Skip to main content

Config

The Config custom resource can be provided by a vendor to specify a Config page in the Replicated admin console for collecting customer supplied values and template function rendering.

The settings that appear on the admin console Config page are specified as an array configuration groups and items.

The following example shows three groups defined in the Config custom resource manifest file, and how these groups are displayed on the admin console Config page.

For more information about the properties of groups and items, see Group Properties and Item Properties below.

apiVersion: kots.io/v1beta1
kind: Config
metadata:
name: my-application
spec:
groups:
- name: example_group
title: First Group
description: This is descriptive help text.
items:
- name: http_enabled
title: HTTP Enabled
type: bool
default: "0"
- name: example_group_2
title: Second Group
description: This is descriptive help text.
when: false
items:
- name: key
title: Key
type: textarea
props:
rows: 8
- name: hostname
title: Hostname
type: text
- name: example_group_3
title: Third Group
description: This is descriptive help text.
items:
- name: email-address
title: Email Address
type: text
- name: password_text
title: Password
type: password
value: "{{repl RandomString 10}}"

Three groups of items on the config page View a larger version of this image

Group Properties

Groups have a name, title, description and an array of items.

description

Descriptive help text for the group that displays on the admin console Config page. Supports markdown formatting.

To provide help text for individual items on the Config page, use the item help-text property. See help_text below.

spec:
groups:
- name: example_group
title: First Group
# Provide a description of the input fields in the group
description: Select whether or not to enable HTTP.
items:
- name: http_enabled
title: HTTP Enabled
type: bool
default: "0"

name

A unique identifier for the group.

spec:
groups:
# The name must be unique
- name: example_group
title: First Group
description: This is descriptive help text.
items:
- name: http_enabled
title: HTTP Enabled
type: bool
default: "0"

title

The title of the group that displays on the admin console Config page.

spec:
groups:
- name: example_group
# First Group is the heading that appears on the Config page
title: First Group
description: This is descriptive help text.
items:
- name: http_enabled
title: HTTP Enabled
type: bool
default: "0"

when

The when property denotes conditional user inputs that are only displayed on the admin console Config page when a condition evaluates to true. The equality check in the conditional statement of the when property must match exactly, without quotes.

The when property can be used as a group or item property. The select_one item type can be used as an option under the when property. However, when is not an item type, and so it cannot be used as an option under select_one.

When the when property for a group or item evaluates to false, the group or item is not displayed on the Config page.

If the user provides input on the Config page that makes a when property evaluate to true, then the Config page updates immediately to display the previously hidden group or item.

spec:
groups:
- name: example_group
title: First Group
description: This is descriptive help text.
items:
- name: http_enabled
title: HTTP Enabled
type: bool
default: "0"
- name: example_group_2
title: Second Group
description: This is descriptive help text.
# The group is not displayed if when is false
when: repl{{ ConfigOptionEquals "http_enabled" "1" }}
items:
- name: key
title: Key
type: textarea
props:
rows: 8
- name: hostname
title: Hostname
type: text
- name: example_group_3
title: Third Group
description: This is descriptive help text.
items:
- name: email-address
title: Email Address
type: text
- name: password_text
title: Password
type: password
value: "{{repl RandomString 10}}"

Only the first and third groups appear on the config screen View a larger version of this image

items

Each group contains an array of items that map to input fields on the admin console Config screen. All items have name, title, and type properties and belong to a single group.

For more information, see Item Properties and Item Types below.

Item Properties

Items have a name, title, type, and other optional properties.

affix

Description

Items can be affixed left or right. Affixing items allows them to appear in the admin console on the same line.

Specify the affix field to all of the items in a particular group to preserve the line spacing and prevent the appearance of crowded text.

Required?No
Example
groups:
- name: example_settings
title: My Example Config
description: Configuration to serve as an example for creating your own.
items:
- name: username
title: Username
type: text
required: true
affix: left
- name: password
title: Password
type: password
required: true
affix: right
Supports Go templates?Yes

default

Description

Defines the default value for the config item. If the user does not provide a value for the item, then the default value is applied.

If the default value is not associated with a password type config item, then it appears as placeholder text in the admin console.

Required?No
Example
- name: custom_key
title: Set your secret key for your app
description: Paste in your Custom Key
items:
- name: key
title: Key
type: text
value: ""
default: change me

Default change me value displayed under the config field

Supports Go templates?

Yes. Every time the user makes a change to their configuration settings for the application, any template functions used in the default property are reevaluated.

help_text

Description

Displays a helpful message below the title for the config item in the admin console.

Markdown syntax is supported. For more information about markdown syntax, see Basic writing and formatting syntax in the GitHub Docs.

Required?No
Example
- name: http_settings
title: HTTP Settings
items:
- name: http_enabled
title: HTTP Enabled
help_text: Check to enable the HTTP listener
type: bool

Config field with help text underneath

Supports Go templates?Yes

hidden

Description

Hidden items are not visible in the admin console.

note

When you assign a template function that generates a value to a value property, you can use the readonly and hidden properties to define whether or not the generated value is ephemeral or persistent between changes to the configuration settings for the application. For more information, see RandomString in Static Context.

Required?No
Example
- name: secret_key
title: Secret Key
type: password
hidden: true
value: "{{repl RandomString 40}}"
Supports Go templates?No

name

Description

A unique identifier for the config item. Item names must be unique both within the group and across all groups. The item name is not displayed in the admin console.

The item name can be used with KOTS template functions in the Config context (such as ConfigOption or ConfigOptionEquals) to return the value of the item. For more information, see Config Context.

Required?Yes
Example
- name: http_settings
title: HTTP Settings
items:
- name: http_enabled
title: HTTP Enabled
type: bool
Supports Go templates?Yes

readonly

Description

Readonly items are displayed in the admin console and users cannot edit their value.

note

When you assign a template function that generates a value to a value property, you can use the readonly and hidden properties to define whether or not the generated value is ephemeral or persistent between changes to the configuration settings for the application. For more information, see RandomString in Static Context.

Required?No
Example
- name: key
title: Key
type: text
value: ""
default: change me
- name: unique_key
title: Unique Key
type: text
value: "{{repl RandomString 20}}"
readonly: true

Default change me value displayed under the config field

Supports Go templates?No
Description

Displays a Recommended tag for the config item in the admin console.

Required?No
Example
- name: recommended_field
title: My recommended field
type: bool
default: "0"
recommended: true

config field with green recommended tag

Supports Go templates?No

required

Description

Displays a Required tag for the config item in the admin console. A required item prevents the application from starting until it has a value.

Required?No
Example
    - name: custom_key
title: Set your secret key for your app
description: Paste in your Custom Key
items:
- name: key
title: Key
type: text
value: ""
default: change me
required: true

config field with yellow required tag

Supports Go templates?No

title

Description

The title of the config item that displays in the admin console.

Required?Yes
Example
- name: http_settings
title: HTTP Settings
items:
- name: http_enabled
title: HTTP Enabled
help_text: Check to enable the HTTP listener
type: bool

Config field with help text underneath

Supports Go templates?Yes

type

Description

Each item has a type property that defines the type of user input accepted by the field.

The type property supports the following values:

  • bool
  • file
  • heading
  • label
  • password
  • select_one
  • text
  • textarea

For information about each type, see Item Types.

Required?Yes
Example
- name: group_title
title: Group Title
items:
- name: http_enabled
title: HTTP Enabled
type: bool
default: "0"

field named HTTP Enabled with disabled checkbox

Supports Go templates?No

value

Description

Defines the value of the config item. Data that you add to value appears as the HTML input value for the config item in the admin console.

If the config item is not readonly, then the data that you add to value is overwritten by any user input for the item. If the item is readonly, then the data that you add to value cannot be overwritten.

Required?No
Example
- name: custom_key
title: Set your secret key for your app
description: Paste in your Custom Key
items:
- name: key
title: Key
type: text
value: "{{repl RandomString 20}}"

config field with random string as HTML input

Supports Go templates?

Yes

note

When you assign a template function that generates a value to a value property, you can use the readonly and hidden properties to define whether or not the generated value is ephemeral or persistent between changes to the configuration settings for the application. For more information, see RandomString in Static Context.

when

Description

The when property denotes conditional user inputs that are only displayed on the admin console Config page when a condition evaluates to true. The equality check in the conditional statement of the when property must match exactly, without quotes.

The when property can be used as a group or item property. The select_one item type can be used as an option under the when property. However, when is not an item type, and so it cannot be used as an option under select_one.

When the when property for a group or item evaluates to false, the group or item is not displayed on the Config page.

If the user provides input on the Config page that makes a when property evaluate to true, then the Config page updates immediately to display the previously hidden group or item.

Required?No
Example

Display the database_host and database_password items only when the user
selects external for the db_type item:

- name: database_settings_group
title: Database Settings
items:
- name: db_type
title: Database Type
type: select_one
default: external
items:
- name: external
title: External
- name: embedded
title: Embedded DB
- name: database_host
title: Database Hostname
type: text
when: '{{repl (ConfigOptionEquals "db_type" "external")}}'
- name: database_password
title: Database Password
type: password
when: '{{repl (ConfigOptionEquals "db_type" "external")}}'

External option selected and conditional fields displayed

Embedded DB option selected and no additional fields displayed

Supports Go templates?Yes

validation

Description

The validation property can be used to validate an item's value,
allowing you to specify custom validation rules that determine whether the value is valid or not.

Required?No
Example

Validates and returns if password value is not matching the regex.
The jwt_token file content is only validated if the file is uploaded since it is optional.

- name: smtp-settings
title: SMTP Settings
- name: smtp_password
title: SMTP Password
type: password
required: true
validation:
regex:
pattern: ^(?:[\w@#$%^&+=!*()_\-{}[\]:;"'<>,.?\/|]){8,16}$
message: The password must be between 8 and 16 characters long and can contain a combination of uppercase letters, lowercase letters, digits, and special characters.
- name: jwt_token
title: JWT token
type: file
validation:
regex:
pattern: ^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*$
message: Upload a file with valid JWT token.
Supports Go templates?No

For information about supported validation types, see Item Validation.

Item Types

The section describes each of the item types:

  • bool
  • file
  • heading
  • label
  • password
  • select_one
  • text
  • textarea

bool

The bool input type should use a "0" or "1" to set the value

    - name: group_title
title: Group Title
items:
- name: http_enabled
title: HTTP Enabled
type: bool
default: "0"

Boolean selector on the configuration screen

file

A file is a special type of form field that renders an <input type="file" /> HTML element. Only the contents of the file, not the name, are captured. See the ConfigOptionData template function for examples on how to use the file contents in your application.

    - name: certs
title: TLS Configuration
items:
- name: tls_private_key_file
title: Private Key
type: file
- name: tls_certificate_file
title: Certificate
type: file

File input field on the configuration screen

heading

The heading type allows you to display a group heading as a sub-element within a group. This is useful when you would like to use a config group to group items together, but still separate the items visually.

Note: The heading item type is not supported.

    - name: ldap_settings
title: LDAP Server Settings
items:
...
- name: ldap_schema
type: heading
title: LDAP schema
...

Heading on the configuration screen

label

The label type allows you to display an input label.

    - name: email
title: Email
items:
- name: email-address
title: Email Address
type: text
- name: description
type: label
title: "Note: The system will send you an email every hour."

Email address label on the configuration screen

password

The password type is a text field that hides the character input.

    - name: password_text
title: Password Text
type: password
value: "{{repl RandomString 10}}"

Password text field on the configuration screen

select_one

select_one items must contain nested items. The nested items are displayed as radio buttons in the admin console.

You can use the name field of a select_one item with KOTS template functions in the Config context (such as ConfigOption or ConfigOptionEquals) to return the option selected by the user.

For example, if the user selects the Password option for the select_one item shown below, then the template function '{{repl ConfigOption "authentication_type"}}' is rendered as authentication_type_password. For more information about working with template functions in the Config context, see Config Context.

spec:
groups:
- name: example_settings
title: My Example Config
description: Configuration to serve as an example for creating your own. See [https://kots.io/reference/v1beta1/config/](https://kots.io/reference/v1beta1/config/) for configuration docs. In this case, we provide example fields for configuring an Nginx welcome page.
items:
- name: authentication_type
title: Authentication Type
default: authentication_type_anonymous
type: select_one
items:
- name: authentication_type_anonymous
title: Anonymous
- name: authentication_type_password
title: Password

Select one field on the configuration screen

text

A text input field allows users to enter a string value. Optionally, all additional properties are available for this input type.

    - name: example_text_input
title: Example Text Input
type: text

Text field on the configuration screen

textarea

A textarea can specify a props that will map into the HTML element directly. Examples of available properties are rows, cols and wrap. For more information, see HTML <textarea/> Tag.

    - name: custom_key
title: Set your secret key for your app
description: Paste in your Custom Key
items:
- name: key
title: Key
type: textarea
props:
rows: 8
- name: hostname
title: Hostname
type: text

Text area field on the configuration screen

Item Validation

A validation can be specified to validate the value of an item. regex is the supported validation type.

Based on specified validation rules, the item is validated and a validation message is returned if the validation rule is not satisfied. A default message is returned if there is an empty validation message.

The validation rules are as follows:

  • An item is validated only when its value is not empty.
  • Items of types text, textarea, password, and file are validated, but repeatable items are not validated.
  • If an item is marked as hidden or if its when condition is set to false, the item is not validated.
  • If a group when condition is set to false, the items in the group are not validated.

regex

For applications installed with KOTS v1.98.0 or later, a regex can be used to validate whether an item's value matches the provided regular expression pattern. The regex pattern should be of the RE2 regular expression type and can validate the text, textarea, password, and file field types.

The default validation message is Value does not match regex.

- name: smtp-settings
title: SMTP Settings
- name: smtp_password
title: SMTP Password
type: password
required: true
validation:
regex:
pattern: ^(?:[\w@#$%^&+=!*()_\-{}[\]:;"'<>,.?\/|]){8,16}$
message: The password must be between 8 and 16 characters long and can contain a combination of uppercase letters, lowercase letters, digits, and special characters.
- name: jwt_token
title: JWT token
type: file
validation:
regex:
pattern: ^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*$
message: Upload a file with valid JWT token.

Password validation error

File validation error only when uploaded

Repeatable Items

A repeatable config item copies a YAML array entry or YAML document for as many values as are provided. Any number of values can be added to a repeatable item to generate additional copies.

To make an item repeatable, set repeatable to true:

    - name: ports_group
items:
- name: serviceport
title: Service Port
type: text
repeatable: true

Repeatable items do not use the default or value fields, but instead a valuesByGroup field. valuesByGroup must have an entry for the parent Config Group name, with all of the default key:value pairs nested in the group. At least one default entry is required for the repeatable item:

    valuesByGroup:
ports_group:
port-default-1: "80"

Limitations

  • Repeatable items work only for text, textarea, and file types.
  • Repeatable item names must only consist of lower case alphanumeric characters.

Template Targets

Repeatable items require that you provide at least one template. The template defines a YAML target in the manifest to duplicate for each repeatable item.

Required fields for a template target are apiVersion, kind, and name.

namespace is an optional template target field to match a YAML document's metadata.namespace property when the same filename is used across multiple namespaces.

The entire YAML node at the target is duplicated, including nested fields.

The yamlPath field of the template must denote index position for arrays using square brackets. For example, spec.ports[0] selects the first port entry for duplication. All duplicate YAML is appended to the final array in the yamlPath.

yamlPath must end with an array.

Example:

    templates:
- apiVersion: v1
kind: Service
name: my-service
namespace: my-app
yamlPath: 'spec.ports[0]'

If the yamlPath field is not present, the entire YAML document matching the template is replaced with a copy for each of the repeatable item entries. The metadata.name field of the new document reflects the repeatable item key.

Templating

The repeat items are called with the delimeters repl[[ .itemName ]] or [[repl .itemName ]]. These delimiters can be placed anywhere inside of the yamlPath target node:

    - port: repl{{ ConfigOption "[[repl .serviceport ]]" | ParseInt }}
name: '[[repl .serviceport ]]'

This repeatable templating is not compatible with sprig templating functions. It is designed for inserting repeatable keys into the manifest. Repeatable templating can be placed inside of Replicated config templating.

Ordering

Repeatable templates are processed before config template rendering.

Repeatable items are processed in order of the template targets in the Config Spec file. Effectively, this ordering is from the top of the Config Spec, by Config Group, by Config Item, and then by template target.

    - name: ports_group
items:
- name: serviceport
title: Service Port
type: text
repeatable: true
templates:
- apiVersion: v1 #processed first
kind: Service
name: my-service
namespace: my-app
yamlPath: 'spec.ports[0]'
- apiVersion: v1 #processed second
kind: Service
name: my-service
namespace: my-app
{other item properties ...}
- name: other_ports
title: Other Service Port
type: text
repeatable: true
templates:
- apiVersion: v1 #processed third
kind: Service
name: my-other-service
namespace: my-app
{other item properties ...}
- name: deployments
items:
- name: deployment-name
title: Deployment Names
type: text
repeatable: true
templates:
- apiVersion: apps/v1 #processed fourth
kind: Deployment
name: my-deployment
namespace: my-app
{other item properties ...}

Repeatable Examples

In these examples, the default service port of "80" is included with the release. Port 443 is added as an additional port on the admin console configuration page, which is stored in the ConfigValues file.

Repeatable Item Example for a yamlPath

Config custom resource manifest file:

    - name: ports_group
items:
- name: serviceport
title: Service Port
type: text
repeatable: true
templates:
- apiVersion: v1
kind: Service
name: my-service
namespace: my-app
yamlPath: spec.ports[0]
valuesByGroup:
ports_group:
port-default-1: "80"

Config values:

apiVersion: kots.io/v1beta1
kind: ConfigValues
metadata:
name: example_app
spec:
values:
port-default-1:
repeatableItem: serviceport
value: "80"
serviceport-8jdn2bgd:
repeatableItem: serviceport
value: "443"

Template manifest:

apiVersion: v1
kind: Service
metadata:
name: my-service
namespace: my-app
spec:
type: NodePort
ports:
- port: repl{{ ConfigOption "[[repl .serviceport ]]" | ParseInt }}
name: '[[repl .serviceport ]]'
selector:
app: repeat_example
component: my-deployment

After repeatable config processing:

Note: This phase is internal to configuration rendering for KOTS. This example is only provided to further explain the templating process.*

apiVersion: v1
kind: Service
metadata:
name: my-service
namespace: my-app
spec:
type: NodePort
ports:
- port: repl{{ ConfigOption "port-default-1" | ParseInt }}
name: 'port-default-1'
- port: repl{{ ConfigOption "serviceport-8jdn2bgd" | ParseInt }}
name: 'serviceport-8jdn2bgd'
selector:
app: repeat_example
component: my-deployment

Resulting manifest:

apiVersion: v1
kind: Service
metadata:
name: my-service
namespace: my-app
spec:
type: NodePort
ports:
- port: 80
name: port-default-1
- port: 443
name: serviceport-8jdn2bgd
selector:
app: repeat_example
component: my-deployment

Repeatable Item Example for an Entire Document

Config spec:

    - name: ports_group
items:
- name: serviceport
title: Service Port
type: text
repeatable: true
templates:
- apiVersion: v1
kind: Service
name: my-service
namespace: my-app
valuesByGroup:
ports_group:
port-default-1: "80"

Config values:

apiVersion: kots.io/v1beta1
kind: ConfigValues
metadata:
name: example_app
spec:
values:
port-default-1:
repeatableItem: serviceport
value: "80"
serviceport-8jdn2bgd:
repeatableItem: serviceport
value: "443"

Template manifest:

apiVersion: v1
kind: Service
metadata:
name: my-service
namespace: my-app
spec:
type: NodePort
ports:
- port: repl{{ ConfigOption "[[repl .serviceport ]]" | ParseInt }}
selector:
app: repeat_example
component: repl[[ .serviceport ]]

After repeatable config processing:

Note: This phase is internal to configuration rendering for KOTS. This example is only provided to further explain the templating process.*

apiVersion: v1
kind: Service
metadata:
name: port-default-1
namespace: my-app
spec:
type: NodePort
ports:
- port: repl{{ ConfigOption "port-default-1" | ParseInt }}
selector:
app: repeat_example
component: port-default-1
---
apiVersion: v1
kind: Service
metadata:
name: serviceport-8jdn2bgd
namespace: my-app
spec:
type: NodePort
ports:
- port: repl{{ ConfigOption "serviceport-8jdn2bgd" | ParseInt }}
selector:
app: repeat_example
component: serviceport-8jdn2bgd

Resulting manifest:

apiVersion: v1
kind: Service
metadata:
name: port-default-1
namespace: my-app
spec:
type: NodePort
ports:
- port: 80
selector:
app: repeat_example
component: port-default-1
---
apiVersion: v1
kind: Service
metadata:
name: serviceport-8jdn2bgd
namespace: my-app
spec:
type: NodePort
ports:
- port: 443
selector:
app: repeat_example
component: serviceport-8jdn2bgd