andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/packages/gluu/generated-changes/overlay/questions.yaml

1288 lines
42 KiB
YAML
Raw Blame History

questions:
# ==================
# Distribution group
# ==================
- variable: global.distribution
default: "openbanking"
required: true
type: enum
label: Gluu Distribution
description: "Gluu Distribution. Openbanking only contains Config-API and the Auth Server customized for Openbanking industry."
group: "Global Settings"
options:
- "default"
- "openbanking"
# ========================
# OpenBanking Distribution
# ========================
- variable: global.cnObExtSigningJwksUri
required: true
default: "https://keystore.openbankingtest.org.uk/keystore/openbanking.jwks"
description: "Open banking external signing jwks uri. Used in SSA Validation."
type: hostname
group: "OpenBanking Distribution"
label: Openbanking external signing JWKS URI
show_if: "global.distribution=openbanking"
subquestions:
- variable: global.cnObExtSigningJwksCrt
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set."
type: multiline
label: Open banking external signing jwks AS certificate authority string
- variable: global.cnObExtSigningJwksKey
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set."
type: multiline
label: Open banking external signing jwks AS key string
- variable: global.cnObExtSigningJwksKeyPassPhrase
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set."
type: password
label: Open banking external signing jwks AS key passphrase
min_length: 6
- variable: global.cnObExtSigningAlias
default: "XkwIzWy44xWSlcWnMiEc8iq9s2G"
required: true
group: "OpenBanking Distribution"
description: "Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G"
type: string
label: Open banking external signing AS Alias
- variable: global.cnObStaticSigningKeyKid
default: "Wy44xWSlcWnMiEc8iq9s2G"
required: true
group: "OpenBanking Distribution"
description: "Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G"
type: string
label: Open banking signing AS kid
show_if: "global.distribution=openbanking"
- variable: global.cnObTransportAlias
default: ""
required: false
group: "OpenBanking Distribution"
description: "Open banking transport Alias used inside the JVM."
type: string
label: Open banking transport Alias used inside the JVM.
show_if: "global.distribution=openbanking"
subquestions:
- variable: global.cnObTransportCrt
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64."
type: multiline
label: Open banking AS transport crt
- variable: global.cnObTransportKey
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking AS transport key. Used in SSA Validation. This must be encoded using base64."
type: multiline
label: Open banking AS transport key
- variable: global.cnObTransportKeyPassPhrase
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64."
type: password
label: Open banking AS transport key passphrase
min_length: 6
- variable: global.cnObTransportTrustStore
default: ""
required: true
group: "OpenBanking Distribution"
description: "Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64."
type: multiline
label: Open banking external signing jwks AS certificate authority string
# =======================
# Optional Services group
# =======================
- variable: global.admin-ui.enabled
default: false
type: boolean
group: "Optional Services"
required: false
label: Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. This requires a license agreement with Gluu.
show_if: "global.distribution=default"
show_subquestion_if: true
subquestions:
- variable: global.admin-ui.adminUiApiKey
default: ""
required: true
description: "Admin UI license API key. Obtain this from Gluu."
type: multiline
label: Admin UI license API key. Obtain this from Gluu
- variable: global.admin-ui.adminUiProductCode
default: ""
required: true
description: "Admin UI license product code. Obtain this from Gluu."
type: multiline
label: Admin UI license product code. Obtain this from Gluu.
- variable: global.admin-ui.adminUiSharedKey
default: ""
required: true
description: "Admin UI license shared key. Obtain this from Gluu."
type: multiline
label: Admin UI license shared key. Obtain this from Gluu.
- variable: global.admin-ui.adminUiManagementKey
default: ""
required: true
description: "Admin UI license management key. Obtain this from Gluu."
type: multiline
label: Admin UI license management key. Obtain this from Gluu.
- variable: global.auth-server-key-rotation.enabled
default: false
type: boolean
group: "Optional Services"
required: true
label: Enable Auth key rotation cronjob
show_if: "global.distribution=default"
show_subquestion_if: true
subquestions:
- variable: auth-server-key-rotation.keysLife
default: 48
description: "Auth server key rotation keys life in hours."
type: int
label: Key life
- variable: global.fido2.enabled
default: false
type: boolean
group: "Optional Services"
required: true
show_if: "global.distribution=default"
label: Enable Fido2
description: "FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments."
- variable: global.config-api.enabled
default: false
type: boolean
group: "Optional Services"
required: true
label: Enable ConfigAPI
description: "Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS)."
- variable: global.casa.enabled
default: false
type: boolean
group: "Optional Services"
required: true
label: Enable Casa
description: "Gluu Casa ('Casa') is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server."
- variable: global.scim.enabled
default: false
type: boolean
group: "Optional Services"
required: true
show_if: "global.distribution=default"
label: Enable SCIM
description: "System for Cross-domain Identity Management (SCIM) version 2.0"
- variable: global.client-api.enabled
default: false
type: boolean
group: "Optional Services"
required: true
label: Enable ClientAPI
show_if: "global.distribution=default"
description: "Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting."
show_subquestion_if: true
subquestions:
- variable: config.configmap.cnClientApiApplicationCertCn
default: "client-api"
description: "Client API application keystore name"
type: string
label: Client API application keystore name
- variable: config.configmap.cnClientApiAdminCertCn
default: "client-api"
description: "Client API admin keystore name"
type: string
label: Client API admin keystore name
- variable: global.jackrabbit.enabled
default: false
type: boolean
group: "Optional Services"
required: true
label: Enable Jackrabbit
show_if: "global.distribution=default"
show_subquestion_if: true
description: "Needed for SAML. Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications. https://jackrabbit.apache.org/jcr/index.html ."
subquestions:
- variable: jackrabbit.storage.size
default: "4Gi"
description: "Size of Jackrabbit content repository volume storage."
type: string
label: Volume storage
- variable: config.configmap.cnJackrabbitUrl
default: "http://jackrabbit:8080"
description: "Please enter jackrabbit url."
type: hostname
label: Jackrabbit URL
- variable: config.configmap.cnJackrabbitAdminId
default: "admin"
description: "Jackrabbit admin user"
type: string
label: Jackrabbit Admin User
valid_chars: "^[a-z]+$"
- variable: jackrabbit.secrets.cnJackrabbitAdminPassword
default: "Test1234#"
description: "Jackrabbit admin password"
type: password
label: Jackrabbit Admin User Password
min_length: 6
- variable: installer-settings.jackrabbit.clusterMode
default: false
type: boolean
group: "Optional Services"
required: true
label: Enable Jackrabbit in Cluster Mode (HA)
show_if: "global.jackrabbit.enabled=true"
show_subquestion_if: true
description: "Requires postgres."
subquestions:
- variable: config.configmap.cnJackrabbitPostgresUser
default: "admin"
description: "Jackrabbit postgres user"
type: string
label: Jackrabbit postgres user
valid_chars: "^[a-z]+$"
- variable: jackrabbit.secrets.cnJackrabbitPostgresPassword
default: "admin"
description: "Jackrabbit postgres password"
type: password
label: Jackrabbit postgres password
- variable: config.configmap.cnJackrabbitPostgresDatabaseName
default: "jackrabbit"
description: "Jackrabbit postgres database name"
type: string
label: Jackrabbit postgres database name
# ======================
# Test environment group
# ======================
- variable: global.cloud.testEnviroment
default: false
type: boolean
group: "Test Environment"
required: true
label: Test environment
description: "Boolean flag if enabled will strip resources requests and limits from all services."
# =================
# Persistence group
# =================
- variable: global.cnPersistenceType
default: "sql"
required: true
type: enum
group: "Persistence"
label: Gluu Persistence backend
description: "Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner"
options:
- "ldap"
- "couchbase"
- "hybrid"
- "spanner"
- "sql"
# LDAP
- variable: global.opendj.enabled
default: false
type: boolean
group: "Persistence"
required: true
label: Enable installation of OpenDJ
description: "Boolean flag to enable/disable the OpenDJ chart."
show_if: "global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnLdapUrl
default: "opendj:1636"
type: hostname
group: "Persistence"
required: true
label: OpenDJ remote URL
description: "OpenDJ remote URL. This must be resolvable by the pods"
show_if: "global.opendj.enabled=false&&global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnPersistenceLdapMapping
default: "default"
required: false
type: enum
group: "Persistence"
label: Gluu Persistence LDAP mapping
description: "Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`."
options:
- "default"
- "user"
- "site"
- "cache"
- "token"
- "session"
show_if: "global.cnPersistenceType=hybrid"
# Multi cluster ldap replication
- variable: opendj.multiCluster.enabled
default: false
type: boolean
group: "Persistence"
required: true
label: Enable OpenDJ multiCluster mode
description: "Enable OpenDJ multiCluster mode. This flag enables loading keys under `opendj.multiCluster`"
show_if: "global.opendj.enabled=true"
show_subquestion_if: true
subquestions:
- variable: opendj.multiCluster.serfAdvertiseAddrSuffix
default: "regional.gluu.org:30946s"
type: hostname
group: "Persistence"
required: true
description: "OpenDJ Serf advertise address suffix that will be added to each opendj replica. i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }}"
label: OpenDJ Serf advertise address suffix
- variable: opendj.multiCluster.replicaCount
default: 1
type: int
group: "Persistence"
required: true
description: "The number of opendj non scalable statefulsets to create. Each pod created must be resolvable as it follows the patterm RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} If set to 1, with a release name of gluu, the address of the pod would be gluu-opendj-regional-0-regional.gluu.org"
label: The number of opendj non scalable statefulsets to create.
- variable: opendj.multiCluster.clusterId
default: "west"
type: string
group: "Persistence"
required: true
description: "This id needs to be unique to each kubernetes cluster in a multi cluster setup; west, east, south, north, region ...etc If left empty it will be randomly generated."
label: Unique kubernetes cluster id
- variable: opendj.multiCluster.serfPeers
default: "['gluu-opendj-regional-0-regional.gluu.org:30946', 'gluu-opendj-regional-0-regional.gluu.org:31946']"
type: string
group: "Persistence"
required: true
description: "Serf peer addresses. One per replica."
label: Serf peer addresses
# SQL
- variable: config.configmap.cnSqlDbDialect
default: "default"
required: false
type: enum
group: "Persistence"
label: Gluu SQL Database dialect
description: "SQL database dialect. `mysql` or `pgsql`. The former is still not supported yet!"
options:
- "mysql"
- "pgsql"
show_if: "global.cnPersistenceType=sql"
- variable: config.configmap.cnSqlDbHost
default: "my-release-mysql.default.svc.cluster.local"
required: false
type: hostname
group: "Persistence"
label: SQL database host uri
description: "SQL database host uri"
show_if: "global.cnPersistenceType=sql"
- variable: config.configmap.cnSqlDbPort
default: 3306
required: false
type: int
group: "Persistence"
label: SQL database port
description: "SQL database port"
show_if: "global.cnPersistenceType=sql"
- variable: config.configmap.cnSqlDbUser
default: "gluu"
group: "Persistence"
description: "SQL database username"
type: string
label: SQL database username
valid_chars: "^[a-z]+$"
show_if: "global.cnPersistenceType=sql"
- variable: config.configmap.cnSqldbUserPassword
default: "Test1234#"
group: "Persistence"
description: "SQL password"
type: password
label: SQL password
show_if: "global.cnPersistenceType=sql"
- variable: config.configmap.cnSqlDbName
default: "gluu"
group: "Persistence"
description: "SQL database name"
type: string
label: SQL database name
show_if: "global.cnPersistenceType=sql"
# Spanner
- variable: config.configmap.cnGoogleSpannerInstanceId
default: ""
group: "Persistence"
description: "The google spanner instance ID"
type: string
label: Google Spanner Instance ID
show_if: "global.cnPersistenceType=spanner"
- variable: config.configmap.cnGoogleSpannerDatabaseId
default: ""
group: "Persistence"
description: "The google spanner database ID"
type: string
label: Google Spanner Database ID
show_if: "global.cnPersistenceType=spanner"
- variable: config.configmap.cnGoogleSecretManagerServiceAccount
default: ""
group: "Persistence"
description: "The service account with access roles/secretmanager.admin to use Google secret manager and/or roles/spanner.databaseUser to use Spanner."
type: multiline
label: Google Spanner Service Account json
show_if: "global.cnPersistenceType=spanner"
- variable: config.configmap.cnGoogleProjectId
default: ""
group: "Persistence"
description: "The Google Project ID"
type: string
label: Google Project ID
show_if: "global.cnPersistenceType=spanner"
#Couchbase
- variable: config.configmap.cnCouchbaseCrt
default: ""
group: "Persistence"
description: "Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required."
type: multiline
label: Couchbase certificate authority string
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbaseUrl
default: "gluu.cbns.svc.cluster.local"
required: false
type: hostname
group: "Persistence"
label: Couchbase host uri
description: "Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster"
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbaseBucketPrefix
default: "gluu"
type: string
description: "The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu."
group: "Persistence"
required: true
label: The prefix of Couchbase buckets
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbaseIndexNumReplica
default: 0
type: int
description: "The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1."
group: "Persistence"
required: true
label: The number of replicas per index created
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbaseSuperUser
default: "admin"
group: "Persistence"
description: "he Couchbase super user (admin) user name. This user is used during initialization only."
type: string
label: The Couchbase super user (admin) user name.
valid_chars: "^[a-z]+$"
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbaseSuperUserPassword
default: "Test1234#"
group: "Persistence"
description: "Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization and upgrade process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol"
type: password
label: Couchbase password for the super users
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbaseUser
default: "gluu"
group: "Persistence"
description: "Couchbase restricted user, used in Gluu operations with Couchbase. Used only when global.cnPersistenceType is hybrid or couchbase."
type: string
label: Couchbase restricted username
valid_chars: "^[a-z]+$"
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
- variable: config.configmap.cnCouchbasePassword
default: "Test1234#"
group: "Persistence"
description: "Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ."
type: password
label: Couchbase password for the restricted user
show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
# ==============================
# StorageClass and volume group
# ==============================
- variable: global.storageClass.provisioner
default: "microk8s.io/hostpath"
type: string
group: "Volumes"
required: true
label: StorageClass provisioner
show_if: "global.cnPersistenceType=ldap||global.jackrabbit.enabled=true"
subquestions:
- variable: global.storageClass.allowVolumeExpansion
default: true
type: boolean
group: "Volumes"
required: true
label: StorageClass Volume expansion
- variable: global.storageClass.reclaimPolicy
default: "Retain"
type: enum
group: "Volumes"
required: true
label: StorageClass reclaimPolicy
options:
- "Delete"
- "Retain"
- variable: global.storageClass.volumeBindingMode
default: "WaitForFirstConsumer"
type: enum
group: "Volumes"
required: true
options:
- "WaitForFirstConsumer"
- "Immediate"
label: StorageClass volumeBindingMode
# ===========
# Cache group
# ===========
- variable: config.configmap.cnCacheType
default: "NATIVE_PERSISTENCE"
required: true
type: enum
group: "Cache"
label: Gluu Cache
description: "Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` ."
options:
- "NATIVE_PERSISTENCE"
- "IN_MEMORY"
- "REDIS"
show_subquestion_if: "REDIS"
subquestions:
- variable: config.configmap.cnRedisType
default: "STANDALONE"
type: enum
group: "Cache"
required: false
label: Redix service type
description: "Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`."
options:
- "STANDALONE"
- "CLUSTER"
- variable: config.redisPassword
default: "Test1234#"
type: password
group: "Cache"
required: false
label: Redis admin password
description: "Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`."
- variable: config.configmap.cnRedisUrl
default: "redis.redis.svc.cluster.local:6379"
required: false
type: hostname
group: "Cache"
label: Redis URL
description: "Redis URL and port number <url>:<port>. Can be used when `config.configmap.cnCacheType` is set to `REDIS`."
# ==================
# Configuration group
# ==================
- variable: global.fqdn
default: "demoexample.gluu.org"
required: true
type: hostname
group: "Configuration"
label: Gluu Installation FQDN
description: "Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services."
- variable: global.countryCode
default: "US"
required: true
type: string
group: "Configuration"
label: Country code
description: "Country code. Used for certificate creation."
- variable: config.state
default: "TX"
required: true
type: string
group: "Configuration"
label: State code
description: "State code. Used for certificate creation."
- variable: config.city
default: "Austin"
required: true
type: string
group: "Configuration"
label: City
description: "City. Used for certificate creation."
- variable: config.email
default: "support@gluu.org"
required: true
type: string
group: "Configuration"
label: Email
description: "Email address of the administrator usually. Used for certificate creation."
- variable: config.orgName
default: "Gluu"
required: true
type: string
group: "Configuration"
label: Organization
description: "Organization name. Used for certificate creation."
- variable: config.adminPassword
default: "Test1234#"
type: password
group: "Configuration"
required: true
label: Admin UI password
description: "Admin password to log in to the UI."
- variable: config.ldapPassword
default: "Test1234#"
type: password
group: "Configuration"
required: true
label: LDAP password
description: "LDAP admin password if OpenDJ is used for persistence"
show_if: "global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid"
- variable: global.isFqdnRegistered
default: true
required: true
type: boolean
group: "Configuration"
label: Is the FQDN globally resolvable
description: "Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically."
- variable: config.migration.enabled
default: false
required: true
type: boolean
group: "Configuration"
label: Migration from Gluu CE
description: "Boolean flag to enable migration from CE"
show_subquestion_if: true
subquestions:
- variable: config.migration.migrationDataFormat
default: "ldif"
type: enum
group: "Configuration"
required: false
label: Migration data-format
description: "Migration data-format depending on persistence backend."
options:
- "ldif"
- "couchbase+json"
- "spanner+avro"
- "postgresql+json"
- "mysql+json"
- variable: config.migration.migrationDir
default: "/ce-migration"
required: false
type: string
group: "Configuration"
label: Migration Directory
description: "Directory holding all migration files"
# ===========================
# Ingress group(Istio, NGINX)
# ===========================
# ===========
# Istio group
# ===========
- variable: global.istio.enabled
default: false
type: boolean
group: "Istio"
required: true
description: "Boolean flag that enables using istio side cars with Gluu services."
label: Use Istio side cars
show_subquestion_if: true
subquestions:
- variable: global.istio.ingress
default: false
type: boolean
group: "Istio"
required: true
description: "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available."
label: Use Istio Ingress
- variable: global.istio.namespace
default: "istio-system"
type: string
group: "Istio"
required: true
description: "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available."
label: Istio namespace
- variable: config.configmap.lbAddr
default: ""
group: "Istio"
description: "Istio loadbalancer address (eks) or ip (gke, aks, digital ocean, local)"
type: hostname
label: LB address or ip
# ===========
# NGINX group
# ===========
- variable: config.configmap.lbAddr
default: ""
group: "NGINX"
show_if: "global.istio.ingress=false&&global.isFqdnRegistered=false"
description: "loadbalancer address (eks) or ip (gke, aks, digital ocean, local)"
type: hostname
label: LB address or ip
- variable: nginx-ingress.ingress.adminUiEnabled
default: false
type: boolean
group: "NGINX"
required: false
show_if: "global.istio.ingress=false"
description: "Enable Admin UI endpoints."
label: Enable Admin UI endpoints
subquestions:
- variable: nginx-ingress.ingress.openidConfigEnabled
default: true
type: boolean
group: "NGINX"
required: true
description: "Enable endpoint /.well-known/openid-configuration"
label: Enable endpoint /.well-known/openid-configuration
- variable: nginx-ingress.ingress.deviceCodeEnabled
default: true
type: boolean
group: "NGINX"
required: true
description: "Enable endpoint /device-code"
label: Enable endpoint /device-code
- variable: nginx-ingress.ingress.firebaseMessagingEnabled
default: true
type: boolean
group: "NGINX"
required: true
description: "Enable endpoint /firebase-messaging-sw.js"
label: Enable endpoint /firebase-messaging-sw.js
- variable: nginx-ingress.ingress.uma2ConfigEnabled
default: true
type: boolean
group: "NGINX"
required: true
description: "Enable endpoint /.well-known/uma2-configuration"
label: Enable endpoint /.well-known/uma2-configuration
- variable: nginx-ingress.ingress.webfingerEnabled
default: true
type: boolean
group: "NGINX"
required: true
description: "Enable endpoint /.well-known/webfinger"
label: Enable endpoint /.well-known/webfinger
- variable: nginx-ingress.ingress.webdiscoveryEnabled
default: true
type: boolean
group: "NGINX"
required: true
description: "Enable endpoint /.well-known/simple-web-discovery"
label: Enable endpoint /.well-known/simple-web-discovery
- variable: nginx-ingress.ingress.configApiEnabled
default: true
type: boolean
group: "NGINX"
required: true
description: "Enable config API endpoints /jans-config-api"
label: Enable config API endpoints /jans-config-api
- variable: nginx-ingress.ingress.u2fConfigEnabled
default: true
type: boolean
group: "NGINX"
required: true
description: "Enable endpoint /.well-known/fido-configuration"
label: Enable endpoint /.well-known/fido-configuration
- variable: nginx-ingress.ingress.authServerEnabled
default: true
type: boolean
group: "NGINX"
required: true
description: "Enable Auth server endpoints /jans-auth"
label: Enable Auth server endpoints /jans-auth
- variable: nginx-ingress.ingress.fido2ConfigEnabled
default: false
type: boolean
group: "NGINX"
show_if: "global.distribution=default&&global.istio.ingress=false&&global.fido2.enabled=true"
required: true
description: "Enable endpoint /.well-known/fido2-configuration. Enable this!"
label: Enable endpoint /.well-known/fido2-configuration
- variable: nginx-ingress.ingress.casaEnabled
default: false
type: boolean
group: "NGINX"
show_if: "global.distribution=default&&global.istio.ingress=false&&global.casa.enabled=true"
required: true
description: "Enable endpoint /casa. Enable this!"
label: Enable endpoint /casa Enable this!
- variable: nginx-ingress.ingress.authServerProtectedToken
default: true
type: boolean
group: "NGINX"
show_if: "global.distribution=openbanking&&global.istio.ingress=false"
required: true
description: "Enable mTLS on Auth server endpoint /jans-auth/restv1/token"
label: Enable mTLS on Auth server endpoint /jans-auth/restv1/token
- variable: nginx-ingress.ingress.authServerProtectedRegister
default: true
type: boolean
group: "NGINX"
show_if: "global.distribution=openbanking&&global.istio.ingress=false"
required: true
description: "Enable mTLS on Auth server endpoint /jans-auth/restv1/register"
label: Enable mTLS onn Auth server endpoint /jans-auth/restv1/register
- variable: nginx-ingress.ingress.scimConfigEnabled
default: false
type: boolean
group: "NGINX"
show_if: "global.distribution=default&&global.istio.ingress=false&&global.scim.enabled=true"
required: true
description: "Enable endpoint /.well-known/scim-configuration. Enable this!"
label: Enable endpoint /.well-known/scim-configuration. Enable this!
- variable: nginx-ingress.ingress.scimEnabled
default: false
type: boolean
group: "NGINX"
show_if: "global.distribution=default&&global.istio.ingress=false&&global.scim.enabled=true"
required: true
description: "Enable SCIM endpoints /jans-scim. Enable this!"
label: Enable SCIM endpoints /jans-scim. Enable this!
# ============
# Images group
# ============
# AuthServer
- variable: auth-server.image.repository
required: true
type: string
default: "janssenproject/auth-server"
description: "The Auth Server Image repository"
label: Auth Server image repo
group: "Images"
show_if: "global.auth-server.enabled=true"
- variable: auth-server.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Auth Server Image pull policy"
label: Auth Server imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.auth-server.enabled=true"
- variable: auth-server.image.tag
required: true
type: string
default: "1.0.0-beta.16"
description: "The Auth Server Image tag"
label: Auth Server image tag
group: "Images"
show_if: "global.auth-server.enabled=true"
# AdminUI
- variable: admin-ui.image.repository
required: true
type: string
default: "gluufederation/admin-ui"
description: "The AdminUI Image repository"
label: The AdminUI Image repository
group: "Images"
show_if: "global.admin-ui.enabled=true"
- variable: admin-ui.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The AdminUI Image pull policy"
label: AdminUI imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.admin-ui.enabled=true"
- variable: admin-ui.image.tag
required: true
type: string
default: "1.0.0-0"
description: "The AdminUI Image tag"
label: AdminUI image tag
group: "Images"
show_if: "global.admin-ui.enabled=true"
# AuthServer KeyRotation
- variable: auth-server-key-rotation.image.repository
required: true
type: string
default: "janssenproject/certmanager"
description: "The Auth Server KeyRotation Image repository"
label: Auth Server KeyRotation image repo
group: "Images"
show_if: "global.auth-server-key-rotation.enabled=true"
- variable: auth-server-key-rotation.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Auth Server KeyRotation Image pull policy"
label: Auth Server KeyRotation imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.auth-server-key-rotation.enabled=true"
- variable: auth-server-key-rotation.image.tag
required: true
type: string
default: "1.0.0-beta.16"
description: "The Auth Server Image tag"
label: Auth Server KeyRotation image tag
group: "Images"
show_if: "global.auth-server-key-rotation.enabled=true"
# Casa
- variable: casa.image.repository
required: true
type: string
default: "gluufederation/casa"
description: "The Casa Image repository"
label: Casa image repo
group: "Images"
show_if: "global.casa.enabled=true"
- variable: casa.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Casa Image pull policy"
label: Casa imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.casa.enabled=true"
- variable: casa.image.tag
required: true
type: string
default: "5.0.0-0"
description: "The Casa Image tag"
label: Casa image tag
group: "Images"
show_if: "global.casa.enabled=true"
# ClientAPI
- variable: client-api.image.repository
required: true
type: string
default: "janssenproject/client-api"
description: "The ClientAPI Image repository"
label: ClientAPI image repo
group: "Images"
show_if: "global.client-api.enabled=true"
- variable: client-api.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The ClientAPI Image pull policy"
label: ClientAPI imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.client-api.enabled=true"
- variable: client-api.image.tag
required: true
type: string
default: "1.0.0-beta.16"
description: "The ClientAPI Image tag"
label: ClientAPI image tag
group: "Images"
show_if: "global.client-api.enabled=true"
# Configurator
- variable: config.image.repository
required: true
type: string
default: "janssenproject/configurator"
description: "The Configurator Image repository"
label: Configurator image repo
group: "Images"
show_if: "global.config.enabled=true"
- variable: config.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Configurator Image pull policy"
label: Configurator imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.config.enabled=true"
- variable: config.image.tag
required: true
type: string
default: "1.0.0-beta.16"
description: "The Configurator Image tag"
label: Configurator image tag
group: "Images"
show_if: "global.config.enabled=true"
# ConfigAPI
- variable: config-api.image.repository
required: true
type: string
default: "janssenproject/config-api"
description: "The ConfigAPI Image repository"
label: ConfigAPI image repo
group: "Images"
show_if: "global.config-api.enabled=true"
- variable: config-api.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The ConfigAPI Image pull policy"
label: ConfigAPI imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.config-api.enabled=true"
- variable: config-api.image.tag
required: true
type: string
default: "1.0.0-beta.16"
description: "The ConfigAPI Image tag"
label: ConfigAPI image tag
group: "Images"
show_if: "global.config-api.enabled=true"
# Fido2
- variable: fido2.image.repository
required: true
type: string
default: "janssenproject/fido2"
description: "The Fido2 Image repository"
label: Fido2 image repo
group: "Images"
show_if: "global.fido2.enabled=true"
- variable: fido2.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Fido2 Image pull policy"
label: Fido2 imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.fido2.enabled=true"
- variable: fido2.image.tag
required: true
type: string
default: "1.0.0-beta.16"
description: "The Fido2 Image tag"
label: Fido2 image tag
group: "Images"
show_if: "global.fido2.enabled=true"
# Jackrabbit
- variable: jackrabbit.image.repository
required: true
type: string
default: "janssenproject/jackrabbit"
description: "The Jackrabbit Image repository"
label: Jackrabbit image repo
group: "Images"
show_if: "global.jackrabbit.enabled=true"
- variable: jackrabbit.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Jackrabbit Image pull policy"
label: Jackrabbit imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.jackrabbit.enabled=true"
- variable: jackrabbit.image.tag
required: true
type: string
default: "1.0.0-beta.16"
description: "The Jackrabbit Image tag"
label: Jackrabbit image tag
group: "Images"
show_if: "global.jackrabbit.enabled=true"
# OpenDJ
- variable: opendj.image.repository
required: true
type: string
default: "gluufederation/opendj"
description: "The OpenDJ Image repository"
label: OpenDJ image repo
group: "Images"
show_if: "global.opendj.enabled=true"
- variable: opendj.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The OpenDJ Image pull policy"
label: OpenDJ imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.opendj.enabled=true"
- variable: opendj.image.tag
required: true
type: string
default: "5.0.0_dev"
description: "The OpenDJ Image tag"
label: OpenDJ image tag
group: "Images"
show_if: "global.opendj.enabled=true"
# Persistence
- variable: persistence.image.repository
required: true
type: string
default: "janssenproject/persistence-loader"
description: "The Persistence Image repository"
label: Persistence image repo
group: "Images"
show_if: "global.persistence.enabled=true"
- variable: persistence.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The Persistence Image pull policy"
label: Persistence imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.persistence.enabled=true"
- variable: persistence.image.tag
required: true
type: string
default: "1.0.0-beta.16"
description: "The Persistence Image tag"
label: Persistence image tag
group: "Images"
show_if: "global.persistence.enabled=true"
# SCIM
- variable: scim.image.repository
required: true
type: string
default: "janssenproject/scim"
description: "The SCIM Image repository"
label: SCIM image repo
group: "Images"
show_if: "global.scim.enabled=true"
- variable: scim.image.pullPolicy
required: true
type: enum
group: "Images"
default: IfNotPresent
description: "The SCIM Image pull policy"
label: SCIM imagePullPolicy
options:
- "Always"
- "IfNotPresent"
- "Never"
show_if: "global.scim.enabled=true"
- variable: scim.image.tag
required: true
type: string
default: "1.0.0-beta.16"
description: "The SCIM Image tag"
label: SCIM image tag
group: "Images"
show_if: "global.scim.enabled=true"
# ==============
# Replicas group
# ==============
# AuthServer
- variable: auth-server.replicas
default: 1
required: false
type: int
group: "Replicas"
label: Auth-server Replicas
description: "Service replica number."
show_if: "global.auth-server.enabled=true"
# Casa
- variable: casa.replicas
default: 1
required: false
type: int
group: "Replicas"
label: Casa Replicas
description: "Service replica number."
show_if: "global.auth-server.enabled=true"
# ClientAPI
- variable: client-api.replicas
default: 1
required: false
type: int
group: "Replicas"
label: ClientAPI Replicas
description: "Service replica number."
show_if: "global.client-api.enabled=true"
# ConfigAPI
- variable: config-api.replicas
default: 1
required: false
type: int
group: "Replicas"
label: ConfigAPI Replicas
description: "Service replica number."
show_if: "global.config-api.enabled=true"
# AdminUi
- variable: admin-ui.replicas
default: 1
required: false
type: int
group: "Replicas"
label: Admin UI Replicas
description: "Service replica number."
show_if: "global.admin-ui.enabled=true"
# Fido2
- variable: fido2.replicas
default: 1
required: false
type: int
group: "Replicas"
label: Fido2 Replicas
description: "Service replica number."
show_if: "global.fido2.enabled=true"
# Jackrabbit
- variable: jackrabbit.replicas
default: 1
required: false
type: int
group: "Replicas"
label: Jackrabbit Replicas
description: "Service replica number."
show_if: "global.jackrabbit.enabled=true"
# OpenDJ
- variable: opendj.replicas
default: 1
required: false
type: int
group: "Replicas"
label: OpenDJ Replicas
description: "Service replica number."
show_if: "global.opendj.enabled=true&&opendj.multiCluster.enabled=false"
# SCIM
- variable: scim.replicas
default: 1
required: false
type: int
group: "Replicas"
label: SCIM Replicas
description: "Service replica number."
show_if: "global.scim.enabled=true"
Reference in New Issue View Git Blame Copy Permalink