diff --git a/stable/guacamole/10.0.4/CHANGELOG.md b/stable/guacamole/10.0.4/CHANGELOG.md new file mode 100644 index 00000000000..801d73f2b4f --- /dev/null +++ b/stable/guacamole/10.0.4/CHANGELOG.md @@ -0,0 +1,87 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [guacamole-10.0.4](https://github.com/truecharts/charts/compare/guacamole-10.0.3...guacamole-10.0.4) (2023-08-06) + +### Chore + +- update container image tccr.io/truecharts/guacamole-client to v1.5.3 ([#11249](https://github.com/truecharts/charts/issues/11249)) + + + + +## [guacamole-10.0.3](https://github.com/truecharts/charts/compare/guacamole-10.0.2...guacamole-10.0.3) (2023-08-03) + +### Fix + +- comment out values ([#11176](https://github.com/truecharts/charts/issues/11176)) + + + + +## [guacamole-10.0.2](https://github.com/truecharts/charts/compare/guacamole-10.0.1...guacamole-10.0.2) (2023-08-03) + + + + +## [guacamole-10.0.1](https://github.com/truecharts/charts/compare/guacamole-10.0.0...guacamole-10.0.1) (2023-08-02) + +### Chore + +- add virtual drive storage ([#11134](https://github.com/truecharts/charts/issues/11134)) + + + + + +## [guacamole-10.0.0](https://github.com/truecharts/charts/compare/guacamole-9.0.4...guacamole-10.0.0) (2023-07-31) + + + + +## [guacamole-9.0.4](https://github.com/truecharts/charts/compare/guacamole-9.0.3...guacamole-9.0.4) (2023-07-30) + +### Chore + +- update helm general non-major ([#11034](https://github.com/truecharts/charts/issues/11034)) + + + + +## [guacamole-9.0.3](https://github.com/truecharts/charts/compare/guacamole-9.0.2...guacamole-9.0.3) (2023-07-29) + +### Chore + +- set guacamole to listen on `/` ([#10987](https://github.com/truecharts/charts/issues/10987)) + + + + +## [guacamole-9.0.2](https://github.com/truecharts/charts/compare/guacamole-9.0.1...guacamole-9.0.2) (2023-07-29) + +### Chore + +- update helm general non-major ([#10955](https://github.com/truecharts/charts/issues/10955)) + + + + +## [guacamole-9.0.1](https://github.com/truecharts/charts/compare/guacamole-9.0.0...guacamole-9.0.1) (2023-07-26) + +### Fix + +- fix indentation ([#10873](https://github.com/truecharts/charts/issues/10873)) + + + + +## [guacamole-9.0.0]guacamole-9.0.0 (2023-07-24) + +### Feat + +- BREAKING CHANGES migrate new common ([#10771](https://github.com/truecharts/charts/issues/10771)) + + \ No newline at end of file diff --git a/stable/guacamole/10.0.4/Chart.yaml b/stable/guacamole/10.0.4/Chart.yaml new file mode 100644 index 00000000000..53e94fb6b9b --- /dev/null +++ b/stable/guacamole/10.0.4/Chart.yaml @@ -0,0 +1,28 @@ +apiVersion: v2 +appVersion: "1.5.3" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 14.0.1 +description: Apache Guacamole is a clientless remote desktop gateway. +home: https://truecharts.org/charts/stable/guacamole +icon: https://truecharts.org/img/hotlink-ok/chart-icons/guacamole.png +keywords: + - guacamole + - remote +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: guacamole +sources: + - https://github.com/truecharts/charts/tree/master/charts/stable/guacamole + - https://github.com/apache/guacamole-client +type: application +version: 10.0.4 +annotations: + truecharts.org/catagories: | + - utilities + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/stable/guacamole/10.0.4/README.md b/stable/guacamole/10.0.4/README.md new file mode 100644 index 00000000000..e0a9b8fa8d7 --- /dev/null +++ b/stable/guacamole/10.0.4/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/stable/guacamole/10.0.4/app-changelog.md b/stable/guacamole/10.0.4/app-changelog.md new file mode 100644 index 00000000000..68b3616c6a8 --- /dev/null +++ b/stable/guacamole/10.0.4/app-changelog.md @@ -0,0 +1,9 @@ + + +## [guacamole-10.0.4](https://github.com/truecharts/charts/compare/guacamole-10.0.3...guacamole-10.0.4) (2023-08-06) + +### Chore + +- update container image tccr.io/truecharts/guacamole-client to v1.5.3 ([#11249](https://github.com/truecharts/charts/issues/11249)) + + \ No newline at end of file diff --git a/stable/guacamole/10.0.4/app-readme.md b/stable/guacamole/10.0.4/app-readme.md new file mode 100644 index 00000000000..9443f3df8cd --- /dev/null +++ b/stable/guacamole/10.0.4/app-readme.md @@ -0,0 +1,8 @@ +Apache Guacamole is a clientless remote desktop gateway. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/stable/guacamole](https://truecharts.org/charts/stable/guacamole) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/stable/guacamole/10.0.4/charts/common-14.0.1.tgz b/stable/guacamole/10.0.4/charts/common-14.0.1.tgz new file mode 100644 index 00000000000..656c64047b2 Binary files /dev/null and b/stable/guacamole/10.0.4/charts/common-14.0.1.tgz differ diff --git a/stable/guacamole/10.0.4/ix_values.yaml b/stable/guacamole/10.0.4/ix_values.yaml new file mode 100644 index 00000000000..2c3885d321f --- /dev/null +++ b/stable/guacamole/10.0.4/ix_values.yaml @@ -0,0 +1,277 @@ +image: + repository: tccr.io/truecharts/guacamole-client + pullPolicy: IfNotPresent + tag: v1.5.3@sha256:558ce69773da891ce3c792ccea21934996eb8b9135b9bea81fe3d5457b1a960a +guacdImage: + repository: tccr.io/truecharts/guacamole-server + pullPolicy: IfNotPresent + tag: v1.5.2@sha256:f7f62adecb244a91c974ac0bab7376335304145789fb43baeff75c1e2c88c630 + +guacamole: + general: + EXTENSION_PRIORITY: "" + api: + API_SESSION_TIMEOUT: 60 + ldap: + {} + # LDAP_HOSTNAME: "" + # LDAP_USER_BASE_DN: "" + # LDAP_PORT: 389 + # LDAP_ENCRYPTION_METHOD: none + # LDAP_MAX_SEARCH_RESULTS: 1000 + # LDAP_SEARCH_BIND_DN: "" + # LDAP_USER_ATTRIBUTES: "" + # LDAP_SEARCH_BIND_PASSWORD: "" + # LDAP_USERNAME_ATTRIBUTE: uid + # LDAP_MEMBER_ATTRIBUTE: member + # LDAP_USER_SEARCH_FILTER: "(objectClass=*)" + # LDAP_CONFIG_BASE_DN: "" + # LDAP_GROUP_BASE_DN: "" + # LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)" + # LDAP_MEMBER_ATTRIBUTE_TYPE: dn + # LDAP_GROUP_NAME_ATTRIBUTE: cn + # LDAP_DEREFERENCE_ALIASES: never + # LDAP_FOLLOW_REFERRALS: false + # LDAP_MAX_REFERRAL_HOPS: 5 + # LDAP_OPERATION_TIMEOUT: 30 + header: + {} + # HEADER_ENABLED: false + # HTTP_AUTH_HEADER: REMOTE_USER + saml: + {} + # SAML_IDP_METADATA_URL: "" + # SAML_IDP_URL: "" + # SAML_ENTITY_ID: "" + # SAML_CALLBACK_URL: "" + # SAML_STRICT: true + # SAML_DEBUG: false + # SAML_COMPRESS_REQUEST: true + # SAML_COMPRESS_RESPONSE: true + # SAML_GROUP_ATTRIBUTE: groups + proxy: + {} + # REMOTE_IP_VALVE_ENABLED: false + # PROXY_ALLOWED_IPS_REGEX: "" + # PROXY_IP_HEADER: "" + # PROXY_PROTOCOL_HEADER: "" + # PROXY_BY_HEADER: "" + totp: + {} + # TOTP_ENABLED: false + # TOTP_ISSUER: Apache Guacamole + # TOTP_DIGITS: 6 + # TOTP_PERIOD: 30 + # TOTP_MODE: sha1 + duo: + {} + # DUO_API_HOSTNAME: "" + # DUO_INTEGRATION_KEY: "" + # DUO_SECRET_KEY: "" + # DUO_APPLICATION_KEY: "" + radius: + {} + # RADIUS_SHARED_SECRET: "" + # RADIUS_AUTH_PROTOCOL: eap-tls + # RADIUS_HOSTNAME: "" + # RADIUS_AUTH_PORT: 1812 + # RADIUS_KEY_FILE: "" + # RADIUS_KEY_TYPE: pkcs12 + # RADIUS_KEY_PASSWORD: "" + # RADIUS_CA_FILE: "" + # RADIUS_CA_TYPE: pem + # RADIUS_CA_PASSWORD: "" + # RADIUS_TRUST_ALL: false + # RADIUS_RETRIES: 5 + # RADIUS_TIMEOUT: 60 + # RADIUS_EAP_TTLS_INNER_PROTOCOL: eap-tls + # RADIUS_NAS_IP: "" + openid: + {} + # OPENID_AUTHORIZATION_ENDPOINT: "" + # OPENID_JWKS_ENDPOINT: "" + # OPENID_ISSUER: "" + # OPENID_CLIENT_ID: "" + # OPENID_REDIRECT_URI: "" + # OPENID_USERNAME_CLAIM_TYPE: email + # OPENID_GROUPS_CLAIM_TYPE: groups + # OPENID_SCOPE: openid email profile + # OPENID_ALLOWED_CLOCK_SKEW: 30 + # OPENID_MAX_TOKEN_VALIDITY: 300 + # OPENID_MAX_NONCE_VALIDITY: 300 + cas: + {} + # CAS_AUTHORIZATION_ENDPOINT: "" + # CAS_REDIRECT_URI: "" + # CAS_CLEARPASS_KEY: "" + # CAS_GROUP_ATTRIBUTE: "" + # CAS_GROUP_FORMAT: plain + # CAS_GROUP_LDAP_BASE_DN: "" + # CAS_GROUP_LDAP_ATTRIBUTE: "" + json: + {} + # JSON_SECRET_KEY: "" + # JSON_TRUSTED_NETWORKS: "" + +workload: + main: + podSpec: + containers: + main: + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + readOnlyRootFilesystem: false + envFrom: + - configMapRef: + name: guacamole-config + probes: + liveness: + type: http + port: "{{ .Values.service.main.ports.main.targetPort }}" + readiness: + type: http + port: "{{ .Values.service.main.ports.main.targetPort }}" + startup: + type: tcp + port: "{{ .Values.service.main.ports.main.targetPort }}" + # zz is used to ensure that the initContainers are run after db-waits + initContainers: + 1-create-seed: + enabled: true + type: install + imageSelector: image + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + readOnlyRootFilesystem: false + envFrom: + - configMapRef: + name: guacamole-config + command: + - /bin/sh + args: + - -c + - /tc-scripts/create-seed.sh + 2-apply-seed: + enabled: true + type: install + imageSelector: postgresClientImage + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + readOnlyRootFilesystem: false + envFrom: + - configMapRef: + name: guacamole-config + command: + - /bin/sh + args: + - -c + - /tc-scripts/apply-seed.sh + + guacd: + enabled: true + type: Deployment + strategy: RollingUpdate + podSpec: + containers: + guacd: + enabled: true + primary: true + imageSelector: guacdImage + command: + - /opt/guacamole/sbin/guacd + args: + # Listen Address + - -b + - "0.0.0.0" + # Listen Port + - -l + - "{{ .Values.service.guacd.ports.guacd.port }}" + # Log Level + - -L + - info + # Foreground + - -f + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + readOnlyRootFilesystem: false + probes: + liveness: + type: tcp + port: "{{ .Values.service.guacd.ports.guacd.port }}" + readiness: + type: tcp + port: "{{ .Values.service.guacd.ports.guacd.port }}" + startup: + type: tcp + port: "{{ .Values.service.guacd.ports.guacd.port }}" + +service: + main: + ports: + main: + port: 10123 + targetPort: 8080 + guacd: + enabled: true + targetSelector: guacd + ports: + guacd: + enabled: true + targetSelector: guacd + port: 10124 + +persistence: + recordings: + enabled: true + # Check how this works and + # which containers need it mounted + targetSelector: + main: + main: + mountPath: /var/lib/guacamole/recordings + readOnly: true + guacd: + guacd: + mountPath: /var/lib/guacamole/recordings + drive: + enabled: true + targetSelector: + guacd: + guacd: + mountPath: /var/lib/guacamole/drive + tc-init: + enabled: true + type: emptyDir + targetSelector: + main: + 1-create-seed: + mountPath: /tc-init + 2-apply-seed: + mountPath: /tc-init + db-seed: + enabled: true + type: configmap + objectName: db-init + defaultMode: "0770" + targetSelector: + main: + 1-create-seed: + mountPath: /tc-scripts/create-seed.sh + subPath: create-seed.sh + 2-apply-seed: + mountPath: /tc-scripts/apply-seed.sh + subPath: apply-seed.sh + +cnpg: + main: + enabled: true + user: guacamole + database: guacamole + +portal: + open: + enabled: true diff --git a/stable/guacamole/10.0.4/questions.yaml b/stable/guacamole/10.0.4/questions.yaml new file mode 100644 index 00000000000..cf0a7ec8586 --- /dev/null +++ b/stable/guacamole/10.0.4/questions.yaml @@ -0,0 +1,2773 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + - variable: guacamole + label: Guacamole Configuration + group: App Configuration + schema: + type: dict + additional_attrs: true + attrs: + - variable: general + label: General Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: EXTENSION_PRIORITY + label: Extension Priority + description: A comma-separated list of the namespaces of all extensions that should be loaded in a specific order + schema: + type: string + default: "" + - variable: api + label: API Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: API_SESSION_TIMEOUT + label: API Session Timeout (in minutes) + schema: + type: int + default: 60 + - variable: totp + label: TOTP Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: TOTP_ENABLED + label: Enable TOTP + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: TOTP_ISSUER + label: TOTP Issuer + schema: + type: string + default: Apache Guacamole + required: true + - variable: TOTP_PERIOD + label: TOTP Period + schema: + type: int + default: 30 + required: true + - variable: TOTP_DIGITS + label: TOTP Digits + schema: + type: int + min: 6 + max: 8 + default: 6 + required: true + - variable: TOTP_MODE + label: TOTP Mode + schema: + type: string + default: sha1 + required: true + enum: + - value: sha1 + description: sha1 + - value: sha256 + description: sha256 + - value: sha512 + description: sha512 + - variable: header + label: Header Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: HEADER_ENABLED + label: Enable Header + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: HTTP_AUTH_HEADER + label: HTTP Auth Header + schema: + type: string + required: true + default: REMOTE_USER + - variable: json + label: JSON Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: json_enabled + label: Enable JSON + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: JSON_SECRET_KEY + label: JSON Secret Key + schema: + type: string + required: true + default: "" + - variable: JSON_TRUSTED_NETWORKS + label: JSON Trusted Networks (Leave blank for unrestricted + description: "Comma separated list e.g.: 127.0.0.0/8, 10.0.0.0/8" + schema: + type: string + default: "" + - variable: duo + label: DUO Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: duo_enabled + label: Enable DUO + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: DUO_API_HOSTNAME + label: DUO API Hostname (api-XXXXXXXX.duosecurity.com) + schema: + type: string + required: true + default: "" + - variable: DUO_INTEGRATION_KEY + label: DUO Integration Key (Exactly 20 chars) + schema: + min_length: 20 + max_length: 20 + type: string + required: true + default: "" + - variable: DUO_SECRET_KEY + label: DUO Secret Key (Exactly 40 chars) + schema: + min_length: 40 + max_length: 40 + type: string + required: true + default: "" + - variable: DUO_APPLICATION_KEY + label: DUO Application Key (At least 40 chars) + schema: + min_length: 40 + type: string + required: true + default: "" + - variable: cas + label: CAS Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: cas_enabled + label: Enable CAS + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: CAS_AUTHORIZATION_ENDPOINT + label: CAS Authorization Endpoint + schema: + type: string + required: true + default: "" + - variable: CAS_REDIRECT_URI + label: CAS Redirect URI + schema: + type: string + required: true + default: "" + - variable: CAS_CLEARPASS_KEY + label: CAS Clearpass Key + schema: + type: string + default: "" + - variable: CAS_GROUP_ATTRIBUTE + label: CAS Group Attribute + schema: + type: string + default: "" + - variable: CAS_GROUP_LDAP_BASE_DN + label: CAS Group LDAP Base DN + schema: + type: string + default: "" + - variable: CAS_GROUP_LDAP_ATTRIBUTE + label: CAS Group LDAP Attribute + schema: + type: string + default: "" + - variable: CAS_GROUP_FORMAT + label: CAS Group Format + schema: + type: string + default: plain + enum: + - value: plain + description: plain + - value: ldap + description: ldap + - variable: openid + label: OpenID Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: openid_enabled + label: Enable OpenID + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: OPENID_AUTHORIZATION_ENDPOINT + label: OpenID Authorization Endpoint + schema: + type: string + required: true + default: "" + - variable: OPENID_JWKS_ENDPOINT + label: OpenID JWKS Endpoint + schema: + type: string + required: true + default: "" + - variable: OPENID_ISSUER + label: OpenID Issuer + schema: + type: string + required: true + default: "" + - variable: OPENID_CLIENT_ID + label: OpenID Client ID + schema: + type: string + required: true + default: "" + - variable: OPENID_REDIRECT_URI + label: OpenID Redirect URI + schema: + type: string + required: true + default: "" + - variable: OPENID_USERNAME_CLAIM_TYPE + label: OpenID Username Claim Type + schema: + type: string + required: true + default: email + - variable: OPENID_GROUPS_CLAIM_TYPE + label: OpenID Groups Claim Type + schema: + type: string + required: true + default: groups + - variable: OPENID_SCOPE + label: OpenID Scope + schema: + type: string + default: openid email profile + - variable: OPENID_ALLOWED_CLOCK_SKEW + label: OpenID Allowed Clock Skew (in seconds) + schema: + type: int + required: true + default: 30 + - variable: OPENID_MAX_TOKEN_VALIDITY + label: OpenID Max Token Validity (in minutes) + schema: + type: int + required: true + default: 300 + - variable: OPENID_MAX_NONCE_VALIDITY + label: OpenID Max Nonce Validity (in minutes) + schema: + type: int + required: true + default: 10 + - variable: radius + label: Radius Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: radius_enabled + label: Enable Radius + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: RADIUS_SHARED_SECRET + label: Radius Shared Secret + schema: + type: string + required: true + default: "" + - variable: RADIUS_AUTH_PROTOCOL + label: Radius Auth Protocol + schema: + type: string + required: true + default: eap-tls + enum: + - value: pap + description: pap + - value: chap + description: chap + - value: mschapv1 + description: mschapv1 + - value: mschapv2 + description: mschapv2 + - value: eap-md5 + description: eap-md5 + - value: eap-tls + description: eap-tls + - value: eap-ttls + description: eap-ttls + - variable: RADIUS_HOSTNAME + label: Radius Hostname + schema: + type: string + required: true + default: "" + - variable: RADIUS_AUTH_PORT + label: Radius Auth Port + schema: + type: int + default: 1812 + - variable: RADIUS_KEY_FILE + label: Radius Key File + schema: + type: string + default: "" + - variable: RADIUS_KEY_TYPE + label: Radius Key Type + schema: + type: string + default: pkcs12 + required: true + enum: + - value: pem + description: pem + - value: jceks + description: jceks + - value: jks + description: jks + - value: pkcs12 + description: pkcs12 + - variable: RADIUS_KEY_PASSWORD + label: Radius Key Password + schema: + type: string + default: "" + - variable: RADIUS_CA_FILE + label: Radius CA File + schema: + type: string + default: "" + - variable: RADIUS_CA_TYPE + label: Radius CA Type + schema: + type: string + required: true + default: pem + enum: + - value: pem + description: pem + - value: jceks + description: jceks + - value: jks + description: jks + - value: pkcs12 + description: pkcs12 + - variable: RADIUS_CA_PASSWORD + label: Radius CA Password + schema: + type: string + default: "" + - variable: RADIUS_TRUST_ALL + label: Radius Trust All + schema: + type: boolean + default: false + - variable: RADIUS_RETRIES + label: Radius Retries + schema: + type: int + required: true + default: 5 + - variable: RADIUS_TIMEOUT + label: Radius Timeout + schema: + type: int + required: true + default: 60 + - variable: RADIUS_EAP_TTLS_INNER_PROTOCOL + label: Radius eap-ttls Inner Protocol + description: Only has effect when RADIUS_AUTH_PROTOCOL is set to eap-ttls + schema: + type: string + default: eap-tls + required: true + enum: + - value: pap + description: pap + - value: chap + description: chap + - value: mschapv1 + description: mschapv1 + - value: mschapv2 + description: mschapv2 + - value: eap-md5 + description: eap-md5 + - value: eap-tls + description: eap-tls + - variable: RADIUS_NAS_IP + label: Radius Network Access Server IP + schema: + type: string + default: "" + - variable: ldap + group: "App Configuration" + label: LDAP Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: ldap_enabled + label: Enable LDAP + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: LDAP_HOSTNAME + label: LDAP Hostname + schema: + type: string + required: true + default: "" + - variable: LDAP_USER_BASE_DN + label: LDAP User Base DN + schema: + type: string + required: true + default: "" + - variable: LDAP_PORT + label: LDAP Port + schema: + type: int + default: 389 + - variable: LDAP_ENCRYPTION_METHOD + label: LDAP Encryption Method + schema: + type: string + default: none + required: true + enum: + - value: none + description: none + - value: ssl + description: ssl + - value: starttls + description: starttls + - variable: LDAP_MAX_SEARCH_RESULTS + label: LDAP Max Search Results + schema: + type: int + default: 1000 + - variable: LDAP_SEARCH_BIND_DN + label: LDAP Search Bind DN + schema: + type: string + default: "" + - variable: LDAP_USER_ATTRIBUTES + label: LDAP User Attributes + schema: + type: string + default: "" + - variable: LDAP_SEARCH_BIND_PASSWORD + label: LDAP Search Bind Password + schema: + type: string + default: "" + - variable: LDAP_USERNAME_ATTRIBUTE + label: LDAP Username Attribute + schema: + type: string + default: uid + - variable: LDAP_MEMBER_ATTRIBUTE + label: LDAP Member Attribute + schema: + type: string + default: member + - variable: LDAP_USER_SEARCH_FILTER + label: LDAP User Search Filter + schema: + type: string + default: "(objectClass=*)" + - variable: LDAP_CONFIG_BASE_DN + label: LDAP Config Base DN + schema: + type: string + default: "" + - variable: LDAP_GROUP_BASE_DN + label: LDAP Group Base DN + schema: + type: string + default: "" + - variable: LDAP_GROUP_SEARCH_FILTER + label: LDAP Group Search Filter + schema: + type: string + default: "(objectClass=*)" + - variable: LDAP_MEMBER_ATTRIBUTE_TYPE + label: LDAP Member Attribute Type + schema: + type: string + default: dn + required: true + enum: + - value: dn + description: dn + - value: uid + description: uid + - variable: LDAP_GROUP_NAME_ATTRIBUTE + label: LDAP Group Name Attribute + schema: + type: string + default: cn + - variable: LDAP_DEREFERENCE_ALIASES + label: LDAP Dereference Aliases + schema: + type: string + required: true + default: never + enum: + - value: never + description: never + - value: searching + description: searching + - value: finding + description: finding + - value: always + description: always + - variable: LDAP_FOLLOW_REFERRALS + label: LDAP Follow Referrals + schema: + type: boolean + default: false + - variable: LDAP_MAX_REFERRAL_HOPS + label: LDAP Max Referrals Hops + schema: + type: int + required: true + default: 5 + - variable: LDAP_OPERATION_TIMEOUT + label: LDAP Operation Timeout + schema: + type: int + required: true + default: 30 + - variable: saml + label: SAML Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: saml_enabled + label: Enable SAML + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: SAML_IDP_METADATA_URL + label: SAML IDP Metadata URL + schema: + type: string + default: "" + - variable: SAML_IDP_URL + label: SAML IDP URL + schema: + type: string + default: "" + - variable: SAML_ENTITY_ID + label: SAML Entity ID + schema: + type: string + default: "" + - variable: SAML_CALLBACK_URL + label: SAML Callback URL + schema: + type: string + default: "" + - variable: SAML_STRICT + label: SAML Strict + schema: + type: boolean + default: true + - variable: SAML_DEBUG + label: SAML Debug + schema: + type: boolean + default: false + - variable: SAML_COMPRESS_REQUEST + label: SAML Compress Request + schema: + type: boolean + default: true + - variable: SAML_COMPRESS_RESPONSE + label: SAML Compress Response + schema: + type: boolean + default: true + - variable: SAML_GROUP_ATTRIBUTE + label: SAML Group Attribute + schema: + type: string + required: true + default: groups + - variable: proxy + label: Proxy Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: REMOTE_IP_VALVE_ENABLED + label: Enable Proxy + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: PROXY_BY_HEADER + label: Proxy by Header + schema: + type: string + default: "" + - variable: PROXY_PROTOCOL_HEADER + label: Proxy Protocol Header + schema: + type: string + default: "" + - variable: PROXY_IP_HEADER + label: Proxy IP Header + schema: + type: string + default: "" + - variable: PROXY_ALLOWED_IPS_REGEX + label: Proxy Allowed IP Regex + schema: + type: string + default: "" + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Service Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 9998 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: recordings + label: App Recordings Storage + description: Mounts this volume at [/var/lib/guacamole/recordings] in both guacd and client containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: drive + label: Virtual Drive Storage (guacd) + description: Mounts this volume at [/var/lib/guacamole/drive] in the guacd container + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: clusterIssuer + label: clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["clusterIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: clusterIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["clusterIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["clusterIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + - variable: runAsUser + label: runAsUser + description: The UserID of the user running the application + schema: + type: int + default: 1001 + - variable: runAsGroup + label: runAsGroup + description: The groupID of the user running the application + schema: + type: int + default: 1001 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: fsGroup + description: The group that should own ALL storage + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/stable/guacamole/10.0.4/templates/_configmap.tpl b/stable/guacamole/10.0.4/templates/_configmap.tpl new file mode 100644 index 00000000000..c1aa8784453 --- /dev/null +++ b/stable/guacamole/10.0.4/templates/_configmap.tpl @@ -0,0 +1,198 @@ +{{/* Define the configmap */}} +{{- define "guacamole.configmap" -}} +{{/* https://github.com/apache/guacamole-client/blob/master/guacamole-docker/bin/start.sh */}} +{{/* https://guacamole.apache.org/doc/gug/guacamole-docker.html */}} +{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ }} +guacamole-config: + enabled: true + data: + RECORDING_SEARCH_PATH: /var/lib/guacamole/recordings + {{/* + https://github.com/apache/guacamole-client/blob/bffc5fbdd5e2bb7a777f55c819a1d4d858829cb7/guacamole-docker/bin/start.sh#L1038 + TomCat uses the war name as the context path. ROOT.war is the default and means the context path is /. + */}} + WEBAPP_CONTEXT: ROOT + {{/* GuacD */}} + GUACD_HOSTNAME: {{ printf "%v-guacd" $fullname }} + GUACD_PORT: {{ .Values.service.guacd.ports.guacd.port | quote }} + {{/* Database */}} + POSTGRESQL_PORT: "5432" + POSTGRESQL_DATABASE: {{ .Values.cnpg.main.database }} + POSTGRESQL_USER: {{ .Values.cnpg.main.user }} + POSTGRESQL_HOSTNAME: {{ .Values.cnpg.main.creds.host }} + POSTGRESQL_PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }} + {{/* LDAP */}} + {{- if (get .Values.guacamole "ldap").LDAP_HOSTNAME }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_HOSTNAME" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_PORT" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_ENCRYPTION_METHOD" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_USER_BASE_DN" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_USER_SEARCH_FILTER" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_GROUP_BASE_DN" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_GROUP_SEARCH_FILTER" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_GROUP_NAME_ATTRIBUTE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_MEMBER_ATTRIBUTE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_MEMBER_ATTRIBUTE_TYPE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_SEARCH_BIND_DN" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_SEARCH_BIND_PASSWORD" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_USERNAME_ATTRIBUTE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_USER_ATTRIBUTES" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_CONFIG_BASE_DN" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_DEREFERENCE_ALIASES" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_FOLLOW_REFERRALS" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_MAX_REFERRAL_HOPS" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_MAX_SEARCH_RESULTS" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_OPERATION_TIMEOUT" "rootCtx" $) }} + {{- end }} + {{/* Header */}} + {{- if (get .Values.guacamole "header").HEADER_ENABLED }} + {{ include "guac.env" (dict "ob" "header" "key" "HEADER_ENABLED" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "header" "key" "HTTP_AUTH_HEADER" "rootCtx" $) }} + {{- end }} + {{/* SAML */}} + {{- if or + (and ((get .Values.guacamole "saml").SAML_ENTITY_ID) ((get .Values.guacamole "saml").SAML_CALLBACK_URL)) + ((get .Values.guacamole "saml").SAML_IDP_METADATA_URL) }} + {{ include "guac.env" (dict "ob" "saml" "key" "SAML_IDP_METADATA_URL" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "saml" "key" "SAML_IDP_URL" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "saml" "key" "SAML_ENTITY_ID" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "saml" "key" "SAML_CALLBACK_URL" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "saml" "key" "SAML_STRICT" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "saml" "key" "SAML_DEBUG" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "saml" "key" "SAML_COMPRESS_REQUEST" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "saml" "key" "SAML_COMPRESS_RESPONSE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "saml" "key" "SAML_GROUP_ATTRIBUTE" "rootCtx" $) }} + {{- end }} + {{/* Proxy */}} + {{- if (get .Values.guacamole "proxy").REMOTE_IP_VALVE_ENABLED }} + {{ include "guac.env" (dict "ob" "proxy" "key" "REMOTE_IP_VALVE_ENABLED" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "proxy" "key" "PROXY_ALLOWED_IPS_REGEX" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "proxy" "key" "PROXY_IP_HEADER" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "proxy" "key" "PROXY_PROTOCOL_HEADER" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "proxy" "key" "PROXY_BY_HEADER" "rootCtx" $) }} + {{- end }} + {{/* General */}} + {{ include "guac.env" (dict "ob" "general" "key" "EXTENSION_PRIORITY" "rootCtx" $) }} + {{/* TOTP */}} + {{- if (get .Values.guacamole "totp").TOTP_ENABLED }} + {{ include "guac.env" (dict "ob" "totp" "key" "TOTP_ENABLED" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "totp" "key" "TOTP_ISSUER" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "totp" "key" "TOTP_DIGITS" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "totp" "key" "TOTP_PERIOD" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "totp" "key" "TOTP_MODE" "rootCtx" $) }} + {{- end }} + {{/* DUO */}} + {{- if (get .Values.guacamole "duo").DUO_API_HOSTNAME }} + {{ include "guac.env" (dict "ob" "duo" "key" "DUO_API_HOSTNAME" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "duo" "key" "DUO_INTEGRATION_KEY" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "duo" "key" "DUO_SECRET_KEY" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "duo" "key" "DUO_APPLICATION_KEY" "rootCtx" $) }} + {{- end }} + {{/* API */}} + {{ include "guac.env" (dict "ob" "api" "key" "API_SESSION_TIMEOUT" "rootCtx" $) }} + {{/* RADIUS */}} + {{- if (get .Values.guacamole "radius").SHARED_SECRET }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_HOSTNAME" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_AUTH_PORT" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_SHARED_SECRET" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_AUTH_PROTOCOL" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_KEY_TYPE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_KEY_TYPE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_KEY_PASSWORD" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_CA_FILE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_CA_TYPE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_CA_PASSWORD" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_TRUST_ALL" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_RETRIES" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_TIMEOUT" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_EAP_TTLS_INNER_PROTOCOL" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_NAS_IP" "rootCtx" $) }} + {{- end }} + {{/* OPENID */}} + {{- if (get .Values.guacamole "openid").OPENID_AUTHORIZATION_ENDPOINT }} + {{ include "guac.env" (dict "ob" "openid" "key" "OPENID_AUTHORIZATION_ENDPOINT" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "openid" "key" "OPENID_JWKS_ENDPOINT" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "openid" "key" "OPENID_ISSUER" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "openid" "key" "OPENID_CLIENT_ID" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "openid" "key" "OPENID_REDIRECT_URI" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "openid" "key" "OPENID_USERNAME_CLAIM_TYPE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "openid" "key" "OPENID_GROUPS_CLAIM_TYPE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "openid" "key" "OPENID_SCOPE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "openid" "key" "OPENID_ALLOWED_CLOCK_SKEW" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "openid" "key" "OPENID_MAX_TOKEN_VALIDITY" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "openid" "key" "OPENID_MAX_NONCE_VALIDITY" "rootCtx" $) }} + {{- end }} + {{/* CAS */}} + {{- if (get .Values.guacamole "cas").CAS_AUTHORIZATION_ENDPOINT }} + {{ include "guac.env" (dict "ob" "cas" "key" "CAS_AUTHORIZATION_ENDPOINT" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "cas" "key" "CAS_REDIRECT_URI" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "cas" "key" "CAS_CLEARPASS_KEY" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "cas" "key" "CAS_GROUP_ATTRIBUTE" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "cas" "key" "CAS_GROUP_FORMAT" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "cas" "key" "CAS_GROUP_LDAP_BASE_DN" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "cas" "key" "CAS_GROUP_LDAP_ATTRIBUTE" "rootCtx" $) }} + {{- end }} + {{/* JSON */}} + {{- if (get .Values.guacamole "json").JSON_SECRET_KEY }} + {{ include "guac.env" (dict "ob" "json" "key" "JSON_SECRET_KEY" "rootCtx" $) }} + {{ include "guac.env" (dict "ob" "json" "key" "JSON_TRUSTED_NETWORKS" "rootCtx" $) }} + {{- end }} +db-init: + enabled: true + data: + {{- $filename := "/tc-init/initdb.sql" }} + create-seed.sh: | + echo "Creating [{{ $filename }}] file..." + /opt/guacamole/bin/initdb.sh --postgresql > {{ $filename }} + if [ -f {{ $filename }} ]; then + echo "File [{{ $filename }}] created successfully!" + exit 0 + fi + echo "File [{{ $filename }}] failed to create." + exit 1 + apply-seed.sh: | + export PGPASSWORD="$POSTGRESQL_PASSWORD" + until + pg_isready --username="$POSTGRESQL_USER" --host="$POSTGRESQL_HOSTNAME" --port="$POSTGRESQL_PORT" + do + echo "Waiting for PostgreSQL to start..." + sleep 2 + done + psql --host="$POSTGRESQL_HOSTNAME" --port="$POSTGRESQL_PORT" \ + --username="$POSTGRESQL_USER" --dbname="$POSTGRESQL_DATABASE" \ + --no-password --command='SELECT * FROM public.guacamole_user' \ + --output=/dev/null --quiet + if [ $? -eq 0 ]; then + echo "Database already initialized." + exit 0 + fi + if [ ! -f {{ $filename }} ]; then + echo "File [{{ $filename }}] does not exist." + exit 1 + fi + echo "Initializing database from [{{ $filename }}] file..." + psql --host="$POSTGRESQL_HOSTNAME" --port="$POSTGRESQL_PORT" \ + --username="$POSTGRESQL_USER" --dbname="$POSTGRESQL_DATABASE" \ + --no-password --quiet --output=/dev/null --file={{ $filename }} + if [ $? -eq 0 ]; then + echo "Database initialized successfully!" + exit 0 + fi + echo "Database failed to initialize." + exit 1 +{{- end -}} + +{{- define "guac.env" -}} + {{- $key := .key -}} + {{- $ob := .ob -}} + {{- $rootCtx := .rootCtx -}} + {{- $object := (get $rootCtx.Values.guacamole $ob) -}} + + {{- if $object -}} + {{- if hasKey $object $key -}} + {{- if not (kindIs "invalid" $key) -}} + {{- printf "%v: %v" $key (get $object $key | quote) -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/stable/guacamole/10.0.4/templates/common.yaml b/stable/guacamole/10.0.4/templates/common.yaml new file mode 100644 index 00000000000..2a97a4f00b6 --- /dev/null +++ b/stable/guacamole/10.0.4/templates/common.yaml @@ -0,0 +1,10 @@ +{{/* Make sure all variables are set properly */}} +{{ include "tc.v1.common.loader.init" . }} + +{{- $configmap := (include "guacamole.configmap" $ | fromYaml) -}} +{{- if $configmap -}} + {{- $_ := mustMergeOverwrite .Values.configmap $configmap -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/stable/guacamole/10.0.4/values.yaml b/stable/guacamole/10.0.4/values.yaml new file mode 100644 index 00000000000..e69de29bb2d