diff --git a/stable/authelia/11.0.19/CHANGELOG.md b/stable/authelia/11.0.19/CHANGELOG.md
new file mode 100644
index 00000000000..d33081a8783
--- /dev/null
+++ b/stable/authelia/11.0.19/CHANGELOG.md
@@ -0,0 +1,99 @@
+# Changelog
+
+
+## [authelia-11.0.19](https://github.com/truecharts/apps/compare/authelia-11.0.18...authelia-11.0.19) (2022-07-14)
+
+### Fix
+
+- disable HTTP probes temporarily ([#3173](https://github.com/truecharts/apps/issues/3173))
+
+
+
+## [authelia-11.0.18](https://github.com/truecharts/apps/compare/authelia-11.0.16...authelia-11.0.18) (2022-07-12)
+
+### Chore
+
+- update icons ([#3156](https://github.com/truecharts/apps/issues/3156))
+- bump to cleanup old docs and use correct icon urls
+
+
+
+## [authelia-11.0.16](https://github.com/truecharts/apps/compare/authelia-11.0.15...authelia-11.0.16) (2022-07-12)
+
+### Chore
+
+- bump to regenerate documentation
+
+
+
+
+### [authelia-11.0.15](https://github.com/truecharts/apps/compare/authelia-11.0.14...authelia-11.0.15) (2022-07-12)
+
+#### Chore
+
+* update helm general non-major helm releases ([#3147](https://github.com/truecharts/apps/issues/3147))
+
+
+
+
+### [authelia-11.0.14](https://github.com/truecharts/apps/compare/authelia-11.0.13...authelia-11.0.14) (2022-07-11)
+
+#### Chore
+
+* move icons into the apps folder ([#3139](https://github.com/truecharts/apps/issues/3139))
+
+
+
+
+### [authelia-11.0.13](https://github.com/truecharts/apps/compare/authelia-11.0.12...authelia-11.0.13) (2022-07-09)
+
+#### Chore
+
+* update helm general non-major helm releases ([#3113](https://github.com/truecharts/apps/issues/3113))
+
+
+
+
+### [authelia-11.0.12](https://github.com/truecharts/apps/compare/authelia-11.0.11...authelia-11.0.12) (2022-07-06)
+
+#### Chore
+
+* update docker general non-major ([#3078](https://github.com/truecharts/apps/issues/3078))
+
+
+
+
+### [authelia-11.0.11](https://github.com/truecharts/apps/compare/authelia-11.0.10...authelia-11.0.11) (2022-07-05)
+
+#### Chore
+
+* update helm general non-major helm releases ([#3075](https://github.com/truecharts/apps/issues/3075))
+
+
+
+
+### [authelia-11.0.10](https://github.com/truecharts/apps/compare/authelia-11.0.9...authelia-11.0.10) (2022-07-04)
+
+#### Chore
+
+* update helm general non-major helm releases ([#3066](https://github.com/truecharts/apps/issues/3066))
+
+
+
+
+### [authelia-11.0.9](https://github.com/truecharts/apps/compare/authelia-11.0.8...authelia-11.0.9) (2022-06-29)
+
+#### Chore
+
+* update docker general non-major ([#3002](https://github.com/truecharts/apps/issues/3002))
+
+
+
+
+### [authelia-11.0.8](https://github.com/truecharts/apps/compare/authelia-11.0.7...authelia-11.0.8) (2022-06-25)
+
+#### Chore
+
+* update helm general non-major helm releases ([#2977](https://github.com/truecharts/apps/issues/2977))
+
+
diff --git a/stable/authelia/11.0.19/Chart.lock b/stable/authelia/11.0.19/Chart.lock
new file mode 100644
index 00000000000..0639bfdf029
--- /dev/null
+++ b/stable/authelia/11.0.19/Chart.lock
@@ -0,0 +1,12 @@
+dependencies:
+- name: common
+ repository: https://library-charts.truecharts.org
+ version: 10.4.4
+- name: postgresql
+ repository: https://charts.truecharts.org/
+ version: 8.0.30
+- name: redis
+ repository: https://charts.truecharts.org
+ version: 3.0.30
+digest: sha256:219b167cbd3e6d31f846ea247c9c12c15ece396a62777870f479b331a392bd5d
+generated: "2022-07-14T09:34:52.335371907Z"
diff --git a/stable/authelia/11.0.19/Chart.yaml b/stable/authelia/11.0.19/Chart.yaml
new file mode 100644
index 00000000000..d28733f48b6
--- /dev/null
+++ b/stable/authelia/11.0.19/Chart.yaml
@@ -0,0 +1,46 @@
+apiVersion: v2
+appVersion: "4.36.2"
+dependencies:
+- name: common
+ repository: https://library-charts.truecharts.org
+ version: 10.4.4
+- condition: postgresql.enabled
+ name: postgresql
+ repository: https://charts.truecharts.org/
+ version: 8.0.30
+- condition: redis.enabled
+ name: redis
+ repository: https://charts.truecharts.org
+ version: 3.0.30
+deprecated: false
+description: Authelia is a Single Sign-On Multi-Factor portal for web apps
+home: https://github.com/truecharts/apps/tree/master/charts/stable/authelia
+icon: https://truecharts.org/img/chart-icons/authelia.png
+keywords:
+- authelia
+- authentication
+- login
+- SSO
+- Authentication
+- Security
+- Two-Factor
+- U2F
+- YubiKey
+- Push Notifications
+- LDAP
+kubeVersion: '>=1.16.0-0'
+maintainers:
+- email: info@truecharts.org
+ name: TrueCharts
+ url: https://truecharts.org
+name: authelia
+sources:
+- https://github.com/authelia/chartrepo
+- https://github.com/authelia/authelia
+type: application
+version: 11.0.19
+annotations:
+ truecharts.org/catagories: |
+ - security
+ truecharts.org/SCALE-support: "true"
+ truecharts.org/grade: U
diff --git a/stable/authelia/11.0.19/README.md b/stable/authelia/11.0.19/README.md
new file mode 100644
index 00000000000..d8a13ac9a24
--- /dev/null
+++ b/stable/authelia/11.0.19/README.md
@@ -0,0 +1,45 @@
+# authelia
+
+Authelia is a Single Sign-On Multi-Factor portal for web apps
+
+TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
+
+## Source Code
+
+*
+*
+
+## Requirements
+
+Kubernetes: `>=1.16.0-0`
+
+## Dependencies
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.truecharts.org/ | postgresql | 8.0.30 |
+| https://charts.truecharts.org | redis | 3.0.30 |
+| https://library-charts.truecharts.org | common | 10.4.4 |
+
+## Installing the Chart
+
+To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/02-Installing-an-App/).
+
+## Upgrading, Rolling Back and Uninstalling the Chart
+
+To upgrade, rollback or delete this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/04-Upgrade-rollback-delete-an-App/).
+
+##### Connecting to other apps
+If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our [Linking Apps Internally](https://truecharts.org/manual/Quick-Start%20Guides/06-linking-apps/) quick-start guide.
+
+## Support
+
+- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Adding-TrueCharts/) first.
+- See the [Wiki](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
+
+---
+
+All Rights Reserved - The TrueCharts Project
diff --git a/stable/authelia/11.0.19/app-readme.md b/stable/authelia/11.0.19/app-readme.md
new file mode 100644
index 00000000000..f0d4ea68c63
--- /dev/null
+++ b/stable/authelia/11.0.19/app-readme.md
@@ -0,0 +1,3 @@
+Authelia is a Single Sign-On Multi-Factor portal for web apps
+
+This App is supplied by TrueCharts, for more information please visit https://truecharts.org
diff --git a/stable/authelia/11.0.19/charts/common-10.4.4.tgz b/stable/authelia/11.0.19/charts/common-10.4.4.tgz
new file mode 100644
index 00000000000..8604b47288a
Binary files /dev/null and b/stable/authelia/11.0.19/charts/common-10.4.4.tgz differ
diff --git a/stable/authelia/11.0.19/charts/postgresql-8.0.30.tgz b/stable/authelia/11.0.19/charts/postgresql-8.0.30.tgz
new file mode 100644
index 00000000000..e5e82a8f3d6
Binary files /dev/null and b/stable/authelia/11.0.19/charts/postgresql-8.0.30.tgz differ
diff --git a/stable/authelia/11.0.19/charts/redis-3.0.30.tgz b/stable/authelia/11.0.19/charts/redis-3.0.30.tgz
new file mode 100644
index 00000000000..ab5d8913ad0
Binary files /dev/null and b/stable/authelia/11.0.19/charts/redis-3.0.30.tgz differ
diff --git a/stable/authelia/11.0.19/icon.png b/stable/authelia/11.0.19/icon.png
new file mode 100644
index 00000000000..ef2d3b9f326
Binary files /dev/null and b/stable/authelia/11.0.19/icon.png differ
diff --git a/stable/authelia/11.0.19/ix_values.yaml b/stable/authelia/11.0.19/ix_values.yaml
new file mode 100644
index 00000000000..20e8306d3aa
--- /dev/null
+++ b/stable/authelia/11.0.19/ix_values.yaml
@@ -0,0 +1,623 @@
+image:
+ repository: tccr.io/truecharts/authelia
+ pullPolicy: IfNotPresent
+ tag: v4.36.2@sha256:840f67bae1d2c090922c6a1781da6f6b7ce601e4303a4461bcc43a967dd95c62
+
+command: ["authelia"]
+args: ["--config=/configuration.yaml"]
+
+enableServiceLinks: false
+
+service:
+ main:
+ ports:
+ main:
+ port: 9091
+ targetPort: 9091
+
+persistence:
+ config:
+ enabled: true
+ mountPath: "/config"
+# Enabled postgres
+postgresql:
+ enabled: true
+ existingSecret: "dbcreds"
+ postgresqlUsername: authelia
+ postgresqlDatabase: authelia
+
+# Enabled redis
+# ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis
+redis:
+ enabled: true
+ existingSecret: "rediscreds"
+
+resources:
+ limits: {}
+ # limits:
+ # cpu: "4.00"
+ # memory: 125Mi
+ requests: {}
+ # requests:
+ # cpu: "0.25"
+ # memory: 50Mi
+
+envFrom:
+ - configMapRef:
+ name: authelia-paths
+
+# probes:
+# liveness:
+# type: HTTP
+# path: /api/health"
+
+# readiness:
+# type: HTTP
+# path: "/api/health"
+
+# startup:
+# type: HTTP
+# path: "/api/health"
+
+domain: example.com
+
+##
+## Server Configuration
+##
+server:
+ ##
+ ## Port sets the configured port for the daemon, service, and the probes.
+ ## Default is 9091 and should not need to be changed.
+ ##
+ port: 9091
+
+ ## Buffers usually should be configured to be the same value.
+ ## Explanation at https://www.authelia.com/docs/configuration/server.html
+ ## Read buffer size adjusts the server's max incoming request size in bytes.
+ ## Write buffer size does the same for outgoing responses.
+ read_buffer_size: 4096
+ write_buffer_size: 4096
+ ## Set the single level path Authelia listens on.
+ ## Must be alphanumeric chars and should not contain any slashes.
+ path: ""
+
+log:
+ ## Level of verbosity for logs: info, debug, trace.
+ level: trace
+
+ ## Format the logs are written as: json, text.
+ format: text
+
+ ## TODO: Statefulness check should check if this is set, and the configMap should enable it.
+ ## File path where the logs will be written. If not set logs are written to stdout.
+ # file_path: /config/authelia.log
+
+## Default redirection URL
+##
+## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
+## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use
+## in such a case.
+##
+## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication.
+## Default is https://www. (value at the top of the values.yaml).
+default_redirection_url: ""
+# default_redirection_url: https://example.com
+
+theme: light
+
+##
+## TOTP Configuration
+##
+## Parameters used for TOTP generation
+totp:
+ ## The issuer name displayed in the Authenticator application of your choice
+ ## See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
+ ## Defaults to .
+ issuer: ""
+ ## The period in seconds a one-time password is current for. Changing this will require all users to register
+ ## their TOTP applications again. Warning: before changing period read the docs link below.
+ period: 30
+ ## The skew controls number of one-time passwords either side of the current one that are valid.
+ ## Warning: before changing skew read the docs link below.
+ ## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation.
+ skew: 1
+
+##
+## Duo Push API Configuration
+##
+## Parameters used to contact the Duo API. Those are generated when you protect an application of type
+## "Partner Auth API" in the management panel.
+duo_api:
+ enabled: false
+ hostname: api-123456789.example.com
+ integration_key: ABCDEF
+ plain_api_key: ""
+
+##
+## Authentication Backend Provider Configuration
+##
+## Used for verifying user passwords and retrieve information such as email address and groups users belong to.
+##
+## The available providers are: `file`, `ldap`. You must use one and only one of these providers.
+authentication_backend:
+ ## Disable both the HTML element and the API for reset password functionality
+ disable_reset_password: false
+
+ ## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation.
+ ## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will
+ ## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP.
+ ## To force update on every request you can set this to '0' or 'always', this will increase processor demand.
+ ## See the below documentation for more information.
+ ## Duration Notation docs: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
+ ## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval
+ refresh_interval: 5m
+
+ ## LDAP backend configuration.
+ ##
+ ## This backend allows Authelia to be scaled to more
+ ## than one instance and therefore is recommended for
+ ## production.
+ ldap:
+
+ ## Enable LDAP Backend.
+ enabled: false
+
+ ## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
+ ## Acceptable options are as follows:
+ ## - 'activedirectory' - For Microsoft Active Directory.
+ ## - 'custom' - For custom specifications of attributes and filters.
+ ## This currently defaults to 'custom' to maintain existing behaviour.
+ ##
+ ## Depending on the option here certain other values in this section have a default value, notably all of the
+ ## attribute mappings have a default value that this config overrides, you can read more about these default values
+ ## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults
+ implementation: activedirectory
+
+ ## The url to the ldap server. Format: ://[:].
+ ## Scheme can be ldap or ldaps in the format (port optional).
+ url: ldap://openldap.default.svc.cluster.local
+
+ ## Connection Timeout.
+ timeout: 5s
+
+ ## Use StartTLS with the LDAP connection.
+ start_tls: false
+
+ tls:
+ ## Server Name for certificate validation (in case it's not set correctly in the URL).
+ server_name: ""
+
+ ## Skip verifying the server certificate (to allow a self-signed certificate).
+ ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
+ ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
+ skip_verify: false
+
+ ## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
+ minimum_version: TLS1.2
+
+ ## The base dn for every LDAP query.
+ base_dn: DC=example,DC=com
+
+ ## The attribute holding the username of the user. This attribute is used to populate the username in the session
+ ## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
+ ## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this
+ ## attribute holds the unique identifiers for the users binding the user and the configuration stored in database.
+ ## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user
+ ## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also
+ ## be used but we don't recommend using them, we instead advise to use the attributes mentioned above
+ ## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt.
+ username_attribute: ""
+
+ ## An additional dn to define the scope to all users.
+ additional_users_dn: OU=Users
+
+ ## The users filter used in search queries to find the user profile based on input filled in login form.
+ ## Various placeholders are available in the user filter:
+ ## - {input} is a placeholder replaced by what the user inputs in the login form.
+ ## - {username_attribute} is a mandatory placeholder replaced by what is configured in `username_attribute`.
+ ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
+ ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
+ ## versions, so please don't use it.
+ ##
+ ## Recommended settings are as follows:
+ ## - Microsoft Active Directory: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))
+ ## - OpenLDAP:
+ ## - (&({username_attribute}={input})(objectClass=person))
+ ## - (&({username_attribute}={input})(objectClass=inetOrgPerson))
+ ##
+ ## To allow sign in both with username and email, one can use a filter like
+ ## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
+ users_filter: ""
+
+ ## An additional dn to define the scope of groups.
+ additional_groups_dn: OU=Groups
+
+ ## The groups filter used in search queries to find the groups of the user.
+ ## - {input} is a placeholder replaced by what the user inputs in the login form.
+ ## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`).
+ ## - {dn} is a matcher replaced by the user distinguished name, aka, user DN.
+ ## - {username_attribute} is a placeholder replaced by what is configured in `username_attribute`.
+ ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
+ ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
+ ## versions, so please don't use it.
+ ## - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in
+ ## later version, so please don't use it.
+ ##
+ ## If your groups use the `groupOfUniqueNames` structure use this instead:
+ ## (&(uniquemember={dn})(objectclass=groupOfUniqueNames))
+ groups_filter: ""
+
+ ## The attribute holding the name of the group
+ group_name_attribute: ""
+
+ ## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the
+ ## first one returned by the LDAP server is used.
+ mail_attribute: ""
+
+ ## The attribute holding the display name of the user. This will be used to greet an authenticated user.
+ display_name_attribute: ""
+
+ ## The username of the admin user.
+ user: CN=Authelia,DC=example,DC=com
+ plain_password: ""
+
+ ##
+ ## File (Authentication Provider)
+ ##
+ ## With this backend, the users database is stored in a file which is updated when users reset their passwords.
+ ## Therefore, this backend is meant to be used in a dev environment and not in production since it prevents Authelia
+ ## to be scaled to more than one instance. The options under 'password' have sane defaults, and as it has security
+ ## implications it is highly recommended you leave the default values. Before considering changing these settings
+ ## please read the docs page below:
+ ## https://www.authelia.com/docs/configuration/authentication/file.html#password-hash-algorithm-tuning
+ ##
+ ## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
+ ##
+ file:
+ enabled: true
+ path: /config/users_database.yml
+ password:
+ algorithm: argon2id
+ iterations: 1
+ key_length: 32
+ salt_length: 16
+ memory: 1024
+ parallelism: 8
+
+##
+## Access Control Configuration
+##
+## Access control is a list of rules defining the authorizations applied for one resource to users or group of users.
+##
+## If 'access_control' is not defined, ACL rules are disabled and the 'bypass' rule is applied, i.e., access is allowed
+## to anyone. Otherwise restrictions follow the rules defined.
+##
+## Note: One can use the wildcard * to match any subdomain.
+## It must stand at the beginning of the pattern. (example: *.mydomain.com)
+##
+## Note: You must put patterns containing wildcards between simple quotes for the YAML to be syntactically correct.
+##
+## Definition: A 'rule' is an object with the following keys: 'domain', 'subject', 'policy' and 'resources'.
+##
+## - 'domain' defines which domain or set of domains the rule applies to.
+##
+## - 'subject' defines the subject to apply authorizations to. This parameter is optional and matching any user if not
+## provided. If provided, the parameter represents either a user or a group. It should be of the form
+## 'user:' or 'group:'.
+##
+## - 'policy' is the policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'.
+##
+## - 'resources' is a list of regular expressions that matches a set of resources to apply the policy to. This parameter
+## is optional and matches any resource if not provided.
+##
+## Note: the order of the rules is important. The first policy matching (domain, resource, subject) applies.
+access_control:
+ ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
+ ## resource if there is no policy to be applied to the user.
+ default_policy: deny
+
+ networks: []
+ # networks:
+ # - name: private
+ # networks:
+ # - 10.0.0.0/8
+ # - 172.16.0.0/12
+ # - 192.168.0.0/16
+ # - name: vpn
+ # networks:
+ # - 10.9.0.0/16
+
+ rules: []
+ # rules:
+ # - domain: public.example.com
+ # policy: bypass
+ # - domain: "*.example.com"
+ # policy: bypass
+ # methods:
+ # - OPTIONS
+ # - domain: secure.example.com
+ # policy: one_factor
+ # networks:
+ # - private
+ # - vpn
+ # - 192.168.1.0/24
+ # - 10.0.0.1
+ # - domain:
+ # - secure.example.com
+ # - private.example.com
+ # policy: two_factor
+ # - domain: singlefactor.example.com
+ # policy: one_factor
+ # - domain: "mx2.mail.example.com"
+ # subject: "group:admins"
+ # policy: deny
+ # - domain: "*.example.com"
+ # subject:
+ # - "group:admins"
+ # - "group:moderators"
+ # policy: two_factor
+ # - domain: dev.example.com
+ # resources:
+ # - "^/groups/dev/.*$"
+ # subject: "group:dev"
+ # policy: two_factor
+ # - domain: dev.example.com
+ # resources:
+ # - "^/users/john/.*$"
+ # subject:
+ # - ["group:dev", "user:john"]
+ # - "group:admins"
+ # policy: two_factor
+ # - domain: "{user}.example.com"
+ # policy: bypass
+
+##
+## Session Provider Configuration
+##
+## The session cookies identify the user once logged in.
+## The available providers are: `memory`, `redis`. Memory is the provider unless redis is defined.
+session:
+ ## The name of the session cookie. (default: authelia_session).
+ name: authelia_session
+
+ ## Sets the Cookie SameSite value. Possible options are none, lax, or strict.
+ ## Please read https://www.authelia.com/docs/configuration/session.html#same_site
+ same_site: lax
+
+ ## The time in seconds before the cookie expires and session is reset.
+ expiration: 1h
+
+ ## The inactivity time in seconds before the session is reset.
+ inactivity: 5m
+
+ ## The remember me duration.
+ ## Value is in seconds, or duration notation. Value of 0 disables remember me.
+ ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
+ ## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to
+ ## spy or attack. Currently the default is 1M or 1 month.
+ remember_me_duration: 1M
+
+##
+## Redis Provider
+##
+## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
+##
+## The redis connection details
+redisProvider:
+ port: 6379
+
+ ## Optional username to be used with authentication.
+ # username: authelia
+ username: ""
+
+ ## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
+ database_index: 0
+
+ ## The maximum number of concurrent active connections to Redis.
+ maximum_active_connections: 8
+
+ ## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
+ minimum_idle_connections: 0
+
+ ## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
+ tls:
+ enabled: false
+
+ ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
+ server_name: ""
+
+ ## Skip verifying the server certificate (to allow a self-signed certificate).
+ ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
+ ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
+ skip_verify: false
+
+ ## Minimum TLS version for the connection.
+ minimum_version: TLS1.2
+
+ ## The Redis HA configuration options.
+ ## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
+ high_availability:
+ enabled: false
+ enabledSecret: false
+ ## Sentinel Name / Master Name
+ sentinel_name: mysentinel
+
+ ## The additional nodes to pre-seed the redis provider with (for sentinel).
+ ## If the host in the above section is defined, it will be combined with this list to connect to sentinel.
+ ## For high availability to be used you must have either defined; the host above or at least one node below.
+ nodes: []
+ # nodes:
+ # - host: sentinel-0.databases.svc.cluster.local
+ # port: 26379
+ # - host: sentinel-1.databases.svc.cluster.local
+ # port: 26379
+
+ ## Choose the host with the lowest latency.
+ route_by_latency: false
+
+ ## Choose the host randomly.
+ route_randomly: false
+
+##
+## Regulation Configuration
+##
+## This mechanism prevents attackers from brute forcing the first factor. It bans the user if too many attempts are done
+## in a short period of time.
+regulation:
+ ## The number of failed login attempts before user is banned. Set it to 0 to disable regulation.
+ max_retries: 3
+
+ ## The time range during which the user can attempt login before being banned. The user is banned if the
+ ## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation.
+ ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
+ find_time: 2m
+
+ ## The length of time before a banned user can login again. Ban Time accepts duration notation.
+ ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
+ ban_time: 5m
+
+##
+## Storage Provider Configuration
+##
+## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers.
+storage:
+ ##
+ ## PostgreSQL (Storage Provider)
+ ##
+ postgres:
+ port: 5432
+ database: authelia
+ username: authelia
+ sslmode: disable
+ timeout: 5s
+
+##
+## Notification Provider
+##
+##
+## Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration.
+## The available providers are: filesystem, smtp. You must use one and only one of these providers.
+notifier:
+ ## You can disable the notifier startup check by setting this to true.
+ disable_startup_check: false
+
+ ##
+ ## File System (Notification Provider)
+ ##
+ ## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
+ ##
+ filesystem:
+ enabled: true
+ filename: /config/notification.txt
+
+ ##
+ ## SMTP (Notification Provider)
+ ##
+ ## Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate.
+ ## [Security] By default Authelia will:
+ ## - force all SMTP connections over TLS including unauthenticated connections
+ ## - use the disable_require_tls boolean value to disable this requirement
+ ## (only works for unauthenticated connections)
+ ## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates
+ ## (configure in tls section)
+ smtp:
+ enabled: false
+ enabledSecret: false
+ host: smtp.mail.svc.cluster.local
+ port: 25
+ timeout: 5s
+ username: test
+ plain_password: test
+ sender: admin@example.com
+ ## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost.
+ identifier: localhost
+ ## Subject configuration of the emails sent.
+ ## {title} is replaced by the text from the notifier
+ subject: "[Authelia] {title}"
+ ## This address is used during the startup check to verify the email configuration is correct.
+ ## It's not important what it is except if your email server only allows local delivery.
+ startup_check_address: test@authelia.com
+ disable_require_tls: false
+ disable_html_emails: false
+
+ tls:
+ ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
+ server_name: ""
+
+ ## Skip verifying the server certificate (to allow a self-signed certificate).
+ ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
+ ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
+ skip_verify: false
+
+ ## Minimum TLS version for either StartTLS or SMTPS.
+ minimum_version: TLS1.2
+
+identity_providers:
+ oidc:
+ ## Enables this in the config map. Currently in beta stage.
+ ## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap
+ enabled: false
+
+ access_token_lifespan: 1h
+ authorize_code_lifespan: 1m
+ id_token_lifespan: 1h
+ refresh_token_lifespan: 90m
+
+ enable_client_debug_messages: false
+
+ ## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for
+ ## security reasons.
+ minimum_parameter_entropy: 8
+
+ clients: []
+ # clients:
+ # -
+ ## The ID is the OpenID Connect ClientID which is used to link an application to a configuration.
+ # id: myapp
+
+ ## The description to show to users when they end up on the consent screen. Defaults to the ID above.
+ # description: My Application
+
+ ## The client secret is a shared secret between Authelia and the consumer of this client.
+ # secret: apple123
+
+ ## Sets the client to public. This should typically not be set, please see the documentation for usage.
+ # public: false
+
+ ## The policy to require for this client; one_factor or two_factor.
+ # authorization_policy: two_factor
+
+ ## Audience this client is allowed to request.
+ # audience: []
+
+ ## Scopes this client is allowed to request.
+ # scopes:
+ # - openid
+ # - profile
+ # - email
+ # - groups
+
+ ## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
+ # redirect_uris:
+ # - https://oidc.example.com/oauth2/callback
+
+ ## Grant Types configures which grants this client can obtain.
+ ## It's not recommended to configure this unless you know what you're doing.
+ # grant_types:
+ # - refresh_token
+ # - authorization_code
+
+ ## Response Types configures which responses this client can be sent.
+ ## It's not recommended to configure this unless you know what you're doing.
+ # response_types:
+ # - code
+
+ ## Response Modes configures which response modes this client supports.
+ ## It's not recommended to configure this unless you know what you're doing.
+ # response_modes:
+ # - form_post
+ # - query
+ # - fragment
+
+ ## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
+ # userinfo_signing_algorithm: none
diff --git a/stable/authelia/11.0.19/questions.yaml b/stable/authelia/11.0.19/questions.yaml
new file mode 100644
index 00000000000..9553d99e5a8
--- /dev/null
+++ b/stable/authelia/11.0.19/questions.yaml
@@ -0,0 +1,3340 @@
+groups:
+ - name: "Container Image"
+ description: "Image to be used for container"
+ - name: "Controller"
+ description: "Configure workload deployment"
+ - name: "Container Configuration"
+ description: "additional container configuration"
+ - name: "App Configuration"
+ description: "App specific config options"
+ - name: "Networking and Services"
+ description: "Configure Network and Services for container"
+ - name: "Storage and Persistence"
+ description: "Persist and share data that is separate from the container"
+ - name: "Ingress"
+ description: "Ingress Configuration"
+ - name: "Security and Permissions"
+ description: "Configure security context and permissions"
+ - name: "Resources and Devices"
+ description: "Specify resources/devices to be allocated to workload"
+ - name: "Middlewares"
+ description: "Traefik Middlewares"
+ - name: "Metrics"
+ description: "Metrics"
+ - name: "Addons"
+ description: "Addon Configuration"
+ - name: "Advanced"
+ description: "Advanced Configuration"
+portals:
+ open:
+ protocols:
+ - "$kubernetes-resource_configmap_portal_protocol"
+ host:
+ - "$kubernetes-resource_configmap_portal_host"
+ ports:
+ - "$kubernetes-resource_configmap_portal_port"
+questions:
+ - variable: portal
+ group: "Container Image"
+ label: "Configure Portal Button"
+ schema:
+ type: dict
+ hidden: true
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ description: "enable the portal button"
+ schema:
+ hidden: true
+ editable: false
+ type: boolean
+ default: true
+ - variable: global
+ label: "global settings"
+ group: "Controller"
+ schema:
+ type: dict
+ hidden: true
+ attrs:
+ - variable: isSCALE
+ label: "flag this is SCALE"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: controller
+ group: "Controller"
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: advanced
+ label: "Show Advanced Controller Settings"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: type
+ description: "Please specify type of workload to deploy"
+ label: "(Advanced) Controller Type"
+ schema:
+ type: string
+ default: "deployment"
+ required: true
+ enum:
+ - value: "deployment"
+ description: "Deployment"
+ - value: "statefulset"
+ description: "Statefulset"
+ - value: "daemonset"
+ description: "Daemonset"
+ - variable: replicas
+ description: "Number of desired pod replicas"
+ label: "Desired Replicas"
+ schema:
+ type: int
+ default: 1
+ required: true
+ - variable: strategy
+ description: "Please specify type of workload to deploy"
+ label: "(Advanced) Update Strategy"
+ schema:
+ type: string
+ default: "Recreate"
+ required: true
+ enum:
+ - value: "Recreate"
+ description: "Recreate: Kill existing pods before creating new ones"
+ - value: "RollingUpdate"
+ description: "RollingUpdate: Create new pods and then kill old ones"
+ - value: "OnDelete"
+ description: "(Legacy) OnDelete: ignore .spec.template changes"
+ - variable: expert
+ label: "Show Expert Configuration Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: extraArgs
+ label: "Extra Args"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: arg
+ label: "arg"
+ schema:
+ type: string
+ - variable: labelsList
+ label: "Controller Labels"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: labelItem
+ label: "Label"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: annotationsList
+ label: " Controller Annotations"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: annotationItem
+ label: "Label"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+
+ - variable: TZ
+ label: "Timezone"
+ group: "Container Configuration"
+ schema:
+ type: string
+ default: "Etc/UTC"
+ $ref:
+ - "definitions/timezone"
+
+ - variable: envList
+ label: "Image environment"
+ group: "Container Configuration"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: envItem
+ label: "Environment Variable"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+
+ - variable: expertpodconf
+ group: "Container Configuration"
+ label: "Show Expert Config"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: tty
+ label: "Enable TTY"
+ description: "Determines whether containers in a pod runs with TTY enabled. By default pod has it disabled."
+ group: "Workload Details"
+ schema:
+ type: boolean
+ default: false
+ - variable: stdin
+ label: "Enable STDIN"
+ description: "Determines whether containers in a pod runs with stdin enabled. By default pod has it disabled."
+ group: "Workload Details"
+ schema:
+ type: boolean
+ default: false
+ - variable: termination
+ group: "Container Configuration"
+ label: "Termination settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: gracePeriodSeconds
+ label: "Grace Period Seconds"
+ schema:
+ type: int
+ default: 10
+ - variable: podLabelsList
+ group: "Container Configuration"
+ label: "Pod Labels"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: podLabelItem
+ label: "Label"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+
+ - variable: podAnnotationsList
+ group: "Container Configuration"
+ label: "Pod Annotations"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: podAnnotationItem
+ label: "Label"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+
+ - variable: domain
+ group: "App Configuration"
+ label: "Domain"
+ description: "The highest domain level possible, for example: domain.com when using app.domain.com"
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: default_redirection_url
+ group: "App Configuration"
+ label: "Default Redirection Url"
+ description: "If user tries to authenticate without any referer, this is used"
+ schema:
+ type: string
+ default: ""
+
+ - variable: theme
+ group: "App Configuration"
+ label: "Theme"
+ schema:
+ type: string
+ default: "light"
+ enum:
+ - value: "light"
+ description: "info"
+ - value: "grey"
+ description: "grey"
+ - value: "dark"
+ description: "dark"
+
+ - variable: log
+ group: "App Configuration"
+ label: "Log Configuration "
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: level
+ label: "Log Level"
+ schema:
+ type: string
+ default: "info"
+ enum:
+ - value: "info"
+ description: "info"
+ - value: "debug"
+ description: "debug"
+ - value: "trace"
+ description: "trace"
+ - variable: format
+ label: "Log Format"
+ schema:
+ type: string
+ default: "text"
+ enum:
+ - value: "json"
+ description: "json"
+ - value: "text"
+ description: "text"
+
+ - variable: totp
+ group: "App Configuration"
+ label: "TOTP Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: issuer
+ label: "Issuer"
+ description: "The issuer name displayed in the Authenticator application of your choice"
+ schema:
+ type: string
+ default: ""
+ - variable: period
+ label: "Period"
+ description: "The period in seconds a one-time password is current for"
+ schema:
+ type: int
+ default: 30
+ - variable: skew
+ label: "skew"
+ description: "Controls number of one-time passwords either side of the current one that are valid."
+ schema:
+ type: int
+ default: 1
+
+ - variable: duo_api
+ group: "App Configuration"
+ label: "DUO API Configuration"
+ description: "Parameters used to contact the Duo API."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hostname
+ label: "Hostname"
+ schema:
+ type: string
+ required: true
+ default: ""
+
+ - variable: integration_key
+ label: "integration_key"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: plain_api_key
+ label: "plain_api_key"
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: session
+ group: "App Configuration"
+ label: "Session Provider"
+ description: "The session cookies identify the user once logged in."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Cookie Name"
+ description: "The name of the session cookie."
+ schema:
+ type: string
+ required: true
+ default: "authelia_session"
+ - variable: same_site
+ label: "SameSite Value"
+ description: "Sets the Cookie SameSite value"
+ schema:
+ type: string
+ default: "lax"
+ enum:
+ - value: "lax"
+ description: "lax"
+ - value: "strict"
+ description: "strict"
+ - variable: expiration
+ label: "Expiration Time"
+ description: "The time in seconds before the cookie expires and session is reset."
+ schema:
+ type: string
+ default: "1h"
+ required: true
+ - variable: inactivity
+ label: "Inactivity Time"
+ description: "The inactivity time in seconds before the session is reset."
+ schema:
+ type: string
+ default: "5m"
+ required: true
+ - variable: inactivity
+ label: "Remember-Me duration"
+ description: "The remember me duration"
+ schema:
+ type: string
+ default: "5M"
+ required: true
+
+ - variable: regulation
+ group: "App Configuration"
+ label: "Regulation Configuration"
+ description: "his mechanism prevents attackers from brute forcing the first factor."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: max_retries
+ label: "Maximum Retries"
+ description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation."
+ schema:
+ type: int
+ default: 3
+ - variable: find_time
+ label: "Find Time"
+ description: "The time range during which the user can attempt login before being banned."
+ schema:
+ type: string
+ default: "2m"
+ required: true
+ - variable: ban_time
+ label: "Ban Duration"
+ description: "The length of time before a banned user can login again"
+ schema:
+ type: string
+ default: "5m"
+ required: true
+
+ - variable: authentication_backend
+ group: "App Configuration"
+ label: "Authentication Backend Provider"
+ description: "sed for verifying user passwords and retrieve information such as email address and groups users belong to."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: disable_reset_password
+ label: "Disable Reset Password"
+ description: "Disable both the HTML element and the API for reset password functionality"
+ schema:
+ type: boolean
+ default: false
+ - variable: refresh_interval
+ label: "Reset Interval"
+ description: "The amount of time to wait before we refresh data from the authentication backend"
+ schema:
+ type: string
+ default: "5m"
+ required: true
+ - variable: ldap
+ label: "LDAP backend configuration"
+ description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: implementation
+ label: "Implementation"
+ description: "The LDAP implementation, this affects elements like the attribute utilised for resetting a password"
+ schema:
+ type: string
+ default: "custom"
+ enum:
+ - value: "activedirectory"
+ description: "activedirectory"
+ - value: "custom"
+ description: "custom"
+ - variable: url
+ label: "URL"
+ description: "The url to the ldap server. Format: ://[:]"
+ schema:
+ type: string
+ default: "ldap://openldap.default.svc.cluster.local"
+ required: true
+ - variable: timeout
+ label: "Connection Timeout"
+ schema:
+ type: string
+ default: "5s"
+ required: true
+ - variable: start_tls
+ label: "Start TLS"
+ description: "Use StartTLS with the LDAP connection"
+ schema:
+ type: boolean
+ default: false
+ - variable: tls
+ label: "TLS Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: server_name
+ label: "Server Name"
+ description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
+ schema:
+ type: string
+ default: ""
+ - variable: skip_verify
+ label: "Skip Certificate Verification"
+ description: "Skip verifying the server certificate (to allow a self-signed certificate)"
+ schema:
+ type: boolean
+ default: false
+ - variable: minimum_version
+ label: "Minimum TLS version"
+ description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
+ schema:
+ type: string
+ default: "TLS1.2"
+ enum:
+ - value: "TLS1.0"
+ description: "TLS1.0"
+ - value: "TLS1.1"
+ description: "TLS1.1"
+ - value: "TLS1.2"
+ description: "TLS1.2"
+ - value: "TLS1.3"
+ description: "TLS1.3"
+ - variable: base_dn
+ label: "Base DN"
+ description: "The base dn for every LDAP query."
+ schema:
+ type: string
+ default: "DC=example,DC=com"
+ required: true
+ - variable: username_attribute
+ label: "Username Attribute"
+ description: "The attribute holding the username of the user"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: additional_users_dn
+ label: "Additional Users DN"
+ description: "An additional dn to define the scope to all users."
+ schema:
+ type: string
+ default: "OU=Users"
+ required: true
+ - variable: users_filter
+ label: "Users Filter"
+ description: "The groups filter used in search queries to find the groups of the user."
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: additional_groups_dn
+ label: "Additional Groups DN"
+ description: "An additional dn to define the scope of groups."
+ schema:
+ type: string
+ default: "OU=Groups"
+ required: true
+ - variable: groups_filter
+ label: "Groups Filter"
+ description: "The groups filter used in search queries to find the groups of the user."
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: group_name_attribute
+ label: "Group name Attribute"
+ description: "The attribute holding the name of the group"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: mail_attribute
+ label: "Mail Attribute"
+ description: "The attribute holding the primary mail address of the user"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: display_name_attribute
+ label: "Display Name Attribute"
+ description: "he attribute holding the display name of the user. This will be used to greet an authenticated user."
+ schema:
+ type: string
+ default: ""
+ - variable: user
+ label: "Admin User"
+ description: "The username of the admin user used to connect to LDAP."
+ schema:
+ type: string
+ default: "CN=Authelia,DC=example,DC=com"
+ required: true
+ - variable: plain_password
+ label: "Password"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: file
+ label: "File backend configuration"
+ description: "With this backend, the users database is stored in a file which is updated when users reset their passwords."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: path
+ label: "Path"
+ schema:
+ type: string
+ default: "/config/users_database.yml"
+ required: true
+ - variable: password
+ label: "Password Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: algorithm
+ label: "Algorithm"
+ schema:
+ type: string
+ default: "argon2id"
+ enum:
+ - value: "argon2id"
+ description: "argon2id"
+ - value: "sha512"
+ description: "sha512"
+ - variable: iterations
+ label: "Iterations"
+ schema:
+ type: int
+ default: 1
+ required: true
+ - variable: key_length
+ label: "Key Length"
+ schema:
+ type: int
+ default: 32
+ required: true
+ - variable: salt_length
+ label: "Salt Length"
+ schema:
+ type: int
+ default: 16
+ required: true
+ - variable: memory
+ label: "Memory"
+ schema:
+ type: int
+ default: 1024
+ required: true
+ - variable: parallelism
+ label: "Parallelism"
+ schema:
+ type: int
+ default: 8
+ required: true
+
+ - variable: notifier
+ group: "App Configuration"
+ label: "Notifier Configuration"
+ description: "otifications are sent to users when they require a password reset, a u2f registration or a TOTP registration."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: disable_startup_check
+ label: "Disable Startup Check"
+ schema:
+ type: boolean
+ default: false
+ - variable: filesystem
+ label: "Filesystem Provider"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: filename
+ label: "File Path"
+ schema:
+ type: string
+ default: "/config/notification.txt"
+ required: true
+ - variable: smtp
+ label: "SMTP Provider"
+ description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ schema:
+ type: boolean
+ default: true
+ show_subquestions_if: true
+ subquestions:
+ - variable: host
+ label: "Host"
+ schema:
+ type: string
+ default: "smtp.mail.svc.cluster.local"
+ required: true
+ - variable: port
+ label: "Port"
+ schema:
+ type: int
+ default: 25
+ required: true
+ - variable: timeout
+ label: "Timeout"
+ schema:
+ type: string
+ default: "5s"
+ required: true
+ - variable: username
+ label: "Username"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: plain_password
+ label: "Password"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: sender
+ label: "Sender"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: identifier
+ label: "Identifier"
+ description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost."
+ schema:
+ type: string
+ default: "localhost"
+ required: true
+ - variable: subject
+ label: "Subject"
+ description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier"
+ schema:
+ type: string
+ default: "[Authelia] {title}"
+ required: true
+ - variable: startup_check_address
+ label: "Startup Check Address"
+ description: "This address is used during the startup check to verify the email configuration is correct."
+ schema:
+ type: string
+ default: "test@authelia.com"
+ required: true
+ - variable: disable_require_tls
+ label: "Disable Require TLS"
+ schema:
+ type: boolean
+ default: false
+ - variable: disable_html_emails
+ label: "Disable HTML emails"
+ schema:
+ type: boolean
+ default: false
+ - variable: tls
+ label: "TLS Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: server_name
+ label: "Server Name"
+ description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
+ schema:
+ type: string
+ default: ""
+ - variable: skip_verify
+ label: "Skip Certificate Verification"
+ description: "Skip verifying the server certificate (to allow a self-signed certificate)"
+ schema:
+ type: boolean
+ default: false
+ - variable: minimum_version
+ label: "Minimum TLS version"
+ description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
+ schema:
+ type: string
+ default: "TLS1.2"
+ enum:
+ - value: "TLS1.0"
+ description: "TLS1.0"
+ - value: "TLS1.1"
+ description: "TLS1.1"
+ - value: "TLS1.2"
+ description: "TLS1.2"
+ - value: "TLS1.3"
+ description: "TLS1.3"
+ - variable: access_control
+ group: "App Configuration"
+ label: "Access Control Configuration"
+ description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: default_policy
+ label: "Default Policy"
+ description: "Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'."
+ schema:
+ type: string
+ default: "two_factor"
+ enum:
+ - value: "bypass"
+ description: "bypass"
+ - value: "one_factor"
+ description: "one_factor"
+ - value: "two_factor"
+ description: "two_factor"
+ - value: "deny"
+ description: "deny"
+
+ - variable: networks
+ label: "Networks"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: networkItem
+ label: "Network Item"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: networks
+ label: "Networks"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: network
+ label: "network"
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: rules
+ label: "Rules"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: rulesItem
+ label: "Rule"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: domain
+ label: "Domains"
+ description: "defines which domain or set of domains the rule applies to."
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: domainEntry
+ label: "Domain"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: policy
+ label: "Policy"
+ description: "The policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'."
+ schema:
+ type: string
+ default: "two_factor"
+ enum:
+ - value: "bypass"
+ description: "bypass"
+ - value: "one_factor"
+ description: "one_factor"
+ - value: "two_factor"
+ description: "two_factor"
+ - value: "deny"
+ description: "deny"
+ - variable: subject
+ label: "Subject"
+ description: "defines the subject to apply authorizations to. This parameter is optional and matching any user if not provided"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: subjectitem
+ label: "Subject"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: networks
+ label: "Networks"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: network
+ label: "Network"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: resources
+ label: "Resources"
+ description: "is a list of regular expressions that matches a set of resources to apply the policy to"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: resource
+ label: "Resource"
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: service
+ group: "Networking and Services"
+ label: "Configure Service(s)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Service"
+ description: "The Primary service on which the healthcheck runs, often the webUI"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable the service"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: "Service Type"
+ description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: "Simple"
+ enum:
+ - value: "Simple"
+ description: "Simple"
+ - value: "ClusterIP"
+ description: "ClusterIP"
+ - value: "NodePort"
+ description: "NodePort (Advanced)"
+ - value: "LoadBalancer"
+ description: "LoadBalancer (Advanced)"
+ - variable: loadBalancerIP
+ label: "LoadBalancer IP"
+ description: "LoadBalancerIP"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: "External IP"
+ schema:
+ type: string
+ - variable: ipFamilyPolicy
+ label: "IP Family Policy"
+ description: "(Advanced) Specify the ip policy"
+ schema:
+ show_if: [["type", "!=", "Simple"]]
+ type: string
+ default: "SingleStack"
+ enum:
+ - value: "SingleStack"
+ description: "SingleStack"
+ - value: "PreferDualStack"
+ description: "PreferDualStack"
+ - value: "RequireDualStack"
+ description: "RequireDualStack"
+ - variable: ipFamilies
+ label: "(advanced) IP families"
+ description: "(advanced) The ip families that should be used"
+ schema:
+ show_if: [["type", "!=", "Simple"]]
+ type: list
+ default: []
+ items:
+ - variable: ipFamily
+ label: "IP family"
+ schema:
+ type: string
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Service Port Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: "Port"
+ description: "This port exposes the container port on the service"
+ schema:
+ type: int
+ default: 9091
+ required: true
+ - variable: advanced
+ label: "Show Advanced settings"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: protocol
+ label: "Port Type"
+ schema:
+ type: string
+ default: "HTTP"
+ enum:
+ - value: HTTP
+ description: "HTTP"
+ - value: "HTTPS"
+ description: "HTTPS"
+ - value: TCP
+ description: "TCP"
+ - value: "UDP"
+ description: "UDP"
+ - variable: nodePort
+ label: "Node Port (Optional)"
+ description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
+ schema:
+ type: int
+ min: 9000
+ max: 65535
+ - variable: targetPort
+ label: "Target Port"
+ description: "The internal(!) port on the container the Application runs on"
+ schema:
+ type: int
+ default: 9091
+
+ - variable: serviceexpert
+ group: "Networking and Services"
+ label: "Show Expert Config"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hostNetwork
+ group: "Networking and Services"
+ label: "Host-Networking (Complicated)"
+ schema:
+ type: boolean
+ default: false
+
+ - variable: externalInterfaces
+ description: "Add External Interfaces"
+ label: "Add external Interfaces"
+ group: "Networking"
+ schema:
+ type: list
+ items:
+ - variable: interfaceConfiguration
+ description: "Interface Configuration"
+ label: "Interface Configuration"
+ schema:
+ type: dict
+ $ref:
+ - "normalize/interfaceConfiguration"
+ attrs:
+ - variable: hostInterface
+ description: "Please specify host interface"
+ label: "Host Interface"
+ schema:
+ type: string
+ required: true
+ $ref:
+ - "definitions/interface"
+ - variable: ipam
+ description: "Define how IP Address will be managed"
+ label: "IP Address Management"
+ schema:
+ type: dict
+ required: true
+ attrs:
+ - variable: type
+ description: "Specify type for IPAM"
+ label: "IPAM Type"
+ schema:
+ type: string
+ required: true
+ enum:
+ - value: "dhcp"
+ description: "Use DHCP"
+ - value: "static"
+ description: "Use static IP"
+ show_subquestions_if: "static"
+ subquestions:
+ - variable: staticIPConfigurations
+ label: "Static IP Addresses"
+ schema:
+ type: list
+ items:
+ - variable: staticIP
+ label: "Static IP"
+ schema:
+ type: ipaddr
+ cidr: true
+ - variable: staticRoutes
+ label: "Static Routes"
+ schema:
+ type: list
+ items:
+ - variable: staticRouteConfiguration
+ label: "Static Route Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: destination
+ label: "Destination"
+ schema:
+ type: ipaddr
+ cidr: true
+ required: true
+ - variable: gateway
+ label: "Gateway"
+ schema:
+ type: ipaddr
+ cidr: false
+ required: true
+
+ - variable: dnsPolicy
+ group: "Networking and Services"
+ label: "dnsPolicy"
+ schema:
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: "Default"
+ - value: "ClusterFirst"
+ description: "ClusterFirst"
+ - value: "ClusterFirstWithHostNet"
+ description: "ClusterFirstWithHostNet"
+ - value: "None"
+ description: "None"
+
+ - variable: dnsConfig
+ label: "DNS Configuration"
+ group: "Networking and Services"
+ description: "Specify custom DNS configuration which will be applied to the pod"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: nameservers
+ label: "Nameservers"
+ schema:
+ default: []
+ type: list
+ items:
+ - variable: nameserver
+ label: "Nameserver"
+ schema:
+ type: string
+ - variable: options
+ label: "options"
+ schema:
+ default: []
+ type: list
+ items:
+ - variable: option
+ label: "Option Entry"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: searches
+ label: "Searches"
+ schema:
+ default: []
+ type: list
+ items:
+ - variable: search
+ label: "Search Entry"
+ schema:
+ type: string
+
+ - variable: serviceList
+ label: "Add Manual Custom Services"
+ group: "Networking and Services"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: serviceListEntry
+ label: "Custom Service"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable the service"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ default: ""
+ - variable: type
+ label: "Service Type"
+ description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: "Simple"
+ enum:
+ - value: "Simple"
+ description: "Simple"
+ - value: "NodePort"
+ description: "NodePort"
+ - value: "ClusterIP"
+ description: "ClusterIP"
+ - value: "LoadBalancer"
+ description: "LoadBalancer"
+ - variable: loadBalancerIP
+ label: "LoadBalancer IP"
+ description: "LoadBalancerIP"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: "External IP"
+ schema:
+ type: string
+ - variable: portsList
+ label: "Additional Service Ports"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsListEntry
+ label: "Custom ports"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable the port"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: "Port Name"
+ schema:
+ type: string
+ default: ""
+ - variable: protocol
+ label: "Port Type"
+ schema:
+ type: string
+ default: "TCP"
+ enum:
+ - value: HTTP
+ description: "HTTP"
+ - value: "HTTPS"
+ description: "HTTPS"
+ - value: TCP
+ description: "TCP"
+ - value: "UDP"
+ description: "UDP"
+ - variable: targetPort
+ label: "Target Port"
+ description: "This port exposes the container port on the service"
+ schema:
+ type: int
+ required: true
+ - variable: port
+ label: "Container Port"
+ schema:
+ type: int
+ required: true
+ - variable: nodePort
+ label: "Node Port (Optional)"
+ description: "This port gets exposed to the node. Only considered when service type is NodePort"
+ schema:
+ type: int
+ min: 9000
+ max: 65535
+
+ - variable: persistence
+ label: "Integrated Persistent Storage"
+ description: "Integrated Persistent Storage"
+ group: "Storage and Persistence"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: config
+ label: "App Config Storage"
+ description: "Stores the Application Configuration."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: "Type of Storage"
+ description: "Sets the persistence type, Anything other than PVC could break rollback!"
+ schema:
+ type: string
+ default: "simplePVC"
+ enum:
+ - value: "simplePVC"
+ description: "PVC (simple)"
+ - value: "simpleHP"
+ description: "HostPath (simple)"
+ - value: "emptyDir"
+ description: "emptyDir"
+ - value: "pvc"
+ description: "pvc"
+ - value: "hostPath"
+ description: "hostPath"
+ - value: "nfs"
+ description: "NFS Share"
+ - variable: server
+ label: "NFS server"
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: "Path on NFS server"
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: setPermissionsSimple
+ label: "Automatic Permissions"
+ description: "Automatically set permissions on install"
+ schema:
+ show_if: [["type", "=", "simpleHP"]]
+ type: boolean
+ default: true
+ - variable: setPermissions
+ label: "Automatic Permissions"
+ description: "Automatically set permissions on install"
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: boolean
+ default: true
+ - variable: readOnly
+ label: "readOnly"
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPathSimple
+ label: "hostPath"
+ description: "Path inside the container the storage is mounted"
+ schema:
+ show_if: [["type", "=", "simpleHP"]]
+ type: hostpath
+ - variable: hostPath
+ label: "hostPath"
+ description: "Path inside the container the storage is mounted"
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: "EmptyDir Medium"
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: "Default"
+ - value: "Memory"
+ description: "Memory"
+ - variable: size
+ label: "Size quotum of storage"
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: "999Gi"
+ - variable: hostPathType
+ label: "(Advanced) hostPath Type"
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: "Default"
+ - value: "DirectoryOrCreate"
+ description: "DirectoryOrCreate"
+ - value: "Directory"
+ description: "Directory"
+ - value: "FileOrCreate"
+ description: "FileOrCreate"
+ - value: "File"
+ description: "File"
+ - value: "Socket"
+ description: "Socket"
+ - value: "CharDevice"
+ description: "CharDevice"
+ - value: "BlockDevice"
+ description: "BlockDevice"
+ - variable: storageClass
+ label: "(Advanced) storageClass"
+ description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!"
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: "SCALE-ZFS"
+ - variable: accessMode
+ label: "(Advanced) Access Mode"
+ description: "Allow or disallow multiple PVC's writhing to the same PV"
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: "ReadWriteOnce"
+ enum:
+ - value: "ReadWriteOnce"
+ description: "ReadWriteOnce"
+ - value: "ReadOnlyMany"
+ description: "ReadOnlyMany"
+ - value: "ReadWriteMany"
+ description: "ReadWriteMany"
+ - variable: advanced
+ label: "Show Advanced Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: labelsList
+ label: "Labels"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: labelItem
+ label: "Label"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: annotationsList
+ label: "Annotations"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: annotationItem
+ label: "Label"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+
+ - variable: persistenceList
+ label: "Additional app storage"
+ group: "Storage and Persistence"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: persistenceListEntry
+ label: "Custom Storage"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable the storage"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: "Name (optional)"
+ description: "Not required, please set to config when mounting /config or temp when mounting /tmp"
+ schema:
+ type: string
+ - variable: type
+ label: "Type of Storage"
+ description: "Sets the persistence type, Anything other than PVC could break rollback!"
+ schema:
+ type: string
+ default: "simpleHP"
+ enum:
+ - value: "simplePVC"
+ description: "PVC (simple)"
+ - value: "simpleHP"
+ description: "HostPath (simple)"
+ - value: "emptyDir"
+ description: "emptyDir"
+ - value: "pvc"
+ description: "pvc"
+ - value: "hostPath"
+ description: "hostPath"
+ - value: "nfs"
+ description: "NFS Share"
+ - variable: server
+ label: "NFS server"
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: "Path on NFS server"
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: setPermissionsSimple
+ label: "Automatic Permissions"
+ description: "Automatically set permissions on install"
+ schema:
+ show_if: [["type", "=", "simpleHP"]]
+ type: boolean
+ default: true
+ - variable: setPermissions
+ label: "Automatic Permissions"
+ description: "Automatically set permissions on install"
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: boolean
+ default: true
+ - variable: readOnly
+ label: "readOnly"
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPathSimple
+ label: "hostPath"
+ description: "Path inside the container the storage is mounted"
+ schema:
+ show_if: [["type", "=", "simpleHP"]]
+ type: hostpath
+ - variable: hostPath
+ label: "hostPath"
+ description: "Path inside the container the storage is mounted"
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: mountPath
+ label: "mountPath"
+ description: "Path inside the container the storage is mounted"
+ schema:
+ type: string
+ default: ""
+ required: true
+ valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
+ - variable: medium
+ label: "EmptyDir Medium"
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: "Default"
+ - value: "Memory"
+ description: "Memory"
+ - variable: size
+ label: "Size quotum of storage"
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: "999Gi"
+ - variable: hostPathType
+ label: "(Advanced) hostPath Type"
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: "Default"
+ - value: "DirectoryOrCreate"
+ description: "DirectoryOrCreate"
+ - value: "Directory"
+ description: "Directory"
+ - value: "FileOrCreate"
+ description: "FileOrCreate"
+ - value: "File"
+ description: "File"
+ - value: "Socket"
+ description: "Socket"
+ - value: "CharDevice"
+ description: "CharDevice"
+ - value: "BlockDevice"
+ description: "BlockDevice"
+ - variable: storageClass
+ label: "(Advanced) storageClass"
+ description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!"
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: "SCALE-ZFS"
+ - variable: accessMode
+ label: "(Advanced) Access Mode"
+ description: "Allow or disallow multiple PVC's writhing to the same PV"
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: "ReadWriteOnce"
+ enum:
+ - value: "ReadWriteOnce"
+ description: "ReadWriteOnce"
+ - value: "ReadOnlyMany"
+ description: "ReadOnlyMany"
+ - value: "ReadWriteMany"
+ description: "ReadWriteMany"
+ - variable: advanced
+ label: "Show Advanced Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: labelsList
+ label: "Labels"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: labelItem
+ label: "Label"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: annotationsList
+ label: "Annotations"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: annotationItem
+ label: "Label"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+
+ - variable: ingress
+ label: ""
+ group: "Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable Ingress"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: "Hosts"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: "Host"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: "HostName"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: "Paths"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: "Host"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: "path"
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: "pathType"
+ schema:
+ type: string
+ required: true
+ default: "Prefix"
+
+ - variable: tls
+ label: "TLS-Settings"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: tlsEntry
+ label: "Host"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: "Certificate Hosts"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: "Host"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: scaleCert
+ label: "Select TrueNAS SCALE Certificate"
+ schema:
+ type: int
+ $ref:
+ - "definitions/certificate"
+
+ - variable: entrypoint
+ label: "(Advanced) Traefik Entrypoint"
+ description: "Entrypoint used by Traefik when using Traefik as Ingress Provider"
+ schema:
+ type: string
+ default: "websecure"
+ required: true
+ - variable: middlewares
+ label: "Traefik Middlewares"
+ description: "Add previously created Traefik Middlewares to this Ingress"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: expert
+ label: "Show Expert Configuration Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: enableFixedMiddlewares
+ description: "These middlewares enforce a number of best practices."
+ label: "Enable Default Middlewares"
+ schema:
+ type: boolean
+ default: true
+ - variable: ingressClassName
+ label: "IngressClass Name"
+ schema:
+ type: string
+ default: ""
+ - variable: labelsList
+ label: "Labels"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: labelItem
+ label: "Label"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: annotationsList
+ label: "Annotations"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: annotationItem
+ label: "Label"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+
+ - variable: ingressList
+ label: "Add Manual Custom Ingresses"
+ group: "Ingress"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressListEntry
+ label: "Custom Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable Ingress"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ default: ""
+ - variable: ingressClassName
+ label: "IngressClass Name"
+ schema:
+ type: string
+ default: ""
+ - variable: labelsList
+ label: "Labels"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: labelItem
+ label: "Label"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: annotationsList
+ label: "Annotations"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: annotationItem
+ label: "Label"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: hosts
+ label: "Hosts"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: "Host"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: "HostName"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: "Paths"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: "Host"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: "path"
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: "pathType"
+ schema:
+ type: string
+ required: true
+ default: "Prefix"
+ - variable: service
+ label: "Linked Service"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Service Name"
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: "Service Port"
+ schema:
+ type: int
+ - variable: tls
+ label: "TLS-Settings"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: tlsEntry
+ label: "Host"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: "Certificate Hosts"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: "Host"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: scaleCert
+ label: "Select TrueNAS SCALE Certificate"
+ schema:
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: entrypoint
+ label: "Traefik Entrypoint"
+ description: "Entrypoint used by Traefik when using Traefik as Ingress Provider"
+ schema:
+ type: string
+ default: "websecure"
+ required: true
+ - variable: middlewares
+ label: "Traefik Middlewares"
+ description: "Add previously created Traefik Middlewares to this Ingress"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: security
+ label: "Container Security Settings"
+ group: "Security and Permissions"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: editsecurity
+ label: "Change PUID / UMASK values"
+ description: "By enabling this you override default set values."
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: PUID
+ label: "Process User ID - PUID"
+ description: "When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps"
+ schema:
+ type: int
+ default: 568
+ - variable: UMASK
+ label: "UMASK"
+ description: "When supported by the container, this sets the UMASK for tha App. Not supported by all Apps"
+ schema:
+ type: string
+ default: "002"
+
+ - variable: advancedSecurity
+ label: "Show Advanced Security Settings"
+ group: "Security and Permissions"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: securityContext
+ label: "Security Context"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: privileged
+ label: "Privileged mode"
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnlyRootFilesystem
+ label: "ReadOnly Root Filesystem"
+ schema:
+ type: boolean
+ default: true
+ - variable: allowPrivilegeEscalation
+ label: "Allow Privilege Escalation"
+ schema:
+ type: boolean
+ default: false
+ - variable: runAsNonRoot
+ label: "runAsNonRoot"
+ schema:
+ type: boolean
+ default: true
+ - variable: capabilities
+ label: "Capabilities"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: drop
+ label: "Drop Capability"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: dropEntry
+ label: ""
+ schema:
+ type: string
+ - variable: add
+ label: "Add Capability"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: addEntry
+ label: ""
+ schema:
+ type: string
+
+ - variable: podSecurityContext
+ group: "Security and Permissions"
+ label: "Pod Security Context"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: runAsUser
+ label: "runAsUser"
+ description: "The UserID of the user running the application"
+ schema:
+ type: int
+ default: 568
+ - variable: runAsGroup
+ label: "runAsGroup"
+ description: "The groupID this App of the user running the application"
+ schema:
+ type: int
+ default: 568
+ - variable: fsGroup
+ label: "fsGroup"
+ description: "The group that should own ALL storage."
+ schema:
+ type: int
+ default: 568
+ - variable: fsGroupChangePolicy
+ label: "When should we take ownership?"
+ schema:
+ type: string
+ default: "OnRootMismatch"
+ enum:
+ - value: "OnRootMismatch"
+ description: "OnRootMismatch"
+ - value: "Always"
+ description: "Always"
+ - variable: supplementalGroups
+ label: "supplemental Groups"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: supplementalGroupsEntry
+ label: "supplemental Group"
+ schema:
+ type: int
+
+
+ - variable: advancedresources
+ label: "Set Custom Resource Limits/Requests (Advanced)"
+ group: "Resources and Devices"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: resources
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: limits
+ label: "Advanced Limit Resource Consumption"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cpu
+ label: "CPU"
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/indepth/validation/"
+ schema:
+ type: string
+ default: "4000m"
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: "RAM"
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/indepth/validation/"
+ schema:
+ type: string
+ default: "8Gi"
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: requests
+ label: "Minimum Resources Required (request)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cpu
+ label: "CPU"
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/indepth/validation/"
+ schema:
+ type: string
+ default: "10m"
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: "RAM"
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/indepth/validation/"
+ schema:
+ type: string
+ default: "50Mi"
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+
+ - variable: deviceList
+ label: "Mount USB devices"
+ group: "Resources and Devices"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: deviceListEntry
+ label: "Device"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable the storage"
+ schema:
+ type: boolean
+ default: true
+ - variable: type
+ label: "(Advanced) Type of Storage"
+ description: "Sets the persistence type"
+ schema:
+ type: string
+ default: "hostPath"
+ hidden: true
+ - variable: readOnly
+ label: "readOnly"
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: "Host Device Path"
+ description: "Path to the device on the host system"
+ schema:
+ type: path
+ - variable: mountPath
+ label: "Container Device Path"
+ description: "Path inside the container the device is mounted"
+ schema:
+ type: string
+ default: "/dev/ttyACM0"
+
+ # Specify GPU configuration
+ - variable: scaleGPU
+ label: "GPU Configuration"
+ group: "Resources and Devices"
+ schema:
+ type: dict
+ $ref:
+ - "definitions/gpuConfiguration"
+ attrs: []
+
+# - variable: autoscaling
+# group: "Advanced"
+# label: "(Advanced) Horizontal Pod Autoscaler"
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: enabled
+# label: "enabled"
+# schema:
+# type: boolean
+# default: false
+# show_subquestions_if: true
+# subquestions:
+# - variable: target
+# label: "Target"
+# description: "deployment name, defaults to main deployment"
+# schema:
+# type: string
+# default: ""
+# - variable: minReplicas
+# label: "Minimum Replicas"
+# schema:
+# type: int
+# default: 1
+# - variable: maxReplicas
+# label: "Maximum Replicas"
+# schema:
+# type: int
+# default: 5
+# - variable: targetCPUUtilizationPercentage
+# label: "Target CPU Utilization Percentage"
+# schema:
+# type: int
+# default: 80
+# - variable: targetMemoryUtilizationPercentage
+# label: "Target Memory Utilization Percentage"
+# schema:
+# type: int
+# default: 80
+# - variable: networkPolicy
+# group: "Advanced"
+# label: "(Advanced) Network Policy"
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: enabled
+# label: "enabled"
+# schema:
+# type: boolean
+# default: false
+# show_subquestions_if: true
+# subquestions:
+# - variable: policyType
+# label: "Policy Type"
+# schema:
+# type: string
+# default: ""
+# enum:
+# - value: ""
+# description: "Default"
+# - value: "ingress"
+# description: "Ingress"
+# - value: "egress"
+# description: "Egress"
+# - value: "ingress-egress"
+# description: "Ingress and Egress"
+# - variable: egress
+# label: "Egress"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: egressEntry
+# label: ""
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: to
+# label: "To"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: toEntry
+# label: ""
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: ipBlock
+# label: "ipBlock"
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: cidr
+# label: "cidr"
+# schema:
+# type: string
+# default: ""
+# - variable: except
+# label: "except"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: exceptint
+# label: ""
+# schema:
+# type: string
+# - variable: namespaceSelector
+# label: "namespaceSelector"
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: matchExpressions
+# label: "matchExpressions"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: expressionEntry
+# label: ""
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: key
+# label: "Key"
+# schema:
+# type: string
+# - variable: operator
+# label: "operator"
+# schema:
+# type: string
+# default: "TCP"
+# enum:
+# - value: "In"
+# description: "In"
+# - value: "NotIn"
+# description: "NotIn"
+# - value: "Exists "
+# description: "Exists "
+# - value: "DoesNotExist "
+# description: "DoesNotExist "
+# - variable: values
+# label: "values"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: value
+# label: ""
+# schema:
+# type: string
+# - variable: podSelector
+# label: ""
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: matchExpressions
+# label: "matchExpressions"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: expressionEntry
+# label: ""
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: key
+# label: "Key"
+# schema:
+# type: string
+# - variable: operator
+# label: "operator"
+# schema:
+# type: string
+# default: "TCP"
+# enum:
+# - value: "In"
+# description: "In"
+# - value: "NotIn"
+# description: "NotIn"
+# - value: "Exists "
+# description: "Exists "
+# - value: "DoesNotExist "
+# description: "DoesNotExist "
+# - variable: values
+# label: "values"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: value
+# label: ""
+# schema:
+# type: string
+# - variable: ports
+# label: "Ports"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: portsEntry
+# label: ""
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: port
+# label: "port"
+# schema:
+# type: int
+# - variable: endPort
+# label: "port"
+# schema:
+# type: int
+# - variable: protocol
+# label: "Protocol"
+# schema:
+# type: string
+# default: "TCP"
+# enum:
+# - value: "TCP"
+# description: "TCP"
+# - value: "UDP"
+# description: "UDP"
+# - value: "SCTP"
+# description: "SCTP"
+# - variable: ingress
+# label: "Ingress"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: ingressEntry
+# label: ""
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: from
+# label: "From"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: fromEntry
+# label: ""
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: ipBlock
+# label: "ipBlock"
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: cidr
+# label: "cidr"
+# schema:
+# type: string
+# default: ""
+# - variable: except
+# label: "except"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: exceptint
+# label: ""
+# schema:
+# type: string
+# - variable: namespaceSelector
+# label: "namespaceSelector"
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: matchExpressions
+# label: "matchExpressions"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: expressionEntry
+# label: ""
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: key
+# label: "Key"
+# schema:
+# type: string
+# - variable: operator
+# label: "operator"
+# schema:
+# type: string
+# default: "TCP"
+# enum:
+# - value: "In"
+# description: "In"
+# - value: "NotIn"
+# description: "NotIn"
+# - value: "Exists "
+# description: "Exists "
+# - value: "DoesNotExist "
+# description: "DoesNotExist "
+# - variable: values
+# label: "values"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: value
+# label: ""
+# schema:
+# type: string
+# - variable: podSelector
+# label: ""
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: matchExpressions
+# label: "matchExpressions"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: expressionEntry
+# label: ""
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: key
+# label: "Key"
+# schema:
+# type: string
+# - variable: operator
+# label: "operator"
+# schema:
+# type: string
+# default: "TCP"
+# enum:
+# - value: "In"
+# description: "In"
+# - value: "NotIn"
+# description: "NotIn"
+# - value: "Exists "
+# description: "Exists "
+# - value: "DoesNotExist "
+# description: "DoesNotExist "
+# - variable: values
+# label: "values"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: value
+# label: ""
+# schema:
+# type: string
+# - variable: ports
+# label: "Ports"
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: portsEntry
+# label: ""
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: port
+# label: "port"
+# schema:
+# type: int
+# - variable: endPort
+# label: "port"
+# schema:
+# type: int
+# - variable: protocol
+# label: "Protocol"
+# schema:
+# type: string
+# default: "TCP"
+# enum:
+# - value: "TCP"
+# description: "TCP"
+# - value: "UDP"
+# description: "UDP"
+# - value: "SCTP"
+# description: "SCTP"
+
+
+ - variable: addons
+ group: "Addons"
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: vpn
+ label: "VPN"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: "Type"
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: "disabled"
+ description: "disabled"
+ - value: "openvpn"
+ description: "OpenVPN"
+ - value: "wireguard"
+ description: "Wireguard"
+ - variable: openvpn
+ label: "OpenVPN Settings"
+ schema:
+ type: dict
+ show_if: [["type", "=", "openvpn"]]
+ attrs:
+ - variable: username
+ label: "authentication username"
+ description: "authentication username, optional"
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: "authentication password"
+ description: "authentication credentials"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: killSwitch
+ label: "Enable killswitch"
+ schema:
+ type: boolean
+ show_if: [["type", "!=", "disabled"]]
+ default: true
+ - variable: excludedNetworks_IPv4
+ label: "Killswitch Excluded IPv4 networks"
+ description: "list of killswitch excluded ipv4 addresses"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv4
+ label: "IPv4 Network"
+ schema:
+ type: string
+ required: true
+ - variable: excludedNetworks_IPv6
+ label: "Killswitch Excluded IPv6 networks"
+ description: "list of killswitch excluded ipv4 addresses"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv6
+ label: "IPv6 Network"
+ schema:
+ type: string
+ required: true
+
+ - variable: configFile
+ label: "VPN Config File Location"
+ schema:
+ type: dict
+ show_if: [["type", "!=", "disabled"]]
+ attrs:
+ - variable: enabled
+ label: "enabled"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: "type"
+ schema:
+ type: string
+ default: "hostPath"
+ hidden: true
+ - variable: hostPathType
+ label: "hostPathType"
+ schema:
+ type: string
+ default: "File"
+ hidden: true
+ - variable: noMount
+ label: "noMount"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: hostPath
+ label: "Full path to file"
+ description: "path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn"
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: envList
+ label: "VPN environment Variables"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: "Environment Variable"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ required: true
+
+ - variable: codeserver
+ label: "Codeserver"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "enabled"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: git
+ label: "Git Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: deployKey
+ description: "Raw SSH private key"
+ label: "deployKey"
+ schema:
+ type: string
+ - variable: deployKeyBase64
+ description: "Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence"
+ label: "deployKeyBase64"
+ schema:
+ type: string
+ - variable: service
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: "Service Type"
+ description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: "NodePort"
+ enum:
+ - value: "NodePort"
+ description: "NodePort"
+ - value: "ClusterIP"
+ description: "ClusterIP"
+ - value: "LoadBalancer"
+ description: "LoadBalancer"
+ - variable: loadBalancerIP
+ label: "LoadBalancer IP"
+ description: "LoadBalancerIP"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: "External IP"
+ schema:
+ type: string
+ - variable: ports
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: nodePort
+ description: "leave empty to disable"
+ label: "nodePort"
+ schema:
+ type: int
+ default: 36107
+ - variable: envList
+ label: "Codeserver environment Variables"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: "Environment Variable"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ required: true
+
+
+ - variable: promtail
+ label: "Promtail"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "enabled"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: loki
+ label: "Loki URL"
+ schema:
+ type: string
+ required: true
+ - variable: logs
+ label: "Log Paths"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: path
+ label: "Path"
+ schema:
+ type: string
+ required: true
+ - variable: args
+ label: "Promtail ecommand line arguments"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: arg
+ label: "Arg"
+ schema:
+ type: string
+ required: true
+ - variable: envList
+ label: "Promtail environment Variables"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: "Environment Variable"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ required: true
+
+
+
+
+ - variable: netshoot
+ label: "Netshoot"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "enabled"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: envList
+ label: "Netshoot environment Variables"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: "Environment Variable"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ required: true
+
+ - variable: identity_providers
+ group: "Advanced"
+ label: "Authelia Identity Providers (BETA)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: oidc
+ label: "OpenID Connect(BETA)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "enabled"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: access_token_lifespan
+ label: "Access Token Lifespan"
+ schema:
+ type: string
+ default: "1h"
+ required: true
+ - variable: authorize_code_lifespan
+ label: "Authorize Code Lifespan"
+ schema:
+ type: string
+ default: "1m"
+ required: true
+ - variable: id_token_lifespan
+ label: "ID Token Lifespan"
+ schema:
+ type: string
+ default: "1h"
+ required: true
+ - variable: refresh_token_lifespan
+ label: "Refresh Token Lifespan"
+ schema:
+ type: string
+ default: "90m"
+ required: true
+ - variable: enable_client_debug_messages
+ label: "Enable Client Debug Messages"
+ schema:
+ type: boolean
+ default: false
+ - variable: clients
+ label: "Clients"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: clientEntry
+ label: "Client"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: id
+ label: "ID/Name"
+ description: "The ID is the OpenID Connect ClientID which is used to link an application to a configuration."
+ schema:
+ type: string
+ default: "myapp"
+ required: true
+ - variable: description
+ label: "Description"
+ description: "The description to show to users when they end up on the consent screen. Defaults to the ID above."
+ schema:
+ type: string
+ default: "My Application"
+ required: true
+ - variable: secret
+ label: "Secret"
+ description: "The client secret is a shared secret between Authelia and the consumer of this client."
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: public
+ label: "public"
+ description: "Sets the client to public. This should typically not be set, please see the documentation for usage."
+ schema:
+ type: boolean
+ default: false
+ - variable: authorization_policy
+ label: "Authorization Policy"
+ description: "The policy to require for this client; one_factor or two_factor."
+ schema:
+ type: string
+ default: "two_factor"
+ enum:
+ - value: "one_factor"
+ description: "one_factor"
+ - value: "two_factor"
+ description: "two_factor"
+ - variable: userinfo_signing_algorithm
+ label: "Userinfo Signing Algorithm"
+ description: "The algorithm used to sign userinfo endpoint responses for this client, either none or RS256."
+ schema:
+ type: string
+ default: "none"
+ enum:
+ - value: "none"
+ description: "none"
+ - value: "RS256"
+ description: "RS256"
+ - variable: audience
+ label: "Audience"
+ description: "Audience this client is allowed to request."
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: audienceEntry
+ label: ""
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: scopes
+ label: "Scopes"
+ description: "Scopes this client is allowed to request."
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ScopeEntry
+ label: "Scope"
+ schema:
+ type: string
+ default: "openid"
+ required: true
+ - variable: redirect_uris
+ label: "redirect_uris"
+ description: "Redirect URI's specifies a list of valid case-sensitive callbacks for this client."
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: uriEntry
+ label: "Url"
+ schema:
+ type: string
+ default: "https://oidc.example.com/oauth2/callback"
+ required: true
+ - variable: grant_types
+ description: "Grant Types configures which grants this client can obtain."
+ label: "grant_types"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: grantEntry
+ label: "Grant"
+ schema:
+ type: string
+ default: "refresh_token"
+ required: true
+ - variable: response_types
+ description: "Response Types configures which responses this client can be sent."
+ label: "response_types"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: responseEntry
+ label: "type"
+ schema:
+ type: string
+ default: "code"
+ required: true
+ - variable: response_modes
+ description: "Response Modes configures which response modes this client supports."
+ label: "response_modes"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: modeEntry
+ label: "Mode"
+ schema:
+ type: string
+ default: "form_post"
+ required: true
diff --git a/stable/authelia/11.0.19/templates/_configmap.tpl b/stable/authelia/11.0.19/templates/_configmap.tpl
new file mode 100644
index 00000000000..57d75320032
--- /dev/null
+++ b/stable/authelia/11.0.19/templates/_configmap.tpl
@@ -0,0 +1,248 @@
+{{/* Define the configmap */}}
+{{- define "authelia.configmap" -}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: authelia-paths
+data:
+ AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true"
+ AUTHELIA_JWT_SECRET_FILE: "/secrets/JWT_TOKEN"
+ AUTHELIA_SESSION_SECRET_FILE: "/secrets/SESSION_ENCRYPTION_KEY"
+ AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: "/secrets/ENCRYPTION_KEY"
+ AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: "/secrets/STORAGE_PASSWORD"
+ {{- if .Values.authentication_backend.ldap.enabled }}
+ AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE: "/secrets/LDAP_PASSWORD"
+ {{- end }}
+ {{- if .Values.notifier.smtp.enabled }}
+ AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: "/secrets/SMTP_PASSWORD"
+ {{- end }}
+ AUTHELIA_SESSION_REDIS_PASSWORD_FILE: "/secrets/REDIS_PASSWORD"
+ {{- if .Values.redisProvider.high_availability.enabled }}
+ AUTHELIA_SESSION_REDIS_HIGH_AVAILABILITY_SENTINEL_PASSWORD_FILE: "/secrets/REDIS_SENTINEL_PASSWORD"
+ {{- end }}
+ {{- if .Values.duo_api.enabled }}
+ AUTHELIA_DUO_API_SECRET_KEY_FILE: "/secrets/DUO_API_KEY"
+ {{- end }}
+ {{- if .Values.identity_providers.oidc.enabled }}
+ AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: "/secrets/OIDC_HMAC_SECRET"
+ AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: "/secrets/OIDC_PRIVATE_KEY"
+ {{- end }}
+
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: authelia-configfile
+data:
+ configuration.yaml: |
+ ---
+ theme: {{ default "light" .Values.theme }}
+ default_redirection_url: {{ default (printf "https://www.%s" .Values.domain) .Values.default_redirection_url }}
+ server:
+ host: 0.0.0.0
+ port: {{ default 9091 .Values.server.port }}
+ {{- if not (eq "" (default "" .Values.server.path)) }}
+ path: {{ .Values.server.path }}
+ {{- end }}
+ read_buffer_size: {{ default 4096 .Values.server.read_buffer_size }}
+ write_buffer_size: {{ default 4096 .Values.server.write_buffer_size }}
+ enable_pprof: {{ default false .Values.server.enable_pprof }}
+ enable_expvars: {{ default false .Values.server.enable_expvars }}
+ log:
+ level: {{ default "info" .Values.log.level }}
+ format: {{ default "text" .Values.log.format }}
+ {{- if not (eq "" (default "" .Values.log.file_path)) }}
+ file_path: {{ .Values.log.file_path }}
+ keep_stdout: true
+ {{- end }}
+ totp:
+ issuer: {{ default .Values.domain .Values.totp.issuer }}
+ period: {{ default 30 .Values.totp.period }}
+ skew: {{ default 1 .Values.totp.skew }}
+ {{- if .Values.duo_api.enabled }}
+ duo_api:
+ hostname: {{ .Values.duo_api.hostname }}
+ integration_key: {{ .Values.duo_api.integration_key }}
+ {{- end }}
+ {{- with $auth := .Values.authentication_backend }}
+ authentication_backend:
+ disable_reset_password: {{ $auth.disable_reset_password }}
+ {{- if $auth.file.enabled }}
+ file:
+ path: {{ $auth.file.path }}
+ password: {{ toYaml $auth.file.password | nindent 10 }}
+ {{- end }}
+ {{- if $auth.ldap.enabled }}
+ ldap:
+ implementation: {{ default "custom" $auth.ldap.implementation }}
+ url: {{ $auth.ldap.url }}
+ timeout: {{ default "5s" $auth.ldap.timeout }}
+ start_tls: {{ $auth.ldap.start_tls }}
+ tls:
+ {{- if hasKey $auth.ldap.tls "server_name" }}
+ server_name: {{ default $auth.ldap.host $auth.ldap.tls.server_name }}
+ {{- end }}
+ minimum_version: {{ default "TLS1.2" $auth.ldap.tls.minimum_version }}
+ skip_verify: {{ default false $auth.ldap.tls.skip_verify }}
+ {{- if $auth.ldap.base_dn }}
+ base_dn: {{ $auth.ldap.base_dn }}
+ {{- end }}
+ {{- if $auth.ldap.username_attribute }}
+ username_attribute: {{ $auth.ldap.username_attribute }}
+ {{- end }}
+ {{- if $auth.ldap.additional_users_dn }}
+ additional_users_dn: {{ $auth.ldap.additional_users_dn }}
+ {{- end }}
+ {{- if $auth.ldap.users_filter }}
+ users_filter: {{ $auth.ldap.users_filter }}
+ {{- end }}
+ {{- if $auth.ldap.additional_groups_dn }}
+ additional_groups_dn: {{ $auth.ldap.additional_groups_dn }}
+ {{- end }}
+ {{- if $auth.ldap.groups_filter }}
+ groups_filter: {{ $auth.ldap.groups_filter }}
+ {{- end }}
+ {{- if $auth.ldap.group_name_attribute }}
+ group_name_attribute: {{ $auth.ldap.group_name_attribute }}
+ {{- end }}
+ {{- if $auth.ldap.mail_attribute }}
+ mail_attribute: {{ $auth.ldap.mail_attribute }}
+ {{- end }}
+ {{- if $auth.ldap.display_name_attribute }}
+ display_name_attribute: {{ $auth.ldap.display_name_attribute }}
+ {{- end }}
+ user: {{ $auth.ldap.user }}
+ {{- end }}
+ {{- end }}
+ {{- with $session := .Values.session }}
+ session:
+ name: {{ default "authelia_session" $session.name }}
+ domain: {{ required "A valid .Values.domain entry required!" $.Values.domain }}
+ same_site: {{ default "lax" $session.same_site }}
+ expiration: {{ default "1M" $session.expiration }}
+ inactivity: {{ default "5m" $session.inactivity }}
+ remember_me_duration: {{ default "1M" $session.remember_me_duration }}
+ {{- end }}
+ redis:
+ host: {{ .Values.redis.url.plain }}
+ {{- with $redis := .Values.redisProvider }}
+ port: {{ default 6379 $redis.port }}
+ {{- if not (eq $redis.username "") }}
+ username: {{ $redis.username }}
+ {{- end }}
+ maximum_active_connections: {{ default 8 $redis.maximum_active_connections }}
+ minimum_idle_connections: {{ default 0 $redis.minimum_idle_connections }}
+ {{- if $redis.tls.enabled }}
+ tls:
+ server_name: {{ $redis.tls.server_name }}
+ minimum_version: {{ default "TLS1.2" $redis.tls.minimum_version }}
+ skip_verify: {{ $redis.tls.skip_verify }}
+ {{- end }}
+ {{- if $redis.high_availability.enabled }}
+ high_availability:
+ sentinel_name: {{ $redis.high_availability.sentinel_name }}
+ {{- if $redis.high_availability.nodes }}
+ nodes: {{ toYaml $redis.high_availability.nodes | nindent 10 }}
+ {{- end }}
+ route_by_latency: {{ $redis.high_availability.route_by_latency }}
+ route_randomly: {{ $redis.high_availability.route_randomly }}
+ {{- end }}
+ {{- end }}
+ regulation: {{ toYaml .Values.regulation | nindent 6 }}
+ storage:
+ postgres:
+ host: {{ printf "%v-%v" .Release.Name "postgresql" }}
+ {{- with $storage := .Values.storage }}
+ port: {{ default 5432 $storage.postgres.port }}
+ database: {{ default "authelia" $storage.postgres.database }}
+ username: {{ default "authelia" $storage.postgres.username }}
+ timeout: {{ default "5s" $storage.postgres.timeout }}
+ sslmode: {{ default "disable" $storage.postgres.sslmode }}
+ {{- end }}
+ {{- with $notifier := .Values.notifier }}
+ notifier:
+ disable_startup_check: {{ $.Values.notifier.disable_startup_check }}
+ {{- if $notifier.filesystem.enabled }}
+ filesystem:
+ filename: {{ $notifier.filesystem.filename }}
+ {{- end }}
+ {{- if $notifier.smtp.enabled }}
+ smtp:
+ host: {{ $notifier.smtp.host }}
+ port: {{ default 25 $notifier.smtp.port }}
+ timeout: {{ default "5s" $notifier.smtp.timeout }}
+ username: {{ $notifier.smtp.username }}
+ sender: {{ $notifier.smtp.sender }}
+ identifier: {{ $notifier.smtp.identifier }}
+ subject: {{ $notifier.smtp.subject | quote }}
+ startup_check_address: {{ $notifier.smtp.startup_check_address }}
+ disable_require_tls: {{ $notifier.smtp.disable_require_tls }}
+ disable_html_emails: {{ $notifier.smtp.disable_html_emails }}
+ tls:
+ server_name: {{ default $notifier.smtp.host $notifier.smtp.tls.server_name }}
+ minimum_version: {{ default "TLS1.2" $notifier.smtp.tls.minimum_version }}
+ skip_verify: {{ default false $notifier.smtp.tls.skip_verify }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.identity_providers.oidc.enabled }}
+ identity_providers:
+ oidc:
+ access_token_lifespan: {{ default "1h" .Values.identity_providers.oidc.access_token_lifespan }}
+ authorize_code_lifespan: {{ default "1m" .Values.identity_providers.oidc.authorize_code_lifespan }}
+ id_token_lifespan: {{ default "1h" .Values.identity_providers.oidc.id_token_lifespan }}
+ refresh_token_lifespan: {{ default "90m" .Values.identity_providers.oidc.refresh_token_lifespan }}
+ enable_client_debug_messages: {{ default false .Values.identity_providers.oidc.enable_client_debug_messages }}
+ minimum_parameter_entropy: {{ default 8 .Values.identity_providers.oidc.minimum_parameter_entropy }}
+ {{- if gt (len .Values.identity_providers.oidc.clients) 0 }}
+ clients:
+ {{- range $client := .Values.identity_providers.oidc.clients }}
+ - id: {{ $client.id }}
+ description: {{ default $client.id $client.description }}
+ secret: {{ default (randAlphaNum 128) $client.secret }}
+ {{- if $client.public }}
+ public: {{ $client.public }}
+ {{- end }}
+ authorization_policy: {{ default "two_factor" $client.authorization_policy }}
+ redirect_uris:
+ {{- range $client.redirect_uris }}
+ - {{ . }}
+ {{- end }}
+ {{- if $client.audience }}
+ audience: {{ toYaml $client.audience | nindent 10 }}
+ {{- end }}
+ scopes: {{ toYaml (default (list "openid" "profile" "email" "groups") $client.scopes) | nindent 10 }}
+ grant_types: {{ toYaml (default (list "refresh_token" "authorization_code") $client.grant_types) | nindent 10 }}
+ response_types: {{ toYaml (default (list "code") $client.response_types) | nindent 10 }}
+ {{- if $client.response_modes }}
+ response_modes: {{ toYaml $client.response_modes | nindent 10 }}
+ {{- end }}
+ userinfo_signing_algorithm: {{ default "none" $client.userinfo_signing_algorithm }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ access_control:
+ {{- if (eq (len .Values.access_control.rules) 0) }}
+ {{- if (eq .Values.access_control.default_policy "bypass") }}
+ default_policy: one_factor
+ {{- else if (eq .Values.access_control.default_policy "deny") }}
+ default_policy: two_factor
+ {{- else }}
+ default_policy: {{ .Values.access_control.default_policy }}
+ {{- end }}
+ {{- else }}
+ default_policy: {{ .Values.access_control.default_policy }}
+ {{- end }}
+ {{- if (eq (len .Values.access_control.networks) 0) }}
+ networks: []
+ {{- else }}
+ networks: {{ toYaml .Values.access_control.networks | nindent 6 }}
+ {{- end }}
+ {{- if (eq (len .Values.access_control.rules) 0) }}
+ rules: []
+ {{- else }}
+ rules: {{ toYaml .Values.access_control.rules | nindent 6 }}
+ {{- end }}
+ ...
+{{- end -}}
diff --git a/stable/authelia/11.0.19/templates/_secrets.tpl b/stable/authelia/11.0.19/templates/_secrets.tpl
new file mode 100644
index 00000000000..81fbe92ff70
--- /dev/null
+++ b/stable/authelia/11.0.19/templates/_secrets.tpl
@@ -0,0 +1,67 @@
+{{/* Define the secrets */}}
+{{- define "authelia.secrets" -}}
+---
+
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+ name: authelia-secrets
+{{- $autheliaprevious := lookup "v1" "Secret" .Release.Namespace "authelia-secrets" }}
+{{- $oidckey := "" }}
+{{- $oidcsecret := "" }}
+{{- $jwtsecret := "" }}
+{{- $sessionsecret := "" }}
+{{- $encryptionkey := "" }}
+data:
+ {{- if $autheliaprevious }}
+ SESSION_ENCRYPTION_KEY: {{ index $autheliaprevious.data "SESSION_ENCRYPTION_KEY" }}
+ JWT_TOKEN: {{ index $autheliaprevious.data "JWT_TOKEN" }}
+ {{- if ( hasKey $autheliaprevious.data "ENCRYPTION_KEY" ) }}
+ ENCRYPTION_KEY: {{ index $autheliaprevious.data "ENCRYPTION_KEY" }}
+ {{- else }}
+ {{- $encryptionkey := randAlphaNum 100 }}
+ ENCRYPTION_KEY: {{ $encryptionkey | b64enc }}
+ {{- end }}
+ {{- else }}
+ {{- $jwtsecret := randAlphaNum 50 }}
+ {{- $sessionsecret := randAlphaNum 50 }}
+ {{- $encryptionkey := randAlphaNum 100 }}
+ SESSION_ENCRYPTION_KEY: {{ $sessionsecret | b64enc }}
+ JWT_TOKEN: {{ $jwtsecret | b64enc}}
+ ENCRYPTION_KEY: {{ $encryptionkey | b64enc }}
+ {{- end }}
+
+ {{- if .Values.authentication_backend.ldap.enabled }}
+ LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password | b64enc | quote }}
+ {{- end }}
+
+ {{- if .Values.notifier.smtp.enabled }}
+ SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password | b64enc | quote }}
+ {{- end }}
+
+ {{- if .Values.duo_api.enabled }}
+ DUO_API_KEY: {{ .Values.duo_api.plain_api_key | b64enc }}
+ {{- end }}
+
+ STORAGE_PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" | b64enc }}
+
+ REDIS_PASSWORD: {{ .Values.redis.redisPassword | trimAll "\"" | b64enc }}
+ {{- if .Values.redisProvider.high_availability.enabled}}
+ REDIS_SENTINEL_PASSWORD: {{ .Values.redis.sentinelPassword | trimAll "\"" | b64enc }}
+ {{- end }}
+
+ {{- if $autheliaprevious }}
+ {{- if and ( hasKey $autheliaprevious.data "OIDC_PRIVATE_KEY" ) ( hasKey $autheliaprevious.data "OIDC_HMAC_SECRET" ) }}
+ OIDC_PRIVATE_KEY: {{ index $autheliaprevious.data "OIDC_PRIVATE_KEY" }}
+ OIDC_HMAC_SECRET: {{ index $autheliaprevious.data "OIDC_HMAC_SECRET" }}
+ {{- else }}
+ {{- $oidckey := genPrivateKey "rsa" }}
+ {{- $oidcsecret := randAlphaNum 32 }}
+ OIDC_PRIVATE_KEY: {{ $oidckey | b64enc }}
+ OIDC_HMAC_SECRET: {{ $oidcsecret | b64enc }}
+ {{- end }}
+ {{- end }}
+
+
+{{- end -}}
diff --git a/stable/authelia/11.0.19/templates/common.yaml b/stable/authelia/11.0.19/templates/common.yaml
new file mode 100644
index 00000000000..614b468adf3
--- /dev/null
+++ b/stable/authelia/11.0.19/templates/common.yaml
@@ -0,0 +1,74 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.common.loader.init" . }}
+
+{{/* Render configmap for authelia */}}
+{{- include "authelia.configmap" . }}
+
+{{/* Render secrets for authelia */}}
+{{- include "authelia.secrets" . }}
+
+{{/* Append the general configMap volume to the volumes */}}
+{{- define "authelia.configmapVolume" -}}
+enabled: "true"
+mountPath: " /configuration.yaml"
+readOnly: true
+subPath: configuration.yaml
+type: "custom"
+volumeSpec:
+ configMap:
+ name: authelia-configfile
+ items:
+ - key: configuration.yaml
+ path: configuration.yaml
+{{- end -}}
+
+{{/* Append the general secret volumes to the volumes */}}
+{{- define "authelia.secretVolumes" -}}
+enabled: "true"
+mountPath: "/secrets"
+readOnly: true
+type: "custom"
+volumeSpec:
+ secret:
+ secretName: authelia-secrets
+ items:
+ - key: "JWT_TOKEN"
+ path: JWT_TOKEN
+ - key: "SESSION_ENCRYPTION_KEY"
+ path: SESSION_ENCRYPTION_KEY
+ - key: "ENCRYPTION_KEY"
+ path: ENCRYPTION_KEY
+ - key: "STORAGE_PASSWORD"
+ path: STORAGE_PASSWORD
+ {{- if .Values.authentication_backend.ldap.enabled }}
+ - key: "LDAP_PASSWORD"
+ path: LDAP_PASSWORD
+ {{- end }}
+ {{- if .Values.notifier.smtp.enabled }}
+ - key: "SMTP_PASSWORD"
+ path: SMTP_PASSWORD
+ {{- end }}
+ - key: "REDIS_PASSWORD"
+ path: REDIS_PASSWORD
+ {{- if .Values.redisProvider.high_availability.enabled}}
+ - key: "REDIS_SENTINEL_PASSWORD"
+ path: REDIS_SENTINEL_PASSWORD
+ {{- end }}
+ {{- if .Values.duo_api.enabled }}
+ - key: "DUO_API_KEY"
+ path: DUO_API_KEY
+ {{- end }}
+ {{- if .Values.identity_providers.oidc.enabled }}
+ - key: "OIDC_PRIVATE_KEY"
+ path: OIDC_PRIVATE_KEY
+ - key: "OIDC_HMAC_SECRET"
+ path: OIDC_HMAC_SECRET
+ {{- end }}
+{{- end -}}
+
+{{- $_ := set .Values.persistence "authelia-configfile" (include "authelia.configmapVolume" . | fromYaml) -}}
+{{- $_ := set .Values.persistence "authelia-secrets" (include "authelia.secretVolumes" . | fromYaml) -}}
+
+
+{{/* Render the templates */}}
+{{ include "tc.common.loader.apply" . }}
diff --git a/stable/authelia/11.0.19/values.yaml b/stable/authelia/11.0.19/values.yaml
new file mode 100644
index 00000000000..e69de29bb2d