# Include{groups} portals: open: # Include{portalLink} questions: # Include{global} # Include{credentials} # Include{workload} # Include{workloadDeployment} # Include{replicas1} # Include{podSpec} # Include{containerMain} # Include{containerBasic} # Include{containerAdvanced} - variable: guacamole label: Guacamole Configuration group: App Configuration schema: type: dict additional_attrs: true attrs: - variable: general label: General Configuration schema: additional_attrs: true type: dict attrs: - variable: EXTENSION_PRIORITY label: Extension Priority description: A comma-separated list of the namespaces of all extensions that should be loaded in a specific order schema: type: string default: "" - variable: api label: API Configuration schema: additional_attrs: true type: dict attrs: - variable: API_SESSION_TIMEOUT label: API Session Timeout (in minutes) schema: type: int default: 60 - variable: totp label: TOTP Configuration schema: additional_attrs: true type: dict attrs: - variable: TOTP_ENABLED label: Enable TOTP schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: TOTP_ISSUER label: TOTP Issuer schema: type: string default: Apache Guacamole required: true - variable: TOTP_PERIOD label: TOTP Period schema: type: int default: 30 required: true - variable: TOTP_DIGITS label: TOTP Digits schema: type: int min: 6 max: 8 default: 6 required: true - variable: TOTP_MODE label: TOTP Mode schema: type: string default: sha1 required: true enum: - value: sha1 description: sha1 - value: sha256 description: sha256 - value: sha512 description: sha512 - variable: header label: Header Configuration schema: additional_attrs: true type: dict attrs: - variable: HEADER_ENABLED label: Enable Header schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: HTTP_AUTH_HEADER label: HTTP Auth Header schema: type: string required: true default: REMOTE_USER - variable: json label: JSON Configuration schema: additional_attrs: true type: dict attrs: - variable: json_enabled label: Enable JSON schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: JSON_SECRET_KEY label: JSON Secret Key schema: type: string required: true default: "" - variable: JSON_TRUSTED_NETWORKS label: JSON Trusted Networks (Leave blank for unrestricted description: "Comma separated list e.g.: 127.0.0.0/8, 10.0.0.0/8" schema: type: string default: "" - variable: duo label: DUO Configuration schema: additional_attrs: true type: dict attrs: - variable: duo_enabled label: Enable DUO schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: DUO_API_HOSTNAME label: DUO API Hostname (api-XXXXXXXX.duosecurity.com) schema: type: string required: true default: "" - variable: DUO_INTEGRATION_KEY label: DUO Integration Key (Exactly 20 chars) schema: min_length: 20 max_length: 20 type: string required: true default: "" - variable: DUO_SECRET_KEY label: DUO Secret Key (Exactly 40 chars) schema: min_length: 40 max_length: 40 type: string required: true default: "" - variable: DUO_APPLICATION_KEY label: DUO Application Key (At least 40 chars) schema: min_length: 40 type: string required: true default: "" - variable: cas label: CAS Configuration schema: additional_attrs: true type: dict attrs: - variable: cas_enabled label: Enable CAS schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CAS_AUTHORIZATION_ENDPOINT label: CAS Authorization Endpoint schema: type: string required: true default: "" - variable: CAS_REDIRECT_URI label: CAS Redirect URI schema: type: string required: true default: "" - variable: CAS_CLEARPASS_KEY label: CAS Clearpass Key schema: type: string default: "" - variable: CAS_GROUP_ATTRIBUTE label: CAS Group Attribute schema: type: string default: "" - variable: CAS_GROUP_LDAP_BASE_DN label: CAS Group LDAP Base DN schema: type: string default: "" - variable: CAS_GROUP_LDAP_ATTRIBUTE label: CAS Group LDAP Attribute schema: type: string default: "" - variable: CAS_GROUP_FORMAT label: CAS Group Format schema: type: string default: plain enum: - value: plain description: plain - value: ldap description: ldap - variable: openid label: OpenID Configuration schema: additional_attrs: true type: dict attrs: - variable: openid_enabled label: Enable OpenID schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: OPENID_AUTHORIZATION_ENDPOINT label: OpenID Authorization Endpoint schema: type: string required: true default: "" - variable: OPENID_JWKS_ENDPOINT label: OpenID JWKS Endpoint schema: type: string required: true default: "" - variable: OPENID_ISSUER label: OpenID Issuer schema: type: string required: true default: "" - variable: OPENID_CLIENT_ID label: OpenID Client ID schema: type: string required: true default: "" - variable: OPENID_REDIRECT_URI label: OpenID Redirect URI schema: type: string required: true default: "" - variable: OPENID_USERNAME_CLAIM_TYPE label: OpenID Username Claim Type schema: type: string required: true default: email - variable: OPENID_GROUPS_CLAIM_TYPE label: OpenID Groups Claim Type schema: type: string required: true default: groups - variable: OPENID_SCOPE label: OpenID Scope schema: type: string default: openid email profile - variable: OPENID_ALLOWED_CLOCK_SKEW label: OpenID Allowed Clock Skew (in seconds) schema: type: int required: true default: 30 - variable: OPENID_MAX_TOKEN_VALIDITY label: OpenID Max Token Validity (in minutes) schema: type: int required: true default: 300 - variable: OPENID_MAX_NONCE_VALIDITY label: OpenID Max Nonce Validity (in minutes) schema: type: int required: true default: 10 - variable: radius label: Radius Configuration schema: additional_attrs: true type: dict attrs: - variable: radius_enabled label: Enable Radius schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: RADIUS_SHARED_SECRET label: Radius Shared Secret schema: type: string required: true default: "" - variable: RADIUS_AUTH_PROTOCOL label: Radius Auth Protocol schema: type: string required: true default: eap-tls enum: - value: pap description: pap - value: chap description: chap - value: mschapv1 description: mschapv1 - value: mschapv2 description: mschapv2 - value: eap-md5 description: eap-md5 - value: eap-tls description: eap-tls - value: eap-ttls description: eap-ttls - variable: RADIUS_HOSTNAME label: Radius Hostname schema: type: string required: true default: "" - variable: RADIUS_AUTH_PORT label: Radius Auth Port schema: type: int default: 1812 - variable: RADIUS_KEY_FILE label: Radius Key File schema: type: string default: "" - variable: RADIUS_KEY_TYPE label: Radius Key Type schema: type: string default: pkcs12 required: true enum: - value: pem description: pem - value: jceks description: jceks - value: jks description: jks - value: pkcs12 description: pkcs12 - variable: RADIUS_KEY_PASSWORD label: Radius Key Password schema: type: string default: "" - variable: RADIUS_CA_FILE label: Radius CA File schema: type: string default: "" - variable: RADIUS_CA_TYPE label: Radius CA Type schema: type: string required: true default: pem enum: - value: pem description: pem - value: jceks description: jceks - value: jks description: jks - value: pkcs12 description: pkcs12 - variable: RADIUS_CA_PASSWORD label: Radius CA Password schema: type: string default: "" - variable: RADIUS_TRUST_ALL label: Radius Trust All schema: type: boolean default: false - variable: RADIUS_RETRIES label: Radius Retries schema: type: int required: true default: 5 - variable: RADIUS_TIMEOUT label: Radius Timeout schema: type: int required: true default: 60 - variable: RADIUS_EAP_TTLS_INNER_PROTOCOL label: Radius eap-ttls Inner Protocol description: Only has effect when RADIUS_AUTH_PROTOCOL is set to eap-ttls schema: type: string default: eap-tls required: true enum: - value: pap description: pap - value: chap description: chap - value: mschapv1 description: mschapv1 - value: mschapv2 description: mschapv2 - value: eap-md5 description: eap-md5 - value: eap-tls description: eap-tls - variable: RADIUS_NAS_IP label: Radius Network Access Server IP schema: type: string default: "" - variable: ldap group: "App Configuration" label: LDAP Configuration schema: additional_attrs: true type: dict attrs: - variable: ldap_enabled label: Enable LDAP schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: LDAP_HOSTNAME label: LDAP Hostname schema: type: string required: true default: "" - variable: LDAP_USER_BASE_DN label: LDAP User Base DN schema: type: string required: true default: "" - variable: LDAP_PORT label: LDAP Port schema: type: int default: 389 - variable: LDAP_ENCRYPTION_METHOD label: LDAP Encryption Method schema: type: string default: none required: true enum: - value: none description: none - value: ssl description: ssl - value: starttls description: starttls - variable: LDAP_MAX_SEARCH_RESULTS label: LDAP Max Search Results schema: type: int default: 1000 - variable: LDAP_SEARCH_BIND_DN label: LDAP Search Bind DN schema: type: string default: "" - variable: LDAP_USER_ATTRIBUTES label: LDAP User Attributes schema: type: string default: "" - variable: LDAP_SEARCH_BIND_PASSWORD label: LDAP Search Bind Password schema: type: string default: "" - variable: LDAP_USERNAME_ATTRIBUTE label: LDAP Username Attribute schema: type: string default: uid - variable: LDAP_MEMBER_ATTRIBUTE label: LDAP Member Attribute schema: type: string default: member - variable: LDAP_USER_SEARCH_FILTER label: LDAP User Search Filter schema: type: string default: "(objectClass=*)" - variable: LDAP_CONFIG_BASE_DN label: LDAP Config Base DN schema: type: string default: "" - variable: LDAP_GROUP_BASE_DN label: LDAP Group Base DN schema: type: string default: "" - variable: LDAP_GROUP_SEARCH_FILTER label: LDAP Group Search Filter schema: type: string default: "(objectClass=*)" - variable: LDAP_MEMBER_ATTRIBUTE_TYPE label: LDAP Member Attribute Type schema: type: string default: dn required: true enum: - value: dn description: dn - value: uid description: uid - variable: LDAP_GROUP_NAME_ATTRIBUTE label: LDAP Group Name Attribute schema: type: string default: cn - variable: LDAP_DEREFERENCE_ALIASES label: LDAP Dereference Aliases schema: type: string required: true default: never enum: - value: never description: never - value: searching description: searching - value: finding description: finding - value: always description: always - variable: LDAP_FOLLOW_REFERRALS label: LDAP Follow Referrals schema: type: boolean default: false - variable: LDAP_MAX_REFERRAL_HOPS label: LDAP Max Referrals Hops schema: type: int required: true default: 5 - variable: LDAP_OPERATION_TIMEOUT label: LDAP Operation Timeout schema: type: int required: true default: 30 - variable: saml label: SAML Configuration schema: additional_attrs: true type: dict attrs: - variable: saml_enabled label: Enable SAML schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: SAML_IDP_METADATA_URL label: SAML IDP Metadata URL schema: type: string default: "" - variable: SAML_IDP_URL label: SAML IDP URL schema: type: string default: "" - variable: SAML_ENTITY_ID label: SAML Entity ID schema: type: string default: "" - variable: SAML_CALLBACK_URL label: SAML Callback URL schema: type: string default: "" - variable: SAML_STRICT label: SAML Strict schema: type: boolean default: true - variable: SAML_DEBUG label: SAML Debug schema: type: boolean default: false - variable: SAML_COMPRESS_REQUEST label: SAML Compress Request schema: type: boolean default: true - variable: SAML_COMPRESS_RESPONSE label: SAML Compress Response schema: type: boolean default: true - variable: SAML_GROUP_ATTRIBUTE label: SAML Group Attribute schema: type: string required: true default: groups - variable: proxy label: Proxy Configuration schema: additional_attrs: true type: dict attrs: - variable: REMOTE_IP_VALVE_ENABLED label: Enable Proxy schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: PROXY_BY_HEADER label: Proxy by Header schema: type: string default: "" - variable: PROXY_PROTOCOL_HEADER label: Proxy Protocol Header schema: type: string default: "" - variable: PROXY_IP_HEADER label: Proxy IP Header schema: type: string default: "" - variable: PROXY_ALLOWED_IPS_REGEX label: Proxy Allowed IP Regex schema: type: string default: "" # Include{containerConfig} # Include{podOptions} # Include{serviceRoot} - variable: main label: Main Service description: The Primary service on which the healthcheck runs, often the webUI schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main label: Main Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 9998 required: true # Include{externalInterfaces} # Include{serviceList} # Include{persistenceRoot} - variable: recordings label: App Recordings Storage description: Mounts this volume at [/var/lib/guacamole/recordings] in both guacd and client containers schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} - variable: drive label: Virtual Drive Storage (guacd) description: Mounts this volume at [/var/lib/guacamole/drive] in the guacd container schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} # Include{persistenceList} # Include{ingressRoot} - variable: main label: Main Ingress schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressAdvanced} # Include{ingressList} # Include{securityContextRoot} - variable: runAsUser label: runAsUser description: The UserID of the user running the application schema: type: int default: 1001 - variable: runAsGroup label: runAsGroup description: The groupID of the user running the application schema: type: int default: 1001 # Include{securityContextContainer} # Include{securityContextAdvanced} # Include{securityContextPod} - variable: fsGroup label: fsGroup description: The group that should own ALL storage schema: type: int default: 568 # Include{resources} # Include{postgresql} # Include{advanced} # Include{addons} # Include{codeserver} # Include{netshoot} # Include{vpn} # Include{documentation}