772 lines
29 KiB
YAML
772 lines
29 KiB
YAML
# Include{groups}
|
|
portals:
|
|
open:
|
|
# Include{portalLink}
|
|
questions:
|
|
# Include{global}
|
|
# Include{workload}
|
|
# Include{workloadDeployment}
|
|
# Include{replicas1}
|
|
# Include{podSpec}
|
|
# Include{containerMain}
|
|
# Include{containerBasic}
|
|
# Include{containerAdvanced}
|
|
- variable: guacamole
|
|
label: Guacamole Configuration
|
|
group: App Configuration
|
|
schema:
|
|
type: dict
|
|
additional_attrs: true
|
|
attrs:
|
|
- variable: general
|
|
label: General Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: EXTENSION_PRIORITY
|
|
label: Extension Priority
|
|
description: A comma-separated list of the namespaces of all extensions that should be loaded in a specific order
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: api
|
|
label: API Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: API_SESSION_TIMEOUT
|
|
label: API Session Timeout (in minutes)
|
|
schema:
|
|
type: int
|
|
default: 60
|
|
- variable: totp
|
|
label: TOTP Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: TOTP_ENABLED
|
|
label: Enable TOTP
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: TOTP_ISSUER
|
|
label: TOTP Issuer
|
|
schema:
|
|
type: string
|
|
default: Apache Guacamole
|
|
required: true
|
|
- variable: TOTP_PERIOD
|
|
label: TOTP Period
|
|
schema:
|
|
type: int
|
|
default: 30
|
|
required: true
|
|
- variable: TOTP_DIGITS
|
|
label: TOTP Digits
|
|
schema:
|
|
type: int
|
|
min: 6
|
|
max: 8
|
|
default: 6
|
|
required: true
|
|
- variable: TOTP_MODE
|
|
label: TOTP Mode
|
|
schema:
|
|
type: string
|
|
default: sha1
|
|
required: true
|
|
enum:
|
|
- value: sha1
|
|
description: sha1
|
|
- value: sha256
|
|
description: sha256
|
|
- value: sha512
|
|
description: sha512
|
|
- variable: header
|
|
label: Header Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: HEADER_ENABLED
|
|
label: Enable Header
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: HTTP_AUTH_HEADER
|
|
label: HTTP Auth Header
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: REMOTE_USER
|
|
- variable: json
|
|
label: JSON Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: json_enabled
|
|
label: Enable JSON
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: JSON_SECRET_KEY
|
|
label: JSON Secret Key
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: JSON_TRUSTED_NETWORKS
|
|
label: JSON Trusted Networks (Leave blank for unrestricted
|
|
description: "Comma separated list e.g.: 127.0.0.0/8, 10.0.0.0/8"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: duo
|
|
label: DUO Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: duo_enabled
|
|
label: Enable DUO
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: DUO_API_HOSTNAME
|
|
label: DUO API Hostname (api-XXXXXXXX.duosecurity.com)
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: DUO_INTEGRATION_KEY
|
|
label: DUO Integration Key (Exactly 20 chars)
|
|
schema:
|
|
min_length: 20
|
|
max_length: 20
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: DUO_SECRET_KEY
|
|
label: DUO Secret Key (Exactly 40 chars)
|
|
schema:
|
|
min_length: 40
|
|
max_length: 40
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: DUO_APPLICATION_KEY
|
|
label: DUO Application Key (At least 40 chars)
|
|
schema:
|
|
min_length: 40
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: cas
|
|
label: CAS Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: cas_enabled
|
|
label: Enable CAS
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: CAS_AUTHORIZATION_ENDPOINT
|
|
label: CAS Authorization Endpoint
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: CAS_REDIRECT_URI
|
|
label: CAS Redirect URI
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: CAS_CLEARPASS_KEY
|
|
label: CAS Clearpass Key
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: CAS_GROUP_ATTRIBUTE
|
|
label: CAS Group Attribute
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: CAS_GROUP_LDAP_BASE_DN
|
|
label: CAS Group LDAP Base DN
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: CAS_GROUP_LDAP_ATTRIBUTE
|
|
label: CAS Group LDAP Attribute
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: CAS_GROUP_FORMAT
|
|
label: CAS Group Format
|
|
schema:
|
|
type: string
|
|
default: plain
|
|
enum:
|
|
- value: plain
|
|
description: plain
|
|
- value: ldap
|
|
description: ldap
|
|
- variable: openid
|
|
label: OpenID Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: openid_enabled
|
|
label: Enable OpenID
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: OPENID_AUTHORIZATION_ENDPOINT
|
|
label: OpenID Authorization Endpoint
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: OPENID_JWKS_ENDPOINT
|
|
label: OpenID JWKS Endpoint
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: OPENID_ISSUER
|
|
label: OpenID Issuer
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: OPENID_CLIENT_ID
|
|
label: OpenID Client ID
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: OPENID_REDIRECT_URI
|
|
label: OpenID Redirect URI
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: OPENID_USERNAME_CLAIM_TYPE
|
|
label: OpenID Username Claim Type
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: email
|
|
- variable: OPENID_GROUPS_CLAIM_TYPE
|
|
label: OpenID Groups Claim Type
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: groups
|
|
- variable: OPENID_SCOPE
|
|
label: OpenID Scope
|
|
schema:
|
|
type: string
|
|
default: openid email profile
|
|
- variable: OPENID_ALLOWED_CLOCK_SKEW
|
|
label: OpenID Allowed Clock Skew (in seconds)
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 30
|
|
- variable: OPENID_MAX_TOKEN_VALIDITY
|
|
label: OpenID Max Token Validity (in minutes)
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 300
|
|
- variable: OPENID_MAX_NONCE_VALIDITY
|
|
label: OpenID Max Nonce Validity (in minutes)
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 10
|
|
- variable: radius
|
|
label: Radius Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: radius_enabled
|
|
label: Enable Radius
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: RADIUS_SHARED_SECRET
|
|
label: Radius Shared Secret
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: RADIUS_AUTH_PROTOCOL
|
|
label: Radius Auth Protocol
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: eap-tls
|
|
enum:
|
|
- value: pap
|
|
description: pap
|
|
- value: chap
|
|
description: chap
|
|
- value: mschapv1
|
|
description: mschapv1
|
|
- value: mschapv2
|
|
description: mschapv2
|
|
- value: eap-md5
|
|
description: eap-md5
|
|
- value: eap-tls
|
|
description: eap-tls
|
|
- value: eap-ttls
|
|
description: eap-ttls
|
|
- variable: RADIUS_HOSTNAME
|
|
label: Radius Hostname
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: RADIUS_AUTH_PORT
|
|
label: Radius Auth Port
|
|
schema:
|
|
type: int
|
|
default: 1812
|
|
- variable: RADIUS_KEY_FILE
|
|
label: Radius Key File
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: RADIUS_KEY_TYPE
|
|
label: Radius Key Type
|
|
schema:
|
|
type: string
|
|
default: pkcs12
|
|
required: true
|
|
enum:
|
|
- value: pem
|
|
description: pem
|
|
- value: jceks
|
|
description: jceks
|
|
- value: jks
|
|
description: jks
|
|
- value: pkcs12
|
|
description: pkcs12
|
|
- variable: RADIUS_KEY_PASSWORD
|
|
label: Radius Key Password
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: RADIUS_CA_FILE
|
|
label: Radius CA File
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: RADIUS_CA_TYPE
|
|
label: Radius CA Type
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: pem
|
|
enum:
|
|
- value: pem
|
|
description: pem
|
|
- value: jceks
|
|
description: jceks
|
|
- value: jks
|
|
description: jks
|
|
- value: pkcs12
|
|
description: pkcs12
|
|
- variable: RADIUS_CA_PASSWORD
|
|
label: Radius CA Password
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: RADIUS_TRUST_ALL
|
|
label: Radius Trust All
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: RADIUS_RETRIES
|
|
label: Radius Retries
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 5
|
|
- variable: RADIUS_TIMEOUT
|
|
label: Radius Timeout
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 60
|
|
- variable: RADIUS_EAP_TTLS_INNER_PROTOCOL
|
|
label: Radius eap-ttls Inner Protocol
|
|
description: Only has effect when RADIUS_AUTH_PROTOCOL is set to eap-ttls
|
|
schema:
|
|
type: string
|
|
default: eap-tls
|
|
required: true
|
|
enum:
|
|
- value: pap
|
|
description: pap
|
|
- value: chap
|
|
description: chap
|
|
- value: mschapv1
|
|
description: mschapv1
|
|
- value: mschapv2
|
|
description: mschapv2
|
|
- value: eap-md5
|
|
description: eap-md5
|
|
- value: eap-tls
|
|
description: eap-tls
|
|
- variable: RADIUS_NAS_IP
|
|
label: Radius Network Access Server IP
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: ldap
|
|
group: "App Configuration"
|
|
label: LDAP Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: ldap_enabled
|
|
label: Enable LDAP
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: LDAP_HOSTNAME
|
|
label: LDAP Hostname
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: LDAP_USER_BASE_DN
|
|
label: LDAP User Base DN
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: LDAP_PORT
|
|
label: LDAP Port
|
|
schema:
|
|
type: int
|
|
default: 389
|
|
- variable: LDAP_ENCRYPTION_METHOD
|
|
label: LDAP Encryption Method
|
|
schema:
|
|
type: string
|
|
default: none
|
|
required: true
|
|
enum:
|
|
- value: none
|
|
description: none
|
|
- value: ssl
|
|
description: ssl
|
|
- value: starttls
|
|
description: starttls
|
|
- variable: LDAP_MAX_SEARCH_RESULTS
|
|
label: LDAP Max Search Results
|
|
schema:
|
|
type: int
|
|
default: 1000
|
|
- variable: LDAP_SEARCH_BIND_DN
|
|
label: LDAP Search Bind DN
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: LDAP_USER_ATTRIBUTES
|
|
label: LDAP User Attributes
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: LDAP_SEARCH_BIND_PASSWORD
|
|
label: LDAP Search Bind Password
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: LDAP_USERNAME_ATTRIBUTE
|
|
label: LDAP Username Attribute
|
|
schema:
|
|
type: string
|
|
default: uid
|
|
- variable: LDAP_MEMBER_ATTRIBUTE
|
|
label: LDAP Member Attribute
|
|
schema:
|
|
type: string
|
|
default: member
|
|
- variable: LDAP_USER_SEARCH_FILTER
|
|
label: LDAP User Search Filter
|
|
schema:
|
|
type: string
|
|
default: "(objectClass=*)"
|
|
- variable: LDAP_CONFIG_BASE_DN
|
|
label: LDAP Config Base DN
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: LDAP_GROUP_BASE_DN
|
|
label: LDAP Group Base DN
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: LDAP_GROUP_SEARCH_FILTER
|
|
label: LDAP Group Search Filter
|
|
schema:
|
|
type: string
|
|
default: "(objectClass=*)"
|
|
- variable: LDAP_MEMBER_ATTRIBUTE_TYPE
|
|
label: LDAP Member Attribute Type
|
|
schema:
|
|
type: string
|
|
default: dn
|
|
required: true
|
|
enum:
|
|
- value: dn
|
|
description: dn
|
|
- value: uid
|
|
description: uid
|
|
- variable: LDAP_GROUP_NAME_ATTRIBUTE
|
|
label: LDAP Group Name Attribute
|
|
schema:
|
|
type: string
|
|
default: cn
|
|
- variable: LDAP_DEREFERENCE_ALIASES
|
|
label: LDAP Dereference Aliases
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: never
|
|
enum:
|
|
- value: never
|
|
description: never
|
|
- value: searching
|
|
description: searching
|
|
- value: finding
|
|
description: finding
|
|
- value: always
|
|
description: always
|
|
- variable: LDAP_FOLLOW_REFERRALS
|
|
label: LDAP Follow Referrals
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: LDAP_MAX_REFERRAL_HOPS
|
|
label: LDAP Max Referrals Hops
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 5
|
|
- variable: LDAP_OPERATION_TIMEOUT
|
|
label: LDAP Operation Timeout
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 30
|
|
- variable: saml
|
|
label: SAML Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: saml_enabled
|
|
label: Enable SAML
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: SAML_IDP_METADATA_URL
|
|
label: SAML IDP Metadata URL
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SAML_IDP_URL
|
|
label: SAML IDP URL
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SAML_ENTITY_ID
|
|
label: SAML Entity ID
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SAML_CALLBACK_URL
|
|
label: SAML Callback URL
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: SAML_STRICT
|
|
label: SAML Strict
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: SAML_DEBUG
|
|
label: SAML Debug
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: SAML_COMPRESS_REQUEST
|
|
label: SAML Compress Request
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: SAML_COMPRESS_RESPONSE
|
|
label: SAML Compress Response
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: SAML_GROUP_ATTRIBUTE
|
|
label: SAML Group Attribute
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: groups
|
|
- variable: proxy
|
|
label: Proxy Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: REMOTE_IP_VALVE_ENABLED
|
|
label: Enable Proxy
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: PROXY_BY_HEADER
|
|
label: Proxy by Header
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: PROXY_PROTOCOL_HEADER
|
|
label: Proxy Protocol Header
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: PROXY_IP_HEADER
|
|
label: Proxy IP Header
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: PROXY_ALLOWED_IPS_REGEX
|
|
label: Proxy Allowed IP Regex
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
# Include{containerConfig}
|
|
# Include{podOptions}
|
|
# Include{serviceRoot}
|
|
- variable: main
|
|
label: Main Service
|
|
description: The Primary service on which the healthcheck runs, often the webUI
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: main
|
|
label: Main Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 9998
|
|
required: true
|
|
# Include{serviceExpertRoot}
|
|
# Include{serviceExpert}
|
|
# Include{serviceList}
|
|
# Include{persistenceRoot}
|
|
- variable: recordings
|
|
label: App Recordings Storage
|
|
description: Mounts this volume at [/var/lib/guacamole/recordings] in both guacd and client containers
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: drive
|
|
label: Virtual Drive Storage (guacd)
|
|
description: Mounts this volume at [/var/lib/guacamole/drive] in the guacd container
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceList}
|
|
# Include{ingressRoot}
|
|
- variable: main
|
|
label: Main Ingress
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
# Include{ingressAdvanced}
|
|
# Include{ingressList}
|
|
# Include{securityContextRoot}
|
|
- variable: runAsUser
|
|
label: runAsUser
|
|
description: The UserID of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 1001
|
|
- variable: runAsGroup
|
|
label: runAsGroup
|
|
description: The groupID of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 1001
|
|
# Include{securityContextContainer}
|
|
# Include{securityContextAdvanced}
|
|
# Include{securityContextPod}
|
|
- variable: fsGroup
|
|
label: fsGroup
|
|
description: The group that should own ALL storage
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
# Include{resources}
|
|
# Include{postgresql}
|
|
# Include{advanced}
|
|
# Include{addons}
|
|
# Include{codeserver}
|
|
# Include{netshoot}
|
|
# Include{vpn}
|
|
# Include{documentation}
|