# Include{groups} portals: open: # Include{portalLink} path: "/guacamole" questions: # Include{global} # Include{workload} # Include{workloadDeployment} # Include{replicas1} # Include{podSpec} # Include{containerMain} - variable: env group: "App Configuration" label: "Image Environment" schema: additional_attrs: true type: dict attrs: - variable: GUACD_HOSTNAME label: "Guacd Hostname" description: "The hostname of the guacd instance to use to establish remote desktop connections" schema: type: string required: true default: "" - variable: GUACD_PORT label: "Guacd Port" description: "The port that Guacamole should use when connecting to guacd" schema: type: int required: true default: 4822 # Include{containerBasic} # Include{containerAdvanced} - variable: general group: "App Configuration" label: "General Configuration" schema: additional_attrs: true type: dict attrs: - variable: EXTENSION_PRIORITY label: "Extension Priority (Leave blank for default)" description: "A comma-separated list of the namespaces of all extensions that should be loaded in a specific order" schema: type: string default: "" - variable: api group: "App Configuration" label: "API Configuration" schema: additional_attrs: true type: dict attrs: - variable: API_SESSION_TIMEOUT label: "API Session Timeout (Leave blank for default)" schema: type: string default: "" - variable: totp group: "App Configuration" label: "TOTP Configuration" schema: additional_attrs: true type: dict attrs: - variable: TOTP_ENABLED label: "Enable TOTP" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: TOTP_ISSUER label: "TOTP Issuer (Leave blank for default)" schema: type: string default: "" - variable: TOTP_PERIOD label: "TOTP Period (Leave blank for default)" schema: type: string default: "" - variable: TOTP_DIGITS label: "TOTP Digits" schema: type: string default: "" enum: - value: "" description: "default" - value: "6" description: "6" - value: "7" description: "7" - value: "8" description: "8" - variable: TOTP_MODE label: "TOTP Mode" schema: type: string default: "" enum: - value: "" description: "default" - value: "sha1" description: "sha1" - value: "sha256" description: "sha256" - value: "sha512" description: "sha512" - variable: header group: "App Configuration" label: "Header Configuration" schema: additional_attrs: true type: dict attrs: - variable: HEADER_ENABLED label: "Enable Header" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: HTTP_AUTH_HEADER label: "HTTP Auth Header (Leave blank for default)" schema: type: string default: "" - variable: json group: "App Configuration" label: "JSON Configuration" schema: additional_attrs: true type: dict attrs: - variable: json_enabled label: "Enable JSON" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: JSON_SECRET_KEY label: "JSON Secret Key" schema: type: string required: true default: "" - variable: JSON_TRUSTED_NETWORKS label: "JSON Trusted Networks (Leave blank for unrestricted" description: "Comma separated list e.g.: 127.0.0.0/8, 10.0.0.0/8" schema: type: string default: "" - variable: duo group: "App Configuration" label: "DUO Configuration" schema: additional_attrs: true type: dict attrs: - variable: duo_enabled label: "Enable DUO" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: DUO_API_HOSTNAME label: "DUO API Hostname (api-XXXXXXXX.duosecurity.com)" schema: type: string required: true default: "" - variable: DUO_INTEGRATION_KEY label: "DUO Integration Key (Exactly 20 chars)" schema: min_length: 20 max_length: 20 type: string required: true default: "" - variable: DUO_SECRET_KEY label: "DUO Secret Key (Exactly 40 chars)" schema: min_length: 40 max_length: 40 type: string required: true default: "" - variable: DUO_APPLICATION_KEY label: "DUO Application Key (At least 40 chars)" schema: min_length: 40 type: string required: true default: "" - variable: cas group: "App Configuration" label: "CAS Configuration" schema: additional_attrs: true type: dict attrs: - variable: cas_enabled label: "Enable CAS" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CAS_AUTHORIZATION_ENDPOINT label: "CAS Authorization Endpoint" schema: type: string required: true default: "" - variable: CAS_REDIRECT_URI label: "CAS Redirect URI" schema: type: string required: true default: "" - variable: CAS_CLEARPASS_KEY label: "CAS Clearpass Key" schema: type: string default: "" - variable: CAS_GROUP_ATTRIBUTE label: "CAS Group Attribute" schema: type: string default: "" - variable: CAS_GROUP_LDAP_BASE_DN label: "CAS Group LDAP Base DN" schema: type: string default: "" - variable: CAS_GROUP_LDAP_ATTRIBUTE label: "CAS Group LDAP Attribute" schema: type: string default: "" - variable: CAS_GROUP_FORMAT label: "CAS Group Format" schema: type: string default: "" enum: - value: "" description: "default" - value: "plain" description: "plain" - value: "ldap" description: "ldap" - variable: openid group: "App Configuration" label: "OpenID Configuration" schema: additional_attrs: true type: dict attrs: - variable: openid_enabled label: "Enable OpenID" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: OPENID_AUTHORIZATION_ENDPOINT label: "OpenID Authorization Endpoint" schema: type: string required: true default: "" - variable: OPENID_JWKS_ENDPOINT label: "OpenID JWKS Endpoint" schema: type: string required: true default: "" - variable: OPENID_ISSUER label: "OpenID Issuer" schema: type: string required: true default: "" - variable: OPENID_CLIENT_ID label: "OpenID Client ID" schema: type: string required: true default: "" - variable: OPENID_REDIRECT_URI label: "OpenID Redirect URI" schema: type: string required: true default: "" - variable: OPENID_USERNAME_CLAIM_TYPE label: "OpenID Username Claim Type (Leave blank for default)" schema: type: string default: "" - variable: OPENID_GROUPS_CLAIM_TYPE label: "OpenID Groups Claim Type (Leave blank for default)" schema: type: string default: "" - variable: OPENID_MAX_TOKEN_VALIDITY label: "OpenID Max Token Validity (Leave blank for default)" schema: type: string default: "" - variable: radius group: "App Configuration" label: "Radius Configuration" schema: additional_attrs: true type: dict attrs: - variable: radius_enabled label: "Enable Radius" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: RADIUS_SHARED_SECRET label: "Radius Shared Secret" schema: type: string required: true default: "" - variable: RADIUS_AUTH_PROTOCOL label: "Radius Auth Protocol" schema: type: string required: true default: "eap-tls" enum: - value: "pap" description: "pap" - value: "chap" description: "chap" - value: "mschapv1" description: "mschapv1" - value: "mschapv2" description: "mschapv2" - value: "eap-md5" description: "eap-md5" - value: "eap-tls" description: "eap-tls" - value: "eap-ttls" description: "eap-ttls" - variable: RADIUS_HOSTNAME label: "Radius Hostname (Leave blank for default)" schema: type: string default: "" - variable: RADIUS_AUTH_PORT label: "Radius Auth Port (Leave blank for default)" schema: type: string default: "" - variable: RADIUS_KEY_FILE label: "Radius Key File (Leave blank for default)" schema: type: string default: "" - variable: RADIUS_KEY_TYPE label: "Radius Key Type" schema: type: string default: "" enum: - value: "" description: "Default" - value: "pem" description: "pem" - value: "jceks" description: "jceks" - value: "jks" description: "jks" - value: "pkcs12" description: "pkcs12" - variable: RADIUS_KEY_PASSWORD label: "Radius Key Password (Leave blank if no password)" schema: type: string default: "" - variable: RADIUS_CA_FILE label: "Radius CA File (Leave blank for default)" schema: type: string default: "" - variable: RADIUS_CA_TYPE label: "Radius CA Type" schema: type: string default: "" enum: - value: "" description: "Default" - value: "pem" description: "pem" - value: "jceks" description: "jceks" - value: "jks" description: "jks" - value: "pkcs12" description: "pkcs12" - variable: RADIUS_CA_PASSWORD label: "Radius CA Password (Leave blank if no password)" schema: type: string default: "" - variable: RADIUS_TRUST_ALL label: "Radius Trust All" schema: type: boolean default: false - variable: RADIUS_RETRIES label: "Radius Retries (Leave blank for default)" schema: type: string default: "" - variable: RADIUS_TIMEOUT label: "Radius Timeout (Leave blank for default)" schema: type: string default: "" - variable: RADIUS_EAP_TTLS_INNER_PROTOCOL label: "Radius eap-ttls Inner Protocol" description: "Only has effect when RADIUS_AUTH_PROTOCOL is set to eap-ttls" schema: type: string default: "eap-tls" enum: - value: "pap" description: "pap" - value: "chap" description: "chap" - value: "mschapv1" description: "mschapv1" - value: "mschapv2" description: "mschapv2" - value: "eap-md5" description: "eap-md5" - value: "eap-tls" description: "eap-tls" - variable: ldap group: "App Configuration" label: "LDAP Configuration" schema: additional_attrs: true type: dict attrs: - variable: ldap_enabled label: "Enable LDAP" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: LDAP_HOSTNAME label: "LDAP Hostname (Leave blank for default)" schema: type: string required: true default: "" - variable: LDAP_USER_BASE_DN label: "LDAP User Base DN" schema: type: string required: true default: "" - variable: LDAP_PORT label: "LDAP Port (Leave blank for default)" schema: type: string default: "" - variable: LDAP_ENCRYPTION_METHOD label: "LDAP Encryption Method (Leave blank for default)" schema: type: string default: "" enum: - value: "" description: "Default" - value: "none" description: "none" - value: "ssl" description: "ssl" - value: "starttls" description: "starttls" - variable: LDAP_MAX_SEARCH_RESULTS label: "LDAP Max Search Results (Leave blank for default)" schema: type: string default: "" - variable: LDAP_SEARCH_BIND_DN label: "LDAP Search Bind DN (Leave blank for default)" schema: type: string default: "" - variable: LDAP_USER_ATTRIBUTES label: "LDAP User Attributes" schema: type: string default: "" - variable: LDAP_SEARCH_BIND_PASSWORD label: "LDAP Search Bind Password (Leave blank if no password)" schema: type: string default: "" - variable: LDAP_USERNAME_ATTRIBUTE label: "LDAP Username Attribute" schema: type: string default: "" - variable: LDAP_MEMBER_ATTRIBUTE label: "LDAP Member Attribute" schema: type: string default: "" - variable: LDAP_USER_SEARCH_FILTER label: "LDAP User Search Filter (Leave blank for default)" schema: type: string default: "" - variable: LDAP_CONFIG_BASE_DN label: "LDAP Config Base DN" schema: type: string default: "" - variable: LDAP_GROUP_BASE_DN label: "LDAP Group Base DN" schema: type: string default: "" - variable: LDAP_GROUP_SEARCH_FILTER label: "LDAP Group Search Filter (Leave blank for default)" schema: type: string default: "" - variable: LDAP_MEMBER_ATTRIBUTE_TYPE label: "LDAP Encryption Method" schema: type: string default: "" enum: - value: "" description: "Default" - value: "dn" description: "dn" - value: "uid" description: "uid" - variable: LDAP_GROUP_NAME_ATTRIBUTE label: "LDAP Group Name Attribute (Leave blank for default)" schema: type: string default: "" - variable: LDAP_DEREFERENCE_ALIASES label: "LDAP Dereference Aliases" schema: type: string default: "" enum: - value: "" description: "Default" - value: "never" description: "never" - value: "searching" description: "searching" - value: "finding" description: "finding" - value: "always" description: "always" - variable: LDAP_FOLLOW_REFERRALS label: "LDAP Follow Referrals" schema: type: boolean default: false - variable: LDAP_MAX_REFERRAL_HOPS label: "LDAP Max Referrals Hops (Leave blank for default)" schema: type: string default: "" - variable: LDAP_OPERATION_TIMEOUT label: "LDAP Operation Timeout (Leave blank for default)" schema: type: string default: "" - variable: saml group: "App Configuration" label: "SAML Configuration" schema: additional_attrs: true type: dict attrs: - variable: saml_enabled label: "Enable SAML" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: SAML_IDP_METADATA_URL label: "SAML IDP Metadata URL" schema: type: string default: "" - variable: SAML_IDP_URL label: "SAML IDP URL" schema: type: string default: "" - variable: SAML_ENTITY_ID label: "SAML Entity ID" schema: type: string default: "" - variable: SAML_CALLBACK_URL label: "SAML Callback URL" schema: type: string default: "" - variable: SAML_STRICT label: "SAML Strict" schema: type: boolean default: true - variable: SAML_DEBUG label: "SAML Debug" schema: type: boolean default: false - variable: SAML_COMPRESS_REQUEST label: "SAML Compress Request" schema: type: boolean default: true - variable: SAML_COMPRESS_RESPONSE label: "SAML Compress Response" schema: type: boolean default: true - variable: SAML_GROUP_ATTRIBUTE label: "SAML Group Attribute (Leave empty for default)" schema: type: string default: "" - variable: proxy group: "App Configuration" label: "Proxy Configuration" schema: additional_attrs: true type: dict attrs: - variable: REMOTE_IP_VALVE_ENABLED label: "Enable Proxy" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: PROXY_BY_HEADER label: "Proxy by Header (Leave empty for default)" schema: type: string default: "" - variable: PROXY_PROTOCOL_HEADER label: "Proxy Protocol Header (Leave empty for default)" schema: type: string default: "" - variable: PROXY_IP_HEADER label: "Proxy IP Header (Leave empty for default)" schema: type: string default: "" - variable: PROXY_ALLOWED_IPS_REGEX label: "Proxy Allowed IP Regex (Leave empty for default)" schema: type: string default: "" # Include{containerConfig} # Include{podOptions} # Include{serviceRoot} - variable: main label: "Main Service" description: "The Primary service on which the healthcheck runs, often the webUI" schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main label: "Main Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 9998 required: true # Include{serviceExpertRoot} # Include{serviceExpert} # Include{serviceList} # Include{persistenceList} # Include{ingressRoot} - variable: main label: "Main Ingress" schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressList} # Include{securityContextRoot} - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 1001 - variable: runAsGroup label: "runAsGroup" description: "The groupID of the user running the application" schema: type: int default: 1001 # Include{securityContextContainer} # Include{securityContextAdvanced} # Include{securityContextPod} - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage" schema: type: int default: 568 # Include{resources} # Include{advanced} # Include{addons} # Include{codeserver} # Include{netshoot} # Include{vpn} # Include{documentation}