image: repository: tccr.io/truecharts/guacamole-client pullPolicy: IfNotPresent tag: 1.5.1@sha256:42a3d281697932261078d53920d1e9f822fddee8cbd9bc2f54ef46c6dbad3b1f podSecurityContext: runAsUser: 1001 runAsGroup: 1001 securityContext: readOnlyRootFilesystem: false service: main: ports: main: port: 9998 targetPort: 8080 env: # Will probably be removed on 1.5.0 (https://github.com/apache/guacamole-client/pull/717) POSTGRES_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}" POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}" POSTGRES_PORT: 5432 POSTGRES_HOSTNAME: secretKeyRef: name: dbcreds key: plainhost POSTGRES_PASSWORD: secretKeyRef: name: dbcreds key: postgresql-password # New format POSTGRESQL_PASSWORD: secretKeyRef: name: dbcreds key: postgresql-password POSTGRESQL_HOSTNAME: secretKeyRef: name: dbcreds key: plainhost POSTGRESQL_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}" POSTGRESQL_USER: "{{ .Values.postgresql.postgresqlUsername }}" POSTGRESQL_PORT: 5432 GUACD_HOSTNAME: "localhost" GUACD_PORT: 4822 envFrom: - configMapRef: name: guacamole-client-env totp: TOTP_ENABLED: false # TOTP_ISSUER: "Apache Guacamole" # TOTP_DIGITS: "6" # TOTP_PERIOD: "30" # TOTP_MODE: "sha1" header: HEADER_ENABLED: false # HTTP_AUTH_HEADER: "REMOTE_USER" api: {} # API_SESSION_TIMEOUT: "60" general: {} # EXTENSION_PRIORITY: "openid" json: {} # JSON_SECRET_KEY: "random32charkey" # JSON_TRUSTED_NETWORKS: "127.0.0.0/8, 10.0.0.0/8" duo: {} # DUO_API_HOSTNAME: "api-XXXXXXXX.duosecurity.com" # DUO_INTEGRATION_KEY: "exactly20charkey" # DUO_SECRET_KEY: "exactly40charkey" # DUO_APPLICATION_KEY: "atleast40charkey" cas: {} # CAS_AUTHORIZATION_ENDPOINT: "" # CAS_REDIRECT_URI: "" # CAS_CLEARPASS_KEY: "" # CAS_GROUP_ATTRIBUTE: "" # CAS_GROUP_FORMAT: "plain" # CAS_GROUP_LDAP_BASE_DN: "" # CAS_GROUP_LDAP_ATTRIBUTE: "" openid: {} # OPENID_AUTHORIZATION_ENDPOINT: "" # OPENID_JWKS_ENDPOINT: "" # OPENID_ISSUER: "" # OPENID_CLIENT_ID: "" # OPENID_REDIRECT_URI: "" # OPENID_USERNAME_CLAIM_TYPE: "email" # OPENID_GROUPS_CLAIM_TYPE: "groups" # OPENID_MAX_TOKEN_VALIDITY: "300" radius: {} # RADIUS_HOSTNAME: "localhost" # RADIUS_AUTH_PORT: "1812" # RADIUS_SHARED_SECRET: "" # RADIUS_AUTH_PROTOCOL: "eap-tls" # RADIUS_KEY_FILE: "" # RADIUS_KEY_TYPE: "pkcs12" # RADIUS_KEY_PASSWORD: "" # RADIUS_CA_FILE: "" # RADIUS_CA_TYPE: "pem" # RADIUS_CA_PASSWORD: "" # RADIUS_TRUST_ALL: "false" # RADIUS_RETRIES: "5" # RADIUS_TIMEOUT: "60" # RADIUS_EAP_TTLS_INNER_PROTOCOL: "eap-tls" ldap: {} # LDAP_HOSTNAME: "localhost" # LDAP_USER_BASE_DN: "" # LDAP_PORT: "389" # LDAP_ENCRYPTION_METHOD: "none" # LDAP_MAX_SEARCH_RESULTS: "1000" # LDAP_SEARCH_BIND_DN: "" # LDAP_USER_ATTRIBUTES: "" # LDAP_SEARCH_BIND_PASSWORD: "" # LDAP_USERNAME_ATTRIBUTE: "" # LDAP_MEMBER_ATTRIBUTE: "" # LDAP_USER_SEARCH_FILTER: "(objectClass=*)" # LDAP_CONFIG_BASE_DN: "" # LDAP_GROUP_BASE_DN: "" # LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)" # LDAP_MEMBER_ATTRIBUTE_TYPE: "dn" # LDAP_GROUP_NAME_ATTRIBUTE: "cn" # LDAP_DEREFERENCE_ALIASES: "never" # LDAP_FOLLOW_REFERRALS: false # LDAP_MAX_REFERRAL_HOPS: "5" # LDAP_OPERATION_TIMEOUT: "30" saml: {} # SAML_IDP_METADATA_URL: "" # SAML_IDP_URL: # SAML_ENTITY_ID: # SAML_CALLBACK_URL: # SAML_STRICT: # SAML_DEBUG: # SAML_COMPRESS_REQUEST: # SAML_COMPRESS_RESPONSE: # SAML_GROUP_ATTRIBUTE: proxy: {} # REMOTE_IP_VALVE_ENABLED: false # PROXY_BY_HEADER: "" # PROXY_PROTOCOL_HEADER: "" # PROXY_IP_HEADER: "" # PROXY_ALLOWED_IPS_REGEX: "" postgresql: enabled: true existingSecret: "dbcreds" postgresqlUsername: guacamole postgresqlDatabase: guacamole probes: liveness: path: "/guacamole" readiness: path: "/guacamole" startup: path: "/guacamole" persistence: initdbdata: enabled: true type: emptyDir mountPath: "/initdbdata" installContainers: 1-creat-initdb-file: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" volumeMounts: - name: initdbdata mountPath: "/initdbdata" command: ["/bin/sh", "-c"] args: - |- echo "Creating initdb.sql file..." /opt/guacamole/bin/initdb.sh --postgres >/initdbdata/initdb.sql if [ -e /initdbdata/initdb.sql ]; then echo "Init file created successfully!" exit 0 else echo "Init file failed to create." exit 1 fi 2-initdb: image: "{{ .Values.ubuntuImage.repository }}:{{ .Values.ubuntuImage.tag }}" env: - name: POSTGRESQL_DATABASE value: "{{ .Values.postgresql.postgresqlDatabase }}" - name: POSTGRESQL_USER value: "{{ .Values.postgresql.postgresqlUsername }}" - name: POSTGRESQL_PORT value: "5432" - name: POSTGRESQL_HOSTNAME valueFrom: secretKeyRef: name: dbcreds key: plainhost - name: PGPASSWORD valueFrom: secretKeyRef: name: dbcreds key: postgresql-password volumeMounts: - name: initdbdata mountPath: "/initdbdata" command: ["/bin/sh", "-c"] args: - |- psql -h "$POSTGRESQL_HOSTNAME" -d "$POSTGRESQL_DATABASE" -U "$POSTGRESQL_USER" -p "$POSTGRESQL_PORT" -o '/dev/null' -c 'SELECT * FROM public.guacamole_user' if [ $? -eq 0 ]; then echo "DB already initialized. Skipping..." else echo "Initializing DB's schema..." psql -h "$POSTGRESQL_HOSTNAME" -d "$POSTGRESQL_DATABASE" -U "$POSTGRESQL_USER" -p "$POSTGRESQL_PORT" -a -w -f /initdbdata/initdb.sql if [ $? -eq 0 ]; then echo "DB's schema initialized successfully!" exit 0 else echo "DB's schema failed to initialize." exit 1 fi fi portal: enabled: true