image: repository: tccr.io/truecharts/guacamole-client pullPolicy: IfNotPresent tag: 1.5.2@sha256:d705e385677c11624381df0c3779616edac98fdc8e508374257327516bde061b guacdImage: repository: tccr.io/truecharts/guacamole-server pullPolicy: IfNotPresent tag: v1.5.2@sha256:f7f62adecb244a91c974ac0bab7376335304145789fb43baeff75c1e2c88c630 guacamole: ldap: LDAP_HOSTNAME: "" LDAP_USER_BASE_DN: "" LDAP_PORT: 389 LDAP_ENCRYPTION_METHOD: none LDAP_MAX_SEARCH_RESULTS: 1000 LDAP_SEARCH_BIND_DN: "" LDAP_USER_ATTRIBUTES: "" LDAP_SEARCH_BIND_PASSWORD: "" LDAP_USERNAME_ATTRIBUTE: uid LDAP_MEMBER_ATTRIBUTE: member LDAP_USER_SEARCH_FILTER: "(objectClass=*)" LDAP_CONFIG_BASE_DN: "" LDAP_GROUP_BASE_DN: "" LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)" LDAP_MEMBER_ATTRIBUTE_TYPE: dn LDAP_GROUP_NAME_ATTRIBUTE: cn LDAP_DEREFERENCE_ALIASES: never LDAP_FOLLOW_REFERRALS: false LDAP_MAX_REFERRAL_HOPS: 5 LDAP_OPERATION_TIMEOUT: 30 header: HEADER_ENABLED: false HTTP_AUTH_HEADER: REMOTE_USER saml: SAML_IDP_METADATA_URL: "" SAML_IDP_URL: "" SAML_ENTITY_ID: "" SAML_CALLBACK_URL: "" SAML_STRICT: true SAML_DEBUG: false SAML_COMPRESS_REQUEST: true SAML_COMPRESS_RESPONSE: true SAML_GROUP_ATTRIBUTE: groups proxy: REMOTE_IP_VALVE_ENABLED: false PROXY_ALLOWED_IPS_REGEX: "" PROXY_IP_HEADER: "" PROXY_PROTOCOL_HEADER: "" PROXY_BY_HEADER: "" general: EXTENSION_PRIORITY: "" totp: TOTP_ENABLED: false TOTP_ISSUER: Apache Guacamole TOTP_DIGITS: 6 TOTP_PERIOD: 30 TOTP_MODE: sha1 duo: DUO_API_HOSTNAME: "" DUO_INTEGRATION_KEY: "" DUO_SECRET_KEY: "" DUO_APPLICATION_KEY: "" api: API_SESSION_TIMEOUT: 60 radius: RADIUS_SHARED_SECRET: "" RADIUS_AUTH_PROTOCOL: eap-tls RADIUS_HOSTNAME: "" RADIUS_AUTH_PORT: 1812 RADIUS_KEY_FILE: "" RADIUS_KEY_TYPE: pkcs12 RADIUS_KEY_PASSWORD: "" RADIUS_CA_FILE: "" RADIUS_CA_TYPE: pem RADIUS_CA_PASSWORD: "" RADIUS_TRUST_ALL: false RADIUS_RETRIES: 5 RADIUS_TIMEOUT: 60 RADIUS_EAP_TTLS_INNER_PROTOCOL: eap-tls RADIUS_NAS_IP: "" openid: OPENID_AUTHORIZATION_ENDPOINT: "" OPENID_JWKS_ENDPOINT: "" OPENID_ISSUER: "" OPENID_CLIENT_ID: "" OPENID_REDIRECT_URI: "" OPENID_USERNAME_CLAIM_TYPE: email OPENID_GROUPS_CLAIM_TYPE: groups OPENID_SCOPE: openid email profile OPENID_ALLOWED_CLOCK_SKEW: 30 OPENID_MAX_TOKEN_VALIDITY: 300 OPENID_MAX_NONCE_VALIDITY: 300 cas: CAS_AUTHORIZATION_ENDPOINT: "" CAS_REDIRECT_URI: "" CAS_CLEARPASS_KEY: "" CAS_GROUP_ATTRIBUTE: "" CAS_GROUP_FORMAT: plain CAS_GROUP_LDAP_BASE_DN: "" CAS_GROUP_LDAP_ATTRIBUTE: "" json: JSON_SECRET_KEY: "" JSON_TRUSTED_NETWORKS: "" workload: main: podSpec: containers: main: securityContext: runAsUser: 1001 runAsGroup: 1001 readOnlyRootFilesystem: false envFrom: - configMapRef: name: guacamole-config probes: liveness: type: http port: "{{ .Values.service.main.ports.main.targetPort }}" readiness: type: http port: "{{ .Values.service.main.ports.main.targetPort }}" startup: type: tcp port: "{{ .Values.service.main.ports.main.targetPort }}" # zz is used to ensure that the initContainers are run after db-waits initContainers: 1-create-seed: enabled: true type: install imageSelector: image securityContext: runAsUser: 1001 runAsGroup: 1001 readOnlyRootFilesystem: false envFrom: - configMapRef: name: guacamole-config command: - /bin/sh args: - -c - /tc-scripts/create-seed.sh 2-apply-seed: enabled: true type: install imageSelector: postgresClientImage securityContext: runAsUser: 1001 runAsGroup: 1001 readOnlyRootFilesystem: false envFrom: - configMapRef: name: guacamole-config command: - /bin/sh args: - -c - /tc-scripts/apply-seed.sh guacd: enabled: true type: Deployment strategy: RollingUpdate podSpec: containers: guacd: enabled: true primary: true imageSelector: guacdImage command: - /opt/guacamole/sbin/guacd args: # Listen Address - -b - "0.0.0.0" # Listen Port - -l - "{{ .Values.service.guacd.ports.guacd.port }}" # Log Level - -L - info # Foreground - -f securityContext: runAsUser: 1000 runAsGroup: 1000 readOnlyRootFilesystem: false probes: liveness: type: tcp port: "{{ .Values.service.guacd.ports.guacd.port }}" readiness: type: tcp port: "{{ .Values.service.guacd.ports.guacd.port }}" startup: type: tcp port: "{{ .Values.service.guacd.ports.guacd.port }}" service: main: ports: main: port: 10123 targetPort: 8080 guacd: enabled: true targetSelector: guacd ports: guacd: enabled: true targetSelector: guacd port: 10124 persistence: recordings: enabled: true # Check how this works and # which containers need it mounted targetSelector: main: main: mountPath: /var/lib/guacamole/recordings readOnly: true guacd: guacd: mountPath: /var/lib/guacamole/recordings tc-init: enabled: true type: emptyDir targetSelector: main: 1-create-seed: mountPath: /tc-init 2-apply-seed: mountPath: /tc-init db-seed: enabled: true type: configmap objectName: db-init defaultMode: "0770" targetSelector: main: 1-create-seed: mountPath: /tc-scripts/create-seed.sh subPath: create-seed.sh 2-apply-seed: mountPath: /tc-scripts/apply-seed.sh subPath: apply-seed.sh cnpg: main: enabled: true user: guacamole database: guacamole portal: open: enabled: true