable: global.fido2.ingress.fido2ConfigEnabled
default: false
type: boolean
group: "Ingress"
show_if: "global.distribution=default&&global.fido2.enabled=true"
required: true
description: "Enable endpoint /.well-known/fido2-configuration. Enable this!"
label: Enable endpoint /.well-known/fido2-configuration
#Casa
- variable: global.casa.ingress.casaEnabled
default: false
type: boolean
group: "Ingress"
show_if: "global.distribution=default&&global.casa.enabled=true"
required: true
description: "Enable endpoint /casa. Enable this!"
label: Enable endpoint /casa Enable this!
#auth-server OB
- variable: global.auth-server.ingress.authServerProtectedToken
default: true
type: boolean
group: "Ingress"
show_if: "global.distribution=openbanking"
required: true
description: "Enable mTLS on Auth server endpoint /jans-auth/restv1/token"
label: Enable mTLS on Auth server endpoint /jans-auth/restv1/token
- variable: global.auth-server.ingress.authServerProtectedRegister
default: true
type: boolean
group: "Ingress"
show_if: "global.distribution=openbanking"
required: true
description: "Enable mTLS on Auth server endpoint /jans-auth/restv1/register"
label: Enable mTLS onn Auth server endpoint /jans-auth/restv1/register
# scim
- variable: global.scim.ingress.scimConfigEnabled
default: false
type: boolean
group: "Ingress"
show_if: "global.distribution=default&&global.scim.enabled=true"
required: true
description: "Enable endpoint /.well-known/scim-configuration. Enable this!"
label: Enable endpoint /.well-known/scim-configuration. Enable this!
- variable: global.scim.ingress.scimEnabled
default: false
type: boolean
group: "Ingress"
show_if: "global.distribution=default&&global.scim.enabled=true"
required: true
description: "Enable SCIM endpoints /jans-scim. Enable this!"
label: Enable SCIM endpoints /jans-scim. Enable this!
# ============
# Images group
# ============
# AuthServer
- variable: auth-server.image.repository
required: true
type: string
default: "janssenproject/auth-server"
description: "The Auth Server Image repository"
label: Auth Server image repo
group: "Images"
show_if: "global.auth-server.enabled=true"
- variable: auth-server.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Auth Server Image pull policy"
label: Auth Server imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.auth-server.enabled=true"
- variable: auth-server.image.tag
required: true
type: string
default: "1.0.5-1"
description: "The Auth Server Image tag"
label: Auth Server image tag
group: "Images"
show_if: "global.auth-server.enabled=true"
# AdminUI
- variable: admin-ui.image.repository
required: true
type: string
default: "gluufederation/admin-ui"
description: "The AdminUI Image repository"
label: The AdminUI Image repository
group: "Images"
show_if: "global.admin-ui.enabled=true"
- variable: admin-ui.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The AdminUI Image pull policy"
label: AdminUI imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.admin-ui.enabled=true"
- variable: admin-ui.image.tag
required: true
type: string
default: "1.0.5-1"
description: "The AdminUI Image tag"
label: AdminUI image tag
group: "Images"
show_if: "global.admin-ui.enabled=true"
# AuthServer KeyRotation
- variable: auth-server-key-rotation.image.repository
required: true
type: string
default: "janssenproject/certmanager"
description: "The Auth Server KeyRotation Image repository"
label: Auth Server KeyRotation image repo
group: "Images"
show_if: "global.auth-server-key-rotation.enabled=true"
- variable: auth-server-key-rotation.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Auth Server KeyRotation Image pull policy"
label: Auth Server KeyRotation imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.auth-server-key-rotation.enabled=true"
- variable: auth-server-key-rotation.image.tag
required: true
type: string
default: "1.0.5-1"
description: "The Auth Server Image tag"
label: Auth Server KeyRotation image tag
group: "Images"
show_if: "global.auth-server-key-rotation.enabled=true"
# Casa
- variable: casa.image.repository
required: true
type: string
default: "gluufederation/casa"
description: "The Casa Image repository"
label: Casa image repo
group: "Images"
show_if: "global.casa.enabled=true"
- variable: casa.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Casa Image pull policy"
label: Casa imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.casa.enabled=true"
- variable: casa.image.tag
required: true
type: string
default: "5.0.0-4"
description: "The Casa Image tag"
label: Casa image tag
group: "Images"
show_if: "global.casa.enabled=true"
# Configurator
- variable: config.image.repository
required: true
type: string
default: "janssenproject/configurator"
description: "The Configurator Image repository"
label: Configurator image repo
group: "Images"
show_if: "global.config.enabled=true"
- variable: config.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Configurator Image pull policy"
label: Configurator imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.config.enabled=true"
- variable: config.image.tag
required: true
type: string
default: "1.0.5-1"
description: "The Configurator Image tag"
label: Configurator image tag
group: "Images"
show_if: "global.config.enabled=true"
# ConfigAPI
- variable: config-api.image.repository
required: true
type: string
default: "janssenproject/config-api"
description: "The ConfigAPI Image repository"
label: ConfigAPI image repo
group: "Images"
show_if: "global.config-api.enabled=true"
- variable: config-api.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The ConfigAPI Image pull policy"
label: ConfigAPI imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.config-api.enabled=true"
- variable: config-api.image.tag
required: true
type: string
default: "1.0.5-1"
description: "The ConfigAPI Image tag"
label: ConfigAPI image tag
group: "Images"
show_if: "global.config-api.enabled=true"
# Fido2
- variable: fido2.image.repository
required: true
type: string
default: "janssenproject/fido2"
description: "The Fido2 Image repository"
label: Fido2 image repo
group: "Images"
show_if: "global.fido2.enabled=true"
- variable: fido2.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Fido2 Image pull policy"
label: Fido2 imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.fido2.enabled=true"
- variable: fido2.image.tag
required: true
type: string
default: "1.0.5-1"
description: "The Fido2 Image tag"
label: Fido2 image tag
group: "Images"
show_if: "global.fido2.enabled=true"
# OpenDJ
- variable: opendj.image.repository
required: true
type: string
default: "gluufederation/opendj"
description: "The OpenDJ Image repository"
label: OpenDJ image repo
group: "Images"
show_if: "global.opendj.enabled=true"
- variable: opendj.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The OpenDJ Image pull policy"
label: OpenDJ imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.opendj.enabled=true"
- variable: opendj.image.tag
required: true
type: string
default: "5.0.0_dev"
description: "The OpenDJ Image tag"
label: OpenDJ image tag
group: "Images"
show_if: "global.opendj.enabled=true"
# Persistence
- variable: persistence.image.repository
required: true
type: string
default: "janssenproject/persistence-loader"
description: "The Persistence Image repository"
label: Persistence image repo
group: "Images"
show_if: "global.persistence.enabled=true"
- variable: persistence.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Persistence Image pull policy"
label: Persistence imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.persistence.enabled=true"
- variable: persistence.image.tag
required: true
type: string
default: "1.0.5-1"
description: "The Persistence Image tag"
label: Persistence image tag
group: "Images"
show_if: "global.persistence.enabled=true"
# SCIM
- variable: scim.image.repository
required: true
type: string
default: "janssenproject/scim"
description: "The SCIM Image repository"
label: SCIM image repo
group: "Images"
show_if: "global.scim.enabled=true"
- variable: scim.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The SCIM Image pull policy"
label: SCIM imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.scim.enabled=true"
- variable: scim.image.tag
required: true
type: string
default: "1.0.5-1"
description: "The SCIM Image tag"
label: SCIM image tag
group: "Images"
show_if: "global.scim.enabled=true"
# ==============
# Replicas group
# ==============
# AuthServer
- variable: auth-server.replicas
default: 1
required: false
type: int
group: "Replicas"
label: Auth-server Replicas
description: "Service replica number."
show_if: "global.auth-server.enabled=true"
# Casa
- variable: casa.replicas
default: 1
required: false
type: int
group: "Replicas"
label: Casa Replicas
description: "Service replica number."
show_if: "global.auth-server.enabled=true"
# ConfigAPI
- variable: config-api.replicas
default: 1
required: false
type: int
group: "Replicas"
label: ConfigAPI Replicas
description: "Service replica number."
show_if: "global.config-api.enabled=true"
# AdminUi
- variable: admin-ui.replicas
default: 1
required: false
type: int
group: "Replicas"
label: Admin UI Replicas
description: "Service replica number."
show_if: "global.admin-ui.enabled=true"
# Fido2
- variable: fido2.replicas
default: 1
required: false
type: int
group: "Replicas"
label: Fido2 Replicas
description: "Service replica number."
show_if: "global.fido2.enabled=true"
# OpenDJ
- variable: opendj.replicas
default: 1
required: false
type: int
group: "Replicas"
label: OpenDJ Replicas
description: "Service replica number."
show_if: "global.opendj.enabled=true"
# SCIM
- variable: scim.replicas
default: 1
required: false
type: int
group: "Replicas"
label: SCIM Replicas
description: "Service replica number."
show_if: "global.scim.enabled=true"
Reference in New Issue View Git Blame Copy Permalink