278 lines
6.9 KiB
YAML
278 lines
6.9 KiB
YAML
|
image:
|
||
|
repository: tccr.io/truecharts/guacamole-client
|
||
|
pullPolicy: IfNotPresent
|
||
|
tag: 1.5.2@sha256:d705e385677c11624381df0c3779616edac98fdc8e508374257327516bde061b
|
||
|
guacdImage:
|
||
|
repository: tccr.io/truecharts/guacamole-server
|
||
|
pullPolicy: IfNotPresent
|
||
|
tag: v1.5.2@sha256:f7f62adecb244a91c974ac0bab7376335304145789fb43baeff75c1e2c88c630
|
||
|
|
||
|
guacamole:
|
||
|
general:
|
||
|
EXTENSION_PRIORITY: ""
|
||
|
api:
|
||
|
API_SESSION_TIMEOUT: 60
|
||
|
ldap:
|
||
|
{}
|
||
|
# LDAP_HOSTNAME: ""
|
||
|
# LDAP_USER_BASE_DN: ""
|
||
|
# LDAP_PORT: 389
|
||
|
# LDAP_ENCRYPTION_METHOD: none
|
||
|
# LDAP_MAX_SEARCH_RESULTS: 1000
|
||
|
# LDAP_SEARCH_BIND_DN: ""
|
||
|
# LDAP_USER_ATTRIBUTES: ""
|
||
|
# LDAP_SEARCH_BIND_PASSWORD: ""
|
||
|
# LDAP_USERNAME_ATTRIBUTE: uid
|
||
|
# LDAP_MEMBER_ATTRIBUTE: member
|
||
|
# LDAP_USER_SEARCH_FILTER: "(objectClass=*)"
|
||
|
# LDAP_CONFIG_BASE_DN: ""
|
||
|
# LDAP_GROUP_BASE_DN: ""
|
||
|
# LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)"
|
||
|
# LDAP_MEMBER_ATTRIBUTE_TYPE: dn
|
||
|
# LDAP_GROUP_NAME_ATTRIBUTE: cn
|
||
|
# LDAP_DEREFERENCE_ALIASES: never
|
||
|
# LDAP_FOLLOW_REFERRALS: false
|
||
|
# LDAP_MAX_REFERRAL_HOPS: 5
|
||
|
# LDAP_OPERATION_TIMEOUT: 30
|
||
|
header:
|
||
|
{}
|
||
|
# HEADER_ENABLED: false
|
||
|
# HTTP_AUTH_HEADER: REMOTE_USER
|
||
|
saml:
|
||
|
{}
|
||
|
# SAML_IDP_METADATA_URL: ""
|
||
|
# SAML_IDP_URL: ""
|
||
|
# SAML_ENTITY_ID: ""
|
||
|
# SAML_CALLBACK_URL: ""
|
||
|
# SAML_STRICT: true
|
||
|
# SAML_DEBUG: false
|
||
|
# SAML_COMPRESS_REQUEST: true
|
||
|
# SAML_COMPRESS_RESPONSE: true
|
||
|
# SAML_GROUP_ATTRIBUTE: groups
|
||
|
proxy:
|
||
|
{}
|
||
|
# REMOTE_IP_VALVE_ENABLED: false
|
||
|
# PROXY_ALLOWED_IPS_REGEX: ""
|
||
|
# PROXY_IP_HEADER: ""
|
||
|
# PROXY_PROTOCOL_HEADER: ""
|
||
|
# PROXY_BY_HEADER: ""
|
||
|
totp:
|
||
|
{}
|
||
|
# TOTP_ENABLED: false
|
||
|
# TOTP_ISSUER: Apache Guacamole
|
||
|
# TOTP_DIGITS: 6
|
||
|
# TOTP_PERIOD: 30
|
||
|
# TOTP_MODE: sha1
|
||
|
duo:
|
||
|
{}
|
||
|
# DUO_API_HOSTNAME: ""
|
||
|
# DUO_INTEGRATION_KEY: ""
|
||
|
# DUO_SECRET_KEY: ""
|
||
|
# DUO_APPLICATION_KEY: ""
|
||
|
radius:
|
||
|
{}
|
||
|
# RADIUS_SHARED_SECRET: ""
|
||
|
# RADIUS_AUTH_PROTOCOL: eap-tls
|
||
|
# RADIUS_HOSTNAME: ""
|
||
|
# RADIUS_AUTH_PORT: 1812
|
||
|
# RADIUS_KEY_FILE: ""
|
||
|
# RADIUS_KEY_TYPE: pkcs12
|
||
|
# RADIUS_KEY_PASSWORD: ""
|
||
|
# RADIUS_CA_FILE: ""
|
||
|
# RADIUS_CA_TYPE: pem
|
||
|
# RADIUS_CA_PASSWORD: ""
|
||
|
# RADIUS_TRUST_ALL: false
|
||
|
# RADIUS_RETRIES: 5
|
||
|
# RADIUS_TIMEOUT: 60
|
||
|
# RADIUS_EAP_TTLS_INNER_PROTOCOL: eap-tls
|
||
|
# RADIUS_NAS_IP: ""
|
||
|
openid:
|
||
|
{}
|
||
|
# OPENID_AUTHORIZATION_ENDPOINT: ""
|
||
|
# OPENID_JWKS_ENDPOINT: ""
|
||
|
# OPENID_ISSUER: ""
|
||
|
# OPENID_CLIENT_ID: ""
|
||
|
# OPENID_REDIRECT_URI: ""
|
||
|
# OPENID_USERNAME_CLAIM_TYPE: email
|
||
|
# OPENID_GROUPS_CLAIM_TYPE: groups
|
||
|
# OPENID_SCOPE: openid email profile
|
||
|
# OPENID_ALLOWED_CLOCK_SKEW: 30
|
||
|
# OPENID_MAX_TOKEN_VALIDITY: 300
|
||
|
# OPENID_MAX_NONCE_VALIDITY: 300
|
||
|
cas:
|
||
|
{}
|
||
|
# CAS_AUTHORIZATION_ENDPOINT: ""
|
||
|
# CAS_REDIRECT_URI: ""
|
||
|
# CAS_CLEARPASS_KEY: ""
|
||
|
# CAS_GROUP_ATTRIBUTE: ""
|
||
|
# CAS_GROUP_FORMAT: plain
|
||
|
# CAS_GROUP_LDAP_BASE_DN: ""
|
||
|
# CAS_GROUP_LDAP_ATTRIBUTE: ""
|
||
|
json:
|
||
|
{}
|
||
|
# JSON_SECRET_KEY: ""
|
||
|
# JSON_TRUSTED_NETWORKS: ""
|
||
|
|
||
|
workload:
|
||
|
main:
|
||
|
podSpec:
|
||
|
containers:
|
||
|
main:
|
||
|
securityContext:
|
||
|
runAsUser: 1001
|
||
|
runAsGroup: 1001
|
||
|
readOnlyRootFilesystem: false
|
||
|
envFrom:
|
||
|
- configMapRef:
|
||
|
name: guacamole-config
|
||
|
probes:
|
||
|
liveness:
|
||
|
type: http
|
||
|
port: "{{ .Values.service.main.ports.main.targetPort }}"
|
||
|
readiness:
|
||
|
type: http
|
||
|
port: "{{ .Values.service.main.ports.main.targetPort }}"
|
||
|
startup:
|
||
|
type: tcp
|
||
|
port: "{{ .Values.service.main.ports.main.targetPort }}"
|
||
|
# zz is used to ensure that the initContainers are run after db-waits
|
||
|
initContainers:
|
||
|
1-create-seed:
|
||
|
enabled: true
|
||
|
type: install
|
||
|
imageSelector: image
|
||
|
securityContext:
|
||
|
runAsUser: 1001
|
||
|
runAsGroup: 1001
|
||
|
readOnlyRootFilesystem: false
|
||
|
envFrom:
|
||
|
- configMapRef:
|
||
|
name: guacamole-config
|
||
|
command:
|
||
|
- /bin/sh
|
||
|
args:
|
||
|
- -c
|
||
|
- /tc-scripts/create-seed.sh
|
||
|
2-apply-seed:
|
||
|
enabled: true
|
||
|
type: install
|
||
|
imageSelector: postgresClientImage
|
||
|
securityContext:
|
||
|
runAsUser: 1001
|
||
|
runAsGroup: 1001
|
||
|
readOnlyRootFilesystem: false
|
||
|
envFrom:
|
||
|
- configMapRef:
|
||
|
name: guacamole-config
|
||
|
command:
|
||
|
- /bin/sh
|
||
|
args:
|
||
|
- -c
|
||
|
- /tc-scripts/apply-seed.sh
|
||
|
|
||
|
guacd:
|
||
|
enabled: true
|
||
|
type: Deployment
|
||
|
strategy: RollingUpdate
|
||
|
podSpec:
|
||
|
containers:
|
||
|
guacd:
|
||
|
enabled: true
|
||
|
primary: true
|
||
|
imageSelector: guacdImage
|
||
|
command:
|
||
|
- /opt/guacamole/sbin/guacd
|
||
|
args:
|
||
|
# Listen Address
|
||
|
- -b
|
||
|
- "0.0.0.0"
|
||
|
# Listen Port
|
||
|
- -l
|
||
|
- "{{ .Values.service.guacd.ports.guacd.port }}"
|
||
|
# Log Level
|
||
|
- -L
|
||
|
- info
|
||
|
# Foreground
|
||
|
- -f
|
||
|
securityContext:
|
||
|
runAsUser: 1000
|
||
|
runAsGroup: 1000
|
||
|
readOnlyRootFilesystem: false
|
||
|
probes:
|
||
|
liveness:
|
||
|
type: tcp
|
||
|
port: "{{ .Values.service.guacd.ports.guacd.port }}"
|
||
|
readiness:
|
||
|
type: tcp
|
||
|
port: "{{ .Values.service.guacd.ports.guacd.port }}"
|
||
|
startup:
|
||
|
type: tcp
|
||
|
port: "{{ .Values.service.guacd.ports.guacd.port }}"
|
||
|
|
||
|
service:
|
||
|
main:
|
||
|
ports:
|
||
|
main:
|
||
|
port: 10123
|
||
|
targetPort: 8080
|
||
|
guacd:
|
||
|
enabled: true
|
||
|
targetSelector: guacd
|
||
|
ports:
|
||
|
guacd:
|
||
|
enabled: true
|
||
|
targetSelector: guacd
|
||
|
port: 10124
|
||
|
|
||
|
persistence:
|
||
|
recordings:
|
||
|
enabled: true
|
||
|
# Check how this works and
|
||
|
# which containers need it mounted
|
||
|
targetSelector:
|
||
|
main:
|
||
|
main:
|
||
|
mountPath: /var/lib/guacamole/recordings
|
||
|
readOnly: true
|
||
|
guacd:
|
||
|
guacd:
|
||
|
mountPath: /var/lib/guacamole/recordings
|
||
|
drive:
|
||
|
enabled: true
|
||
|
targetSelector:
|
||
|
guacd:
|
||
|
guacd:
|
||
|
mountPath: /var/lib/guacamole/drive
|
||
|
tc-init:
|
||
|
enabled: true
|
||
|
type: emptyDir
|
||
|
targetSelector:
|
||
|
main:
|
||
|
1-create-seed:
|
||
|
mountPath: /tc-init
|
||
|
2-apply-seed:
|
||
|
mountPath: /tc-init
|
||
|
db-seed:
|
||
|
enabled: true
|
||
|
type: configmap
|
||
|
objectName: db-init
|
||
|
defaultMode: "0770"
|
||
|
targetSelector:
|
||
|
main:
|
||
|
1-create-seed:
|
||
|
mountPath: /tc-scripts/create-seed.sh
|
||
|
subPath: create-seed.sh
|
||
|
2-apply-seed:
|
||
|
mountPath: /tc-scripts/apply-seed.sh
|
||
|
subPath: apply-seed.sh
|
||
|
|
||
|
cnpg:
|
||
|
main:
|
||
|
enabled: true
|
||
|
user: guacamole
|
||
|
database: guacamole
|
||
|
|
||
|
portal:
|
||
|
open:
|
||
|
enabled: true
|