image: repository: tccr.io/truecharts/guacamole-client pullPolicy: IfNotPresent tag: v1.4.0@sha256:43f7b0575173f509b5215a89170dfea80ea07f0b2bfed405882a4bc7ec9dfa52 podSecurityContext: runAsUser: 1001 runAsGroup: 1001 securityContext: readOnlyRootFilesystem: false service: main: ports: main: port: 9998 targetPort: 8080 env: POSTGRES_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}" POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}" POSTGRES_PORT: 5432 GUACD_HOSTNAME: "localhost" GUACD_PORT: 4822 POSTGRES_HOSTNAME: secretKeyRef: name: dbcreds key: plainhost POSTGRES_PASSWORD: secretKeyRef: name: dbcreds key: postgresql-password envFrom: - configMapRef: name: guacamole-client-env totp: TOTP_ENABLED: false # TOTP_ISSUER: "Apache Guacamole" # TOTP_DIGITS: "6" # TOTP_PERIOD: "30" # TOTP_MODE: "sha1" header: HEADER_ENABLED: false # HTTP_AUTH_HEADER: "REMOTE_USER" api: {} # API_SESSION_TIMEOUT: "60" general: {} # EXTENSION_PRIORITY: "openid" json: {} # JSON_SECRET_KEY: "random32charkey" # JSON_TRUSTED_NETWORKS: "127.0.0.0/8, 10.0.0.0/8" duo: {} # DUO_API_HOSTNAME: "api-XXXXXXXX.duosecurity.com" # DUO_INTEGRATION_KEY: "exactly20charkey" # DUO_SECRET_KEY: "exactly40charkey" # DUO_APPLICATION_KEY: "atleast40charkey" cas: {} # CAS_AUTHORIZATION_ENDPOINT: "" # CAS_REDIRECT_URI: "" # CAS_CLEARPASS_KEY: "" # CAS_GROUP_ATTRIBUTE: "" # CAS_GROUP_FORMAT: "plain" # CAS_GROUP_LDAP_BASE_DN: "" # CAS_GROUP_LDAP_ATTRIBUTE: "" openid: {} # OPENID_AUTHORIZATION_ENDPOINT: "" # OPENID_JWKS_ENDPOINT: "" # OPENID_ISSUER: "" # OPENID_CLIENT_ID: "" # OPENID_REDIRECT_URI: "" # OPENID_USERNAME_CLAIM_TYPE: "email" # OPENID_GROUPS_CLAIM_TYPE: "groups" # OPENID_MAX_TOKEN_VALIDITY: "300" radius: {} # RADIUS_HOSTNAME: "localhost" # RADIUS_AUTH_PORT: "1812" # RADIUS_SHARED_SECRET: "" # RADIUS_AUTH_PROTOCOL: "eap-tls" # RADIUS_KEY_FILE: "" # RADIUS_KEY_TYPE: "pkcs12" # RADIUS_KEY_PASSWORD: "" # RADIUS_CA_FILE: "" # RADIUS_CA_TYPE: "pem" # RADIUS_CA_PASSWORD: "" # RADIUS_TRUST_ALL: "false" # RADIUS_RETRIES: "5" # RADIUS_TIMEOUT: "60" # RADIUS_EAP_TTLS_INNER_PROTOCOL: "eap-tls" ldap: {} # LDAP_HOSTNAME: "localhost" # LDAP_USER_BASE_DN: "" # LDAP_PORT: "389" # LDAP_ENCRYPTION_METHOD: "none" # LDAP_MAX_SEARCH_RESULTS: "1000" # LDAP_SEARCH_BIND_DN: "" # LDAP_USER_ATTRIBUTES: "" # LDAP_SEARCH_BIND_PASSWORD: "" # LDAP_USERNAME_ATTRIBUTE: "" # LDAP_MEMBER_ATTRIBUTE: "" # LDAP_USER_SEARCH_FILTER: "(objectClass=*)" # LDAP_CONFIG_BASE_DN: "" # LDAP_GROUP_BASE_DN: "" # LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)" # LDAP_MEMBER_ATTRIBUTE_TYPE: "dn" # LDAP_GROUP_NAME_ATTRIBUTE: "cn" # LDAP_DEREFERENCE_ALIASES: "never" # LDAP_FOLLOW_REFERRALS: "false" # LDAP_MAX_REFERRAL_HOPS: "5" # LDAP_OPERATION_TIMEOUT: "30" saml: {} # SAML_IDP_METADATA_URL: "" # SAML_IDP_URL: # SAML_ENTITY_ID: # SAML_CALLBACK_URL: # SAML_STRICT: # SAML_DEBUG: # SAML_COMPRESS_REQUEST: # SAML_COMPRESS_RESPONSE: # SAML_GROUP_ATTRIBUTE: postgresql: enabled: true existingSecret: "dbcreds" postgresqlUsername: guacamole postgresqlDatabase: guacamole probes: liveness: path: "/guacamole" readiness: path: "/guacamole" startup: path: "/guacamole" persistence: initdbdata: enabled: true mountPath: "/initdbdata" # Both temphack and temphackalso will be removed on the next image release temphack: enabled: true mountPath: "/opt/guacamole/postgresql-hack" temphackalso: enabled: true mountPath: "/opt/guacamole/postgresql" initContainers: 1-creat-initdb-file: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" volumeMounts: - name: initdbdata mountPath: "/initdbdata" command: ["/bin/sh", "-c"] args: - > echo "Creating initdb.sql file..."; /opt/guacamole/bin/initdb.sh --postgres > /initdbdata/initdb.sql; if [ -e /initdbdata/initdb.sql ]; then echo "Init file created successfully!"; exit 0; else echo "Init file failed to create."; exit 1; fi; 2-initdb: image: "{{ .Values.postgresqlImage.repository }}:{{ .Values.postgresqlImage.tag }}" env: - name: POSTGRES_DATABASE value: "{{ .Values.postgresql.postgresqlDatabase }}" - name: POSTGRES_USER value: "{{ .Values.postgresql.postgresqlUsername }}" - name: POSTGRES_PORT value: "5432" - name: POSTGRES_HOSTNAME valueFrom: secretKeyRef: name: dbcreds key: plainhost - name: PGPASSWORD valueFrom: secretKeyRef: name: dbcreds key: postgresql-password volumeMounts: - name: initdbdata mountPath: "/initdbdata" command: ["/bin/sh", "-c"] args: - > psql -h $POSTGRES_HOSTNAME -d $POSTGRES_DATABASE -U $POSTGRES_USER -p $POSTGRES_PORT -o '/dev/null' -c 'SELECT * FROM public.guacamole_user'; if [ $? -eq 0 ]; then echo "DB already initialized. Skipping..."; else echo "Initializing DB's schema..."; psql -h $POSTGRES_HOSTNAME -d $POSTGRES_DATABASE -U $POSTGRES_USER -p $POSTGRES_PORT -a -w -f /initdbdata/initdb.sql; if [ $? -eq 0 ]; then echo "DB's schema initialized successfully!"; exit 0; else echo "DB's schema failed to initialize."; exit 1; fi; fi; # Until they release an image with the updated driver, we need to manually replace it. # https://issues.apache.org/jira/browse/GUACAMOLE-1433 # https://github.com/apache/guacamole-client/pull/655 # Both 3-temp-hach and 4-temp-hack will be removed on the next image release 3-temp-hack: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" securityContext: runAsUser: 1001 runAsGroup: 1001 volumeMounts: - name: temphack mountPath: "/opt/guacamole/postgresql-hack" command: ["/bin/sh", "-c"] args: - > echo "Checing postgresql driver version..."; if [ -e /opt/guacamole/postgresql/postgresql-42.2.24.jre7.jar ]; then echo "Version found is correct."; exit 0; else echo "Old version found. Will try to download a known-to-work version."; echo "Downloading (postgresql-42.2.24.jre7.jar)..."; curl -L "https://jdbc.postgresql.org/download/postgresql-42.2.24.jre7.jar" > "/opt/guacamole/postgresql-hack/postgresql-42.2.24.jre7.jar"; if [ -e /opt/guacamole/postgresql-hack/postgresql-42.2.24.jre7.jar ]; then echo "Downloaded successfully!"; cp -r /opt/guacamole/postgresql/* /opt/guacamole/postgresql-hack/; if [ -e /opt/guacamole/postgresql-hack/postgresql-9.4-1201.jdbc41.jar ]; then echo "Removing old version... (postgresql-9.4-1201.jdbc41.jar)"; rm "/opt/guacamole/postgresql-hack/postgresql-9.4-1201.jdbc41.jar"; if [ $? -eq 0 ]; then echo "Removed successfully!"; else echo "Failed to remove."; exit 1; fi; fi; else echo "Failed to download."; exit 1; fi; fi; 4-temp-hack: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" securityContext: runAsUser: 1001 runAsGroup: 1001 volumeMounts: - name: temphack mountPath: "/opt/guacamole/postgresql-hack" - name: temphackalso mountPath: "/opt/guacamole/postgresql" command: ["/bin/sh", "-c"] args: - > echo "Copying postgres driver into the final destination."; cp -r /opt/guacamole/postgresql-hack/* /opt/guacamole/postgresql/; if [ -e /opt/guacamole/postgresql/postgresql-42.2.24.jre7.jar ]; then echo "Driver copied successfully!"; else echo "Failed to copy the driver"; fi;