Config

The Config custom resource can be provided by a vendor to specify a Config page in the Replicated Admin Console for collecting customer supplied values and template function rendering.

The settings that appear on the Admin Console Config page are specified as an array configuration groups and items.

The following example shows three groups defined in the Config custom resource manifest file, and how these groups are displayed on the Admin Console Config page.

For more information about the properties of groups and items, see Group Properties and Item Properties below.

apiVersion: kots.io/v1beta1
kind: Config
metadata:
  name: my-application
spec:
  groups:
    - name: example_group
      title: First Group
      items:
      - name: http_enabled
        title: HTTP Enabled
        type: bool
        default: "0"
    - name: example_group_2
      title: Second Group
      when: false
      items:
      - name: key
        title: Key
        type: textarea
      - name: hostname
        title: Hostname
        type: text  
    - name: example_group_3
      title: Third Group
      items:
      - name: email-address
        title: Email Address
        type: text  
      - name: password_text
        title: Password
        type: password
        value: '{{repl RandomString 10}}'     

View a larger version of this image

Group Properties

Groups have a name, title, description and an array of items.

description

Descriptive help text for the group that displays on the Admin Console Config page. Supports markdown formatting.

To provide help text for individual items on the Config page, use the item help-text property. See help_text below.

spec:
  groups:
    - name: example_group
      title: First Group
      # Provide a description of the input fields in the group
      description: Select whether or not to enable HTTP.
      items:
      - name: http_enabled
        title: HTTP Enabled
        type: bool
        default: "0"

name

A unique identifier for the group.

spec:
  groups:
    # The name must be unique
    - name: example_group
      title: First Group
      items:
      - name: http_enabled
        title: HTTP Enabled
        type: bool
        default: "0"

title

The title of the group that displays on the Admin Console Config page.

spec:
  groups:
    - name: example_group
    # First Group is the heading that appears on the Config page
      title: First Group
      items:
      - name: http_enabled
        title: HTTP Enabled
        type: bool
        default: "0"

when

The when property denotes groups that are displayed on the Admin Console Config page only when a condition evaluates to true. When the condition evaluates to false, the group is not displayed.

It can be useful to conditionally show or hide fields so that your users are only provided the configuration options that are relevant to them. This helps to reduce user error when configuring the application. Conditional statements in the when property can be used to evaluate things like the user's environment, license entitlements, and configuration choices. For example:

• The Kubernetes distribution of the cluster
• If the license includes a specific feature entitlement
• The number of users that the license permits
• If the user chooses to bring their own external database, rather than using an embedded database offered with the application

You can construct conditional statements in the when property using KOTS template functions. KOTS template functions are a set of custom template functions based on the Go text/template library. For more information, see About Template Functions.

note

when is a property of both groups and items. See Item Properties > when below.

Requirements and Limitations

The when group property has the following requirements and limitations:

• The when property accepts the following types of values:
  • Booleans
  • Strings that match "true", "True", "false", or "False"
  KOTS template functions can be used to render these supported value types.
• For the when property to evaluate to true, the values compared in the conditional statement must match exactly without quotes

Example

In the following example, the example_group_2 group of items will be displayed on the Config page only when the user enables the http_enabled configuration field. This example uses the KOTS ConfigOptionEquals template function to evaluate the value of the http_enabled configuration field.

spec:
  groups:
    - name: example_group
      title: First Group
      items:
      - name: http_enabled
        title: HTTP Enabled
        type: bool
        default: "0"
    - name: example_group_2
      title: Second Group
      # This group is displayed only when the `http_enabled` field is selected 
      when: repl{{ ConfigOptionEquals "http_enabled" "1" }}
      items:
      - name: key
        title: Key
        type: textarea
      - name: hostname
        title: Hostname
        type: text  
    - name: example_group_3
      title: Third Group
      items:
      - name: email-address
        title: Email Address
        type: text  
      - name: password_text
        title: Password
        type: password
        value: '{{repl RandomString 10}}'     

View a larger version of this image

For additional examples, see Using Conditional Statements in Configuration Fields.

items

Each group contains an array of items that map to input fields on the Admin Console Config screen. All items have name, title, and type properties and belong to a single group.

For more information, see Item Properties and Item Types below.

Item Properties

Items have a name, title, type, and other optional properties.

affix

Description	Items can be affixed left or right. Affixing items allows them to appear in the Admin Console on the same line. Specify the affix field to all of the items in a particular group to preserve the line spacing and prevent the appearance of crowded text.
Required?	No
Example	groups: - name: example_settings title: My Example Config description: Configuration to serve as an example for creating your own. items: - name: username title: Username type: text required: true affix: left - name: password title: Password type: password required: true affix: right
Supports Go templates?	Yes

default

Description	Defines the default value for the config item. If the user does not provide a value for the item, then the default value is applied. If the default value is not associated with a password type config item, then it appears as placeholder text in the Admin Console.
Required?	No
Example	- name: custom_key title: Set your secret key for your app description: Paste in your Custom Key items: - name: key title: Key type: text value: "" default: change me View a larger version of this image
Supports Go templates?	Yes. Every time the user makes a change to their configuration settings for the application, any template functions used in the default property are reevaluated.

help_text

Description	Displays a helpful message below the title for the config item in the Admin Console. Markdown syntax is supported. For more information about markdown syntax, see Basic writing and formatting syntax in the GitHub Docs.
Required?	No
Example	- name: http_settings title: HTTP Settings items: - name: http_enabled title: HTTP Enabled help_text: Check to enable the HTTP listener type: bool View a larger version of this image
Supports Go templates?	Yes

hidden

Description	Hidden items are not visible in the Admin Console. note When you assign a template function that generates a value to a value property, you can use the readonly and hidden properties to define whether or not the generated value is ephemeral or persistent between changes to the configuration settings for the application. For more information, see RandomString in Static Context.
Required?	No
Example	- name: secret_key title: Secret Key type: password hidden: true value: "{{repl RandomString 40}}"
Supports Go templates?	No

name

Description	A unique identifier for the config item. Item names must be unique both within the group and across all groups. The item name is not displayed in the Admin Console. The item name can be used with KOTS template functions in the Config context (such as ConfigOption or ConfigOptionEquals) to return the value of the item. For more information, see Config Context.
Required?	Yes
Example	- name: http_settings title: HTTP Settings items: - name: http_enabled title: HTTP Enabled type: bool
Supports Go templates?	Yes

readonly

Description	Readonly items are displayed in the Admin Console and users cannot edit their value. note When you assign a template function that generates a value to a value property, you can use the readonly and hidden properties to define whether or not the generated value is ephemeral or persistent between changes to the configuration settings for the application. For more information, see RandomString in Static Context.
Required?	No
Example	- name: key title: Key type: text value: "" default: change me - name: unique_key title: Unique Key type: text value: "{{repl RandomString 20}}" readonly: true View a larger version of this image
Supports Go templates?	No

recommended

Description	Displays a Recommended tag for the config item in the Admin Console.
Required?	No
Example	- name: recommended_field title: My recommended field type: bool default: "0" recommended: true View a larger version of this image
Supports Go templates?	No

required

Description	Displays a Required tag for the config item in the Admin Console. A required item prevents the application from starting until it has a value.
Required?	No
Example	- name: custom_key title: Set your secret key for your app description: Paste in your Custom Key items: - name: key title: Key type: text value: "" default: change me required: true View a larger version of this image
Supports Go templates?	No

title

Description	The title of the config item that displays in the Admin Console.
Required?	Yes
Example	- name: http_settings title: HTTP Settings items: - name: http_enabled title: HTTP Enabled help_text: Check to enable the HTTP listener type: bool View a larger version of this image
Supports Go templates?	Yes

type

Description	Each item has a type property that defines the type of user input accepted by the field. The type property supports the following values: bool dropdown file heading label password radio select_one (Deprecated) text textarea For information about each type, see Item Types.
Required?	Yes
Example	- name: group_title title: Group Title items: - name: http_enabled title: HTTP Enabled type: bool default: "0" View a larger version of this image
Supports Go templates?	No

value

Description	Defines the value of the config item. Data that you add to value appears as the HTML input value for the config item in the Admin Console. If the config item is not readonly, then the data that you add to value is overwritten by any user input for the item. If the item is readonly, then the data that you add to value cannot be overwritten.
Required?	No
Example	- name: custom_key title: Set your secret key for your app description: Paste in your Custom Key items: - name: key title: Key type: text value: "{{repl RandomString 20}}" View a larger version of this image
Supports Go templates?	Yes note When you assign a template function that generates a value to a value property, you can use the readonly and hidden properties to define whether or not the generated value is ephemeral or persistent between changes to the configuration settings for the application. For more information, see RandomString in Static Context.

when

Description	The when property denotes items that are displayed on the Admin Console Config page only when a condition evaluates to true. When the condition evaluates to false, the item is not displayed. It can be useful to conditionally show or hide fields so that your users are only provided the configuration options that are relevant to them. This helps to reduce user error when configuring the application. Conditional statements in the when property can be used to evaluate things like the user's environment, license entitlements, and configuration choices. For example: The Kubernetes distribution of the cluster If the license includes a specific feature entitlement The number of users that the license permits If the user chooses to bring their own external database, rather than using an embedded database offered with the application You can construct conditional statements in the when property using KOTS template functions. KOTS template functions are a set of custom template functions based on the Go text/template library. For more information, see About Template Functions. The when item property has the following requirements and limitations: The when property accepts the following types of values: Booleans Strings that match "true", "True", "false", or "False" KOTS template functions can be used to render these supported value types. For the when property to evaluate to true, the values compared in the conditional statement must match exactly without quotes when cannot be applied to the items nested under a radio, dropdown or select_one item. To conditionally show or hide radio, dropdown or select_one items, apply the when property to the item itself. note when is a property of both groups and items. See Group Properties > when above.
Required?	No
Example	Display the database_host and database_password items only when the user selects external for the db_type item: - name: database_settings_group title: Database Settings items: - name: db_type title: Database Type type: radio default: external items: - name: external title: External - name: embedded title: Embedded DB - name: database_host title: Database Hostname type: text when: repl{{ (ConfigOptionEquals "db_type" "external")}} - name: database_password title: Database Password type: password when: repl{{ (ConfigOptionEquals "db_type" "external")}} View a larger version of this image View a larger version of this image For additional examples, see Using Conditional Statements in Configuration Fields.
Supports Go templates?	Yes

validation

Description	The validation property can be used to validate an item's value, allowing you to specify custom validation rules that determine whether the value is valid or not.
Required?	No
Example	Validates and returns if password value is not matching the regex. The jwt_token file content is only validated if the file is uploaded since it is optional. - name: smtp-settings title: SMTP Settings - name: smtp_password title: SMTP Password type: password required: true validation: regex: pattern: ^(?:[\w@#$%^&+=!*()_\-{}[\]:;"'<>,.?\/|]){8,16}$ message: The password must be between 8 and 16 characters long and can contain a combination of uppercase letters, lowercase letters, digits, and special characters. - name: jwt_token title: JWT token type: file validation: regex: pattern: ^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*$ message: Upload a file with valid JWT token.
Supports Go templates?	No

For information about supported validation types, see Item Validation.

Item Types

The section describes each of the item types:

• bool
• dropdown
• file
• heading
• label
• password
• radio
• select_one (Deprecated)
• text
• textarea

bool

The bool input type should use a "0" or "1" to set the value

    - name: group_title
      title: Group Title
      items:
      - name: http_enabled
        title: HTTP Enabled
        type: bool
        default: "0"

View a larger version of this image

dropdown

Introduced in KOTS v1.114.0

The dropdown item type includes one or more nested items that are displayed in a dropdown on the Admin Console config screen. Dropdowns are especially useful for displaying long lists of options. You can also use the radio item type to display radio buttons for items with shorter lists of options.

To set a default value for dropdown items, set the default field to the name of the target nested item.

spec:
  groups:
  - name: example_settings
    title: My Example Config
    items:
    - name: version
      title: Version
      default: version_latest
      type: dropdown
      items:
      - name: version_latest
        title: latest
      - name: version_123
        title: 1.2.3
      - name: version_124
        title: 1.2.4
      - name: version_125
        title: 1.2.5    

View a larger version of this image

View a larger version of this image

file

A file is a special type of form field that renders an <input type="file" /> HTML element. Only the contents of the file, not the name, are captured. See the ConfigOptionData template function for examples on how to use the file contents in your application.

    - name: certs
      title: TLS Configuration
      items:
      - name: tls_private_key_file
        title: Private Key
        type: file
      - name: tls_certificate_file
        title: Certificate
        type: file

View a larger version of this image

heading

The heading type allows you to display a group heading as a sub-element within a group. This is useful when you would like to use a config group to group items together, but still separate the items visually.

    - name: ldap_settings
      title: LDAP Server Settings
      items:
      ...
      - name: ldap_schema
        type: heading
        title: LDAP schema
      ...

View a larger versio of this image

label

The label type allows you to display an input label.

    - name: email
      title: Email
      items:
      - name: email-address
        title: Email Address
        type: text
      - name: description
        type: label
        title: "Note: The system will send you an email every hour."

View a larger version of this image

password

The password type is a text field that hides the character input.

    - name: password_text
      title: Password Text
      type: password
      value: '{{repl RandomString 10}}'

View a larger version of this image

radio

Introduced in KOTS v1.114.0

The radio item type includes one or more nested items that are displayed as radio buttons on the Admin Console config screen. Radio buttons are especially useful for displaying short lists of options. You can also use the dropdown item type for items with longer lists of options.

To set a default value for radio items, set the default field to the name of the target nested item.

spec:
  groups:
  - name: example_settings
    title: My Example Config
    items:
    - name: authentication_type
      title: Authentication Type
      default: authentication_type_anonymous
      type: radio
      items:
      - name: authentication_type_anonymous
        title: Anonymous
      - name: authentication_type_password
        title: Password

select_one (Deprecated)

important

The select_one item type is deprecated and is not recommended for use. To display config items with multiple options, use the radio or dropdown item types instead.

select_one items must contain nested items. The nested items are displayed as radio buttons in the Admin Console.

You can use the name field of a select_one item with KOTS template functions in the Config context (such as ConfigOption or ConfigOptionEquals) to return the option selected by the user.

For example, if the user selects the Password option for the select_one item shown below, then the template function '{{repl ConfigOption "authentication_type"}}' is rendered as authentication_type_password. For more information about working with template functions in the Config context, see Config Context.

spec:
  groups:
  - name: example_settings
    title: My Example Config
    description: Configuration to serve as an example for creating your own. See [https://kots.io/reference/v1beta1/config/](https://kots.io/reference/v1beta1/config/) for configuration docs. In this case, we provide example fields for configuring an Nginx welcome page.
    items:
    - name: authentication_type
      title: Authentication Type
      default: authentication_type_anonymous
      type: select_one
      items:
      - name: authentication_type_anonymous
        title: Anonymous
      - name: authentication_type_password
        title: Password  

text

A text input field allows users to enter a string value. Optionally, all additional properties are available for this input type.

    - name: example_text_input
      title: Example Text Input
      type: text

important

Do not store secrets or passwords in text items because they are not encrypted or masked and can be easily accessed. Instead, use password items.

textarea

A textarea items creates a multi-line text input for when users have to enter a sizeable amount of text.

    - name: custom_key
      title: Set your secret key for your app
      description: Paste in your Custom Key
      items:
      - name: key
        title: Key
        type: textarea
      - name: hostname
        title: Hostname
        type: text

Item Validation

A validation can be specified to validate the value of an item. regex is the supported validation type.

Based on specified validation rules, the item is validated and a validation message is returned if the validation rule is not satisfied. A default message is returned if there is an empty validation message.

The validation rules are as follows:

• An item is validated only when its value is not empty.
• Items of types text, textarea, password, and file are validated, but repeatable items are not validated.
• If an item is marked as hidden or if its when condition is set to false, the item is not validated.
• If a group when condition is set to false, the items in the group are not validated.

regex

For applications installed with KOTS v1.98.0 or later, a regex can be used to validate whether an item's value matches the provided regular expression pattern. The regex pattern should be of the RE2 regular expression type and can validate the text, textarea, password, and file field types.

The default validation message is Value does not match regex.

- name: smtp-settings
  title: SMTP Settings
  - name: smtp_password
    title: SMTP Password
    type: password
    required: true
    validation:
      regex: 
        pattern: ^(?:[\w@#$%^&+=!*()_\-{}[\]:;"'<>,.?\/|]){8,16}$
        message: The password must be between 8 and 16 characters long and can contain a combination of uppercase letters, lowercase letters, digits, and special characters.
  - name: jwt_token
    title: JWT token
    type: file
    validation:
      regex: 
        pattern: ^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*$
        message: Upload a file with valid JWT token.            

Repeatable Items

A repeatable config item copies a YAML array entry or YAML document for as many values as are provided. Any number of values can be added to a repeatable item to generate additional copies.

To make an item repeatable, set repeatable to true:

    - name: ports_group
      items:
      - name: serviceport
        title: Service Port
        type: text
        repeatable: true

Repeatable items do not use the default or value fields, but instead a valuesByGroup field. valuesByGroup must have an entry for the parent Config Group name, with all of the default key:value pairs nested in the group. At least one default entry is required for the repeatable item:

    valuesByGroup:
      ports_group:
        port-default-1: "80"

Limitations

• Repeatable items work only for text, textarea, and file types.
• Repeatable item names must only consist of lower case alphanumeric characters.
• Repeatable items are only supported for Kubernetes manifests, not Helm charts.

Template Targets

Repeatable items require that you provide at least one template. The template defines a YAML target in the manifest to duplicate for each repeatable item.

Required fields for a template target are apiVersion, kind, and name.

namespace is an optional template target field to match a YAML document's metadata.namespace property when the same filename is used across multiple namespaces.

The entire YAML node at the target is duplicated, including nested fields.

The yamlPath field of the template must denote index position for arrays using square brackets. For example, spec.ports[0] selects the first port entry for duplication. All duplicate YAML is appended to the final array in the yamlPath.

yamlPath must end with an array.

Example:

    templates:
    - apiVersion: v1
      kind: Service
      name: my-service
      namespace: my-app
      yamlPath: 'spec.ports[0]'

If the yamlPath field is not present, the entire YAML document matching the template is replaced with a copy for each of the repeatable item entries. The metadata.name field of the new document reflects the repeatable item key.

Templating

The repeat items are called with the delimeters repl[[ .itemName ]] or [[repl .itemName ]]. These delimiters can be placed anywhere inside of the yamlPath target node:

    - port: repl{{ ConfigOption "[[repl .serviceport ]]" | ParseInt }}
      name: '[[repl .serviceport ]]'

This repeatable templating is not compatible with sprig templating functions. It is designed for inserting repeatable keys into the manifest. Repeatable templating can be placed inside of Replicated config templating.

Ordering

Repeatable templates are processed before config template rendering.

Repeatable items are processed in order of the template targets in the Config Spec file. Effectively, this ordering is from the top of the Config Spec, by Config Group, by Config Item, and then by template target.

    - name: ports_group
      items:
      - name: serviceport
        title: Service Port
        type: text
        repeatable: true
        templates:
        - apiVersion: v1 #processed first
          kind: Service
          name: my-service
          namespace: my-app
          yamlPath: 'spec.ports[0]'
        - apiVersion: v1 #processed second
          kind: Service
          name: my-service
          namespace: my-app
        {other item properties ...}
      - name: other_ports
        title: Other Service Port
        type: text
        repeatable: true
        templates:
        - apiVersion: v1 #processed third
          kind: Service
          name: my-other-service
          namespace: my-app
        {other item properties ...}
    - name: deployments
      items:
      - name: deployment-name
        title: Deployment Names
        type: text
        repeatable: true
        templates:
        - apiVersion: apps/v1 #processed fourth
          kind: Deployment
          name: my-deployment
          namespace: my-app
        {other item properties ...}

Repeatable Examples

In these examples, the default service port of "80" is included with the release. Port 443 is added as an additional port on the Admin Console configuration page, which is stored in the ConfigValues file.

Repeatable Item Example for a yamlPath

Config custom resource manifest file:

    - name: ports_group
      items:
      - name: serviceport
        title: Service Port
        type: text
        repeatable: true
        templates:
        - apiVersion: v1
          kind: Service
          name: my-service
          namespace: my-app
          yamlPath: spec.ports[0]
        valuesByGroup:
          ports_group:
            port-default-1: "80"

Config values:

apiVersion: kots.io/v1beta1
kind: ConfigValues
metadata:
  name: example_app
spec:
  values:
    port-default-1:
      repeatableItem: serviceport
      value: "80"
    serviceport-8jdn2bgd:
      repeatableItem: serviceport
      value: "443"

Template manifest:

apiVersion: v1
kind: Service
metadata:
  name: my-service
  namespace: my-app
spec:
  type: NodePort
  ports:
  - port: repl{{ ConfigOption "[[repl .serviceport ]]" | ParseInt }}
    name: '[[repl .serviceport ]]'
  selector:
    app: repeat_example
    component: my-deployment

After repeatable config processing:

Note: This phase is internal to configuration rendering for KOTS. This example is only provided to further explain the templating process.*

apiVersion: v1
kind: Service
metadata:
  name: my-service
  namespace: my-app
spec:
  type: NodePort
  ports:
  - port: repl{{ ConfigOption "port-default-1" | ParseInt }}
    name: 'port-default-1'
  - port: repl{{ ConfigOption "serviceport-8jdn2bgd" | ParseInt }}
    name: 'serviceport-8jdn2bgd'
  selector:
    app: repeat_example
    component: my-deployment

Resulting manifest:

apiVersion: v1
kind: Service
metadata:
  name: my-service
  namespace: my-app
spec:
  type: NodePort
  ports:
  - port: 80
    name: port-default-1
  - port: 443
    name: serviceport-8jdn2bgd
  selector:
    app: repeat_example
    component: my-deployment

Repeatable Item Example for an Entire Document

Config spec:

    - name: ports_group
      items:
      - name: serviceport
        title: Service Port
        type: text
        repeatable: true
        templates:
        - apiVersion: v1
          kind: Service
          name: my-service
          namespace: my-app
        valuesByGroup:
          ports_group:
            port-default-1: "80"

Config values:

apiVersion: kots.io/v1beta1
kind: ConfigValues
metadata:
  name: example_app
spec:
  values:
    port-default-1:
      repeatableItem: serviceport
      value: "80"
    serviceport-8jdn2bgd:
      repeatableItem: serviceport
      value: "443"

Template manifest:

apiVersion: v1
kind: Service
metadata:
  name: my-service
  namespace: my-app
spec:
  type: NodePort
  ports:
  - port: repl{{ ConfigOption "[[repl .serviceport ]]" | ParseInt }}
  selector:
    app: repeat_example
    component: repl[[ .serviceport ]]

After repeatable config processing:

Note: This phase is internal to configuration rendering for KOTS. This example is only provided to further explain the templating process.*

apiVersion: v1
kind: Service
metadata:
  name: port-default-1
  namespace: my-app
spec:
  type: NodePort
  ports:
  - port: repl{{ ConfigOption "port-default-1" | ParseInt }}
  selector:
    app: repeat_example
    component: port-default-1
---
apiVersion: v1
kind: Service
metadata:
  name: serviceport-8jdn2bgd
  namespace: my-app
spec:
  type: NodePort
  ports:
  - port: repl{{ ConfigOption "serviceport-8jdn2bgd" | ParseInt }}
  selector:
    app: repeat_example
    component: serviceport-8jdn2bgd

Resulting manifest:

apiVersion: v1
kind: Service
metadata:
  name: port-default-1
  namespace: my-app
spec:
  type: NodePort
  ports:
  - port: 80
  selector:
    app: repeat_example
    component: port-default-1
---
apiVersion: v1
kind: Service
metadata:
  name: serviceport-8jdn2bgd
  namespace: my-app
spec:
  type: NodePort
  ports:
  - port: 443
  selector:
    app: repeat_example
    component: serviceport-8jdn2bgd