Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code
TrueChartsClone/charts/stable/guacamole-client/values.yaml

314 lines
8.6 KiB
YAML
Raw Blame History

image:
repository: tccr.io/truecharts/guacamole-client
pullPolicy: IfNotPresent
tag: v1.4.0@sha256:ee47f0bfa10658683f46cd08316dac56dfb78a0a71a579db0efecd59466adfee
podSecurityContext:
runAsUser: 1001
runAsGroup: 1001
securityContext:
readOnlyRootFilesystem: false
service:
main:
ports:
main:
port: 9998
targetPort: 8080
env:
# Will probably be removed on 1.5.0 (https://github.com/apache/guacamole-client/pull/717)
POSTGRES_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}"
POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}"
POSTGRES_PORT: 5432
POSTGRES_HOSTNAME:
secretKeyRef:
name: dbcreds
key: plainhost
POSTGRES_PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
# New format
POSTGRESQL_PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
POSTGRESQL_HOSTNAME:
secretKeyRef:
name: dbcreds
key: plainhost
POSTGRESQL_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}"
POSTGRESQL_USER: "{{ .Values.postgresql.postgresqlUsername }}"
POSTGRESQL_PORT: 5432
GUACD_HOSTNAME: "localhost"
GUACD_PORT: 4822
envFrom:
- configMapRef:
name: guacamole-client-env
totp:
TOTP_ENABLED: false
# TOTP_ISSUER: "Apache Guacamole"
# TOTP_DIGITS: "6"
# TOTP_PERIOD: "30"
# TOTP_MODE: "sha1"
header:
HEADER_ENABLED: false
# HTTP_AUTH_HEADER: "REMOTE_USER"
api:
{}
# API_SESSION_TIMEOUT: "60"
general:
{}
# EXTENSION_PRIORITY: "openid"
json:
{}
# JSON_SECRET_KEY: "random32charkey"
# JSON_TRUSTED_NETWORKS: "127.0.0.0/8, 10.0.0.0/8"
duo:
{}
# DUO_API_HOSTNAME: "api-XXXXXXXX.duosecurity.com"
# DUO_INTEGRATION_KEY: "exactly20charkey"
# DUO_SECRET_KEY: "exactly40charkey"
# DUO_APPLICATION_KEY: "atleast40charkey"
cas:
{}
# CAS_AUTHORIZATION_ENDPOINT: ""
# CAS_REDIRECT_URI: ""
# CAS_CLEARPASS_KEY: ""
# CAS_GROUP_ATTRIBUTE: ""
# CAS_GROUP_FORMAT: "plain"
# CAS_GROUP_LDAP_BASE_DN: ""
# CAS_GROUP_LDAP_ATTRIBUTE: ""
openid:
{}
# OPENID_AUTHORIZATION_ENDPOINT: ""
# OPENID_JWKS_ENDPOINT: ""
# OPENID_ISSUER: ""
# OPENID_CLIENT_ID: ""
# OPENID_REDIRECT_URI: ""
# OPENID_USERNAME_CLAIM_TYPE: "email"
# OPENID_GROUPS_CLAIM_TYPE: "groups"
# OPENID_MAX_TOKEN_VALIDITY: "300"
radius:
{}
# RADIUS_HOSTNAME: "localhost"
# RADIUS_AUTH_PORT: "1812"
# RADIUS_SHARED_SECRET: ""
# RADIUS_AUTH_PROTOCOL: "eap-tls"
# RADIUS_KEY_FILE: ""
# RADIUS_KEY_TYPE: "pkcs12"
# RADIUS_KEY_PASSWORD: ""
# RADIUS_CA_FILE: ""
# RADIUS_CA_TYPE: "pem"
# RADIUS_CA_PASSWORD: ""
# RADIUS_TRUST_ALL: "false"
# RADIUS_RETRIES: "5"
# RADIUS_TIMEOUT: "60"
# RADIUS_EAP_TTLS_INNER_PROTOCOL: "eap-tls"
ldap:
{}
# LDAP_HOSTNAME: "localhost"
# LDAP_USER_BASE_DN: ""
# LDAP_PORT: "389"
# LDAP_ENCRYPTION_METHOD: "none"
# LDAP_MAX_SEARCH_RESULTS: "1000"
# LDAP_SEARCH_BIND_DN: ""
# LDAP_USER_ATTRIBUTES: ""
# LDAP_SEARCH_BIND_PASSWORD: ""
# LDAP_USERNAME_ATTRIBUTE: ""
# LDAP_MEMBER_ATTRIBUTE: ""
# LDAP_USER_SEARCH_FILTER: "(objectClass=*)"
# LDAP_CONFIG_BASE_DN: ""
# LDAP_GROUP_BASE_DN: ""
# LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)"
# LDAP_MEMBER_ATTRIBUTE_TYPE: "dn"
# LDAP_GROUP_NAME_ATTRIBUTE: "cn"
# LDAP_DEREFERENCE_ALIASES: "never"
# LDAP_FOLLOW_REFERRALS: false
# LDAP_MAX_REFERRAL_HOPS: "5"
# LDAP_OPERATION_TIMEOUT: "30"
saml:
{}
# SAML_IDP_METADATA_URL: ""
# SAML_IDP_URL:
# SAML_ENTITY_ID:
# SAML_CALLBACK_URL:
# SAML_STRICT:
# SAML_DEBUG:
# SAML_COMPRESS_REQUEST:
# SAML_COMPRESS_RESPONSE:
# SAML_GROUP_ATTRIBUTE:
proxy:
{}
# REMOTE_IP_VALVE_ENABLED: false
# PROXY_BY_HEADER: ""
# PROXY_PROTOCOL_HEADER: ""
# PROXY_IP_HEADER: ""
# PROXY_ALLOWED_IPS_REGEX: ""
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: guacamole
postgresqlDatabase: guacamole
probes:
liveness:
path: "/guacamole"
readiness:
path: "/guacamole"
startup:
path: "/guacamole"
persistence:
initdbdata:
enabled: true
mountPath: "/initdbdata"
# Both temphack and temphackalso will be removed on the next image release
temphack:
enabled: true
mountPath: "/opt/guacamole/postgresql-hack"
temphackalso:
enabled: true
mountPath: "/opt/guacamole/postgresql"
initContainers:
1-creat-initdb-file:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
volumeMounts:
- name: initdbdata
mountPath: "/initdbdata"
command: ["/bin/sh", "-c"]
args:
- |-
echo "Creating initdb.sql file..."
/opt/guacamole/bin/initdb.sh --postgres >/initdbdata/initdb.sql
if [ -e /initdbdata/initdb.sql ]; then
echo "Init file created successfully!"
exit 0
else
echo "Init file failed to create."
exit 1
fi
2-initdb:
image: "{{ .Values.ubuntuImage.repository }}:{{ .Values.ubuntuImage.tag }}"
env:
- name: POSTGRESQL_DATABASE
value: "{{ .Values.postgresql.postgresqlDatabase }}"
- name: POSTGRESQL_USER
value: "{{ .Values.postgresql.postgresqlUsername }}"
- name: POSTGRESQL_PORT
value: "5432"
- name: POSTGRESQL_HOSTNAME
valueFrom:
secretKeyRef:
name: dbcreds
key: plainhost
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: dbcreds
key: postgresql-password
volumeMounts:
- name: initdbdata
mountPath: "/initdbdata"
command: ["/bin/sh", "-c"]
args:
- |-
psql -h "$POSTGRESQL_HOSTNAME" -d "$POSTGRESQL_DATABASE" -U "$POSTGRESQL_USER" -p "$POSTGRESQL_PORT" -o '/dev/null' -c 'SELECT * FROM public.guacamole_user'
if [ $? -eq 0 ]; then
echo "DB already initialized. Skipping..."
else
echo "Initializing DB's schema..."
psql -h "$POSTGRESQL_HOSTNAME" -d "$POSTGRESQL_DATABASE" -U "$POSTGRESQL_USER" -p "$POSTGRESQL_PORT" -a -w -f /initdbdata/initdb.sql
if [ $? -eq 0 ]; then
echo "DB's schema initialized successfully!"
exit 0
else
echo "DB's schema failed to initialize."
exit 1
fi
fi
# Until they release an image with the updated driver, we need to manually replace it.
# https://issues.apache.org/jira/browse/GUACAMOLE-1433
# https://github.com/apache/guacamole-client/pull/655
# Both 3-temp-hach and 4-temp-hack will be removed on the next image release
3-temp-hack:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
securityContext:
runAsUser: 1001
runAsGroup: 1001
volumeMounts:
- name: temphack
mountPath: "/opt/guacamole/postgresql-hack"
command: ["/bin/sh", "-c"]
args:
- |-
echo "Checking postgresql driver version..."
if [ -e /opt/guacamole/postgresql/postgresql-42.2.24.jre7.jar ]; then
echo "Version found is correct."
exit 0
else
echo "Old version found. Will try to download a known-to-work version."
echo "Downloading (postgresql-42.2.24.jre7.jar)..."
curl -L "https://jdbc.postgresql.org/download/postgresql-42.2.24.jre7.jar" >"/opt/guacamole/postgresql-hack/postgresql-42.2.24.jre7.jar"
if [ -e /opt/guacamole/postgresql-hack/postgresql-42.2.24.jre7.jar ]; then
echo "Downloaded successfully!"
cp -r /opt/guacamole/postgresql/* /opt/guacamole/postgresql-hack/
if [ -e /opt/guacamole/postgresql-hack/postgresql-9.4-1201.jdbc41.jar ]; then
echo "Removing old version... (postgresql-9.4-1201.jdbc41.jar)"
rm "/opt/guacamole/postgresql-hack/postgresql-9.4-1201.jdbc41.jar"
if [ $? -eq 0 ]; then
echo "Removed successfully!"
else
echo "Failed to remove."
exit 1
fi
fi
else
echo "Failed to download."
exit 1
fi
fi
4-temp-hack:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
securityContext:
runAsUser: 1001
runAsGroup: 1001
volumeMounts:
- name: temphack
mountPath: "/opt/guacamole/postgresql-hack"
- name: temphackalso
mountPath: "/opt/guacamole/postgresql"
command: ["/bin/sh", "-c"]
args:
- |-
echo "Copying postgres driver into the final destination."
cp -r /opt/guacamole/postgresql-hack/* /opt/guacamole/postgresql/
if [ -e /opt/guacamole/postgresql/postgresql-42.2.24.jre7.jar ]; then
echo "Driver copied successfully!"
else
echo "Failed to copy the driver"
fi
portal:
enabled: true
View Git Blame Copy Permalink