image: repository: tccr.io/truecharts/guacamole-client pullPolicy: IfNotPresent tag: v1.4.0@sha256:ee47f0bfa10658683f46cd08316dac56dfb78a0a71a579db0efecd59466adfee podSecurityContext: runAsUser: 1001 runAsGroup: 1001 securityContext: readOnlyRootFilesystem: false service: main: ports: main: port: 9998 targetPort: 8080 env: # Will probably be removed on 1.5.0 (https://github.com/apache/guacamole-client/pull/717) POSTGRES_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}" POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}" POSTGRES_PORT: 5432 POSTGRES_HOSTNAME: secretKeyRef: name: dbcreds key: plainhost POSTGRES_PASSWORD: secretKeyRef: name: dbcreds key: postgresql-password # New format POSTGRESQL_PASSWORD: secretKeyRef: name: dbcreds key: postgresql-password POSTGRESQL_HOSTNAME: secretKeyRef: name: dbcreds key: plainhost POSTGRESQL_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}" POSTGRESQL_USER: "{{ .Values.postgresql.postgresqlUsername }}" POSTGRESQL_PORT: 5432 GUACD_HOSTNAME: "localhost" GUACD_PORT: 4822 envFrom: - configMapRef: name: guacamole-client-env totp: TOTP_ENABLED: false # TOTP_ISSUER: "Apache Guacamole" # TOTP_DIGITS: "6" # TOTP_PERIOD: "30" # TOTP_MODE: "sha1" header: HEADER_ENABLED: false # HTTP_AUTH_HEADER: "REMOTE_USER" api: {} # API_SESSION_TIMEOUT: "60" general: {} # EXTENSION_PRIORITY: "openid" json: {} # JSON_SECRET_KEY: "random32charkey" # JSON_TRUSTED_NETWORKS: "127.0.0.0/8, 10.0.0.0/8" duo: {} # DUO_API_HOSTNAME: "api-XXXXXXXX.duosecurity.com" # DUO_INTEGRATION_KEY: "exactly20charkey" # DUO_SECRET_KEY: "exactly40charkey" # DUO_APPLICATION_KEY: "atleast40charkey" cas: {} # CAS_AUTHORIZATION_ENDPOINT: "" # CAS_REDIRECT_URI: "" # CAS_CLEARPASS_KEY: "" # CAS_GROUP_ATTRIBUTE: "" # CAS_GROUP_FORMAT: "plain" # CAS_GROUP_LDAP_BASE_DN: "" # CAS_GROUP_LDAP_ATTRIBUTE: "" openid: {} # OPENID_AUTHORIZATION_ENDPOINT: "" # OPENID_JWKS_ENDPOINT: "" # OPENID_ISSUER: "" # OPENID_CLIENT_ID: "" # OPENID_REDIRECT_URI: "" # OPENID_USERNAME_CLAIM_TYPE: "email" # OPENID_GROUPS_CLAIM_TYPE: "groups" # OPENID_MAX_TOKEN_VALIDITY: "300" radius: {} # RADIUS_HOSTNAME: "localhost" # RADIUS_AUTH_PORT: "1812" # RADIUS_SHARED_SECRET: "" # RADIUS_AUTH_PROTOCOL: "eap-tls" # RADIUS_KEY_FILE: "" # RADIUS_KEY_TYPE: "pkcs12" # RADIUS_KEY_PASSWORD: "" # RADIUS_CA_FILE: "" # RADIUS_CA_TYPE: "pem" # RADIUS_CA_PASSWORD: "" # RADIUS_TRUST_ALL: "false" # RADIUS_RETRIES: "5" # RADIUS_TIMEOUT: "60" # RADIUS_EAP_TTLS_INNER_PROTOCOL: "eap-tls" ldap: {} # LDAP_HOSTNAME: "localhost" # LDAP_USER_BASE_DN: "" # LDAP_PORT: "389" # LDAP_ENCRYPTION_METHOD: "none" # LDAP_MAX_SEARCH_RESULTS: "1000" # LDAP_SEARCH_BIND_DN: "" # LDAP_USER_ATTRIBUTES: "" # LDAP_SEARCH_BIND_PASSWORD: "" # LDAP_USERNAME_ATTRIBUTE: "" # LDAP_MEMBER_ATTRIBUTE: "" # LDAP_USER_SEARCH_FILTER: "(objectClass=*)" # LDAP_CONFIG_BASE_DN: "" # LDAP_GROUP_BASE_DN: "" # LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)" # LDAP_MEMBER_ATTRIBUTE_TYPE: "dn" # LDAP_GROUP_NAME_ATTRIBUTE: "cn" # LDAP_DEREFERENCE_ALIASES: "never" # LDAP_FOLLOW_REFERRALS: "false" # LDAP_MAX_REFERRAL_HOPS: "5" # LDAP_OPERATION_TIMEOUT: "30" saml: {} # SAML_IDP_METADATA_URL: "" # SAML_IDP_URL: # SAML_ENTITY_ID: # SAML_CALLBACK_URL: # SAML_STRICT: # SAML_DEBUG: # SAML_COMPRESS_REQUEST: # SAML_COMPRESS_RESPONSE: # SAML_GROUP_ATTRIBUTE: proxy: {} # REMOTE_IP_VALVE_ENABLED: false # PROXY_BY_HEADER: "" # PROXY_PROTOCOL_HEADER: "" # PROXY_IP_HEADER: "" # PROXY_ALLOWED_IPS_REGEX: "" postgresql: enabled: true existingSecret: "dbcreds" postgresqlUsername: guacamole postgresqlDatabase: guacamole probes: liveness: path: "/guacamole" readiness: path: "/guacamole" startup: path: "/guacamole" persistence: initdbdata: enabled: true mountPath: "/initdbdata" # Both temphack and temphackalso will be removed on the next image release temphack: enabled: true mountPath: "/opt/guacamole/postgresql-hack" temphackalso: enabled: true mountPath: "/opt/guacamole/postgresql" initContainers: 1-creat-initdb-file: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" volumeMounts: - name: initdbdata mountPath: "/initdbdata" command: ["/bin/sh", "-c"] args: - |- echo "Creating initdb.sql file..." /opt/guacamole/bin/initdb.sh --postgres >/initdbdata/initdb.sql if [ -e /initdbdata/initdb.sql ]; then echo "Init file created successfully!" exit 0 else echo "Init file failed to create." exit 1 fi 2-initdb: image: "{{ .Values.multiinitImage.repository }}:{{ .Values.multiinitImage.tag }}" env: - name: POSTGRESQL_DATABASE value: "{{ .Values.postgresql.postgresqlDatabase }}" - name: POSTGRESQL_USER value: "{{ .Values.postgresql.postgresqlUsername }}" - name: POSTGRESQL_PORT value: "5432" - name: POSTGRESQL_HOSTNAME valueFrom: secretKeyRef: name: dbcreds key: plainhost - name: PGPASSWORD valueFrom: secretKeyRef: name: dbcreds key: postgresql-password volumeMounts: - name: initdbdata mountPath: "/initdbdata" command: ["/bin/sh", "-c"] args: - |- psql -h "$POSTGRESQL_HOSTNAME" -d "$POSTGRESQL_DATABASE" -U "$POSTGRESQL_USER" -p "$POSTGRESQL_PORT" -o '/dev/null' -c 'SELECT * FROM public.guacamole_user' if [ $? -eq 0 ]; then echo "DB already initialized. Skipping..." else echo "Initializing DB's schema..." psql -h "$POSTGRESQL_HOSTNAME" -d "$POSTGRESQL_DATABASE" -U "$POSTGRESQL_USER" -p "$POSTGRESQL_PORT" -a -w -f /initdbdata/initdb.sql if [ $? -eq 0 ]; then echo "DB's schema initialized successfully!" exit 0 else echo "DB's schema failed to initialize." exit 1 fi fi # Until they release an image with the updated driver, we need to manually replace it. # https://issues.apache.org/jira/browse/GUACAMOLE-1433 # https://github.com/apache/guacamole-client/pull/655 # Both 3-temp-hach and 4-temp-hack will be removed on the next image release 3-temp-hack: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" securityContext: runAsUser: 1001 runAsGroup: 1001 volumeMounts: - name: temphack mountPath: "/opt/guacamole/postgresql-hack" command: ["/bin/sh", "-c"] args: - |- echo "Checking postgresql driver version..." if [ -e /opt/guacamole/postgresql/postgresql-42.2.24.jre7.jar ]; then echo "Version found is correct." exit 0 else echo "Old version found. Will try to download a known-to-work version." echo "Downloading (postgresql-42.2.24.jre7.jar)..." curl -L "https://jdbc.postgresql.org/download/postgresql-42.2.24.jre7.jar" >"/opt/guacamole/postgresql-hack/postgresql-42.2.24.jre7.jar" if [ -e /opt/guacamole/postgresql-hack/postgresql-42.2.24.jre7.jar ]; then echo "Downloaded successfully!" cp -r /opt/guacamole/postgresql/* /opt/guacamole/postgresql-hack/ if [ -e /opt/guacamole/postgresql-hack/postgresql-9.4-1201.jdbc41.jar ]; then echo "Removing old version... (postgresql-9.4-1201.jdbc41.jar)" rm "/opt/guacamole/postgresql-hack/postgresql-9.4-1201.jdbc41.jar" if [ $? -eq 0 ]; then echo "Removed successfully!" else echo "Failed to remove." exit 1 fi fi else echo "Failed to download." exit 1 fi fi 4-temp-hack: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" securityContext: runAsUser: 1001 runAsGroup: 1001 volumeMounts: - name: temphack mountPath: "/opt/guacamole/postgresql-hack" - name: temphackalso mountPath: "/opt/guacamole/postgresql" command: ["/bin/sh", "-c"] args: - |- echo "Copying postgres driver into the final destination." cp -r /opt/guacamole/postgresql-hack/* /opt/guacamole/postgresql/ if [ -e /opt/guacamole/postgresql/postgresql-42.2.24.jre7.jar ]; then echo "Driver copied successfully!" else echo "Failed to copy the driver" fi portal: enabled: true