feat(guacamole-client): BREAKING CHANGES migrate new common (#10771)
This commit is contained in:
parent
c36414dd19
commit
96342ca379
|
@ -1,765 +0,0 @@
|
|||
# Include{groups}
|
||||
portals:
|
||||
open:
|
||||
# Include{portalLink}
|
||||
path: "/guacamole"
|
||||
questions:
|
||||
# Include{global}
|
||||
# Include{workload}
|
||||
# Include{workloadDeployment}
|
||||
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: GUACD_HOSTNAME
|
||||
label: "Guacd Hostname"
|
||||
description: "The hostname of the guacd instance to use to establish remote desktop connections"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: GUACD_PORT
|
||||
label: "Guacd Port"
|
||||
description: "The port that Guacamole should use when connecting to guacd"
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 4822
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
- variable: general
|
||||
group: "App Configuration"
|
||||
label: "General Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: EXTENSION_PRIORITY
|
||||
label: "Extension Priority (Leave blank for default)"
|
||||
description: "A comma-separated list of the namespaces of all extensions that should be loaded in a specific order"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: api
|
||||
group: "App Configuration"
|
||||
label: "API Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: API_SESSION_TIMEOUT
|
||||
label: "API Session Timeout (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: totp
|
||||
group: "App Configuration"
|
||||
label: "TOTP Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: TOTP_ENABLED
|
||||
label: "Enable TOTP"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: TOTP_ISSUER
|
||||
label: "TOTP Issuer (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: TOTP_PERIOD
|
||||
label: "TOTP Period (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: TOTP_DIGITS
|
||||
label: "TOTP Digits"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "default"
|
||||
- value: "6"
|
||||
description: "6"
|
||||
- value: "7"
|
||||
description: "7"
|
||||
- value: "8"
|
||||
description: "8"
|
||||
- variable: TOTP_MODE
|
||||
label: "TOTP Mode"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "default"
|
||||
- value: "sha1"
|
||||
description: "sha1"
|
||||
- value: "sha256"
|
||||
description: "sha256"
|
||||
- value: "sha512"
|
||||
description: "sha512"
|
||||
- variable: header
|
||||
group: "App Configuration"
|
||||
label: "Header Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: HEADER_ENABLED
|
||||
label: "Enable Header"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: HTTP_AUTH_HEADER
|
||||
label: "HTTP Auth Header (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: json
|
||||
group: "App Configuration"
|
||||
label: "JSON Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: json_enabled
|
||||
label: "Enable JSON"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: JSON_SECRET_KEY
|
||||
label: "JSON Secret Key"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: JSON_TRUSTED_NETWORKS
|
||||
label: "JSON Trusted Networks (Leave blank for unrestricted"
|
||||
description: "Comma separated list e.g.: 127.0.0.0/8, 10.0.0.0/8"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: duo
|
||||
group: "App Configuration"
|
||||
label: "DUO Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: duo_enabled
|
||||
label: "Enable DUO"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: DUO_API_HOSTNAME
|
||||
label: "DUO API Hostname (api-XXXXXXXX.duosecurity.com)"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DUO_INTEGRATION_KEY
|
||||
label: "DUO Integration Key (Exactly 20 chars)"
|
||||
schema:
|
||||
min_length: 20
|
||||
max_length: 20
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DUO_SECRET_KEY
|
||||
label: "DUO Secret Key (Exactly 40 chars)"
|
||||
schema:
|
||||
min_length: 40
|
||||
max_length: 40
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DUO_APPLICATION_KEY
|
||||
label: "DUO Application Key (At least 40 chars)"
|
||||
schema:
|
||||
min_length: 40
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: cas
|
||||
group: "App Configuration"
|
||||
label: "CAS Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: cas_enabled
|
||||
label: "Enable CAS"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CAS_AUTHORIZATION_ENDPOINT
|
||||
label: "CAS Authorization Endpoint"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: CAS_REDIRECT_URI
|
||||
label: "CAS Redirect URI"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: CAS_CLEARPASS_KEY
|
||||
label: "CAS Clearpass Key"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CAS_GROUP_ATTRIBUTE
|
||||
label: "CAS Group Attribute"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CAS_GROUP_LDAP_BASE_DN
|
||||
label: "CAS Group LDAP Base DN"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CAS_GROUP_LDAP_ATTRIBUTE
|
||||
label: "CAS Group LDAP Attribute"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CAS_GROUP_FORMAT
|
||||
label: "CAS Group Format"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "default"
|
||||
- value: "plain"
|
||||
description: "plain"
|
||||
- value: "ldap"
|
||||
description: "ldap"
|
||||
- variable: openid
|
||||
group: "App Configuration"
|
||||
label: "OpenID Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: openid_enabled
|
||||
label: "Enable OpenID"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: OPENID_AUTHORIZATION_ENDPOINT
|
||||
label: "OpenID Authorization Endpoint"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_JWKS_ENDPOINT
|
||||
label: "OpenID JWKS Endpoint"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_ISSUER
|
||||
label: "OpenID Issuer"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_CLIENT_ID
|
||||
label: "OpenID Client ID"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_REDIRECT_URI
|
||||
label: "OpenID Redirect URI"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_USERNAME_CLAIM_TYPE
|
||||
label: "OpenID Username Claim Type (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: OPENID_GROUPS_CLAIM_TYPE
|
||||
label: "OpenID Groups Claim Type (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: OPENID_MAX_TOKEN_VALIDITY
|
||||
label: "OpenID Max Token Validity (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: radius
|
||||
group: "App Configuration"
|
||||
label: "Radius Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: radius_enabled
|
||||
label: "Enable Radius"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: RADIUS_SHARED_SECRET
|
||||
label: "Radius Shared Secret"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: RADIUS_AUTH_PROTOCOL
|
||||
label: "Radius Auth Protocol"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "eap-tls"
|
||||
enum:
|
||||
- value: "pap"
|
||||
description: "pap"
|
||||
- value: "chap"
|
||||
description: "chap"
|
||||
- value: "mschapv1"
|
||||
description: "mschapv1"
|
||||
- value: "mschapv2"
|
||||
description: "mschapv2"
|
||||
- value: "eap-md5"
|
||||
description: "eap-md5"
|
||||
- value: "eap-tls"
|
||||
description: "eap-tls"
|
||||
- value: "eap-ttls"
|
||||
description: "eap-ttls"
|
||||
- variable: RADIUS_HOSTNAME
|
||||
label: "Radius Hostname (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_AUTH_PORT
|
||||
label: "Radius Auth Port (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_KEY_FILE
|
||||
label: "Radius Key File (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_KEY_TYPE
|
||||
label: "Radius Key Type"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "pem"
|
||||
description: "pem"
|
||||
- value: "jceks"
|
||||
description: "jceks"
|
||||
- value: "jks"
|
||||
description: "jks"
|
||||
- value: "pkcs12"
|
||||
description: "pkcs12"
|
||||
- variable: RADIUS_KEY_PASSWORD
|
||||
label: "Radius Key Password (Leave blank if no password)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_CA_FILE
|
||||
label: "Radius CA File (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_CA_TYPE
|
||||
label: "Radius CA Type"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "pem"
|
||||
description: "pem"
|
||||
- value: "jceks"
|
||||
description: "jceks"
|
||||
- value: "jks"
|
||||
description: "jks"
|
||||
- value: "pkcs12"
|
||||
description: "pkcs12"
|
||||
- variable: RADIUS_CA_PASSWORD
|
||||
label: "Radius CA Password (Leave blank if no password)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_TRUST_ALL
|
||||
label: "Radius Trust All"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: RADIUS_RETRIES
|
||||
label: "Radius Retries (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_TIMEOUT
|
||||
label: "Radius Timeout (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_EAP_TTLS_INNER_PROTOCOL
|
||||
label: "Radius eap-ttls Inner Protocol"
|
||||
description: "Only has effect when RADIUS_AUTH_PROTOCOL is set to eap-ttls"
|
||||
schema:
|
||||
type: string
|
||||
default: "eap-tls"
|
||||
enum:
|
||||
- value: "pap"
|
||||
description: "pap"
|
||||
- value: "chap"
|
||||
description: "chap"
|
||||
- value: "mschapv1"
|
||||
description: "mschapv1"
|
||||
- value: "mschapv2"
|
||||
description: "mschapv2"
|
||||
- value: "eap-md5"
|
||||
description: "eap-md5"
|
||||
- value: "eap-tls"
|
||||
description: "eap-tls"
|
||||
- variable: ldap
|
||||
group: "App Configuration"
|
||||
label: "LDAP Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: ldap_enabled
|
||||
label: "Enable LDAP"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: LDAP_HOSTNAME
|
||||
label: "LDAP Hostname (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: LDAP_USER_BASE_DN
|
||||
label: "LDAP User Base DN"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: LDAP_PORT
|
||||
label: "LDAP Port (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_ENCRYPTION_METHOD
|
||||
label: "LDAP Encryption Method (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "none"
|
||||
description: "none"
|
||||
- value: "ssl"
|
||||
description: "ssl"
|
||||
- value: "starttls"
|
||||
description: "starttls"
|
||||
- variable: LDAP_MAX_SEARCH_RESULTS
|
||||
label: "LDAP Max Search Results (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_SEARCH_BIND_DN
|
||||
label: "LDAP Search Bind DN (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_USER_ATTRIBUTES
|
||||
label: "LDAP User Attributes"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_SEARCH_BIND_PASSWORD
|
||||
label: "LDAP Search Bind Password (Leave blank if no password)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_USERNAME_ATTRIBUTE
|
||||
label: "LDAP Username Attribute"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_MEMBER_ATTRIBUTE
|
||||
label: "LDAP Member Attribute"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_USER_SEARCH_FILTER
|
||||
label: "LDAP User Search Filter (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_CONFIG_BASE_DN
|
||||
label: "LDAP Config Base DN"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_GROUP_BASE_DN
|
||||
label: "LDAP Group Base DN"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_GROUP_SEARCH_FILTER
|
||||
label: "LDAP Group Search Filter (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_MEMBER_ATTRIBUTE_TYPE
|
||||
label: "LDAP Encryption Method"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "dn"
|
||||
description: "dn"
|
||||
- value: "uid"
|
||||
description: "uid"
|
||||
- variable: LDAP_GROUP_NAME_ATTRIBUTE
|
||||
label: "LDAP Group Name Attribute (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_DEREFERENCE_ALIASES
|
||||
label: "LDAP Dereference Aliases"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "never"
|
||||
description: "never"
|
||||
- value: "searching"
|
||||
description: "searching"
|
||||
- value: "finding"
|
||||
description: "finding"
|
||||
- value: "always"
|
||||
description: "always"
|
||||
- variable: LDAP_FOLLOW_REFERRALS
|
||||
label: "LDAP Follow Referrals"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: LDAP_MAX_REFERRAL_HOPS
|
||||
label: "LDAP Max Referrals Hops (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_OPERATION_TIMEOUT
|
||||
label: "LDAP Operation Timeout (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: saml
|
||||
group: "App Configuration"
|
||||
label: "SAML Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: saml_enabled
|
||||
label: "Enable SAML"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: SAML_IDP_METADATA_URL
|
||||
label: "SAML IDP Metadata URL"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: SAML_IDP_URL
|
||||
label: "SAML IDP URL"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: SAML_ENTITY_ID
|
||||
label: "SAML Entity ID"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: SAML_CALLBACK_URL
|
||||
label: "SAML Callback URL"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: SAML_STRICT
|
||||
label: "SAML Strict"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: SAML_DEBUG
|
||||
label: "SAML Debug"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: SAML_COMPRESS_REQUEST
|
||||
label: "SAML Compress Request"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: SAML_COMPRESS_RESPONSE
|
||||
label: "SAML Compress Response"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: SAML_GROUP_ATTRIBUTE
|
||||
label: "SAML Group Attribute (Leave empty for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: proxy
|
||||
group: "App Configuration"
|
||||
label: "Proxy Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: REMOTE_IP_VALVE_ENABLED
|
||||
label: "Enable Proxy"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: PROXY_BY_HEADER
|
||||
label: "Proxy by Header (Leave empty for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: PROXY_PROTOCOL_HEADER
|
||||
label: "Proxy Protocol Header (Leave empty for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: PROXY_IP_HEADER
|
||||
label: "Proxy IP Header (Leave empty for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: PROXY_ALLOWED_IPS_REGEX
|
||||
label: "Proxy Allowed IP Regex (Leave empty for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
description: "The Primary service on which the healthcheck runs, often the webUI"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelectorLoadBalancer}
|
||||
# Include{serviceSelectorExtras}
|
||||
- variable: main
|
||||
label: "Main Service Port Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: "Port"
|
||||
description: "This port exposes the container port on the service"
|
||||
schema:
|
||||
type: int
|
||||
default: 9998
|
||||
required: true
|
||||
# Include{serviceExpertRoot}
|
||||
# Include{serviceExpert}
|
||||
# Include{serviceList}
|
||||
# Include{persistenceList}
|
||||
# Include{ingressRoot}
|
||||
- variable: main
|
||||
label: "Main Ingress"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{ingressDefault}
|
||||
# Include{ingressTLS}
|
||||
# Include{ingressTraefik}
|
||||
# Include{ingressAdvanced}
|
||||
# Include{ingressList}
|
||||
# Include{securityContextRoot}
|
||||
|
||||
- variable: runAsUser
|
||||
label: "runAsUser"
|
||||
description: "The UserID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 1001
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 1001
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
- variable: fsGroup
|
||||
label: "fsGroup"
|
||||
description: "The group that should own ALL storage"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
|
||||
# Include{resources}
|
||||
# Include{advanced}
|
||||
# Include{addons}
|
||||
# Include{codeserver}
|
||||
# Include{netshoot}
|
||||
# Include{vpn}
|
||||
# Include{documentation}
|
|
@ -1,242 +0,0 @@
|
|||
{{/* Define the configmap */}}
|
||||
{{- define "guacamole-client.configmap" -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: guacamole-client-env
|
||||
data:
|
||||
{{/* GENERAL */}}
|
||||
{{- with .Values.general.EXTENSION_PRIORITY }}
|
||||
EXTENSION_PRIORITY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{/* API */}}
|
||||
{{- with .Values.api.API_SESSION_TIMEOUT }}
|
||||
API_SESSION_TIMEOUT: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{/* TOTP */}}
|
||||
{{- if .Values.totp.TOTP_ENABLED }}
|
||||
TOTP_ENABLED: {{ .Values.totp.TOTP_ENABLED | quote }}
|
||||
{{- with .Values.totp.TOTP_ISSUER }}
|
||||
TOTP_ISSUER: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.totp.TOTP_DIGITS }}
|
||||
TOTP_DIGITS: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.totp.TOTP_PERIOD }}
|
||||
TOTP_PERIOD: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.totp.TOTP_MODE }}
|
||||
TOTP_MODE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* HEADER */}}
|
||||
{{- if .Values.header.HEADER_ENABLED }}
|
||||
HEADER_ENABLED: {{ .Values.header.HEADER_ENABLED | quote }}
|
||||
{{- with .Values.header.HTTP_AUTH_HEADER }}
|
||||
HTTP_AUTH_HEADER: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* JSON */}}
|
||||
{{- with .Values.json.JSON_SECRET_KEY }}
|
||||
JSON_SECRET_KEY: {{ . | quote }}
|
||||
{{- with .Values.json.JSON_TRUSTED_NETWORKS }}
|
||||
JSON_TRUSTED_NETWORKS: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* DUO */}}
|
||||
{{- if and .Values.duo.DUO_API_HOSTNAME .Values.duo.DUO_INTEGRATION_KEY .Values.duo.DUO_SECRET_KEY .Values.duo.DUO_APPLICATION_KEY }}
|
||||
DUO_API_HOSTNAME: {{ .Values.duo.DUO_API_HOSTNAME | quote }}
|
||||
DUO_INTEGRATION_KEY: {{ .Values.duo.DUO_INTEGRATION_KEY | quote }}
|
||||
DUO_SECRET_KEY: {{ .Values.duo.DUO_SECRET_KEY | quote }}
|
||||
DUO_APPLICATION_KEY: {{ .Values.duo.DUO_APPLICATION_KEY | quote }}
|
||||
{{- end }}
|
||||
{{/* CAS */}}
|
||||
{{- if and .Values.cas.CAS_AUTHORIZATION_ENDPOINT .Values.cas.CAS_REDIRECT_URI }}
|
||||
CAS_AUTHORIZATION_ENDPOINT: {{ .Values.cas.CAS_AUTHORIZATION_ENDPOINT | quote }}
|
||||
CAS_REDIRECT_URI: {{ .Values.cas.CAS_REDIRECT_URI | quote }}
|
||||
{{- with .Values.cas.CAS_CLEARPASS_KEY }}
|
||||
CAS_CLEARPASS_KEY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.cas.CAS_GROUP_ATTRIBUTE }}
|
||||
CAS_GROUP_ATTRIBUTE: {{ . | quote }}
|
||||
{{- with .Values.cas.CAS_GROUP_FORMAT }}
|
||||
CAS_GROUP_FORMAT: {{ . | quote }}
|
||||
{{- if eq .Values.cas.CAS_GROUP_FORMAT "ldap" }}
|
||||
{{- with .Values.cas.CAS_GROUP_LDAP_BASE_DN }}
|
||||
CAS_GROUP_LDAP_BASE_DN: {{ . | quote }}
|
||||
{{- with .Values.cas.CAS_GROUP_LDAP_ATTRIBUTE }}
|
||||
CAS_GROUP_LDAP_ATTRIBUTE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* OpenID */}}
|
||||
{{- if and .Values.openid.OPENID_AUTHORIZATION_ENDPOINT .Values.openid.OPENID_JWKS_ENDPOINT .Values.openid.OPENID_ISSUER .Values.openid.OPENID_CLIENT_ID .Values.openid.OPENID_REDIRECT_URI }}
|
||||
OPENID_AUTHORIZATION_ENDPOINT: {{ .Values.openid.OPENID_AUTHORIZATION_ENDPOINT | quote }}
|
||||
OPENID_JWKS_ENDPOINT: {{ .Values.openid.OPENID_JWKS_ENDPOINT | quote }}
|
||||
OPENID_ISSUER: {{ .Values.openid.OPENID_ISSUER | quote }}
|
||||
OPENID_CLIENT_ID: {{ .Values.openid.OPENID_CLIENT_ID | quote }}
|
||||
OPENID_REDIRECT_URI: {{ .Values.openid.OPENID_REDIRECT_URI | quote }}
|
||||
{{- with .Values.openid.OPENID_USERNAME_CLAIM_TYPE }}
|
||||
OPENID_USERNAME_CLAIM_TYPE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.openid.OPENID_GROUPS_CLAIM_TYPE }}
|
||||
OPENID_GROUPS_CLAIM_TYPE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.openid.OPENID_MAX_TOKEN_VALIDITY }}
|
||||
OPENID_MAX_TOKEN_VALIDITY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* RADIUS */}}
|
||||
{{- if and .Values.radius.RADIUS_SHARED_SECRET .Values.radius.RADIUS_AUTH_PROTOCOL }}
|
||||
RADIUS_SHARED_SECRET: {{ .Values.radius.RADIUS_SHARED_SECRET | quote }}
|
||||
RADIUS_AUTH_PROTOCOL: {{ .Values.radius.RADIUS_AUTH_PROTOCOL | quote }}
|
||||
{{- with .Values.radius.RADIUS_HOSTNAME }}
|
||||
RADIUS_HOSTNAME: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.radius.RADIUS_AUTH_PORT }}
|
||||
RADIUS_AUTH_PORT: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.radius.RADIUS_KEY_FILE }}
|
||||
RADIUS_KEY_FILE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.radius.RADIUS_KEY_TYPE }}
|
||||
RADIUS_KEY_TYPE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.radius.RADIUS_KEY_PASSWORD }}
|
||||
RADIUS_KEY_PASSWORD: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.radius.RADIUS_CA_FILE }}
|
||||
RADIUS_CA_FILE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.radius.RADIUS_CA_TYPE }}
|
||||
RADIUS_CA_TYPE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.radius.RADIUS_CA_PASSWORD }}
|
||||
RADIUS_CA_PASSWORD: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.radius.RADIUS_TRUST_ALL }}
|
||||
RADIUS_TRUST_ALL: {{ .Values.radius.RADIUS_TRUST_ALL | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.radius.RADIUS_RETRIES }}
|
||||
RADIUS_RETRIES: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.radius.RADIUS_TIMEOUT }}
|
||||
RADIUS_TIMEOUT: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.radius.RADIUS_EAP_TTLS_INNER_PROTOCOL }}
|
||||
RADIUS_EAP_TTLS_INNER_PROTOCOL: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* LDAP */}}
|
||||
{{- if and .Values.ldap.LDAP_HOSTNAME .Values.ldap.LDAP_USER_BASE_DN }}
|
||||
LDAP_HOSTNAME: {{ .Values.ldap.LDAP_HOSTNAME | quote }}
|
||||
LDAP_USER_BASE_DN: {{ .Values.ldap.LDAP_USER_BASE_DN | quote }}
|
||||
{{- with .Values.ldap.LDAP_PORT }}
|
||||
LDAP_PORT: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_ENCRYPTION_METHOD }}
|
||||
LDAP_ENCRYPTION_METHOD: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_MAX_SEARCH_RESULTS }}
|
||||
LDAP_MAX_SEARCH_RESULTS: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_SEARCH_BIND_DN }}
|
||||
LDAP_SEARCH_BIND_DN: {{ .| quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_USER_ATTRIBUTES }}
|
||||
LDAP_USER_ATTRIBUTES: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_SEARCH_BIND_PASSWORD }}
|
||||
LDAP_SEARCH_BIND_PASSWORD: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_USERNAME_ATTRIBUTE }}
|
||||
LDAP_USERNAME_ATTRIBUTE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_MEMBER_ATTRIBUTE }}
|
||||
LDAP_MEMBER_ATTRIBUTE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_USER_SEARCH_FILTER }}
|
||||
LDAP_USER_SEARCH_FILTER: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_CONFIG_BASE_DN }}
|
||||
LDAP_CONFIG_BASE_DN: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_GROUP_BASE_DN }}
|
||||
LDAP_GROUP_BASE_DN: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_GROUP_SEARCH_FILTER }}
|
||||
LDAP_GROUP_SEARCH_FILTER: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_MEMBER_ATTRIBUTE_TYPE }}
|
||||
LDAP_MEMBER_ATTRIBUTE_TYPE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_GROUP_NAME_ATTRIBUTE }}
|
||||
LDAP_GROUP_NAME_ATTRIBUTE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_DEREFERENCE_ALIASES }}
|
||||
LDAP_DEREFERENCE_ALIASES: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_FOLLOW_REFERRALS }}
|
||||
LDAP_FOLLOW_REFERRALS: {{ .Values.ldap.LDAP_FOLLOW_REFERRALS | quote }}
|
||||
{{- with .Values.ldap.LDAP_MAX_REFERRAL_HOPS }}
|
||||
LDAP_MAX_REFERRAL_HOPS: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.ldap.LDAP_OPERATION_TIMEOUT }}
|
||||
LDAP_OPERATION_TIMEOUT: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* SAML */}}
|
||||
{{- if or .Values.saml.SAML_IDP_METADATA_URL ( and ( .Values.saml.SAML_ENTITY_ID ) ( .Values.saml.SAML_CALLBACK_URL ) ) }}
|
||||
{{- with .Values.saml.SAML_IDP_METADATA_URL }}
|
||||
SAML_IDP_METADATA_URL: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.saml.SAML_ENTITY_ID }}
|
||||
SAML_ENTITY_ID: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.saml.SAML_CALLBACK_URL }}
|
||||
SAML_CALLBACK_URL: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.saml.SAML_IDP_URL }}
|
||||
SAML_IDP_URL: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.saml.SAML_STRICT }}
|
||||
SAML_STRICT: {{ .Values.saml.SAML_STRICT | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.saml.SAML_DEBUG }}
|
||||
SAML_DEBUG: {{ .Values.saml.SAML_DEBUG | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.saml.SAML_COMPRESS_REQUEST }}
|
||||
SAML_COMPRESS_REQUEST: {{ .Values.saml.SAML_COMPRESS_REQUEST | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.saml.SAML_COMPRESS_RESPONSE }}
|
||||
SAML_COMPRESS_RESPONSE: {{ .alues.saml.SAML_COMPRESS_RESPONSE | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.saml.SAML_GROUP_ATTRIBUTE }}
|
||||
SAML_GROUP_ATTRIBUTE: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* PROXY */}}
|
||||
{{- if .Values.proxy.REMOTE_IP_VALVE_ENABLED }}
|
||||
REMOTE_IP_VALVE_ENABLED: {{ .Values.proxy.REMOTE_IP_VALVE_ENABLED | quote }}
|
||||
{{- with .Values.proxy.PROXY_BY_HEADER }}
|
||||
PROXY_BY_HEADER: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.proxy.PROXY_PROTOCOL_HEADER }}
|
||||
PROXY_PROTOCOL_HEADER: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.proxy.PROXY_PROTOCOL_HEADER }}
|
||||
PROXY_PROTOCOL_HEADER: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.proxy.PROXY_IP_HEADER }}
|
||||
PROXY_IP_HEADER: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.proxy.PROXY_ALLOWED_IPS_REGEX }}
|
||||
PROXY_ALLOWED_IPS_REGEX: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -1,8 +0,0 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{ include "tc.common.loader.init" . }}
|
||||
|
||||
{{/* Render configmap for vaultwarden */}}
|
||||
{{- include "guacamole-client.configmap" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.common.loader.apply" . }}
|
|
@ -1,244 +0,0 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/guacamole-client
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 1.5.1@sha256:42a3d281697932261078d53920d1e9f822fddee8cbd9bc2f54ef46c6dbad3b1f
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 9998
|
||||
targetPort: 8080
|
||||
|
||||
env:
|
||||
# Will probably be removed on 1.5.0 (https://github.com/apache/guacamole-client/pull/717)
|
||||
POSTGRES_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}"
|
||||
POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}"
|
||||
POSTGRES_PORT: 5432
|
||||
POSTGRES_HOSTNAME:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: plainhost
|
||||
POSTGRES_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: postgresql-password
|
||||
# New format
|
||||
POSTGRESQL_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: postgresql-password
|
||||
POSTGRESQL_HOSTNAME:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: plainhost
|
||||
POSTGRESQL_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}"
|
||||
POSTGRESQL_USER: "{{ .Values.postgresql.postgresqlUsername }}"
|
||||
POSTGRESQL_PORT: 5432
|
||||
GUACD_HOSTNAME: "localhost"
|
||||
GUACD_PORT: 4822
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: guacamole-client-env
|
||||
|
||||
totp:
|
||||
TOTP_ENABLED: false
|
||||
# TOTP_ISSUER: "Apache Guacamole"
|
||||
# TOTP_DIGITS: "6"
|
||||
# TOTP_PERIOD: "30"
|
||||
# TOTP_MODE: "sha1"
|
||||
|
||||
header:
|
||||
HEADER_ENABLED: false
|
||||
# HTTP_AUTH_HEADER: "REMOTE_USER"
|
||||
|
||||
api:
|
||||
{}
|
||||
# API_SESSION_TIMEOUT: "60"
|
||||
|
||||
general:
|
||||
{}
|
||||
# EXTENSION_PRIORITY: "openid"
|
||||
|
||||
json:
|
||||
{}
|
||||
# JSON_SECRET_KEY: "random32charkey"
|
||||
# JSON_TRUSTED_NETWORKS: "127.0.0.0/8, 10.0.0.0/8"
|
||||
|
||||
duo:
|
||||
{}
|
||||
# DUO_API_HOSTNAME: "api-XXXXXXXX.duosecurity.com"
|
||||
# DUO_INTEGRATION_KEY: "exactly20charkey"
|
||||
# DUO_SECRET_KEY: "exactly40charkey"
|
||||
# DUO_APPLICATION_KEY: "atleast40charkey"
|
||||
|
||||
cas:
|
||||
{}
|
||||
# CAS_AUTHORIZATION_ENDPOINT: ""
|
||||
# CAS_REDIRECT_URI: ""
|
||||
# CAS_CLEARPASS_KEY: ""
|
||||
# CAS_GROUP_ATTRIBUTE: ""
|
||||
# CAS_GROUP_FORMAT: "plain"
|
||||
# CAS_GROUP_LDAP_BASE_DN: ""
|
||||
# CAS_GROUP_LDAP_ATTRIBUTE: ""
|
||||
|
||||
openid:
|
||||
{}
|
||||
# OPENID_AUTHORIZATION_ENDPOINT: ""
|
||||
# OPENID_JWKS_ENDPOINT: ""
|
||||
# OPENID_ISSUER: ""
|
||||
# OPENID_CLIENT_ID: ""
|
||||
# OPENID_REDIRECT_URI: ""
|
||||
# OPENID_USERNAME_CLAIM_TYPE: "email"
|
||||
# OPENID_GROUPS_CLAIM_TYPE: "groups"
|
||||
# OPENID_MAX_TOKEN_VALIDITY: "300"
|
||||
|
||||
radius:
|
||||
{}
|
||||
# RADIUS_HOSTNAME: "localhost"
|
||||
# RADIUS_AUTH_PORT: "1812"
|
||||
# RADIUS_SHARED_SECRET: ""
|
||||
# RADIUS_AUTH_PROTOCOL: "eap-tls"
|
||||
# RADIUS_KEY_FILE: ""
|
||||
# RADIUS_KEY_TYPE: "pkcs12"
|
||||
# RADIUS_KEY_PASSWORD: ""
|
||||
# RADIUS_CA_FILE: ""
|
||||
# RADIUS_CA_TYPE: "pem"
|
||||
# RADIUS_CA_PASSWORD: ""
|
||||
# RADIUS_TRUST_ALL: "false"
|
||||
# RADIUS_RETRIES: "5"
|
||||
# RADIUS_TIMEOUT: "60"
|
||||
# RADIUS_EAP_TTLS_INNER_PROTOCOL: "eap-tls"
|
||||
|
||||
ldap:
|
||||
{}
|
||||
# LDAP_HOSTNAME: "localhost"
|
||||
# LDAP_USER_BASE_DN: ""
|
||||
# LDAP_PORT: "389"
|
||||
# LDAP_ENCRYPTION_METHOD: "none"
|
||||
# LDAP_MAX_SEARCH_RESULTS: "1000"
|
||||
# LDAP_SEARCH_BIND_DN: ""
|
||||
# LDAP_USER_ATTRIBUTES: ""
|
||||
# LDAP_SEARCH_BIND_PASSWORD: ""
|
||||
# LDAP_USERNAME_ATTRIBUTE: ""
|
||||
# LDAP_MEMBER_ATTRIBUTE: ""
|
||||
# LDAP_USER_SEARCH_FILTER: "(objectClass=*)"
|
||||
# LDAP_CONFIG_BASE_DN: ""
|
||||
# LDAP_GROUP_BASE_DN: ""
|
||||
# LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)"
|
||||
# LDAP_MEMBER_ATTRIBUTE_TYPE: "dn"
|
||||
# LDAP_GROUP_NAME_ATTRIBUTE: "cn"
|
||||
# LDAP_DEREFERENCE_ALIASES: "never"
|
||||
# LDAP_FOLLOW_REFERRALS: false
|
||||
# LDAP_MAX_REFERRAL_HOPS: "5"
|
||||
# LDAP_OPERATION_TIMEOUT: "30"
|
||||
|
||||
saml:
|
||||
{}
|
||||
# SAML_IDP_METADATA_URL: ""
|
||||
# SAML_IDP_URL:
|
||||
# SAML_ENTITY_ID:
|
||||
# SAML_CALLBACK_URL:
|
||||
# SAML_STRICT:
|
||||
# SAML_DEBUG:
|
||||
# SAML_COMPRESS_REQUEST:
|
||||
# SAML_COMPRESS_RESPONSE:
|
||||
# SAML_GROUP_ATTRIBUTE:
|
||||
|
||||
proxy:
|
||||
{}
|
||||
# REMOTE_IP_VALVE_ENABLED: false
|
||||
# PROXY_BY_HEADER: ""
|
||||
# PROXY_PROTOCOL_HEADER: ""
|
||||
# PROXY_IP_HEADER: ""
|
||||
# PROXY_ALLOWED_IPS_REGEX: ""
|
||||
|
||||
postgresql:
|
||||
enabled: true
|
||||
existingSecret: "dbcreds"
|
||||
postgresqlUsername: guacamole
|
||||
postgresqlDatabase: guacamole
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
path: "/guacamole"
|
||||
readiness:
|
||||
path: "/guacamole"
|
||||
startup:
|
||||
path: "/guacamole"
|
||||
|
||||
persistence:
|
||||
initdbdata:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
mountPath: "/initdbdata"
|
||||
|
||||
installContainers:
|
||||
1-creat-initdb-file:
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
volumeMounts:
|
||||
- name: initdbdata
|
||||
mountPath: "/initdbdata"
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- |-
|
||||
echo "Creating initdb.sql file..."
|
||||
/opt/guacamole/bin/initdb.sh --postgres >/initdbdata/initdb.sql
|
||||
if [ -e /initdbdata/initdb.sql ]; then
|
||||
echo "Init file created successfully!"
|
||||
exit 0
|
||||
else
|
||||
echo "Init file failed to create."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
2-initdb:
|
||||
image: "{{ .Values.ubuntuImage.repository }}:{{ .Values.ubuntuImage.tag }}"
|
||||
env:
|
||||
- name: POSTGRESQL_DATABASE
|
||||
value: "{{ .Values.postgresql.postgresqlDatabase }}"
|
||||
- name: POSTGRESQL_USER
|
||||
value: "{{ .Values.postgresql.postgresqlUsername }}"
|
||||
- name: POSTGRESQL_PORT
|
||||
value: "5432"
|
||||
- name: POSTGRESQL_HOSTNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: plainhost
|
||||
- name: PGPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: postgresql-password
|
||||
volumeMounts:
|
||||
- name: initdbdata
|
||||
mountPath: "/initdbdata"
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- |-
|
||||
psql -h "$POSTGRESQL_HOSTNAME" -d "$POSTGRESQL_DATABASE" -U "$POSTGRESQL_USER" -p "$POSTGRESQL_PORT" -o '/dev/null' -c 'SELECT * FROM public.guacamole_user'
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "DB already initialized. Skipping..."
|
||||
else
|
||||
echo "Initializing DB's schema..."
|
||||
psql -h "$POSTGRESQL_HOSTNAME" -d "$POSTGRESQL_DATABASE" -U "$POSTGRESQL_USER" -p "$POSTGRESQL_PORT" -a -w -f /initdbdata/initdb.sql
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "DB's schema initialized successfully!"
|
||||
exit 0
|
||||
else
|
||||
echo "DB's schema failed to initialize."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
portal:
|
||||
enabled: true
|
|
@ -3,14 +3,10 @@ appVersion: "1.5.1"
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://deps.truecharts.org/
|
||||
version: 11.0.31
|
||||
version: 13.2.0
|
||||
description: Apache Guacamole is a clientless remote desktop gateway.
|
||||
home: https://truecharts.org/charts/incubator/guacamole-client
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/guacamole-client.png
|
||||
home: https://truecharts.org/charts/stable/guacamole
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/guacamole.png
|
||||
keywords:
|
||||
- guacamole
|
||||
- remote
|
||||
|
@ -19,13 +15,12 @@ maintainers:
|
|||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: guacamole-client
|
||||
name: guacamole
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/incubator/guacamole-client
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/guacamole
|
||||
- https://github.com/apache/guacamole-client
|
||||
- http://guacamole.incubator.apache.org/doc/gug/introduction.html
|
||||
type: application
|
||||
version: 8.0.0
|
||||
version: 9.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- utilities
|
Before Width: | Height: | Size: 17 KiB After Width: | Height: | Size: 17 KiB |
|
@ -0,0 +1,766 @@
|
|||
# Include{groups}
|
||||
portals:
|
||||
open:
|
||||
# Include{portalLink}
|
||||
path: /guacamole
|
||||
questions:
|
||||
# Include{global}
|
||||
# Include{workload}
|
||||
# Include{workloadDeployment}
|
||||
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
- variable: guacamole
|
||||
label: Guacamole Configuration
|
||||
group: App Configuration
|
||||
schema:
|
||||
type: dict
|
||||
additional_attrs: true
|
||||
attrs:
|
||||
- variable: general
|
||||
label: General Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: EXTENSION_PRIORITY
|
||||
label: Extension Priority
|
||||
description: A comma-separated list of the namespaces of all extensions that should be loaded in a specific order
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: api
|
||||
label: API Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: API_SESSION_TIMEOUT
|
||||
label: API Session Timeout (in minutes)
|
||||
schema:
|
||||
type: int
|
||||
default: 60
|
||||
- variable: totp
|
||||
label: TOTP Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: TOTP_ENABLED
|
||||
label: Enable TOTP
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: TOTP_ISSUER
|
||||
label: TOTP Issuer
|
||||
schema:
|
||||
type: string
|
||||
default: Apache Guacamole
|
||||
required: true
|
||||
- variable: TOTP_PERIOD
|
||||
label: TOTP Period
|
||||
schema:
|
||||
type: int
|
||||
default: 30
|
||||
required: true
|
||||
- variable: TOTP_DIGITS
|
||||
label: TOTP Digits
|
||||
schema:
|
||||
type: int
|
||||
min: 6
|
||||
max: 8
|
||||
default: 6
|
||||
required: true
|
||||
- variable: TOTP_MODE
|
||||
label: TOTP Mode
|
||||
schema:
|
||||
type: string
|
||||
default: sha1
|
||||
required: true
|
||||
enum:
|
||||
- value: sha1
|
||||
description: sha1
|
||||
- value: sha256
|
||||
description: sha256
|
||||
- value: sha512
|
||||
description: sha512
|
||||
- variable: header
|
||||
label: Header Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: HEADER_ENABLED
|
||||
label: Enable Header
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: HTTP_AUTH_HEADER
|
||||
label: HTTP Auth Header
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: REMOTE_USER
|
||||
- variable: json
|
||||
label: JSON Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: json_enabled
|
||||
label: Enable JSON
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: JSON_SECRET_KEY
|
||||
label: JSON Secret Key
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: JSON_TRUSTED_NETWORKS
|
||||
label: JSON Trusted Networks (Leave blank for unrestricted
|
||||
description: "Comma separated list e.g.: 127.0.0.0/8, 10.0.0.0/8"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: duo
|
||||
label: DUO Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: duo_enabled
|
||||
label: Enable DUO
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: DUO_API_HOSTNAME
|
||||
label: DUO API Hostname (api-XXXXXXXX.duosecurity.com)
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DUO_INTEGRATION_KEY
|
||||
label: DUO Integration Key (Exactly 20 chars)
|
||||
schema:
|
||||
min_length: 20
|
||||
max_length: 20
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DUO_SECRET_KEY
|
||||
label: DUO Secret Key (Exactly 40 chars)
|
||||
schema:
|
||||
min_length: 40
|
||||
max_length: 40
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DUO_APPLICATION_KEY
|
||||
label: DUO Application Key (At least 40 chars)
|
||||
schema:
|
||||
min_length: 40
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: cas
|
||||
label: CAS Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: cas_enabled
|
||||
label: Enable CAS
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CAS_AUTHORIZATION_ENDPOINT
|
||||
label: CAS Authorization Endpoint
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: CAS_REDIRECT_URI
|
||||
label: CAS Redirect URI
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: CAS_CLEARPASS_KEY
|
||||
label: CAS Clearpass Key
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CAS_GROUP_ATTRIBUTE
|
||||
label: CAS Group Attribute
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CAS_GROUP_LDAP_BASE_DN
|
||||
label: CAS Group LDAP Base DN
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CAS_GROUP_LDAP_ATTRIBUTE
|
||||
label: CAS Group LDAP Attribute
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CAS_GROUP_FORMAT
|
||||
label: CAS Group Format
|
||||
schema:
|
||||
type: string
|
||||
default: plain
|
||||
enum:
|
||||
- value: plain
|
||||
description: plain
|
||||
- value: ldap
|
||||
description: ldap
|
||||
- variable: openid
|
||||
label: OpenID Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: openid_enabled
|
||||
label: Enable OpenID
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: OPENID_AUTHORIZATION_ENDPOINT
|
||||
label: OpenID Authorization Endpoint
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_JWKS_ENDPOINT
|
||||
label: OpenID JWKS Endpoint
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_ISSUER
|
||||
label: OpenID Issuer
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_CLIENT_ID
|
||||
label: OpenID Client ID
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_REDIRECT_URI
|
||||
label: OpenID Redirect URI
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_USERNAME_CLAIM_TYPE
|
||||
label: OpenID Username Claim Type
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: email
|
||||
- variable: OPENID_GROUPS_CLAIM_TYPE
|
||||
label: OpenID Groups Claim Type
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: groups
|
||||
- variable: OPENID_SCOPE
|
||||
label: OpenID Scope
|
||||
schema:
|
||||
type: string
|
||||
default: openid email profile
|
||||
- variable: OPENID_ALLOWED_CLOCK_SKEW
|
||||
label: OpenID Allowed Clock Skew (in seconds)
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 30
|
||||
- variable: OPENID_MAX_TOKEN_VALIDITY
|
||||
label: OpenID Max Token Validity (in minutes)
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 300
|
||||
- variable: OPENID_MAX_NONCE_VALIDITY
|
||||
label: OpenID Max Nonce Validity (in minutes)
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 10
|
||||
- variable: radius
|
||||
label: Radius Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: radius_enabled
|
||||
label: Enable Radius
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: RADIUS_SHARED_SECRET
|
||||
label: Radius Shared Secret
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: RADIUS_AUTH_PROTOCOL
|
||||
label: Radius Auth Protocol
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: eap-tls
|
||||
enum:
|
||||
- value: pap
|
||||
description: pap
|
||||
- value: chap
|
||||
description: chap
|
||||
- value: mschapv1
|
||||
description: mschapv1
|
||||
- value: mschapv2
|
||||
description: mschapv2
|
||||
- value: eap-md5
|
||||
description: eap-md5
|
||||
- value: eap-tls
|
||||
description: eap-tls
|
||||
- value: eap-ttls
|
||||
description: eap-ttls
|
||||
- variable: RADIUS_HOSTNAME
|
||||
label: Radius Hostname
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: RADIUS_AUTH_PORT
|
||||
label: Radius Auth Port
|
||||
schema:
|
||||
type: int
|
||||
default: 1812
|
||||
- variable: RADIUS_KEY_FILE
|
||||
label: Radius Key File
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_KEY_TYPE
|
||||
label: Radius Key Type
|
||||
schema:
|
||||
type: string
|
||||
default: pkcs12
|
||||
required: true
|
||||
enum:
|
||||
- value: pem
|
||||
description: pem
|
||||
- value: jceks
|
||||
description: jceks
|
||||
- value: jks
|
||||
description: jks
|
||||
- value: pkcs12
|
||||
description: pkcs12
|
||||
- variable: RADIUS_KEY_PASSWORD
|
||||
label: Radius Key Password
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_CA_FILE
|
||||
label: Radius CA File
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_CA_TYPE
|
||||
label: Radius CA Type
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: pem
|
||||
enum:
|
||||
- value: pem
|
||||
description: pem
|
||||
- value: jceks
|
||||
description: jceks
|
||||
- value: jks
|
||||
description: jks
|
||||
- value: pkcs12
|
||||
description: pkcs12
|
||||
- variable: RADIUS_CA_PASSWORD
|
||||
label: Radius CA Password
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_TRUST_ALL
|
||||
label: Radius Trust All
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: RADIUS_RETRIES
|
||||
label: Radius Retries
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 5
|
||||
- variable: RADIUS_TIMEOUT
|
||||
label: Radius Timeout
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 60
|
||||
- variable: RADIUS_EAP_TTLS_INNER_PROTOCOL
|
||||
label: Radius eap-ttls Inner Protocol
|
||||
description: Only has effect when RADIUS_AUTH_PROTOCOL is set to eap-ttls
|
||||
schema:
|
||||
type: string
|
||||
default: eap-tls
|
||||
required: true
|
||||
enum:
|
||||
- value: pap
|
||||
description: pap
|
||||
- value: chap
|
||||
description: chap
|
||||
- value: mschapv1
|
||||
description: mschapv1
|
||||
- value: mschapv2
|
||||
description: mschapv2
|
||||
- value: eap-md5
|
||||
description: eap-md5
|
||||
- value: eap-tls
|
||||
description: eap-tls
|
||||
- variable: RADIUS_NAS_IP
|
||||
label: Radius Network Access Server IP
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: ldap
|
||||
group: "App Configuration"
|
||||
label: LDAP Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: ldap_enabled
|
||||
label: Enable LDAP
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: LDAP_HOSTNAME
|
||||
label: LDAP Hostname
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: LDAP_USER_BASE_DN
|
||||
label: LDAP User Base DN
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: LDAP_PORT
|
||||
label: LDAP Port
|
||||
schema:
|
||||
type: int
|
||||
default: 389
|
||||
- variable: LDAP_ENCRYPTION_METHOD
|
||||
label: LDAP Encryption Method
|
||||
schema:
|
||||
type: string
|
||||
default: none
|
||||
required: true
|
||||
enum:
|
||||
- value: none
|
||||
description: none
|
||||
- value: ssl
|
||||
description: ssl
|
||||
- value: starttls
|
||||
description: starttls
|
||||
- variable: LDAP_MAX_SEARCH_RESULTS
|
||||
label: LDAP Max Search Results
|
||||
schema:
|
||||
type: int
|
||||
default: 1000
|
||||
- variable: LDAP_SEARCH_BIND_DN
|
||||
label: LDAP Search Bind DN
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_USER_ATTRIBUTES
|
||||
label: LDAP User Attributes
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_SEARCH_BIND_PASSWORD
|
||||
label: LDAP Search Bind Password
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_USERNAME_ATTRIBUTE
|
||||
label: LDAP Username Attribute
|
||||
schema:
|
||||
type: string
|
||||
default: uid
|
||||
- variable: LDAP_MEMBER_ATTRIBUTE
|
||||
label: LDAP Member Attribute
|
||||
schema:
|
||||
type: string
|
||||
default: member
|
||||
- variable: LDAP_USER_SEARCH_FILTER
|
||||
label: LDAP User Search Filter
|
||||
schema:
|
||||
type: string
|
||||
default: "(objectClass=*)"
|
||||
- variable: LDAP_CONFIG_BASE_DN
|
||||
label: LDAP Config Base DN
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_GROUP_BASE_DN
|
||||
label: LDAP Group Base DN
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_GROUP_SEARCH_FILTER
|
||||
label: LDAP Group Search Filter
|
||||
schema:
|
||||
type: string
|
||||
default: "(objectClass=*)"
|
||||
- variable: LDAP_MEMBER_ATTRIBUTE_TYPE
|
||||
label: LDAP Member Attribute Type
|
||||
schema:
|
||||
type: string
|
||||
default: dn
|
||||
required: true
|
||||
enum:
|
||||
- value: dn
|
||||
description: dn
|
||||
- value: uid
|
||||
description: uid
|
||||
- variable: LDAP_GROUP_NAME_ATTRIBUTE
|
||||
label: LDAP Group Name Attribute
|
||||
schema:
|
||||
type: string
|
||||
default: cn
|
||||
- variable: LDAP_DEREFERENCE_ALIASES
|
||||
label: LDAP Dereference Aliases
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: never
|
||||
enum:
|
||||
- value: never
|
||||
description: never
|
||||
- value: searching
|
||||
description: searching
|
||||
- value: finding
|
||||
description: finding
|
||||
- value: always
|
||||
description: always
|
||||
- variable: LDAP_FOLLOW_REFERRALS
|
||||
label: LDAP Follow Referrals
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: LDAP_MAX_REFERRAL_HOPS
|
||||
label: LDAP Max Referrals Hops
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 5
|
||||
- variable: LDAP_OPERATION_TIMEOUT
|
||||
label: LDAP Operation Timeout
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 30
|
||||
- variable: saml
|
||||
label: SAML Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: saml_enabled
|
||||
label: Enable SAML
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: SAML_IDP_METADATA_URL
|
||||
label: SAML IDP Metadata URL
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: SAML_IDP_URL
|
||||
label: SAML IDP URL
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: SAML_ENTITY_ID
|
||||
label: SAML Entity ID
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: SAML_CALLBACK_URL
|
||||
label: SAML Callback URL
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: SAML_STRICT
|
||||
label: SAML Strict
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: SAML_DEBUG
|
||||
label: SAML Debug
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: SAML_COMPRESS_REQUEST
|
||||
label: SAML Compress Request
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: SAML_COMPRESS_RESPONSE
|
||||
label: SAML Compress Response
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: SAML_GROUP_ATTRIBUTE
|
||||
label: SAML Group Attribute
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: groups
|
||||
- variable: proxy
|
||||
label: Proxy Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: REMOTE_IP_VALVE_ENABLED
|
||||
label: Enable Proxy
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: PROXY_BY_HEADER
|
||||
label: Proxy by Header
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: PROXY_PROTOCOL_HEADER
|
||||
label: Proxy Protocol Header
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: PROXY_IP_HEADER
|
||||
label: Proxy IP Header
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: PROXY_ALLOWED_IPS_REGEX
|
||||
label: Proxy Allowed IP Regex
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: Main Service
|
||||
description: The Primary service on which the healthcheck runs, often the webUI
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelectorLoadBalancer}
|
||||
# Include{serviceSelectorExtras}
|
||||
- variable: main
|
||||
label: Main Service Port Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: Port
|
||||
description: This port exposes the container port on the service
|
||||
schema:
|
||||
type: int
|
||||
default: 9998
|
||||
required: true
|
||||
# Include{serviceExpertRoot}
|
||||
# Include{serviceExpert}
|
||||
# Include{serviceList}
|
||||
# Include{persistenceRoot}
|
||||
- variable: recordings
|
||||
label: App Recordings Storage
|
||||
description: Stores the Application Recordings.
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{persistenceBasic}
|
||||
# Include{persistenceList}
|
||||
# Include{ingressRoot}
|
||||
- variable: main
|
||||
label: Main Ingress
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{ingressDefault}
|
||||
# Include{ingressTLS}
|
||||
# Include{ingressTraefik}
|
||||
# Include{ingressAdvanced}
|
||||
# Include{ingressList}
|
||||
# Include{securityContextRoot}
|
||||
- variable: runAsUser
|
||||
label: runAsUser
|
||||
description: The UserID of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 1001
|
||||
- variable: runAsGroup
|
||||
label: runAsGroup
|
||||
description: The groupID of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 1001
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
- variable: fsGroup
|
||||
label: fsGroup
|
||||
description: The group that should own ALL storage
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
# Include{resources}
|
||||
# Include{advanced}
|
||||
# Include{addons}
|
||||
# Include{codeserver}
|
||||
# Include{netshoot}
|
||||
# Include{vpn}
|
||||
# Include{documentation}
|
|
@ -0,0 +1,193 @@
|
|||
{{/* Define the configmap */}}
|
||||
{{- define "guacamole.configmap" -}}
|
||||
{{/* https://github.com/apache/guacamole-client/blob/master/guacamole-docker/bin/start.sh */}}
|
||||
{{/* https://guacamole.apache.org/doc/gug/guacamole-docker.html */}}
|
||||
{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ }}
|
||||
guacamole-config:
|
||||
enabled: true
|
||||
data:
|
||||
RECORDING_SEARCH_PATH: /var/lib/guacamole/recordings
|
||||
{{/* GuacD */}}
|
||||
GUACD_HOSTNAME: {{ printf "%v-guacd" $fullname }}
|
||||
GUACD_PORT: {{ .Values.service.guacd.ports.guacd.port | quote }}
|
||||
{{/* Database */}}
|
||||
POSTGRESQL_PORT: "5432"
|
||||
POSTGRESQL_DATABASE: {{ .Values.cnpg.main.database }}
|
||||
POSTGRESQL_USER: {{ .Values.cnpg.main.user }}
|
||||
POSTGRESQL_HOSTNAME: {{ .Values.cnpg.main.creds.host }}
|
||||
POSTGRESQL_PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
|
||||
{{/* LDAP */}}
|
||||
{{- if (get .Values.guacamole "ldap").LDAP_HOSTNAME }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_HOSTNAME" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_PORT" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_ENCRYPTION_METHOD" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_USER_BASE_DN" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_USER_SEARCH_FILTER" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_GROUP_BASE_DN" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_GROUP_SEARCH_FILTER" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_GROUP_NAME_ATTRIBUTE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_MEMBER_ATTRIBUTE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_MEMBER_ATTRIBUTE_TYPE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_SEARCH_BIND_DN" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_SEARCH_BIND_PASSWORD" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_USERNAME_ATTRIBUTE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_USER_ATTRIBUTES" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_CONFIG_BASE_DN" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_DEREFERENCE_ALIASES" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_FOLLOW_REFERRALS" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_MAX_REFERRAL_HOPS" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_MAX_SEARCH_RESULTS" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_OPERATION_TIMEOUT" "rootCtx" $) }}
|
||||
{{- end }}
|
||||
{{/* Header */}}
|
||||
{{- if (get .Values.guacamole "header").HEADER_ENABLED }}
|
||||
{{ include "guac.env" (dict "ob" "header" "key" "HEADER_ENABLED" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "header" "key" "HTTP_AUTH_HEADER" "rootCtx" $) }}
|
||||
{{- end }}
|
||||
{{/* SAML */}}
|
||||
{{- if or
|
||||
(and ((get .Values.guacamole "saml").SAML_ENTITY_ID) ((get .Values.guacamole "saml").SAML_CALLBACK_URL))
|
||||
((get .Values.guacamole "saml").SAML_IDP_METADATA_URL) }}
|
||||
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_IDP_METADATA_URL" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_IDP_URL" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_ENTITY_ID" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_CALLBACK_URL" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_STRICT" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_DEBUG" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_COMPRESS_REQUEST" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_COMPRESS_RESPONSE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_GROUP_ATTRIBUTE" "rootCtx" $) }}
|
||||
{{- end }}
|
||||
{{/* Proxy */}}
|
||||
{{- if (get .Values.guacamole "proxy").REMOTE_IP_VALVE_ENABLED }}
|
||||
{{ include "guac.env" (dict "ob" "proxy" "key" "REMOTE_IP_VALVE_ENABLED" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "proxy" "key" "PROXY_ALLOWED_IPS_REGEX" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "proxy" "key" "PROXY_IP_HEADER" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "proxy" "key" "PROXY_PROTOCOL_HEADER" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "proxy" "key" "PROXY_BY_HEADER" "rootCtx" $) }}
|
||||
{{- end }}
|
||||
{{/* General */}}
|
||||
{{ include "guac.env" (dict "ob" "general" "key" "EXTENSION_PRIORITY" "rootCtx" $) }}
|
||||
{{/* TOTP */}}
|
||||
{{- if (get .Values.guacamole "totp").TOTP_ENABLED }}
|
||||
{{ include "guac.env" (dict "ob" "totp" "key" "TOTP_ENABLED" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "totp" "key" "TOTP_ISSUER" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "totp" "key" "TOTP_DIGITS" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "totp" "key" "TOTP_PERIOD" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "totp" "key" "TOTP_MODE" "rootCtx" $) }}
|
||||
{{- end }}
|
||||
{{/* DUO */}}
|
||||
{{- if (get .Values.guacamole "duo").DUO_API_HOSTNAME }}
|
||||
{{ include "guac.env" (dict "ob" "duo" "key" "DUO_API_HOSTNAME" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "duo" "key" "DUO_INTEGRATION_KEY" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "duo" "key" "DUO_SECRET_KEY" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "duo" "key" "DUO_APPLICATION_KEY" "rootCtx" $) }}
|
||||
{{- end }}
|
||||
{{/* API */}}
|
||||
{{ include "guac.env" (dict "ob" "api" "key" "API_SESSION_TIMEOUT" "rootCtx" $) }}
|
||||
{{/* RADIUS */}}
|
||||
{{- if (get .Values.guacamole "radius").SHARED_SECRET }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_HOSTNAME" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_AUTH_PORT" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_SHARED_SECRET" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_AUTH_PROTOCOL" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_KEY_TYPE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_KEY_TYPE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_KEY_PASSWORD" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_CA_FILE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_CA_TYPE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_CA_PASSWORD" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_TRUST_ALL" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_RETRIES" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_TIMEOUT" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_EAP_TTLS_INNER_PROTOCOL" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_NAS_IP" "rootCtx" $) }}
|
||||
{{- end }}
|
||||
{{/* OPENID */}}
|
||||
{{- if (get .Values.guacamole "openid").OPENID_AUTHORIZATION_ENDPOINT }}
|
||||
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_AUTHORIZATION_ENDPOINT" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_JWKS_ENDPOINT" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_ISSUER" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_CLIENT_ID" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_REDIRECT_URI" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_USERNAME_CLAIM_TYPE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_GROUPS_CLAIM_TYPE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_SCOPE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_ALLOWED_CLOCK_SKEW" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_MAX_TOKEN_VALIDITY" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_MAX_NONCE_VALIDITY" "rootCtx" $) }}
|
||||
{{- end }}
|
||||
{{/* CAS */}}
|
||||
{{- if (get .Values.guacamole "cas").CAS_AUTHORIZATION_ENDPOINT }}
|
||||
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_AUTHORIZATION_ENDPOINT" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_REDIRECT_URI" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_CLEARPASS_KEY" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_GROUP_ATTRIBUTE" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_GROUP_FORMAT" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_GROUP_LDAP_BASE_DN" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_GROUP_LDAP_ATTRIBUTE" "rootCtx" $) }}
|
||||
{{- end }}
|
||||
{{/* JSON */}}
|
||||
{{- if (get .Values.guacamole "json").JSON_SECRET_KEY }}
|
||||
{{ include "guac.env" (dict "ob" "json" "key" "JSON_SECRET_KEY" "rootCtx" $) }}
|
||||
{{ include "guac.env" (dict "ob" "json" "key" "JSON_TRUSTED_NETWORKS" "rootCtx" $) }}
|
||||
{{- end }}
|
||||
db-init:
|
||||
enabled: true
|
||||
data:
|
||||
{{- $filename := "/tc-init/initdb.sql" }}
|
||||
create-seed.sh: |
|
||||
echo "Creating [{{ $filename }}] file..."
|
||||
/opt/guacamole/bin/initdb.sh --postgresql > {{ $filename }}
|
||||
if [ -f {{ $filename }} ]; then
|
||||
echo "File [{{ $filename }}] created successfully!"
|
||||
exit 0
|
||||
fi
|
||||
echo "File [{{ $filename }}] failed to create."
|
||||
exit 1
|
||||
apply-seed.sh: |
|
||||
export PGPASSWORD="$POSTGRESQL_PASSWORD"
|
||||
until
|
||||
pg_isready --username="$POSTGRESQL_USER" --host="$POSTGRESQL_HOSTNAME" --port="$POSTGRESQL_PORT"
|
||||
do
|
||||
echo "Waiting for PostgreSQL to start..."
|
||||
sleep 2
|
||||
done
|
||||
psql --host="$POSTGRESQL_HOSTNAME" --port="$POSTGRESQL_PORT" \
|
||||
--username="$POSTGRESQL_USER" --dbname="$POSTGRESQL_DATABASE" \
|
||||
--no-password --command='SELECT * FROM public.guacamole_user' \
|
||||
--output=/dev/null --quiet
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Database already initialized."
|
||||
exit 0
|
||||
fi
|
||||
if [ ! -f {{ $filename }} ]; then
|
||||
echo "File [{{ $filename }}] does not exist."
|
||||
exit 1
|
||||
fi
|
||||
echo "Initializing database from [{{ $filename }}] file..."
|
||||
psql --host="$POSTGRESQL_HOSTNAME" --port="$POSTGRESQL_PORT" \
|
||||
--username="$POSTGRESQL_USER" --dbname="$POSTGRESQL_DATABASE" \
|
||||
--no-password --quiet --output=/dev/null --file={{ $filename }}
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Database initialized successfully!"
|
||||
exit 0
|
||||
fi
|
||||
echo "Database failed to initialize."
|
||||
exit 1
|
||||
{{- end -}}
|
||||
|
||||
{{- define "guac.env" -}}
|
||||
{{- $key := .key -}}
|
||||
{{- $ob := .ob -}}
|
||||
{{- $rootCtx := .rootCtx -}}
|
||||
{{- $object := (get $rootCtx.Values.guacamole $ob) -}}
|
||||
|
||||
{{- if $object -}}
|
||||
{{- if hasKey $object $key -}}
|
||||
{{- if not (kindIs "invalid" $key) -}}
|
||||
{{- printf "%v: %v" $key (get $object $key | quote) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,10 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{ include "tc.v1.common.loader.init" . }}
|
||||
|
||||
{{- $configmap := (include "guacamole.configmap" $ | fromYaml) -}}
|
||||
{{- if $configmap -}}
|
||||
{{- $_ := mustMergeOverwrite .Values.configmap $configmap -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.v1.common.loader.apply" . }}
|
|
@ -0,0 +1,263 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/guacamole-client
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 1.5.2@sha256:d705e385677c11624381df0c3779616edac98fdc8e508374257327516bde061b
|
||||
guacdImage:
|
||||
repository: tccr.io/truecharts/guacamole-server
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v1.5.2@sha256:f7f62adecb244a91c974ac0bab7376335304145789fb43baeff75c1e2c88c630
|
||||
|
||||
guacamole:
|
||||
ldap:
|
||||
LDAP_HOSTNAME: ""
|
||||
LDAP_USER_BASE_DN: ""
|
||||
LDAP_PORT: 389
|
||||
LDAP_ENCRYPTION_METHOD: none
|
||||
LDAP_MAX_SEARCH_RESULTS: 1000
|
||||
LDAP_SEARCH_BIND_DN: ""
|
||||
LDAP_USER_ATTRIBUTES: ""
|
||||
LDAP_SEARCH_BIND_PASSWORD: ""
|
||||
LDAP_USERNAME_ATTRIBUTE: uid
|
||||
LDAP_MEMBER_ATTRIBUTE: member
|
||||
LDAP_USER_SEARCH_FILTER: "(objectClass=*)"
|
||||
LDAP_CONFIG_BASE_DN: ""
|
||||
LDAP_GROUP_BASE_DN: ""
|
||||
LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)"
|
||||
LDAP_MEMBER_ATTRIBUTE_TYPE: dn
|
||||
LDAP_GROUP_NAME_ATTRIBUTE: cn
|
||||
LDAP_DEREFERENCE_ALIASES: never
|
||||
LDAP_FOLLOW_REFERRALS: false
|
||||
LDAP_MAX_REFERRAL_HOPS: 5
|
||||
LDAP_OPERATION_TIMEOUT: 30
|
||||
header:
|
||||
HEADER_ENABLED: false
|
||||
HTTP_AUTH_HEADER: REMOTE_USER
|
||||
saml:
|
||||
SAML_IDP_METADATA_URL: ""
|
||||
SAML_IDP_URL: ""
|
||||
SAML_ENTITY_ID: ""
|
||||
SAML_CALLBACK_URL: ""
|
||||
SAML_STRICT: true
|
||||
SAML_DEBUG: false
|
||||
SAML_COMPRESS_REQUEST: true
|
||||
SAML_COMPRESS_RESPONSE: true
|
||||
SAML_GROUP_ATTRIBUTE: groups
|
||||
proxy:
|
||||
REMOTE_IP_VALVE_ENABLED: false
|
||||
PROXY_ALLOWED_IPS_REGEX: ""
|
||||
PROXY_IP_HEADER: ""
|
||||
PROXY_PROTOCOL_HEADER: ""
|
||||
PROXY_BY_HEADER: ""
|
||||
general:
|
||||
EXTENSION_PRIORITY: ""
|
||||
totp:
|
||||
TOTP_ENABLED: true
|
||||
TOTP_ISSUER: Apache Guacamole
|
||||
TOTP_DIGITS: 6
|
||||
TOTP_PERIOD: 30
|
||||
TOTP_MODE: sha1
|
||||
duo:
|
||||
DUO_API_HOSTNAME: ""
|
||||
DUO_INTEGRATION_KEY: ""
|
||||
DUO_SECRET_KEY: ""
|
||||
DUO_APPLICATION_KEY: ""
|
||||
api:
|
||||
API_SESSION_TIMEOUT: 60
|
||||
radius:
|
||||
RADIUS_SHARED_SECRET: ""
|
||||
RADIUS_AUTH_PROTOCOL: eap-tls
|
||||
RADIUS_HOSTNAME: ""
|
||||
RADIUS_AUTH_PORT: 1812
|
||||
RADIUS_KEY_FILE: ""
|
||||
RADIUS_KEY_TYPE: pkcs12
|
||||
RADIUS_KEY_PASSWORD: ""
|
||||
RADIUS_CA_FILE: ""
|
||||
RADIUS_CA_TYPE: pem
|
||||
RADIUS_CA_PASSWORD: ""
|
||||
RADIUS_TRUST_ALL: false
|
||||
RADIUS_RETRIES: 5
|
||||
RADIUS_TIMEOUT: 60
|
||||
RADIUS_EAP_TTLS_INNER_PROTOCOL: eap-tls
|
||||
RADIUS_NAS_IP: ""
|
||||
openid:
|
||||
OPENID_AUTHORIZATION_ENDPOINT: ""
|
||||
OPENID_JWKS_ENDPOINT: ""
|
||||
OPENID_ISSUER: ""
|
||||
OPENID_CLIENT_ID: ""
|
||||
OPENID_REDIRECT_URI: ""
|
||||
OPENID_USERNAME_CLAIM_TYPE: email
|
||||
OPENID_GROUPS_CLAIM_TYPE: groups
|
||||
OPENID_SCOPE: openid email profile
|
||||
OPENID_ALLOWED_CLOCK_SKEW: 30
|
||||
OPENID_MAX_TOKEN_VALIDITY: 300
|
||||
OPENID_MAX_NONCE_VALIDITY: 300
|
||||
cas:
|
||||
CAS_AUTHORIZATION_ENDPOINT: ""
|
||||
CAS_REDIRECT_URI: ""
|
||||
CAS_CLEARPASS_KEY: ""
|
||||
CAS_GROUP_ATTRIBUTE: ""
|
||||
CAS_GROUP_FORMAT: plain
|
||||
CAS_GROUP_LDAP_BASE_DN: ""
|
||||
CAS_GROUP_LDAP_ATTRIBUTE: ""
|
||||
json:
|
||||
JSON_SECRET_KEY: ""
|
||||
JSON_TRUSTED_NETWORKS: ""
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
securityContext:
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
readOnlyRootFilesystem: false
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: guacamole-config
|
||||
probes:
|
||||
liveness:
|
||||
type: http
|
||||
port: "{{ .Values.service.main.ports.main.targetPort }}"
|
||||
path: /guacamole
|
||||
readiness:
|
||||
type: http
|
||||
port: "{{ .Values.service.main.ports.main.targetPort }}"
|
||||
path: /guacamole
|
||||
startup:
|
||||
type: tcp
|
||||
port: "{{ .Values.service.main.ports.main.targetPort }}"
|
||||
# zz is used to ensure that the initContainers are run after db-waits
|
||||
initContainers:
|
||||
1-create-seed:
|
||||
enabled: true
|
||||
type: install
|
||||
imageSelector: image
|
||||
securityContext:
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
readOnlyRootFilesystem: false
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: guacamole-config
|
||||
command:
|
||||
- /bin/sh
|
||||
args:
|
||||
- -c
|
||||
- /tc-scripts/create-seed.sh
|
||||
2-apply-seed:
|
||||
enabled: true
|
||||
type: install
|
||||
imageSelector: postgresClientImage
|
||||
securityContext:
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
readOnlyRootFilesystem: false
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: guacamole-config
|
||||
command:
|
||||
- /bin/sh
|
||||
args:
|
||||
- -c
|
||||
- /tc-scripts/apply-seed.sh
|
||||
|
||||
guacd:
|
||||
enabled: true
|
||||
type: Deployment
|
||||
strategy: RollingUpdate
|
||||
podSpec:
|
||||
containers:
|
||||
guacd:
|
||||
enabled: true
|
||||
primary: true
|
||||
imageSelector: guacdImage
|
||||
command:
|
||||
- /opt/guacamole/sbin/guacd
|
||||
args:
|
||||
# Listen Address
|
||||
- -b
|
||||
- "0.0.0.0"
|
||||
# Listen Port
|
||||
- -l
|
||||
- "{{ .Values.service.guacd.ports.guacd.port }}"
|
||||
# Log Level
|
||||
- -L
|
||||
- info
|
||||
# Foreground
|
||||
- -f
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
readOnlyRootFilesystem: false
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
port: "{{ .Values.service.guacd.ports.guacd.port }}"
|
||||
readiness:
|
||||
type: tcp
|
||||
port: "{{ .Values.service.guacd.ports.guacd.port }}"
|
||||
startup:
|
||||
type: tcp
|
||||
port: "{{ .Values.service.guacd.ports.guacd.port }}"
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 10123
|
||||
targetPort: 8080
|
||||
guacd:
|
||||
enabled: true
|
||||
targetSelector: guacd
|
||||
ports:
|
||||
guacd:
|
||||
enabled: true
|
||||
targetSelector: guacd
|
||||
port: 10124
|
||||
|
||||
persistence:
|
||||
recordings:
|
||||
enabled: true
|
||||
# Check how this works and
|
||||
# which containers need it mounted
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /var/lib/guacamole/recordings
|
||||
readOnly: true
|
||||
guacd:
|
||||
guacd:
|
||||
mountPath: /var/lib/guacamole/recordings
|
||||
tc-init:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
targetSelector:
|
||||
main:
|
||||
1-create-seed:
|
||||
mountPath: /tc-init
|
||||
2-apply-seed:
|
||||
mountPath: /tc-init
|
||||
db-seed:
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: db-init
|
||||
defaultMode: "0770"
|
||||
targetSelector:
|
||||
main:
|
||||
1-create-seed:
|
||||
mountPath: /tc-scripts/create-seed.sh
|
||||
subPath: create-seed.sh
|
||||
2-apply-seed:
|
||||
mountPath: /tc-scripts/apply-seed.sh
|
||||
subPath: apply-seed.sh
|
||||
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
user: guacamole
|
||||
database: guacamole
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
Loading…
Reference in New Issue