feat(guacamole-client): BREAKING CHANGES migrate new common (#10771)

This commit is contained in:
Stavros Kois 2023-07-24 16:29:35 +03:00 committed by GitHub
parent c36414dd19
commit 96342ca379
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 1238 additions and 1270 deletions

View File

@ -1,765 +0,0 @@
# Include{groups}
portals:
open:
# Include{portalLink}
path: "/guacamole"
questions:
# Include{global}
# Include{workload}
# Include{workloadDeployment}
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: GUACD_HOSTNAME
label: "Guacd Hostname"
description: "The hostname of the guacd instance to use to establish remote desktop connections"
schema:
type: string
required: true
default: ""
- variable: GUACD_PORT
label: "Guacd Port"
description: "The port that Guacamole should use when connecting to guacd"
schema:
type: int
required: true
default: 4822
# Include{containerBasic}
# Include{containerAdvanced}
- variable: general
group: "App Configuration"
label: "General Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: EXTENSION_PRIORITY
label: "Extension Priority (Leave blank for default)"
description: "A comma-separated list of the namespaces of all extensions that should be loaded in a specific order"
schema:
type: string
default: ""
- variable: api
group: "App Configuration"
label: "API Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: API_SESSION_TIMEOUT
label: "API Session Timeout (Leave blank for default)"
schema:
type: string
default: ""
- variable: totp
group: "App Configuration"
label: "TOTP Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: TOTP_ENABLED
label: "Enable TOTP"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: TOTP_ISSUER
label: "TOTP Issuer (Leave blank for default)"
schema:
type: string
default: ""
- variable: TOTP_PERIOD
label: "TOTP Period (Leave blank for default)"
schema:
type: string
default: ""
- variable: TOTP_DIGITS
label: "TOTP Digits"
schema:
type: string
default: ""
enum:
- value: ""
description: "default"
- value: "6"
description: "6"
- value: "7"
description: "7"
- value: "8"
description: "8"
- variable: TOTP_MODE
label: "TOTP Mode"
schema:
type: string
default: ""
enum:
- value: ""
description: "default"
- value: "sha1"
description: "sha1"
- value: "sha256"
description: "sha256"
- value: "sha512"
description: "sha512"
- variable: header
group: "App Configuration"
label: "Header Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: HEADER_ENABLED
label: "Enable Header"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: HTTP_AUTH_HEADER
label: "HTTP Auth Header (Leave blank for default)"
schema:
type: string
default: ""
- variable: json
group: "App Configuration"
label: "JSON Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: json_enabled
label: "Enable JSON"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: JSON_SECRET_KEY
label: "JSON Secret Key"
schema:
type: string
required: true
default: ""
- variable: JSON_TRUSTED_NETWORKS
label: "JSON Trusted Networks (Leave blank for unrestricted"
description: "Comma separated list e.g.: 127.0.0.0/8, 10.0.0.0/8"
schema:
type: string
default: ""
- variable: duo
group: "App Configuration"
label: "DUO Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: duo_enabled
label: "Enable DUO"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: DUO_API_HOSTNAME
label: "DUO API Hostname (api-XXXXXXXX.duosecurity.com)"
schema:
type: string
required: true
default: ""
- variable: DUO_INTEGRATION_KEY
label: "DUO Integration Key (Exactly 20 chars)"
schema:
min_length: 20
max_length: 20
type: string
required: true
default: ""
- variable: DUO_SECRET_KEY
label: "DUO Secret Key (Exactly 40 chars)"
schema:
min_length: 40
max_length: 40
type: string
required: true
default: ""
- variable: DUO_APPLICATION_KEY
label: "DUO Application Key (At least 40 chars)"
schema:
min_length: 40
type: string
required: true
default: ""
- variable: cas
group: "App Configuration"
label: "CAS Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: cas_enabled
label: "Enable CAS"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: CAS_AUTHORIZATION_ENDPOINT
label: "CAS Authorization Endpoint"
schema:
type: string
required: true
default: ""
- variable: CAS_REDIRECT_URI
label: "CAS Redirect URI"
schema:
type: string
required: true
default: ""
- variable: CAS_CLEARPASS_KEY
label: "CAS Clearpass Key"
schema:
type: string
default: ""
- variable: CAS_GROUP_ATTRIBUTE
label: "CAS Group Attribute"
schema:
type: string
default: ""
- variable: CAS_GROUP_LDAP_BASE_DN
label: "CAS Group LDAP Base DN"
schema:
type: string
default: ""
- variable: CAS_GROUP_LDAP_ATTRIBUTE
label: "CAS Group LDAP Attribute"
schema:
type: string
default: ""
- variable: CAS_GROUP_FORMAT
label: "CAS Group Format"
schema:
type: string
default: ""
enum:
- value: ""
description: "default"
- value: "plain"
description: "plain"
- value: "ldap"
description: "ldap"
- variable: openid
group: "App Configuration"
label: "OpenID Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: openid_enabled
label: "Enable OpenID"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: OPENID_AUTHORIZATION_ENDPOINT
label: "OpenID Authorization Endpoint"
schema:
type: string
required: true
default: ""
- variable: OPENID_JWKS_ENDPOINT
label: "OpenID JWKS Endpoint"
schema:
type: string
required: true
default: ""
- variable: OPENID_ISSUER
label: "OpenID Issuer"
schema:
type: string
required: true
default: ""
- variable: OPENID_CLIENT_ID
label: "OpenID Client ID"
schema:
type: string
required: true
default: ""
- variable: OPENID_REDIRECT_URI
label: "OpenID Redirect URI"
schema:
type: string
required: true
default: ""
- variable: OPENID_USERNAME_CLAIM_TYPE
label: "OpenID Username Claim Type (Leave blank for default)"
schema:
type: string
default: ""
- variable: OPENID_GROUPS_CLAIM_TYPE
label: "OpenID Groups Claim Type (Leave blank for default)"
schema:
type: string
default: ""
- variable: OPENID_MAX_TOKEN_VALIDITY
label: "OpenID Max Token Validity (Leave blank for default)"
schema:
type: string
default: ""
- variable: radius
group: "App Configuration"
label: "Radius Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: radius_enabled
label: "Enable Radius"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: RADIUS_SHARED_SECRET
label: "Radius Shared Secret"
schema:
type: string
required: true
default: ""
- variable: RADIUS_AUTH_PROTOCOL
label: "Radius Auth Protocol"
schema:
type: string
required: true
default: "eap-tls"
enum:
- value: "pap"
description: "pap"
- value: "chap"
description: "chap"
- value: "mschapv1"
description: "mschapv1"
- value: "mschapv2"
description: "mschapv2"
- value: "eap-md5"
description: "eap-md5"
- value: "eap-tls"
description: "eap-tls"
- value: "eap-ttls"
description: "eap-ttls"
- variable: RADIUS_HOSTNAME
label: "Radius Hostname (Leave blank for default)"
schema:
type: string
default: ""
- variable: RADIUS_AUTH_PORT
label: "Radius Auth Port (Leave blank for default)"
schema:
type: string
default: ""
- variable: RADIUS_KEY_FILE
label: "Radius Key File (Leave blank for default)"
schema:
type: string
default: ""
- variable: RADIUS_KEY_TYPE
label: "Radius Key Type"
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "pem"
description: "pem"
- value: "jceks"
description: "jceks"
- value: "jks"
description: "jks"
- value: "pkcs12"
description: "pkcs12"
- variable: RADIUS_KEY_PASSWORD
label: "Radius Key Password (Leave blank if no password)"
schema:
type: string
default: ""
- variable: RADIUS_CA_FILE
label: "Radius CA File (Leave blank for default)"
schema:
type: string
default: ""
- variable: RADIUS_CA_TYPE
label: "Radius CA Type"
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "pem"
description: "pem"
- value: "jceks"
description: "jceks"
- value: "jks"
description: "jks"
- value: "pkcs12"
description: "pkcs12"
- variable: RADIUS_CA_PASSWORD
label: "Radius CA Password (Leave blank if no password)"
schema:
type: string
default: ""
- variable: RADIUS_TRUST_ALL
label: "Radius Trust All"
schema:
type: boolean
default: false
- variable: RADIUS_RETRIES
label: "Radius Retries (Leave blank for default)"
schema:
type: string
default: ""
- variable: RADIUS_TIMEOUT
label: "Radius Timeout (Leave blank for default)"
schema:
type: string
default: ""
- variable: RADIUS_EAP_TTLS_INNER_PROTOCOL
label: "Radius eap-ttls Inner Protocol"
description: "Only has effect when RADIUS_AUTH_PROTOCOL is set to eap-ttls"
schema:
type: string
default: "eap-tls"
enum:
- value: "pap"
description: "pap"
- value: "chap"
description: "chap"
- value: "mschapv1"
description: "mschapv1"
- value: "mschapv2"
description: "mschapv2"
- value: "eap-md5"
description: "eap-md5"
- value: "eap-tls"
description: "eap-tls"
- variable: ldap
group: "App Configuration"
label: "LDAP Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: ldap_enabled
label: "Enable LDAP"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: LDAP_HOSTNAME
label: "LDAP Hostname (Leave blank for default)"
schema:
type: string
required: true
default: ""
- variable: LDAP_USER_BASE_DN
label: "LDAP User Base DN"
schema:
type: string
required: true
default: ""
- variable: LDAP_PORT
label: "LDAP Port (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_ENCRYPTION_METHOD
label: "LDAP Encryption Method (Leave blank for default)"
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "none"
description: "none"
- value: "ssl"
description: "ssl"
- value: "starttls"
description: "starttls"
- variable: LDAP_MAX_SEARCH_RESULTS
label: "LDAP Max Search Results (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_SEARCH_BIND_DN
label: "LDAP Search Bind DN (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_USER_ATTRIBUTES
label: "LDAP User Attributes"
schema:
type: string
default: ""
- variable: LDAP_SEARCH_BIND_PASSWORD
label: "LDAP Search Bind Password (Leave blank if no password)"
schema:
type: string
default: ""
- variable: LDAP_USERNAME_ATTRIBUTE
label: "LDAP Username Attribute"
schema:
type: string
default: ""
- variable: LDAP_MEMBER_ATTRIBUTE
label: "LDAP Member Attribute"
schema:
type: string
default: ""
- variable: LDAP_USER_SEARCH_FILTER
label: "LDAP User Search Filter (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_CONFIG_BASE_DN
label: "LDAP Config Base DN"
schema:
type: string
default: ""
- variable: LDAP_GROUP_BASE_DN
label: "LDAP Group Base DN"
schema:
type: string
default: ""
- variable: LDAP_GROUP_SEARCH_FILTER
label: "LDAP Group Search Filter (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_MEMBER_ATTRIBUTE_TYPE
label: "LDAP Encryption Method"
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "dn"
description: "dn"
- value: "uid"
description: "uid"
- variable: LDAP_GROUP_NAME_ATTRIBUTE
label: "LDAP Group Name Attribute (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_DEREFERENCE_ALIASES
label: "LDAP Dereference Aliases"
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "never"
description: "never"
- value: "searching"
description: "searching"
- value: "finding"
description: "finding"
- value: "always"
description: "always"
- variable: LDAP_FOLLOW_REFERRALS
label: "LDAP Follow Referrals"
schema:
type: boolean
default: false
- variable: LDAP_MAX_REFERRAL_HOPS
label: "LDAP Max Referrals Hops (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_OPERATION_TIMEOUT
label: "LDAP Operation Timeout (Leave blank for default)"
schema:
type: string
default: ""
- variable: saml
group: "App Configuration"
label: "SAML Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: saml_enabled
label: "Enable SAML"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: SAML_IDP_METADATA_URL
label: "SAML IDP Metadata URL"
schema:
type: string
default: ""
- variable: SAML_IDP_URL
label: "SAML IDP URL"
schema:
type: string
default: ""
- variable: SAML_ENTITY_ID
label: "SAML Entity ID"
schema:
type: string
default: ""
- variable: SAML_CALLBACK_URL
label: "SAML Callback URL"
schema:
type: string
default: ""
- variable: SAML_STRICT
label: "SAML Strict"
schema:
type: boolean
default: true
- variable: SAML_DEBUG
label: "SAML Debug"
schema:
type: boolean
default: false
- variable: SAML_COMPRESS_REQUEST
label: "SAML Compress Request"
schema:
type: boolean
default: true
- variable: SAML_COMPRESS_RESPONSE
label: "SAML Compress Response"
schema:
type: boolean
default: true
- variable: SAML_GROUP_ATTRIBUTE
label: "SAML Group Attribute (Leave empty for default)"
schema:
type: string
default: ""
- variable: proxy
group: "App Configuration"
label: "Proxy Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: REMOTE_IP_VALVE_ENABLED
label: "Enable Proxy"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: PROXY_BY_HEADER
label: "Proxy by Header (Leave empty for default)"
schema:
type: string
default: ""
- variable: PROXY_PROTOCOL_HEADER
label: "Proxy Protocol Header (Leave empty for default)"
schema:
type: string
default: ""
- variable: PROXY_IP_HEADER
label: "Proxy IP Header (Leave empty for default)"
schema:
type: string
default: ""
- variable: PROXY_ALLOWED_IPS_REGEX
label: "Proxy Allowed IP Regex (Leave empty for default)"
schema:
type: string
default: ""
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: main
label: "Main Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 9998
required: true
# Include{serviceExpertRoot}
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceList}
# Include{ingressRoot}
- variable: main
label: "Main Ingress"
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressAdvanced}
# Include{ingressList}
# Include{securityContextRoot}
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 1001
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 1001
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage"
schema:
type: int
default: 568
# Include{resources}
# Include{advanced}
# Include{addons}
# Include{codeserver}
# Include{netshoot}
# Include{vpn}
# Include{documentation}

View File

@ -1,242 +0,0 @@
{{/* Define the configmap */}}
{{- define "guacamole-client.configmap" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: guacamole-client-env
data:
{{/* GENERAL */}}
{{- with .Values.general.EXTENSION_PRIORITY }}
EXTENSION_PRIORITY: {{ . | quote }}
{{- end }}
{{/* API */}}
{{- with .Values.api.API_SESSION_TIMEOUT }}
API_SESSION_TIMEOUT: {{ . | quote }}
{{- end }}
{{/* TOTP */}}
{{- if .Values.totp.TOTP_ENABLED }}
TOTP_ENABLED: {{ .Values.totp.TOTP_ENABLED | quote }}
{{- with .Values.totp.TOTP_ISSUER }}
TOTP_ISSUER: {{ . | quote }}
{{- end }}
{{- with .Values.totp.TOTP_DIGITS }}
TOTP_DIGITS: {{ . | quote }}
{{- end }}
{{- with .Values.totp.TOTP_PERIOD }}
TOTP_PERIOD: {{ . | quote }}
{{- end }}
{{- with .Values.totp.TOTP_MODE }}
TOTP_MODE: {{ . | quote }}
{{- end }}
{{- end }}
{{/* HEADER */}}
{{- if .Values.header.HEADER_ENABLED }}
HEADER_ENABLED: {{ .Values.header.HEADER_ENABLED | quote }}
{{- with .Values.header.HTTP_AUTH_HEADER }}
HTTP_AUTH_HEADER: {{ . | quote }}
{{- end }}
{{- end }}
{{/* JSON */}}
{{- with .Values.json.JSON_SECRET_KEY }}
JSON_SECRET_KEY: {{ . | quote }}
{{- with .Values.json.JSON_TRUSTED_NETWORKS }}
JSON_TRUSTED_NETWORKS: {{ . | quote }}
{{- end }}
{{- end }}
{{/* DUO */}}
{{- if and .Values.duo.DUO_API_HOSTNAME .Values.duo.DUO_INTEGRATION_KEY .Values.duo.DUO_SECRET_KEY .Values.duo.DUO_APPLICATION_KEY }}
DUO_API_HOSTNAME: {{ .Values.duo.DUO_API_HOSTNAME | quote }}
DUO_INTEGRATION_KEY: {{ .Values.duo.DUO_INTEGRATION_KEY | quote }}
DUO_SECRET_KEY: {{ .Values.duo.DUO_SECRET_KEY | quote }}
DUO_APPLICATION_KEY: {{ .Values.duo.DUO_APPLICATION_KEY | quote }}
{{- end }}
{{/* CAS */}}
{{- if and .Values.cas.CAS_AUTHORIZATION_ENDPOINT .Values.cas.CAS_REDIRECT_URI }}
CAS_AUTHORIZATION_ENDPOINT: {{ .Values.cas.CAS_AUTHORIZATION_ENDPOINT | quote }}
CAS_REDIRECT_URI: {{ .Values.cas.CAS_REDIRECT_URI | quote }}
{{- with .Values.cas.CAS_CLEARPASS_KEY }}
CAS_CLEARPASS_KEY: {{ . | quote }}
{{- end }}
{{- with .Values.cas.CAS_GROUP_ATTRIBUTE }}
CAS_GROUP_ATTRIBUTE: {{ . | quote }}
{{- with .Values.cas.CAS_GROUP_FORMAT }}
CAS_GROUP_FORMAT: {{ . | quote }}
{{- if eq .Values.cas.CAS_GROUP_FORMAT "ldap" }}
{{- with .Values.cas.CAS_GROUP_LDAP_BASE_DN }}
CAS_GROUP_LDAP_BASE_DN: {{ . | quote }}
{{- with .Values.cas.CAS_GROUP_LDAP_ATTRIBUTE }}
CAS_GROUP_LDAP_ATTRIBUTE: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{/* OpenID */}}
{{- if and .Values.openid.OPENID_AUTHORIZATION_ENDPOINT .Values.openid.OPENID_JWKS_ENDPOINT .Values.openid.OPENID_ISSUER .Values.openid.OPENID_CLIENT_ID .Values.openid.OPENID_REDIRECT_URI }}
OPENID_AUTHORIZATION_ENDPOINT: {{ .Values.openid.OPENID_AUTHORIZATION_ENDPOINT | quote }}
OPENID_JWKS_ENDPOINT: {{ .Values.openid.OPENID_JWKS_ENDPOINT | quote }}
OPENID_ISSUER: {{ .Values.openid.OPENID_ISSUER | quote }}
OPENID_CLIENT_ID: {{ .Values.openid.OPENID_CLIENT_ID | quote }}
OPENID_REDIRECT_URI: {{ .Values.openid.OPENID_REDIRECT_URI | quote }}
{{- with .Values.openid.OPENID_USERNAME_CLAIM_TYPE }}
OPENID_USERNAME_CLAIM_TYPE: {{ . | quote }}
{{- end }}
{{- with .Values.openid.OPENID_GROUPS_CLAIM_TYPE }}
OPENID_GROUPS_CLAIM_TYPE: {{ . | quote }}
{{- end }}
{{- with .Values.openid.OPENID_MAX_TOKEN_VALIDITY }}
OPENID_MAX_TOKEN_VALIDITY: {{ . | quote }}
{{- end }}
{{- end }}
{{/* RADIUS */}}
{{- if and .Values.radius.RADIUS_SHARED_SECRET .Values.radius.RADIUS_AUTH_PROTOCOL }}
RADIUS_SHARED_SECRET: {{ .Values.radius.RADIUS_SHARED_SECRET | quote }}
RADIUS_AUTH_PROTOCOL: {{ .Values.radius.RADIUS_AUTH_PROTOCOL | quote }}
{{- with .Values.radius.RADIUS_HOSTNAME }}
RADIUS_HOSTNAME: {{ . | quote }}
{{- end }}
{{- with .Values.radius.RADIUS_AUTH_PORT }}
RADIUS_AUTH_PORT: {{ . | quote }}
{{- end }}
{{- with .Values.radius.RADIUS_KEY_FILE }}
RADIUS_KEY_FILE: {{ . | quote }}
{{- end }}
{{- with .Values.radius.RADIUS_KEY_TYPE }}
RADIUS_KEY_TYPE: {{ . | quote }}
{{- end }}
{{- with .Values.radius.RADIUS_KEY_PASSWORD }}
RADIUS_KEY_PASSWORD: {{ . | quote }}
{{- end }}
{{- with .Values.radius.RADIUS_CA_FILE }}
RADIUS_CA_FILE: {{ . | quote }}
{{- end }}
{{- with .Values.radius.RADIUS_CA_TYPE }}
RADIUS_CA_TYPE: {{ . | quote }}
{{- end }}
{{- with .Values.radius.RADIUS_CA_PASSWORD }}
RADIUS_CA_PASSWORD: {{ . | quote }}
{{- end }}
{{- if .Values.radius.RADIUS_TRUST_ALL }}
RADIUS_TRUST_ALL: {{ .Values.radius.RADIUS_TRUST_ALL | quote }}
{{- end }}
{{- with .Values.radius.RADIUS_RETRIES }}
RADIUS_RETRIES: {{ . | quote }}
{{- end }}
{{- with .Values.radius.RADIUS_TIMEOUT }}
RADIUS_TIMEOUT: {{ . | quote }}
{{- end }}
{{- with .Values.radius.RADIUS_EAP_TTLS_INNER_PROTOCOL }}
RADIUS_EAP_TTLS_INNER_PROTOCOL: {{ . | quote }}
{{- end }}
{{- end }}
{{/* LDAP */}}
{{- if and .Values.ldap.LDAP_HOSTNAME .Values.ldap.LDAP_USER_BASE_DN }}
LDAP_HOSTNAME: {{ .Values.ldap.LDAP_HOSTNAME | quote }}
LDAP_USER_BASE_DN: {{ .Values.ldap.LDAP_USER_BASE_DN | quote }}
{{- with .Values.ldap.LDAP_PORT }}
LDAP_PORT: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_ENCRYPTION_METHOD }}
LDAP_ENCRYPTION_METHOD: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_MAX_SEARCH_RESULTS }}
LDAP_MAX_SEARCH_RESULTS: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_SEARCH_BIND_DN }}
LDAP_SEARCH_BIND_DN: {{ .| quote }}
{{- end }}
{{- with .Values.ldap.LDAP_USER_ATTRIBUTES }}
LDAP_USER_ATTRIBUTES: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_SEARCH_BIND_PASSWORD }}
LDAP_SEARCH_BIND_PASSWORD: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_USERNAME_ATTRIBUTE }}
LDAP_USERNAME_ATTRIBUTE: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_MEMBER_ATTRIBUTE }}
LDAP_MEMBER_ATTRIBUTE: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_USER_SEARCH_FILTER }}
LDAP_USER_SEARCH_FILTER: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_CONFIG_BASE_DN }}
LDAP_CONFIG_BASE_DN: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_GROUP_BASE_DN }}
LDAP_GROUP_BASE_DN: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_GROUP_SEARCH_FILTER }}
LDAP_GROUP_SEARCH_FILTER: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_MEMBER_ATTRIBUTE_TYPE }}
LDAP_MEMBER_ATTRIBUTE_TYPE: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_GROUP_NAME_ATTRIBUTE }}
LDAP_GROUP_NAME_ATTRIBUTE: {{ . | quote }}
{{- end }}
{{- with .Values.ldap.LDAP_DEREFERENCE_ALIASES }}
LDAP_DEREFERENCE_ALIASES: {{ . | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_FOLLOW_REFERRALS }}
LDAP_FOLLOW_REFERRALS: {{ .Values.ldap.LDAP_FOLLOW_REFERRALS | quote }}
{{- with .Values.ldap.LDAP_MAX_REFERRAL_HOPS }}
LDAP_MAX_REFERRAL_HOPS: {{ . | quote }}
{{- end }}
{{- end }}
{{- with .Values.ldap.LDAP_OPERATION_TIMEOUT }}
LDAP_OPERATION_TIMEOUT: {{ . | quote }}
{{- end }}
{{- end }}
{{/* SAML */}}
{{- if or .Values.saml.SAML_IDP_METADATA_URL ( and ( .Values.saml.SAML_ENTITY_ID ) ( .Values.saml.SAML_CALLBACK_URL ) ) }}
{{- with .Values.saml.SAML_IDP_METADATA_URL }}
SAML_IDP_METADATA_URL: {{ . | quote }}
{{- end }}
{{- with .Values.saml.SAML_ENTITY_ID }}
SAML_ENTITY_ID: {{ . | quote }}
{{- end }}
{{- with .Values.saml.SAML_CALLBACK_URL }}
SAML_CALLBACK_URL: {{ . | quote }}
{{- end }}
{{- with .Values.saml.SAML_IDP_URL }}
SAML_IDP_URL: {{ . | quote }}
{{- end }}
{{- if .Values.saml.SAML_STRICT }}
SAML_STRICT: {{ .Values.saml.SAML_STRICT | quote }}
{{- end }}
{{- if .Values.saml.SAML_DEBUG }}
SAML_DEBUG: {{ .Values.saml.SAML_DEBUG | quote }}
{{- end }}
{{- if .Values.saml.SAML_COMPRESS_REQUEST }}
SAML_COMPRESS_REQUEST: {{ .Values.saml.SAML_COMPRESS_REQUEST | quote }}
{{- end }}
{{- if .Values.saml.SAML_COMPRESS_RESPONSE }}
SAML_COMPRESS_RESPONSE: {{ .alues.saml.SAML_COMPRESS_RESPONSE | quote }}
{{- end }}
{{- with .Values.saml.SAML_GROUP_ATTRIBUTE }}
SAML_GROUP_ATTRIBUTE: {{ . | quote }}
{{- end }}
{{- end }}
{{/* PROXY */}}
{{- if .Values.proxy.REMOTE_IP_VALVE_ENABLED }}
REMOTE_IP_VALVE_ENABLED: {{ .Values.proxy.REMOTE_IP_VALVE_ENABLED | quote }}
{{- with .Values.proxy.PROXY_BY_HEADER }}
PROXY_BY_HEADER: {{ . | quote }}
{{- end }}
{{- with .Values.proxy.PROXY_PROTOCOL_HEADER }}
PROXY_PROTOCOL_HEADER: {{ . | quote }}
{{- end }}
{{- with .Values.proxy.PROXY_PROTOCOL_HEADER }}
PROXY_PROTOCOL_HEADER: {{ . | quote }}
{{- end }}
{{- with .Values.proxy.PROXY_IP_HEADER }}
PROXY_IP_HEADER: {{ . | quote }}
{{- end }}
{{- with .Values.proxy.PROXY_ALLOWED_IPS_REGEX }}
PROXY_ALLOWED_IPS_REGEX: {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

View File

@ -1,8 +0,0 @@
{{/* Make sure all variables are set properly */}}
{{ include "tc.common.loader.init" . }}
{{/* Render configmap for vaultwarden */}}
{{- include "guacamole-client.configmap" . }}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}

View File

@ -1,244 +0,0 @@
image:
repository: tccr.io/truecharts/guacamole-client
pullPolicy: IfNotPresent
tag: 1.5.1@sha256:42a3d281697932261078d53920d1e9f822fddee8cbd9bc2f54ef46c6dbad3b1f
podSecurityContext:
runAsUser: 1001
runAsGroup: 1001
securityContext:
readOnlyRootFilesystem: false
service:
main:
ports:
main:
port: 9998
targetPort: 8080
env:
# Will probably be removed on 1.5.0 (https://github.com/apache/guacamole-client/pull/717)
POSTGRES_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}"
POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}"
POSTGRES_PORT: 5432
POSTGRES_HOSTNAME:
secretKeyRef:
name: dbcreds
key: plainhost
POSTGRES_PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
# New format
POSTGRESQL_PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
POSTGRESQL_HOSTNAME:
secretKeyRef:
name: dbcreds
key: plainhost
POSTGRESQL_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}"
POSTGRESQL_USER: "{{ .Values.postgresql.postgresqlUsername }}"
POSTGRESQL_PORT: 5432
GUACD_HOSTNAME: "localhost"
GUACD_PORT: 4822
envFrom:
- configMapRef:
name: guacamole-client-env
totp:
TOTP_ENABLED: false
# TOTP_ISSUER: "Apache Guacamole"
# TOTP_DIGITS: "6"
# TOTP_PERIOD: "30"
# TOTP_MODE: "sha1"
header:
HEADER_ENABLED: false
# HTTP_AUTH_HEADER: "REMOTE_USER"
api:
{}
# API_SESSION_TIMEOUT: "60"
general:
{}
# EXTENSION_PRIORITY: "openid"
json:
{}
# JSON_SECRET_KEY: "random32charkey"
# JSON_TRUSTED_NETWORKS: "127.0.0.0/8, 10.0.0.0/8"
duo:
{}
# DUO_API_HOSTNAME: "api-XXXXXXXX.duosecurity.com"
# DUO_INTEGRATION_KEY: "exactly20charkey"
# DUO_SECRET_KEY: "exactly40charkey"
# DUO_APPLICATION_KEY: "atleast40charkey"
cas:
{}
# CAS_AUTHORIZATION_ENDPOINT: ""
# CAS_REDIRECT_URI: ""
# CAS_CLEARPASS_KEY: ""
# CAS_GROUP_ATTRIBUTE: ""
# CAS_GROUP_FORMAT: "plain"
# CAS_GROUP_LDAP_BASE_DN: ""
# CAS_GROUP_LDAP_ATTRIBUTE: ""
openid:
{}
# OPENID_AUTHORIZATION_ENDPOINT: ""
# OPENID_JWKS_ENDPOINT: ""
# OPENID_ISSUER: ""
# OPENID_CLIENT_ID: ""
# OPENID_REDIRECT_URI: ""
# OPENID_USERNAME_CLAIM_TYPE: "email"
# OPENID_GROUPS_CLAIM_TYPE: "groups"
# OPENID_MAX_TOKEN_VALIDITY: "300"
radius:
{}
# RADIUS_HOSTNAME: "localhost"
# RADIUS_AUTH_PORT: "1812"
# RADIUS_SHARED_SECRET: ""
# RADIUS_AUTH_PROTOCOL: "eap-tls"
# RADIUS_KEY_FILE: ""
# RADIUS_KEY_TYPE: "pkcs12"
# RADIUS_KEY_PASSWORD: ""
# RADIUS_CA_FILE: ""
# RADIUS_CA_TYPE: "pem"
# RADIUS_CA_PASSWORD: ""
# RADIUS_TRUST_ALL: "false"
# RADIUS_RETRIES: "5"
# RADIUS_TIMEOUT: "60"
# RADIUS_EAP_TTLS_INNER_PROTOCOL: "eap-tls"
ldap:
{}
# LDAP_HOSTNAME: "localhost"
# LDAP_USER_BASE_DN: ""
# LDAP_PORT: "389"
# LDAP_ENCRYPTION_METHOD: "none"
# LDAP_MAX_SEARCH_RESULTS: "1000"
# LDAP_SEARCH_BIND_DN: ""
# LDAP_USER_ATTRIBUTES: ""
# LDAP_SEARCH_BIND_PASSWORD: ""
# LDAP_USERNAME_ATTRIBUTE: ""
# LDAP_MEMBER_ATTRIBUTE: ""
# LDAP_USER_SEARCH_FILTER: "(objectClass=*)"
# LDAP_CONFIG_BASE_DN: ""
# LDAP_GROUP_BASE_DN: ""
# LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)"
# LDAP_MEMBER_ATTRIBUTE_TYPE: "dn"
# LDAP_GROUP_NAME_ATTRIBUTE: "cn"
# LDAP_DEREFERENCE_ALIASES: "never"
# LDAP_FOLLOW_REFERRALS: false
# LDAP_MAX_REFERRAL_HOPS: "5"
# LDAP_OPERATION_TIMEOUT: "30"
saml:
{}
# SAML_IDP_METADATA_URL: ""
# SAML_IDP_URL:
# SAML_ENTITY_ID:
# SAML_CALLBACK_URL:
# SAML_STRICT:
# SAML_DEBUG:
# SAML_COMPRESS_REQUEST:
# SAML_COMPRESS_RESPONSE:
# SAML_GROUP_ATTRIBUTE:
proxy:
{}
# REMOTE_IP_VALVE_ENABLED: false
# PROXY_BY_HEADER: ""
# PROXY_PROTOCOL_HEADER: ""
# PROXY_IP_HEADER: ""
# PROXY_ALLOWED_IPS_REGEX: ""
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: guacamole
postgresqlDatabase: guacamole
probes:
liveness:
path: "/guacamole"
readiness:
path: "/guacamole"
startup:
path: "/guacamole"
persistence:
initdbdata:
enabled: true
type: emptyDir
mountPath: "/initdbdata"
installContainers:
1-creat-initdb-file:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
volumeMounts:
- name: initdbdata
mountPath: "/initdbdata"
command: ["/bin/sh", "-c"]
args:
- |-
echo "Creating initdb.sql file..."
/opt/guacamole/bin/initdb.sh --postgres >/initdbdata/initdb.sql
if [ -e /initdbdata/initdb.sql ]; then
echo "Init file created successfully!"
exit 0
else
echo "Init file failed to create."
exit 1
fi
2-initdb:
image: "{{ .Values.ubuntuImage.repository }}:{{ .Values.ubuntuImage.tag }}"
env:
- name: POSTGRESQL_DATABASE
value: "{{ .Values.postgresql.postgresqlDatabase }}"
- name: POSTGRESQL_USER
value: "{{ .Values.postgresql.postgresqlUsername }}"
- name: POSTGRESQL_PORT
value: "5432"
- name: POSTGRESQL_HOSTNAME
valueFrom:
secretKeyRef:
name: dbcreds
key: plainhost
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: dbcreds
key: postgresql-password
volumeMounts:
- name: initdbdata
mountPath: "/initdbdata"
command: ["/bin/sh", "-c"]
args:
- |-
psql -h "$POSTGRESQL_HOSTNAME" -d "$POSTGRESQL_DATABASE" -U "$POSTGRESQL_USER" -p "$POSTGRESQL_PORT" -o '/dev/null' -c 'SELECT * FROM public.guacamole_user'
if [ $? -eq 0 ]; then
echo "DB already initialized. Skipping..."
else
echo "Initializing DB's schema..."
psql -h "$POSTGRESQL_HOSTNAME" -d "$POSTGRESQL_DATABASE" -U "$POSTGRESQL_USER" -p "$POSTGRESQL_PORT" -a -w -f /initdbdata/initdb.sql
if [ $? -eq 0 ]; then
echo "DB's schema initialized successfully!"
exit 0
else
echo "DB's schema failed to initialize."
exit 1
fi
fi
portal:
enabled: true

View File

@ -3,14 +3,10 @@ appVersion: "1.5.1"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
- condition: postgresql.enabled
name: postgresql
repository: https://deps.truecharts.org/
version: 11.0.31
version: 13.2.0
description: Apache Guacamole is a clientless remote desktop gateway.
home: https://truecharts.org/charts/incubator/guacamole-client
icon: https://truecharts.org/img/hotlink-ok/chart-icons/guacamole-client.png
home: https://truecharts.org/charts/stable/guacamole
icon: https://truecharts.org/img/hotlink-ok/chart-icons/guacamole.png
keywords:
- guacamole
- remote
@ -19,13 +15,12 @@ maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: guacamole-client
name: guacamole
sources:
- https://github.com/truecharts/charts/tree/master/charts/incubator/guacamole-client
- https://github.com/truecharts/charts/tree/master/charts/stable/guacamole
- https://github.com/apache/guacamole-client
- http://guacamole.incubator.apache.org/doc/gug/introduction.html
type: application
version: 8.0.0
version: 9.0.0
annotations:
truecharts.org/catagories: |
- utilities

View File

Before

Width:  |  Height:  |  Size: 17 KiB

After

Width:  |  Height:  |  Size: 17 KiB

View File

@ -0,0 +1,766 @@
# Include{groups}
portals:
open:
# Include{portalLink}
path: /guacamole
questions:
# Include{global}
# Include{workload}
# Include{workloadDeployment}
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
# Include{containerBasic}
# Include{containerAdvanced}
- variable: guacamole
label: Guacamole Configuration
group: App Configuration
schema:
type: dict
additional_attrs: true
attrs:
- variable: general
label: General Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: EXTENSION_PRIORITY
label: Extension Priority
description: A comma-separated list of the namespaces of all extensions that should be loaded in a specific order
schema:
type: string
default: ""
- variable: api
label: API Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: API_SESSION_TIMEOUT
label: API Session Timeout (in minutes)
schema:
type: int
default: 60
- variable: totp
label: TOTP Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: TOTP_ENABLED
label: Enable TOTP
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: TOTP_ISSUER
label: TOTP Issuer
schema:
type: string
default: Apache Guacamole
required: true
- variable: TOTP_PERIOD
label: TOTP Period
schema:
type: int
default: 30
required: true
- variable: TOTP_DIGITS
label: TOTP Digits
schema:
type: int
min: 6
max: 8
default: 6
required: true
- variable: TOTP_MODE
label: TOTP Mode
schema:
type: string
default: sha1
required: true
enum:
- value: sha1
description: sha1
- value: sha256
description: sha256
- value: sha512
description: sha512
- variable: header
label: Header Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: HEADER_ENABLED
label: Enable Header
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: HTTP_AUTH_HEADER
label: HTTP Auth Header
schema:
type: string
required: true
default: REMOTE_USER
- variable: json
label: JSON Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: json_enabled
label: Enable JSON
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: JSON_SECRET_KEY
label: JSON Secret Key
schema:
type: string
required: true
default: ""
- variable: JSON_TRUSTED_NETWORKS
label: JSON Trusted Networks (Leave blank for unrestricted
description: "Comma separated list e.g.: 127.0.0.0/8, 10.0.0.0/8"
schema:
type: string
default: ""
- variable: duo
label: DUO Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: duo_enabled
label: Enable DUO
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: DUO_API_HOSTNAME
label: DUO API Hostname (api-XXXXXXXX.duosecurity.com)
schema:
type: string
required: true
default: ""
- variable: DUO_INTEGRATION_KEY
label: DUO Integration Key (Exactly 20 chars)
schema:
min_length: 20
max_length: 20
type: string
required: true
default: ""
- variable: DUO_SECRET_KEY
label: DUO Secret Key (Exactly 40 chars)
schema:
min_length: 40
max_length: 40
type: string
required: true
default: ""
- variable: DUO_APPLICATION_KEY
label: DUO Application Key (At least 40 chars)
schema:
min_length: 40
type: string
required: true
default: ""
- variable: cas
label: CAS Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: cas_enabled
label: Enable CAS
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: CAS_AUTHORIZATION_ENDPOINT
label: CAS Authorization Endpoint
schema:
type: string
required: true
default: ""
- variable: CAS_REDIRECT_URI
label: CAS Redirect URI
schema:
type: string
required: true
default: ""
- variable: CAS_CLEARPASS_KEY
label: CAS Clearpass Key
schema:
type: string
default: ""
- variable: CAS_GROUP_ATTRIBUTE
label: CAS Group Attribute
schema:
type: string
default: ""
- variable: CAS_GROUP_LDAP_BASE_DN
label: CAS Group LDAP Base DN
schema:
type: string
default: ""
- variable: CAS_GROUP_LDAP_ATTRIBUTE
label: CAS Group LDAP Attribute
schema:
type: string
default: ""
- variable: CAS_GROUP_FORMAT
label: CAS Group Format
schema:
type: string
default: plain
enum:
- value: plain
description: plain
- value: ldap
description: ldap
- variable: openid
label: OpenID Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: openid_enabled
label: Enable OpenID
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: OPENID_AUTHORIZATION_ENDPOINT
label: OpenID Authorization Endpoint
schema:
type: string
required: true
default: ""
- variable: OPENID_JWKS_ENDPOINT
label: OpenID JWKS Endpoint
schema:
type: string
required: true
default: ""
- variable: OPENID_ISSUER
label: OpenID Issuer
schema:
type: string
required: true
default: ""
- variable: OPENID_CLIENT_ID
label: OpenID Client ID
schema:
type: string
required: true
default: ""
- variable: OPENID_REDIRECT_URI
label: OpenID Redirect URI
schema:
type: string
required: true
default: ""
- variable: OPENID_USERNAME_CLAIM_TYPE
label: OpenID Username Claim Type
schema:
type: string
required: true
default: email
- variable: OPENID_GROUPS_CLAIM_TYPE
label: OpenID Groups Claim Type
schema:
type: string
required: true
default: groups
- variable: OPENID_SCOPE
label: OpenID Scope
schema:
type: string
default: openid email profile
- variable: OPENID_ALLOWED_CLOCK_SKEW
label: OpenID Allowed Clock Skew (in seconds)
schema:
type: int
required: true
default: 30
- variable: OPENID_MAX_TOKEN_VALIDITY
label: OpenID Max Token Validity (in minutes)
schema:
type: int
required: true
default: 300
- variable: OPENID_MAX_NONCE_VALIDITY
label: OpenID Max Nonce Validity (in minutes)
schema:
type: int
required: true
default: 10
- variable: radius
label: Radius Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: radius_enabled
label: Enable Radius
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: RADIUS_SHARED_SECRET
label: Radius Shared Secret
schema:
type: string
required: true
default: ""
- variable: RADIUS_AUTH_PROTOCOL
label: Radius Auth Protocol
schema:
type: string
required: true
default: eap-tls
enum:
- value: pap
description: pap
- value: chap
description: chap
- value: mschapv1
description: mschapv1
- value: mschapv2
description: mschapv2
- value: eap-md5
description: eap-md5
- value: eap-tls
description: eap-tls
- value: eap-ttls
description: eap-ttls
- variable: RADIUS_HOSTNAME
label: Radius Hostname
schema:
type: string
required: true
default: ""
- variable: RADIUS_AUTH_PORT
label: Radius Auth Port
schema:
type: int
default: 1812
- variable: RADIUS_KEY_FILE
label: Radius Key File
schema:
type: string
default: ""
- variable: RADIUS_KEY_TYPE
label: Radius Key Type
schema:
type: string
default: pkcs12
required: true
enum:
- value: pem
description: pem
- value: jceks
description: jceks
- value: jks
description: jks
- value: pkcs12
description: pkcs12
- variable: RADIUS_KEY_PASSWORD
label: Radius Key Password
schema:
type: string
default: ""
- variable: RADIUS_CA_FILE
label: Radius CA File
schema:
type: string
default: ""
- variable: RADIUS_CA_TYPE
label: Radius CA Type
schema:
type: string
required: true
default: pem
enum:
- value: pem
description: pem
- value: jceks
description: jceks
- value: jks
description: jks
- value: pkcs12
description: pkcs12
- variable: RADIUS_CA_PASSWORD
label: Radius CA Password
schema:
type: string
default: ""
- variable: RADIUS_TRUST_ALL
label: Radius Trust All
schema:
type: boolean
default: false
- variable: RADIUS_RETRIES
label: Radius Retries
schema:
type: int
required: true
default: 5
- variable: RADIUS_TIMEOUT
label: Radius Timeout
schema:
type: int
required: true
default: 60
- variable: RADIUS_EAP_TTLS_INNER_PROTOCOL
label: Radius eap-ttls Inner Protocol
description: Only has effect when RADIUS_AUTH_PROTOCOL is set to eap-ttls
schema:
type: string
default: eap-tls
required: true
enum:
- value: pap
description: pap
- value: chap
description: chap
- value: mschapv1
description: mschapv1
- value: mschapv2
description: mschapv2
- value: eap-md5
description: eap-md5
- value: eap-tls
description: eap-tls
- variable: RADIUS_NAS_IP
label: Radius Network Access Server IP
schema:
type: string
default: ""
- variable: ldap
group: "App Configuration"
label: LDAP Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: ldap_enabled
label: Enable LDAP
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: LDAP_HOSTNAME
label: LDAP Hostname
schema:
type: string
required: true
default: ""
- variable: LDAP_USER_BASE_DN
label: LDAP User Base DN
schema:
type: string
required: true
default: ""
- variable: LDAP_PORT
label: LDAP Port
schema:
type: int
default: 389
- variable: LDAP_ENCRYPTION_METHOD
label: LDAP Encryption Method
schema:
type: string
default: none
required: true
enum:
- value: none
description: none
- value: ssl
description: ssl
- value: starttls
description: starttls
- variable: LDAP_MAX_SEARCH_RESULTS
label: LDAP Max Search Results
schema:
type: int
default: 1000
- variable: LDAP_SEARCH_BIND_DN
label: LDAP Search Bind DN
schema:
type: string
default: ""
- variable: LDAP_USER_ATTRIBUTES
label: LDAP User Attributes
schema:
type: string
default: ""
- variable: LDAP_SEARCH_BIND_PASSWORD
label: LDAP Search Bind Password
schema:
type: string
default: ""
- variable: LDAP_USERNAME_ATTRIBUTE
label: LDAP Username Attribute
schema:
type: string
default: uid
- variable: LDAP_MEMBER_ATTRIBUTE
label: LDAP Member Attribute
schema:
type: string
default: member
- variable: LDAP_USER_SEARCH_FILTER
label: LDAP User Search Filter
schema:
type: string
default: "(objectClass=*)"
- variable: LDAP_CONFIG_BASE_DN
label: LDAP Config Base DN
schema:
type: string
default: ""
- variable: LDAP_GROUP_BASE_DN
label: LDAP Group Base DN
schema:
type: string
default: ""
- variable: LDAP_GROUP_SEARCH_FILTER
label: LDAP Group Search Filter
schema:
type: string
default: "(objectClass=*)"
- variable: LDAP_MEMBER_ATTRIBUTE_TYPE
label: LDAP Member Attribute Type
schema:
type: string
default: dn
required: true
enum:
- value: dn
description: dn
- value: uid
description: uid
- variable: LDAP_GROUP_NAME_ATTRIBUTE
label: LDAP Group Name Attribute
schema:
type: string
default: cn
- variable: LDAP_DEREFERENCE_ALIASES
label: LDAP Dereference Aliases
schema:
type: string
required: true
default: never
enum:
- value: never
description: never
- value: searching
description: searching
- value: finding
description: finding
- value: always
description: always
- variable: LDAP_FOLLOW_REFERRALS
label: LDAP Follow Referrals
schema:
type: boolean
default: false
- variable: LDAP_MAX_REFERRAL_HOPS
label: LDAP Max Referrals Hops
schema:
type: int
required: true
default: 5
- variable: LDAP_OPERATION_TIMEOUT
label: LDAP Operation Timeout
schema:
type: int
required: true
default: 30
- variable: saml
label: SAML Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: saml_enabled
label: Enable SAML
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: SAML_IDP_METADATA_URL
label: SAML IDP Metadata URL
schema:
type: string
default: ""
- variable: SAML_IDP_URL
label: SAML IDP URL
schema:
type: string
default: ""
- variable: SAML_ENTITY_ID
label: SAML Entity ID
schema:
type: string
default: ""
- variable: SAML_CALLBACK_URL
label: SAML Callback URL
schema:
type: string
default: ""
- variable: SAML_STRICT
label: SAML Strict
schema:
type: boolean
default: true
- variable: SAML_DEBUG
label: SAML Debug
schema:
type: boolean
default: false
- variable: SAML_COMPRESS_REQUEST
label: SAML Compress Request
schema:
type: boolean
default: true
- variable: SAML_COMPRESS_RESPONSE
label: SAML Compress Response
schema:
type: boolean
default: true
- variable: SAML_GROUP_ATTRIBUTE
label: SAML Group Attribute
schema:
type: string
required: true
default: groups
- variable: proxy
label: Proxy Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: REMOTE_IP_VALVE_ENABLED
label: Enable Proxy
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: PROXY_BY_HEADER
label: Proxy by Header
schema:
type: string
default: ""
- variable: PROXY_PROTOCOL_HEADER
label: Proxy Protocol Header
schema:
type: string
default: ""
- variable: PROXY_IP_HEADER
label: Proxy IP Header
schema:
type: string
default: ""
- variable: PROXY_ALLOWED_IPS_REGEX
label: Proxy Allowed IP Regex
schema:
type: string
default: ""
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: Main Service
description: The Primary service on which the healthcheck runs, often the webUI
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: main
label: Main Service Port Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: Port
description: This port exposes the container port on the service
schema:
type: int
default: 9998
required: true
# Include{serviceExpertRoot}
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceRoot}
- variable: recordings
label: App Recordings Storage
description: Stores the Application Recordings.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceList}
# Include{ingressRoot}
- variable: main
label: Main Ingress
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressAdvanced}
# Include{ingressList}
# Include{securityContextRoot}
- variable: runAsUser
label: runAsUser
description: The UserID of the user running the application
schema:
type: int
default: 1001
- variable: runAsGroup
label: runAsGroup
description: The groupID of the user running the application
schema:
type: int
default: 1001
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
- variable: fsGroup
label: fsGroup
description: The group that should own ALL storage
schema:
type: int
default: 568
# Include{resources}
# Include{advanced}
# Include{addons}
# Include{codeserver}
# Include{netshoot}
# Include{vpn}
# Include{documentation}

View File

@ -0,0 +1,193 @@
{{/* Define the configmap */}}
{{- define "guacamole.configmap" -}}
{{/* https://github.com/apache/guacamole-client/blob/master/guacamole-docker/bin/start.sh */}}
{{/* https://guacamole.apache.org/doc/gug/guacamole-docker.html */}}
{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ }}
guacamole-config:
enabled: true
data:
RECORDING_SEARCH_PATH: /var/lib/guacamole/recordings
{{/* GuacD */}}
GUACD_HOSTNAME: {{ printf "%v-guacd" $fullname }}
GUACD_PORT: {{ .Values.service.guacd.ports.guacd.port | quote }}
{{/* Database */}}
POSTGRESQL_PORT: "5432"
POSTGRESQL_DATABASE: {{ .Values.cnpg.main.database }}
POSTGRESQL_USER: {{ .Values.cnpg.main.user }}
POSTGRESQL_HOSTNAME: {{ .Values.cnpg.main.creds.host }}
POSTGRESQL_PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
{{/* LDAP */}}
{{- if (get .Values.guacamole "ldap").LDAP_HOSTNAME }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_HOSTNAME" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_PORT" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_ENCRYPTION_METHOD" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_USER_BASE_DN" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_USER_SEARCH_FILTER" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_GROUP_BASE_DN" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_GROUP_SEARCH_FILTER" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_GROUP_NAME_ATTRIBUTE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_MEMBER_ATTRIBUTE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_MEMBER_ATTRIBUTE_TYPE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_SEARCH_BIND_DN" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_SEARCH_BIND_PASSWORD" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_USERNAME_ATTRIBUTE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_USER_ATTRIBUTES" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_CONFIG_BASE_DN" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_DEREFERENCE_ALIASES" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_FOLLOW_REFERRALS" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_MAX_REFERRAL_HOPS" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_MAX_SEARCH_RESULTS" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "ldap" "key" "LDAP_OPERATION_TIMEOUT" "rootCtx" $) }}
{{- end }}
{{/* Header */}}
{{- if (get .Values.guacamole "header").HEADER_ENABLED }}
{{ include "guac.env" (dict "ob" "header" "key" "HEADER_ENABLED" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "header" "key" "HTTP_AUTH_HEADER" "rootCtx" $) }}
{{- end }}
{{/* SAML */}}
{{- if or
(and ((get .Values.guacamole "saml").SAML_ENTITY_ID) ((get .Values.guacamole "saml").SAML_CALLBACK_URL))
((get .Values.guacamole "saml").SAML_IDP_METADATA_URL) }}
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_IDP_METADATA_URL" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_IDP_URL" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_ENTITY_ID" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_CALLBACK_URL" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_STRICT" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_DEBUG" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_COMPRESS_REQUEST" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_COMPRESS_RESPONSE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "saml" "key" "SAML_GROUP_ATTRIBUTE" "rootCtx" $) }}
{{- end }}
{{/* Proxy */}}
{{- if (get .Values.guacamole "proxy").REMOTE_IP_VALVE_ENABLED }}
{{ include "guac.env" (dict "ob" "proxy" "key" "REMOTE_IP_VALVE_ENABLED" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "proxy" "key" "PROXY_ALLOWED_IPS_REGEX" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "proxy" "key" "PROXY_IP_HEADER" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "proxy" "key" "PROXY_PROTOCOL_HEADER" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "proxy" "key" "PROXY_BY_HEADER" "rootCtx" $) }}
{{- end }}
{{/* General */}}
{{ include "guac.env" (dict "ob" "general" "key" "EXTENSION_PRIORITY" "rootCtx" $) }}
{{/* TOTP */}}
{{- if (get .Values.guacamole "totp").TOTP_ENABLED }}
{{ include "guac.env" (dict "ob" "totp" "key" "TOTP_ENABLED" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "totp" "key" "TOTP_ISSUER" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "totp" "key" "TOTP_DIGITS" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "totp" "key" "TOTP_PERIOD" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "totp" "key" "TOTP_MODE" "rootCtx" $) }}
{{- end }}
{{/* DUO */}}
{{- if (get .Values.guacamole "duo").DUO_API_HOSTNAME }}
{{ include "guac.env" (dict "ob" "duo" "key" "DUO_API_HOSTNAME" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "duo" "key" "DUO_INTEGRATION_KEY" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "duo" "key" "DUO_SECRET_KEY" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "duo" "key" "DUO_APPLICATION_KEY" "rootCtx" $) }}
{{- end }}
{{/* API */}}
{{ include "guac.env" (dict "ob" "api" "key" "API_SESSION_TIMEOUT" "rootCtx" $) }}
{{/* RADIUS */}}
{{- if (get .Values.guacamole "radius").SHARED_SECRET }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_HOSTNAME" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_AUTH_PORT" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_SHARED_SECRET" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_AUTH_PROTOCOL" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_KEY_TYPE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_KEY_TYPE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_KEY_PASSWORD" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_CA_FILE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_CA_TYPE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_CA_PASSWORD" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_TRUST_ALL" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_RETRIES" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_TIMEOUT" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_EAP_TTLS_INNER_PROTOCOL" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "radius" "key" "RADIUS_NAS_IP" "rootCtx" $) }}
{{- end }}
{{/* OPENID */}}
{{- if (get .Values.guacamole "openid").OPENID_AUTHORIZATION_ENDPOINT }}
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_AUTHORIZATION_ENDPOINT" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_JWKS_ENDPOINT" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_ISSUER" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_CLIENT_ID" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_REDIRECT_URI" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_USERNAME_CLAIM_TYPE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_GROUPS_CLAIM_TYPE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_SCOPE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_ALLOWED_CLOCK_SKEW" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_MAX_TOKEN_VALIDITY" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "openid" "key" "OPENID_MAX_NONCE_VALIDITY" "rootCtx" $) }}
{{- end }}
{{/* CAS */}}
{{- if (get .Values.guacamole "cas").CAS_AUTHORIZATION_ENDPOINT }}
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_AUTHORIZATION_ENDPOINT" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_REDIRECT_URI" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_CLEARPASS_KEY" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_GROUP_ATTRIBUTE" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_GROUP_FORMAT" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_GROUP_LDAP_BASE_DN" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "cas" "key" "CAS_GROUP_LDAP_ATTRIBUTE" "rootCtx" $) }}
{{- end }}
{{/* JSON */}}
{{- if (get .Values.guacamole "json").JSON_SECRET_KEY }}
{{ include "guac.env" (dict "ob" "json" "key" "JSON_SECRET_KEY" "rootCtx" $) }}
{{ include "guac.env" (dict "ob" "json" "key" "JSON_TRUSTED_NETWORKS" "rootCtx" $) }}
{{- end }}
db-init:
enabled: true
data:
{{- $filename := "/tc-init/initdb.sql" }}
create-seed.sh: |
echo "Creating [{{ $filename }}] file..."
/opt/guacamole/bin/initdb.sh --postgresql > {{ $filename }}
if [ -f {{ $filename }} ]; then
echo "File [{{ $filename }}] created successfully!"
exit 0
fi
echo "File [{{ $filename }}] failed to create."
exit 1
apply-seed.sh: |
export PGPASSWORD="$POSTGRESQL_PASSWORD"
until
pg_isready --username="$POSTGRESQL_USER" --host="$POSTGRESQL_HOSTNAME" --port="$POSTGRESQL_PORT"
do
echo "Waiting for PostgreSQL to start..."
sleep 2
done
psql --host="$POSTGRESQL_HOSTNAME" --port="$POSTGRESQL_PORT" \
--username="$POSTGRESQL_USER" --dbname="$POSTGRESQL_DATABASE" \
--no-password --command='SELECT * FROM public.guacamole_user' \
--output=/dev/null --quiet
if [ $? -eq 0 ]; then
echo "Database already initialized."
exit 0
fi
if [ ! -f {{ $filename }} ]; then
echo "File [{{ $filename }}] does not exist."
exit 1
fi
echo "Initializing database from [{{ $filename }}] file..."
psql --host="$POSTGRESQL_HOSTNAME" --port="$POSTGRESQL_PORT" \
--username="$POSTGRESQL_USER" --dbname="$POSTGRESQL_DATABASE" \
--no-password --quiet --output=/dev/null --file={{ $filename }}
if [ $? -eq 0 ]; then
echo "Database initialized successfully!"
exit 0
fi
echo "Database failed to initialize."
exit 1
{{- end -}}
{{- define "guac.env" -}}
{{- $key := .key -}}
{{- $ob := .ob -}}
{{- $rootCtx := .rootCtx -}}
{{- $object := (get $rootCtx.Values.guacamole $ob) -}}
{{- if $object -}}
{{- if hasKey $object $key -}}
{{- if not (kindIs "invalid" $key) -}}
{{- printf "%v: %v" $key (get $object $key | quote) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,10 @@
{{/* Make sure all variables are set properly */}}
{{ include "tc.v1.common.loader.init" . }}
{{- $configmap := (include "guacamole.configmap" $ | fromYaml) -}}
{{- if $configmap -}}
{{- $_ := mustMergeOverwrite .Values.configmap $configmap -}}
{{- end -}}
{{/* Render the templates */}}
{{ include "tc.v1.common.loader.apply" . }}

View File

@ -0,0 +1,263 @@
image:
repository: tccr.io/truecharts/guacamole-client
pullPolicy: IfNotPresent
tag: 1.5.2@sha256:d705e385677c11624381df0c3779616edac98fdc8e508374257327516bde061b
guacdImage:
repository: tccr.io/truecharts/guacamole-server
pullPolicy: IfNotPresent
tag: v1.5.2@sha256:f7f62adecb244a91c974ac0bab7376335304145789fb43baeff75c1e2c88c630
guacamole:
ldap:
LDAP_HOSTNAME: ""
LDAP_USER_BASE_DN: ""
LDAP_PORT: 389
LDAP_ENCRYPTION_METHOD: none
LDAP_MAX_SEARCH_RESULTS: 1000
LDAP_SEARCH_BIND_DN: ""
LDAP_USER_ATTRIBUTES: ""
LDAP_SEARCH_BIND_PASSWORD: ""
LDAP_USERNAME_ATTRIBUTE: uid
LDAP_MEMBER_ATTRIBUTE: member
LDAP_USER_SEARCH_FILTER: "(objectClass=*)"
LDAP_CONFIG_BASE_DN: ""
LDAP_GROUP_BASE_DN: ""
LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)"
LDAP_MEMBER_ATTRIBUTE_TYPE: dn
LDAP_GROUP_NAME_ATTRIBUTE: cn
LDAP_DEREFERENCE_ALIASES: never
LDAP_FOLLOW_REFERRALS: false
LDAP_MAX_REFERRAL_HOPS: 5
LDAP_OPERATION_TIMEOUT: 30
header:
HEADER_ENABLED: false
HTTP_AUTH_HEADER: REMOTE_USER
saml:
SAML_IDP_METADATA_URL: ""
SAML_IDP_URL: ""
SAML_ENTITY_ID: ""
SAML_CALLBACK_URL: ""
SAML_STRICT: true
SAML_DEBUG: false
SAML_COMPRESS_REQUEST: true
SAML_COMPRESS_RESPONSE: true
SAML_GROUP_ATTRIBUTE: groups
proxy:
REMOTE_IP_VALVE_ENABLED: false
PROXY_ALLOWED_IPS_REGEX: ""
PROXY_IP_HEADER: ""
PROXY_PROTOCOL_HEADER: ""
PROXY_BY_HEADER: ""
general:
EXTENSION_PRIORITY: ""
totp:
TOTP_ENABLED: true
TOTP_ISSUER: Apache Guacamole
TOTP_DIGITS: 6
TOTP_PERIOD: 30
TOTP_MODE: sha1
duo:
DUO_API_HOSTNAME: ""
DUO_INTEGRATION_KEY: ""
DUO_SECRET_KEY: ""
DUO_APPLICATION_KEY: ""
api:
API_SESSION_TIMEOUT: 60
radius:
RADIUS_SHARED_SECRET: ""
RADIUS_AUTH_PROTOCOL: eap-tls
RADIUS_HOSTNAME: ""
RADIUS_AUTH_PORT: 1812
RADIUS_KEY_FILE: ""
RADIUS_KEY_TYPE: pkcs12
RADIUS_KEY_PASSWORD: ""
RADIUS_CA_FILE: ""
RADIUS_CA_TYPE: pem
RADIUS_CA_PASSWORD: ""
RADIUS_TRUST_ALL: false
RADIUS_RETRIES: 5
RADIUS_TIMEOUT: 60
RADIUS_EAP_TTLS_INNER_PROTOCOL: eap-tls
RADIUS_NAS_IP: ""
openid:
OPENID_AUTHORIZATION_ENDPOINT: ""
OPENID_JWKS_ENDPOINT: ""
OPENID_ISSUER: ""
OPENID_CLIENT_ID: ""
OPENID_REDIRECT_URI: ""
OPENID_USERNAME_CLAIM_TYPE: email
OPENID_GROUPS_CLAIM_TYPE: groups
OPENID_SCOPE: openid email profile
OPENID_ALLOWED_CLOCK_SKEW: 30
OPENID_MAX_TOKEN_VALIDITY: 300
OPENID_MAX_NONCE_VALIDITY: 300
cas:
CAS_AUTHORIZATION_ENDPOINT: ""
CAS_REDIRECT_URI: ""
CAS_CLEARPASS_KEY: ""
CAS_GROUP_ATTRIBUTE: ""
CAS_GROUP_FORMAT: plain
CAS_GROUP_LDAP_BASE_DN: ""
CAS_GROUP_LDAP_ATTRIBUTE: ""
json:
JSON_SECRET_KEY: ""
JSON_TRUSTED_NETWORKS: ""
workload:
main:
podSpec:
containers:
main:
securityContext:
runAsUser: 1001
runAsGroup: 1001
readOnlyRootFilesystem: false
envFrom:
- configMapRef:
name: guacamole-config
probes:
liveness:
type: http
port: "{{ .Values.service.main.ports.main.targetPort }}"
path: /guacamole
readiness:
type: http
port: "{{ .Values.service.main.ports.main.targetPort }}"
path: /guacamole
startup:
type: tcp
port: "{{ .Values.service.main.ports.main.targetPort }}"
# zz is used to ensure that the initContainers are run after db-waits
initContainers:
1-create-seed:
enabled: true
type: install
imageSelector: image
securityContext:
runAsUser: 1001
runAsGroup: 1001
readOnlyRootFilesystem: false
envFrom:
- configMapRef:
name: guacamole-config
command:
- /bin/sh
args:
- -c
- /tc-scripts/create-seed.sh
2-apply-seed:
enabled: true
type: install
imageSelector: postgresClientImage
securityContext:
runAsUser: 1001
runAsGroup: 1001
readOnlyRootFilesystem: false
envFrom:
- configMapRef:
name: guacamole-config
command:
- /bin/sh
args:
- -c
- /tc-scripts/apply-seed.sh
guacd:
enabled: true
type: Deployment
strategy: RollingUpdate
podSpec:
containers:
guacd:
enabled: true
primary: true
imageSelector: guacdImage
command:
- /opt/guacamole/sbin/guacd
args:
# Listen Address
- -b
- "0.0.0.0"
# Listen Port
- -l
- "{{ .Values.service.guacd.ports.guacd.port }}"
# Log Level
- -L
- info
# Foreground
- -f
securityContext:
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: false
probes:
liveness:
type: tcp
port: "{{ .Values.service.guacd.ports.guacd.port }}"
readiness:
type: tcp
port: "{{ .Values.service.guacd.ports.guacd.port }}"
startup:
type: tcp
port: "{{ .Values.service.guacd.ports.guacd.port }}"
service:
main:
ports:
main:
port: 10123
targetPort: 8080
guacd:
enabled: true
targetSelector: guacd
ports:
guacd:
enabled: true
targetSelector: guacd
port: 10124
persistence:
recordings:
enabled: true
# Check how this works and
# which containers need it mounted
targetSelector:
main:
main:
mountPath: /var/lib/guacamole/recordings
readOnly: true
guacd:
guacd:
mountPath: /var/lib/guacamole/recordings
tc-init:
enabled: true
type: emptyDir
targetSelector:
main:
1-create-seed:
mountPath: /tc-init
2-apply-seed:
mountPath: /tc-init
db-seed:
enabled: true
type: configmap
objectName: db-init
defaultMode: "0770"
targetSelector:
main:
1-create-seed:
mountPath: /tc-scripts/create-seed.sh
subPath: create-seed.sh
2-apply-seed:
mountPath: /tc-scripts/apply-seed.sh
subPath: apply-seed.sh
cnpg:
main:
enabled: true
user: guacamole
database: guacamole
portal:
open:
enabled: true