feat(guacamole-client): Add guacamole-client (#1696)
* feat(guacamole-client): Add guacamole-client * doc port * multiple line command * test again * hmm * maybe? * more scripting * ok you lil princess * okay * array? * maybe? * -.- * whoops * ; * making steps! * try that way * path * clean it a bit * apply hack * try guacamole user * fine fine * check * lets try * whoops * different approach * test * lets see * almost there * please no more initContainers :D * cp * clean up * rem line * bump common and pg * move to configmap and prepare totp * let image set the defaults * comment out until is ready * actually comment * add header * add api * add json * update json questions * add duo * update values * update * restructure * error? * nop * add cas * add openid * restructure * clean ui by hidding modules behide checkboxs + add required fields * add radius ui, configmap pending * finish radius * no * add ldap * update common * sync with the last changes * keep portal path to questions for now * doc frigate ports
This commit is contained in:
@@ -0,0 +1,33 @@
|
||||
apiVersion: v2
|
||||
appVersion: "1.4.0"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.13.0
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 6.0.49
|
||||
description: Apache Guacamole is a clientless remote desktop gateway.
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/guacamole-client
|
||||
icon: https://truecharts.org/_static/img/appicons/guacamole-client-icon.png
|
||||
keywords:
|
||||
- guacamole
|
||||
- remote
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: guacamole-client
|
||||
sources:
|
||||
- https://github.com/apache/guacamole-client
|
||||
- https://hub.docker.com/r/guacamole/guacamole
|
||||
- http://guacamole.incubator.apache.org/doc/gug/introduction.html
|
||||
type: application
|
||||
version: 0.0.1
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- utilities
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
@@ -0,0 +1,811 @@
|
||||
# Include{groups}
|
||||
portals:
|
||||
web_portal:
|
||||
protocols:
|
||||
- "$kubernetes-resource_configmap_portal_protocol"
|
||||
host:
|
||||
- "$kubernetes-resource_configmap_portal_host"
|
||||
ports:
|
||||
- "$kubernetes-resource_configmap_portal_port"
|
||||
path: "/guacamole"
|
||||
questions:
|
||||
- variable: portal
|
||||
group: "Container Image"
|
||||
label: "Configure Portal Button"
|
||||
schema:
|
||||
type: dict
|
||||
hidden: true
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: "Enable"
|
||||
description: "enable the portal button"
|
||||
schema:
|
||||
hidden: true
|
||||
editable: false
|
||||
type: boolean
|
||||
default: true
|
||||
# Include{global}
|
||||
- variable: controller
|
||||
group: "Controller"
|
||||
label: ""
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: advanced
|
||||
label: "Show Advanced Controller Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: type
|
||||
description: "Please specify type of workload to deploy"
|
||||
label: "(Advanced) Controller Type"
|
||||
schema:
|
||||
type: string
|
||||
default: "deployment"
|
||||
required: true
|
||||
enum:
|
||||
- value: "deployment"
|
||||
description: "Deployment"
|
||||
- value: "statefulset"
|
||||
description: "Statefulset"
|
||||
- value: "daemonset"
|
||||
description: "Daemonset"
|
||||
- variable: replicas
|
||||
description: "Number of desired pod replicas"
|
||||
label: "Desired Replicas"
|
||||
schema:
|
||||
type: int
|
||||
default: 1
|
||||
required: true
|
||||
- variable: strategy
|
||||
description: "Please specify type of workload to deploy"
|
||||
label: "(Advanced) Update Strategy"
|
||||
schema:
|
||||
type: string
|
||||
default: "Recreate"
|
||||
required: true
|
||||
enum:
|
||||
- value: "Recreate"
|
||||
description: "Recreate: Kill existing pods before creating new ones"
|
||||
- value: "RollingUpdate"
|
||||
description: "RollingUpdate: Create new pods and then kill old ones"
|
||||
- value: "OnDelete"
|
||||
description: "(Legacy) OnDelete: ignore .spec.template changes"
|
||||
# Include{controllerExpert}
|
||||
|
||||
- variable: env
|
||||
group: "Container Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{fixedEnv}
|
||||
- variable: GUACD_HOSTNAME
|
||||
label: "Guacd Hostname"
|
||||
description: "The hostname of the guacd instance to use to establish remote desktop connections"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: GUACD_PORT
|
||||
label: "Guacd Port"
|
||||
description: "The port that Guacamole should use when connecting to guacd."
|
||||
schema:
|
||||
type: int
|
||||
default: 4822
|
||||
|
||||
# Include{containerConfig}
|
||||
- variable: api
|
||||
group: "App Configuration"
|
||||
label: "API Configuration"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: API_SESSION_TIMEOUT
|
||||
label: "API Session Timeout (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: totp
|
||||
group: "App Configuration"
|
||||
label: "TOTP Configuration"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: TOTP_ENABLED
|
||||
label: "Enable TOTP"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: TOTP_ISSUER
|
||||
label: "TOTP Issuer (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: TOTP_DIGITS
|
||||
label: "TOTP Digits"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "default"
|
||||
- value: "6"
|
||||
description: "6"
|
||||
- value: "7"
|
||||
description: "7"
|
||||
- value: "8"
|
||||
description: "8"
|
||||
- variable: TOTP_PERIOD
|
||||
label: "TOTP Period (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: TOTP_MODE
|
||||
label: "TOTP Mode"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "default"
|
||||
- value: "sha1"
|
||||
description: "sha1"
|
||||
- value: "sha256"
|
||||
description: "sha256"
|
||||
- value: "sha512"
|
||||
description: "sha512"
|
||||
- variable: header
|
||||
group: "App Configuration"
|
||||
label: "Header Configuration"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: HEADER_ENABLED
|
||||
label: "Enable Header"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: HTTP_AUTH_HEADER
|
||||
label: "HTTP Auth Header (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: json
|
||||
group: "App Configuration"
|
||||
label: "JSON Configuration"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: json_enabled
|
||||
label: "Enable JSON"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: JSON_SECRET_KEY
|
||||
label: "JSON Secret Key"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: JSON_TRUSTED_NETWORKS
|
||||
label: "JSON Trusted Networks (Leave blank for unrestricted"
|
||||
description: "Comma separated list e.g.: 127.0.0.0/8, 10.0.0.0/8"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: duo
|
||||
group: "App Configuration"
|
||||
label: "DUO Configuration"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: duo_enabled
|
||||
label: "Enable DUO"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: DUO_API_HOSTNAME
|
||||
label: "DUO API Hostname (api-XXXXXXXX.duosecurity.com)"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DUO_INTEGRATION_KEY
|
||||
label: "DUO Integration Key (Exactly 20 chars)"
|
||||
schema:
|
||||
min_length: 20
|
||||
max_length: 20
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DUO_SECRET_KEY
|
||||
label: "DUO Secret Key (Exactly 40 chars)"
|
||||
schema:
|
||||
min_length: 40
|
||||
max_length: 40
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DUO_APPLICATION_KEY
|
||||
label: "DUO Application Key (At least 40 chars)"
|
||||
schema:
|
||||
min_length: 40
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: cas
|
||||
group: "App Configuration"
|
||||
label: "CAS Configuration"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: cas_enabled
|
||||
label: "Enable CAS"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CAS_AUTHORIZATION_ENDPOINT
|
||||
label: "CAS Authorization Endpoint"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: CAS_REDIRECT_URI
|
||||
label: "CAS Redirect URI"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: CAS_CLEARPASS_KEY
|
||||
label: "CAS Clearpass Key"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CAS_GROUP_ATTRIBUTE
|
||||
label: "CAS Group Attribute"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CAS_GROUP_FORMAT
|
||||
label: "CAS Group Format"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "default"
|
||||
- value: "plain"
|
||||
description: "plain"
|
||||
- value: "ldap"
|
||||
description: "ldap"
|
||||
- variable: CAS_GROUP_LDAP_BASE_DN
|
||||
label: "CAS Group LDAP Base DN"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: CAS_GROUP_LDAP_ATTRIBUTE
|
||||
label: "CAS Group LDAP Attribute"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: openid
|
||||
group: "App Configuration"
|
||||
label: "OpenID Configuration"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: openid_enabled
|
||||
label: "Enable OpenID"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: OPENID_AUTHORIZATION_ENDPOINT
|
||||
label: "OpenID Authorization Endpoint"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_JWKS_ENDPOINT
|
||||
label: "OpenID JWKS Endpoint"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_ISSUER
|
||||
label: "OpenID Issuer"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_CLIENT_ID
|
||||
label: "OpenID Client ID"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_REDIRECT_URI
|
||||
label: "OpenID Redirect URI"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: OPENID_USERNAME_CLAIM_TYPE
|
||||
label: "OpenID Username Claim Type (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: OPENID_GROUPS_CLAIM_TYPE
|
||||
label: "OpenID Groups Claim Type (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: OPENID_MAX_TOKEN_VALIDITY
|
||||
label: "OpenID Max Token Validity (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: radius
|
||||
group: "App Configuration"
|
||||
label: "Radius Configuration"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: radius_enabled
|
||||
label: "Enable Radius"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: RADIUS_SHARED_SECRET
|
||||
label: "Radius Shared Secret"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: RADIUS_AUTH_PROTOCOL
|
||||
label: "Radius Auth Protocol"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "eap-tls"
|
||||
enum:
|
||||
- value: "pap"
|
||||
description: "pap"
|
||||
- value: "chap"
|
||||
description: "chap"
|
||||
- value: "mschapv1"
|
||||
description: "mschapv1"
|
||||
- value: "mschapv2"
|
||||
description: "mschapv2"
|
||||
- value: "eap-md5"
|
||||
description: "eap-md5"
|
||||
- value: "eap-tls"
|
||||
description: "eap-tls"
|
||||
- value: "eap-ttls"
|
||||
description: "eap-ttls"
|
||||
- variable: RADIUS_HOSTNAME
|
||||
label: "Radius Hostname (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_AUTH_PORT
|
||||
label: "Radius Auth Port (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_KEY_FILE
|
||||
label: "Radius Key File (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_KEY_TYPE
|
||||
label: "Radius Key Type"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "pem"
|
||||
description: "pem"
|
||||
- value: "jceks"
|
||||
description: "jceks"
|
||||
- value: "jks"
|
||||
description: "jks"
|
||||
- value: "pkcs12"
|
||||
description: "pkcs12"
|
||||
- variable: RADIUS_KEY_PASSWORD
|
||||
label: "Radius Key Password (Leave blank if no password)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_CA_FILE
|
||||
label: "Radius CA File (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_CA_TYPE
|
||||
label: "Radius CA Type"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "pem"
|
||||
description: "pem"
|
||||
- value: "jceks"
|
||||
description: "jceks"
|
||||
- value: "jks"
|
||||
description: "jks"
|
||||
- value: "pkcs12"
|
||||
description: "pkcs12"
|
||||
- variable: RADIUS_CA_PASSWORD
|
||||
label: "Radius CA Password (Leave blank if no password)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_TRUST_ALL
|
||||
label: "Radius Trust All"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: RADIUS_RETRIES
|
||||
label: "Radius Retries (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_TIMEOUT
|
||||
label: "Radius Timeout (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: RADIUS_EAP_TTLS_INNER_PROTOCOL
|
||||
label: "Radius eap-ttls Inner Protocol"
|
||||
description: "Only has effect when RADIUS_AUTH_PROTOCOL is set to eap-ttls"
|
||||
schema:
|
||||
type: string
|
||||
default: "eap-tls"
|
||||
enum:
|
||||
- value: "pap"
|
||||
description: "pap"
|
||||
- value: "chap"
|
||||
description: "chap"
|
||||
- value: "mschapv1"
|
||||
description: "mschapv1"
|
||||
- value: "mschapv2"
|
||||
description: "mschapv2"
|
||||
- value: "eap-md5"
|
||||
description: "eap-md5"
|
||||
- value: "eap-tls"
|
||||
description: "eap-tls"
|
||||
- variable: ldap
|
||||
group: "App Configuration"
|
||||
label: "LDAP Configuration"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: ldap_enabled
|
||||
label: "Enable LDAP"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: LDAP_HOSTNAME
|
||||
label: "LDAP Hostname (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: LDAP_USER_BASE_DN
|
||||
label: "LDAP User Base DN"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: LDAP_PORT
|
||||
label: "LDAP Port (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_ENCRYPTION_METHOD
|
||||
label: "LDAP Encryption Method (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "none"
|
||||
description: "none"
|
||||
- value: "ssl"
|
||||
description: "ssl"
|
||||
- value: "starttls"
|
||||
description: "starttls"
|
||||
- variable: LDAP_MAX_SEARCH_RESULTS
|
||||
label: "LDAP Max Search Results (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_SEARCH_BIND_DN
|
||||
label: "LDAP Search Bind DN (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_USER_ATTRIBUTES
|
||||
label: "LDAP User Attributes"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_SEARCH_BIND_PASSWORD
|
||||
label: "LDAP Search Bind Password (Leave blank if no password)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_USERNAME_ATTRIBUTE
|
||||
label: "LDAP Username Attribute"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_MEMBER_ATTRIBUTE
|
||||
label: "LDAP Member Attribute"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_USER_SEARCH_FILTER
|
||||
label: "LDAP User Search Filter (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_CONFIG_BASE_DN
|
||||
label: "LDAP Config Base DN"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_GROUP_BASE_DN
|
||||
label: "LDAP Group Base DN"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_GROUP_SEARCH_FILTER
|
||||
label: "LDAP Group Search Filter (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_MEMBER_ATTRIBUTE_TYPE
|
||||
label: "LDAP Encryption Method"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "dn"
|
||||
description: "dn"
|
||||
- value: "uid"
|
||||
description: "uid"
|
||||
- variable: LDAP_GROUP_NAME_ATTRIBUTE
|
||||
label: "LDAP Group Name Attribute (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_DEREFERENCE_ALIASES
|
||||
label: "LDAP Dereference Aliases"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "never"
|
||||
description: "never"
|
||||
- value: "searching"
|
||||
description: "searching"
|
||||
- value: "finding"
|
||||
description: "finding"
|
||||
- value: "always"
|
||||
description: "always"
|
||||
- variable: LDAP_FOLLOW_REFERRALS
|
||||
label: "LDAP Follow Referrals"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: LDAP_MAX_REFERRAL_HOPS
|
||||
label: "LDAP Max Referrals Hops (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: LDAP_OPERATION_TIMEOUT
|
||||
label: "LDAP Operation Timeout (Leave blank for default)"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
- variable: service
|
||||
group: "Networking and Services"
|
||||
label: "Configure Service(s)"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
description: "The Primary service on which the healthcheck runs, often the webUI"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelector}
|
||||
- variable: main
|
||||
label: "Main Service Port Configuration"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: "Port"
|
||||
description: "This port exposes the container port on the service"
|
||||
schema:
|
||||
type: int
|
||||
default: 10080
|
||||
required: true
|
||||
- variable: advanced
|
||||
label: "Show Advanced settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: enabled
|
||||
label: "Enable the port"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: protocol
|
||||
label: "Port Type"
|
||||
schema:
|
||||
type: string
|
||||
default: "HTTP"
|
||||
enum:
|
||||
- value: HTTP
|
||||
description: "HTTP"
|
||||
- value: "HTTPS"
|
||||
description: "HTTPS"
|
||||
- value: TCP
|
||||
description: "TCP"
|
||||
- value: "UDP"
|
||||
description: "UDP"
|
||||
- variable: nodePort
|
||||
label: "Node Port (Optional)"
|
||||
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
||||
schema:
|
||||
type: int
|
||||
min: 9000
|
||||
max: 65535
|
||||
- variable: targetPort
|
||||
label: "Target Port"
|
||||
description: "The internal(!) port on the container the Application runs on"
|
||||
schema:
|
||||
type: int
|
||||
default: 8080
|
||||
|
||||
- variable: serviceexpert
|
||||
group: "Networking and Services"
|
||||
label: "Show Expert Config"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: hostNetwork
|
||||
group: "Networking and Services"
|
||||
label: "Host-Networking (Complicated)"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
# Include{serviceExpert}
|
||||
|
||||
# Include{serviceList}
|
||||
|
||||
# Include{persistenceList}
|
||||
|
||||
- variable: ingress
|
||||
label: ""
|
||||
group: "Ingress"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: main
|
||||
label: "Main Ingress"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{ingressDefault}
|
||||
|
||||
# Include{ingressTLS}
|
||||
|
||||
# Include{ingressTraefik}
|
||||
|
||||
# Include{ingressExpert}
|
||||
|
||||
# Include{ingressList}
|
||||
|
||||
- variable: advancedSecurity
|
||||
label: "Show Advanced Security Settings"
|
||||
group: "Security and Permissions"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: securityContext
|
||||
label: "Security Context"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: privileged
|
||||
label: "Privileged mode"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: readOnlyRootFilesystem
|
||||
label: "ReadOnly Root Filesystem"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: allowPrivilegeEscalation
|
||||
label: "Allow Privilege Escalation"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: runAsNonRoot
|
||||
label: "runAsNonRoot"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
# Include{securityContextAdvanced}
|
||||
- variable: podSecurityContext
|
||||
group: "Security and Permissions"
|
||||
label: "Pod Security Context"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: runAsUser
|
||||
label: "runAsUser"
|
||||
description: "The UserID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: fsGroup
|
||||
label: "fsGroup"
|
||||
description: "The group that should own ALL storage."
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
# Include{podSecurityContextAdvanced}
|
||||
|
||||
# Include{resources}
|
||||
|
||||
# Include{advanced}
|
||||
|
||||
# Include{addons}
|
||||
@@ -0,0 +1,189 @@
|
||||
{{/* Define the configmap */}}
|
||||
{{- define "guacamole-client.configmap" -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: guacamole-client-env
|
||||
data:
|
||||
{{/* API */}}
|
||||
{{- if .Values.api.API_SESSION_TIMEOUT }}
|
||||
API_SESSION_TIMEOUT: {{ .Values.api.API_SESSION_TIMEOUT | quote }}
|
||||
{{- end }}
|
||||
{{/* TOTP */}}
|
||||
{{- if eq .Values.totp.TOTP_ENABLED true }}
|
||||
TOTP_ENABLED: {{ .Values.totp.TOTP_ENABLED | quote }}
|
||||
{{- if .Values.totp.TOTP_ISSUER }}
|
||||
TOTP_ISSUER: {{ .Values.totp.TOTP_ISSUER | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.totp.TOTP_DIGITS }}
|
||||
TOTP_DIGITS: {{ .Values.totp.TOTP_DIGITS | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.totp.TOTP_PERIOD }}
|
||||
TOTP_PERIOD: {{ .Values.totp.TOTP_PERIOD | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.totp.TOTP_MODE }}
|
||||
TOTP_MODE: {{ .Values.totp.TOTP_MODE | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* HEADER */}}
|
||||
{{- if eq .Values.header.HEADER_ENABLED true }}
|
||||
HEADER_ENABLED: {{ .Values.header.HEADER_ENABLED | quote }}
|
||||
{{- if .Values.header.HTTP_AUTH_HEADER }}
|
||||
HTTP_AUTH_HEADER: {{ .Values.header.HTTP_AUTH_HEADER | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* JSON */}}
|
||||
{{- if .Values.json.JSON_SECRET_KEY }}
|
||||
JSON_SECRET_KEY: {{ .Values.json.JSON_SECRET_KEY | quote }}
|
||||
{{- if .Values.json.JSON_TRUSTED_NETWORKS }}
|
||||
JSON_TRUSTED_NETWORKS: {{ .Values.json.JSON_TRUSTED_NETWORKS | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* DUO */}}
|
||||
{{- if and .Values.duo.DUO_API_HOSTNAME .Values.duo.DUO_INTEGRATION_KEY .Values.duo.DUO_SECRET_KEY .Values.duo.DUO_APPLICATION_KEY }}
|
||||
DUO_API_HOSTNAME: {{ .Values.duo.DUO_API_HOSTNAME | quote }}
|
||||
DUO_INTEGRATION_KEY: {{ .Values.duo.DUO_INTEGRATION_KEY | quote }}
|
||||
DUO_SECRET_KEY: {{ .Values.duo.DUO_SECRET_KEY | quote }}
|
||||
DUO_APPLICATION_KEY: {{ .Values.duo.DUO_APPLICATION_KEY | quote }}
|
||||
{{- end }}
|
||||
{{/* CAS */}}
|
||||
{{- if and .Values.cas.CAS_AUTHORIZATION_ENDPOINT .Values.cas.CAS_REDIRECT_URI }}
|
||||
CAS_AUTHORIZATION_ENDPOINT: {{ .Values.cas.CAS_AUTHORIZATION_ENDPOINT | quote }}
|
||||
CAS_REDIRECT_URI: {{ .Values.cas.CAS_REDIRECT_URI | quote }}
|
||||
{{- if .Values.cas.CAS_CLEARPASS_KEY }}
|
||||
CAS_CLEARPASS_KEY: {{ .Values.cas.CAS_CLEARPASS_KEY | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.cas.CAS_GROUP_ATTRIBUTE }}
|
||||
CAS_GROUP_ATTRIBUTE: {{ .Values.cas.CAS_GROUP_ATTRIBUTE | quote }}
|
||||
{{- if .Values.cas.CAS_GROUP_FORMAT }}
|
||||
CAS_GROUP_FORMAT: {{ .Values.cas.CAS_GROUP_FORMAT | quote }}
|
||||
{{- if eq .Values.cas.CAS_GROUP_FORMAT "ldap" }}
|
||||
{{- if .Values.cas.CAS_GROUP_LDAP_BASE_DN }}
|
||||
CAS_GROUP_LDAP_BASE_DN: {{ .Values.cas.CAS_GROUP_LDAP_BASE_DN | quote }}
|
||||
{{- if .Values.cas.CAS_GROUP_LDAP_ATTRIBUTE }}
|
||||
CAS_GROUP_LDAP_ATTRIBUTE: {{ .Values.cas.CAS_GROUP_LDAP_ATTRIBUTE | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* OpenID */}}
|
||||
{{- if and .Values.openid.OPENID_AUTHORIZATION_ENDPOINT .Values.openid.OPENID_JWKS_ENDPOINT .Values.openid.OPENID_ISSUER .Values.openid.OPENID_CLIENT_ID .Values.openid.OPENID_REDIRECT_URI }}
|
||||
OPENID_AUTHORIZATION_ENDPOINT: {{ .Values.openid.OPENID_AUTHORIZATION_ENDPOINT | quote }}
|
||||
OPENID_JWKS_ENDPOINT: {{ .Values.openid.OPENID_JWKS_ENDPOINT | quote }}
|
||||
OPENID_ISSUER: {{ .Values.openid.OPENID_ISSUER | quote }}
|
||||
OPENID_CLIENT_ID: {{ .Values.openid.OPENID_CLIENT_ID | quote }}
|
||||
OPENID_REDIRECT_URI: {{ .Values.openid.OPENID_REDIRECT_URI | quote }}
|
||||
{{- if .Values.openid.OPENID_USERNAME_CLAIM_TYPE }}
|
||||
OPENID_USERNAME_CLAIM_TYPE: {{ .Values.openid.OPENID_USERNAME_CLAIM_TYPE | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.openid.OPENID_GROUPS_CLAIM_TYPE }}
|
||||
OPENID_GROUPS_CLAIM_TYPE: {{ .Values.openid.OPENID_GROUPS_CLAIM_TYPE | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.openid.OPENID_MAX_TOKEN_VALIDITY }}
|
||||
OPENID_MAX_TOKEN_VALIDITY: {{ .Values.openid.OPENID_MAX_TOKEN_VALIDITY | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* RADIUS */}}
|
||||
{{- if and .Values.radius.RADIUS_SHARED_SECRET .Values.radius.RADIUS_AUTH_PROTOCOL }}
|
||||
RADIUS_SHARED_SECRET: {{ .Values.radius.RADIUS_SHARED_SECRET | quote }}
|
||||
RADIUS_AUTH_PROTOCOL: {{ .Values.radius.RADIUS_AUTH_PROTOCOL | quote }}
|
||||
{{- if .Values.radius.RADIUS_HOSTNAME }}
|
||||
RADIUS_HOSTNAME: {{ .Values.radius.RADIUS_HOSTNAME | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.radius.RADIUS_AUTH_PORT }}
|
||||
RADIUS_AUTH_PORT: {{ .Values.radius.RADIUS_AUTH_PORT | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.radius.RADIUS_KEY_FILE }}
|
||||
RADIUS_KEY_FILE: {{ .Values.radius.RADIUS_KEY_FILE | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.radius.RADIUS_KEY_TYPE }}
|
||||
RADIUS_KEY_TYPE: {{ .Values.radius.RADIUS_KEY_TYPE | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.radius.RADIUS_KEY_PASSWORD }}
|
||||
RADIUS_KEY_PASSWORD: {{ .Values.radius.RADIUS_KEY_PASSWORD | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.radius.RADIUS_CA_FILE }}
|
||||
RADIUS_CA_FILE: {{ .Values.radius.RADIUS_CA_FILE | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.radius.RADIUS_CA_TYPE }}
|
||||
RADIUS_CA_TYPE: {{ .Values.radius.RADIUS_CA_TYPE | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.radius.RADIUS_CA_PASSWORD }}
|
||||
RADIUS_CA_PASSWORD: {{ .Values.radius.RADIUS_CA_PASSWORD | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.radius.RADIUS_TRUST_ALL }}
|
||||
RADIUS_TRUST_ALL: {{ .Values.radius.RADIUS_TRUST_ALL | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.radius.RADIUS_RETRIES }}
|
||||
RADIUS_RETRIES: {{ .Values.radius.RADIUS_RETRIES | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.radius.RADIUS_TIMEOUT }}
|
||||
RADIUS_TIMEOUT: {{ .Values.radius.RADIUS_TIMEOUT | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.radius.RADIUS_EAP_TTLS_INNER_PROTOCOL }}
|
||||
RADIUS_EAP_TTLS_INNER_PROTOCOL: {{ .Values.radius.RADIUS_EAP_TTLS_INNER_PROTOCOL | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* LDAP */}}
|
||||
{{- if and .Values.ldap.LDAP_HOSTNAME .Values.ldap.LDAP_USER_BASE_DN }}
|
||||
LDAP_HOSTNAME: {{ .Values.ldap.LDAP_HOSTNAME | quote }}
|
||||
LDAP_USER_BASE_DN: {{ .Values.ldap.LDAP_USER_BASE_DN | quote }}
|
||||
{{- if .Values.ldap.LDAP_PORT }}
|
||||
LDAP_PORT: {{ .Values.ldap.LDAP_PORT | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_ENCRYPTION_METHOD }}
|
||||
LDAP_ENCRYPTION_METHOD: {{ .Values.ldap.LDAP_ENCRYPTION_METHOD | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_MAX_SEARCH_RESULTS }}
|
||||
LDAP_MAX_SEARCH_RESULTS: {{ .Values.ldap.LDAP_MAX_SEARCH_RESULTS | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_SEARCH_BIND_DN }}
|
||||
LDAP_SEARCH_BIND_DN: {{ .Values.ldap.LDAP_SEARCH_BIND_DN | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_USER_ATTRIBUTES }}
|
||||
LDAP_USER_ATTRIBUTES: {{ .Values.ldap.LDAP_USER_ATTRIBUTES | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_SEARCH_BIND_PASSWORD }}
|
||||
LDAP_SEARCH_BIND_PASSWORD: {{ .Values.ldap.LDAP_SEARCH_BIND_PASSWORD | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_USERNAME_ATTRIBUTE }}
|
||||
LDAP_USERNAME_ATTRIBUTE: {{ .Values.ldap.LDAP_USERNAME_ATTRIBUTE | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_MEMBER_ATTRIBUTE }}
|
||||
LDAP_MEMBER_ATTRIBUTE: {{ .Values.ldap.LDAP_MEMBER_ATTRIBUTE | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_USER_SEARCH_FILTER }}
|
||||
LDAP_USER_SEARCH_FILTER: {{ .Values.ldap.LDAP_USER_SEARCH_FILTER | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_CONFIG_BASE_DN }}
|
||||
LDAP_CONFIG_BASE_DN: {{ .Values.ldap.LDAP_CONFIG_BASE_DN | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_GROUP_BASE_DN }}
|
||||
LDAP_GROUP_BASE_DN: {{ .Values.ldap.LDAP_GROUP_BASE_DN | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_GROUP_SEARCH_FILTER }}
|
||||
LDAP_GROUP_SEARCH_FILTER: {{ .Values.ldap.LDAP_GROUP_SEARCH_FILTER | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_MEMBER_ATTRIBUTE_TYPE }}
|
||||
LDAP_MEMBER_ATTRIBUTE_TYPE: {{ .Values.ldap.LDAP_MEMBER_ATTRIBUTE_TYPE | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_GROUP_NAME_ATTRIBUTE }}
|
||||
LDAP_GROUP_NAME_ATTRIBUTE: {{ .Values.ldap.LDAP_GROUP_NAME_ATTRIBUTE | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_DEREFERENCE_ALIASES }}
|
||||
LDAP_DEREFERENCE_ALIASES: {{ .Values.ldap.LDAP_DEREFERENCE_ALIASES | quote }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.ldap.LDAP_FOLLOW_REFERRALS "true"}}
|
||||
LDAP_FOLLOW_REFERRALS: {{ .Values.ldap.LDAP_FOLLOW_REFERRALS | quote }}
|
||||
{{- if .Values.ldap.LDAP_MAX_REFERRAL_HOPS }}
|
||||
LDAP_MAX_REFERRAL_HOPS: {{ .Values.ldap.LDAP_MAX_REFERRAL_HOPS | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.LDAP_OPERATION_TIMEOUT }}
|
||||
LDAP_OPERATION_TIMEOUT: {{ .Values.ldap.LDAP_OPERATION_TIMEOUT | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,8 @@
|
||||
{{/* Make sure all variables are set properly */}}
|
||||
{{ include "common.setup" . }}
|
||||
|
||||
{{/* Render configmap for vaultwarden */}}
|
||||
{{- include "guacamole-client.configmap" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.postSetup" . }}
|
||||
@@ -0,0 +1,269 @@
|
||||
image:
|
||||
repository: tccr.io/truecharts/guacamole-client
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v1.4.0@sha256:43f7b0575173f509b5215a89170dfea80ea07f0b2bfed405882a4bc7ec9dfa52
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 10080
|
||||
targetPort: 8080
|
||||
|
||||
env:
|
||||
POSTGRES_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}"
|
||||
POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}"
|
||||
POSTGRES_PORT: 5432
|
||||
GUACD_HOSTNAME: "localhost"
|
||||
GUACD_PORT: 4822
|
||||
|
||||
totp:
|
||||
TOTP_ENABLED: false
|
||||
# TOTP_ISSUER: "Apache Guacamole"
|
||||
# TOTP_DIGITS: "6"
|
||||
# TOTP_PERIOD: "30"
|
||||
# TOTP_MODE: "sha1"
|
||||
|
||||
header:
|
||||
HEADER_ENABLED: false
|
||||
# HTTP_AUTH_HEADER: "REMOTE_USER"
|
||||
|
||||
api: {}
|
||||
# API_SESSION_TIMEOUT: "60"
|
||||
|
||||
json: {}
|
||||
# JSON_SECRET_KEY: "random32charkey"
|
||||
# JSON_TRUSTED_NETWORKS: "127.0.0.0/8, 10.0.0.0/8"
|
||||
|
||||
duo: {}
|
||||
# DUO_API_HOSTNAME: "api-XXXXXXXX.duosecurity.com"
|
||||
# DUO_INTEGRATION_KEY: "exactly20charkey"
|
||||
# DUO_SECRET_KEY: "exactly40charkey"
|
||||
# DUO_APPLICATION_KEY: "atleast40charkey"
|
||||
|
||||
cas: {}
|
||||
# CAS_AUTHORIZATION_ENDPOINT: ""
|
||||
# CAS_REDIRECT_URI: ""
|
||||
# CAS_CLEARPASS_KEY: ""
|
||||
# CAS_GROUP_ATTRIBUTE: ""
|
||||
# CAS_GROUP_FORMAT: "plain"
|
||||
# CAS_GROUP_LDAP_BASE_DN: ""
|
||||
# CAS_GROUP_LDAP_ATTRIBUTE: ""
|
||||
|
||||
openid: {}
|
||||
# OPENID_AUTHORIZATION_ENDPOINT: ""
|
||||
# OPENID_JWKS_ENDPOINT: ""
|
||||
# OPENID_ISSUER: ""
|
||||
# OPENID_CLIENT_ID: ""
|
||||
# OPENID_REDIRECT_URI: ""
|
||||
# OPENID_USERNAME_CLAIM_TYPE: "email"
|
||||
# OPENID_GROUPS_CLAIM_TYPE: "groups"
|
||||
# OPENID_MAX_TOKEN_VALIDITY: "300"
|
||||
|
||||
radius: {}
|
||||
# RADIUS_HOSTNAME: "localhost"
|
||||
# RADIUS_AUTH_PORT: "1812"
|
||||
# RADIUS_SHARED_SECRET: ""
|
||||
# RADIUS_AUTH_PROTOCOL: "eap-tls"
|
||||
# RADIUS_KEY_FILE: ""
|
||||
# RADIUS_KEY_TYPE: "pkcs12"
|
||||
# RADIUS_KEY_PASSWORD: ""
|
||||
# RADIUS_CA_FILE: ""
|
||||
# RADIUS_CA_TYPE: "pem"
|
||||
# RADIUS_CA_PASSWORD: ""
|
||||
# RADIUS_TRUST_ALL: "false"
|
||||
# RADIUS_RETRIES: "5"
|
||||
# RADIUS_TIMEOUT: "60"
|
||||
# RADIUS_EAP_TTLS_INNER_PROTOCOL: "eap-tls"
|
||||
|
||||
ldap: {}
|
||||
# LDAP_HOSTNAME: "localhost"
|
||||
# LDAP_USER_BASE_DN: ""
|
||||
# LDAP_PORT: "389"
|
||||
# LDAP_ENCRYPTION_METHOD: "none"
|
||||
# LDAP_MAX_SEARCH_RESULTS: "1000"
|
||||
# LDAP_SEARCH_BIND_DN: ""
|
||||
# LDAP_USER_ATTRIBUTES: ""
|
||||
# LDAP_SEARCH_BIND_PASSWORD: ""
|
||||
# LDAP_USERNAME_ATTRIBUTE: ""
|
||||
# LDAP_MEMBER_ATTRIBUTE: ""
|
||||
# LDAP_USER_SEARCH_FILTER: "(objectClass=*)"
|
||||
# LDAP_CONFIG_BASE_DN: ""
|
||||
# LDAP_GROUP_BASE_DN: ""
|
||||
# LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)"
|
||||
# LDAP_MEMBER_ATTRIBUTE_TYPE: "dn"
|
||||
# LDAP_GROUP_NAME_ATTRIBUTE: "cn"
|
||||
# LDAP_DEREFERENCE_ALIASES: "never"
|
||||
# LDAP_FOLLOW_REFERRALS: "false"
|
||||
# LDAP_MAX_REFERRAL_HOPS: "5"
|
||||
# LDAP_OPERATION_TIMEOUT: "30"
|
||||
|
||||
postgresql:
|
||||
enabled: true
|
||||
existingSecret: "dbcreds"
|
||||
postgresqlUsername: guacamole
|
||||
postgresqlDatabase: guacamole
|
||||
|
||||
envValueFrom:
|
||||
POSTGRES_HOSTNAME:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: plainhost
|
||||
POSTGRES_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: postgresql-password
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
path: "/guacamole"
|
||||
readiness:
|
||||
path: "/guacamole"
|
||||
startup:
|
||||
path: "/guacamole"
|
||||
|
||||
persistence:
|
||||
initdbdata:
|
||||
enabled: true
|
||||
mountPath: "/initdbdata"
|
||||
# Both temphack and temphackalso will be removed on the next image release
|
||||
temphack:
|
||||
enabled: true
|
||||
mountPath: "/opt/guacamole/postgresql-hack"
|
||||
temphackalso:
|
||||
enabled: true
|
||||
mountPath: "/opt/guacamole/postgresql"
|
||||
|
||||
initContainers:
|
||||
1-creat-initdb-file:
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
volumeMounts:
|
||||
- name: initdbdata
|
||||
mountPath: "/initdbdata"
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- >
|
||||
echo "Creating initdb.sql file...";
|
||||
/opt/guacamole/bin/initdb.sh --postgres > /initdbdata/initdb.sql;
|
||||
if [ -e /initdbdata/initdb.sql ];
|
||||
then
|
||||
echo "Init file created successfully!";
|
||||
exit 0;
|
||||
else
|
||||
echo "Init file failed to create.";
|
||||
exit 1;
|
||||
fi;
|
||||
2-initdb:
|
||||
image: "{{ .Values.postgresqlImage.repository }}:{{ .Values.postgresqlImage.tag }}"
|
||||
env:
|
||||
- name: POSTGRES_DATABASE
|
||||
value: "{{ .Values.postgresql.postgresqlDatabase }}"
|
||||
- name: POSTGRES_USER
|
||||
value: "{{ .Values.postgresql.postgresqlUsername }}"
|
||||
- name: POSTGRES_PORT
|
||||
value: "5432"
|
||||
- name: POSTGRES_HOSTNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: plainhost
|
||||
- name: PGPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: postgresql-password
|
||||
volumeMounts:
|
||||
- name: initdbdata
|
||||
mountPath: "/initdbdata"
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- >
|
||||
echo "Waiting for DB to be ready...";
|
||||
DBREADY=0;
|
||||
for i in {1..10};
|
||||
do pg_isready -t 5 -h $POSTGRES_HOSTNAME -d $POSTGRES_DATABASE -U $POSTGRES_USER -p $POSTGRES_PORT;
|
||||
if [ $? -eq 0 ];
|
||||
then echo "DB is ready!";
|
||||
DBREADY=1;
|
||||
break;
|
||||
else echo "DB not ready yet.";
|
||||
fi;
|
||||
echo "Waiting...";
|
||||
sleep 5;
|
||||
done;
|
||||
if [ $DBREADY -eq 1 ];
|
||||
then echo "Initializing DB's schema...";
|
||||
psql -h $POSTGRES_HOSTNAME -d $POSTGRES_DATABASE -U $POSTGRES_USER -p $POSTGRES_PORT -a -w -f /initdbdata/initdb.sql;
|
||||
if [ $? -eq 0 ];
|
||||
then echo "DB's schema initialized successfully!";
|
||||
exit 0;
|
||||
else echo "DB's schema failed to initialize.";
|
||||
exit 1;
|
||||
fi;
|
||||
else echo "DB failed to start.";
|
||||
fi;
|
||||
|
||||
# Until they release an image with the updated driver, we need to manually replace it.
|
||||
# https://issues.apache.org/jira/browse/GUACAMOLE-1433
|
||||
# https://github.com/apache/guacamole-client/pull/655
|
||||
# Both 3-temp-hach and 4-temp-hack will be removed on the next image release
|
||||
3-temp-hack:
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
securityContext:
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
volumeMounts:
|
||||
- name: temphack
|
||||
mountPath: "/opt/guacamole/postgresql-hack"
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- >
|
||||
echo "Checing postgresql driver version...";
|
||||
if [ -e /opt/guacamole/postgresql/postgresql-42.2.24.jre7.jar ];
|
||||
then echo "Version found is correct.";
|
||||
exit 0;
|
||||
else echo "Old version found. Will try to download a known-to-work version.";
|
||||
echo "Downloading (postgresql-42.2.24.jre7.jar)...";
|
||||
curl -L "https://jdbc.postgresql.org/download/postgresql-42.2.24.jre7.jar" > "/opt/guacamole/postgresql-hack/postgresql-42.2.24.jre7.jar";
|
||||
if [ -e /opt/guacamole/postgresql-hack/postgresql-42.2.24.jre7.jar ];
|
||||
then echo "Downloaded successfully!";
|
||||
cp -r /opt/guacamole/postgresql/* /opt/guacamole/postgresql-hack/;
|
||||
if [ -e /opt/guacamole/postgresql-hack/postgresql-9.4-1201.jdbc41.jar ];
|
||||
then echo "Removing old version... (postgresql-9.4-1201.jdbc41.jar)";
|
||||
rm "/opt/guacamole/postgresql-hack/postgresql-9.4-1201.jdbc41.jar";
|
||||
if [ $? -eq 0 ];
|
||||
then echo "Removed successfully!";
|
||||
else "Failed to remove.";
|
||||
exit 1;
|
||||
fi;
|
||||
fi;
|
||||
else echo "Failed to download.";
|
||||
exit 1;
|
||||
fi;
|
||||
fi;
|
||||
4-temp-hack:
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
securityContext:
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
volumeMounts:
|
||||
- name: temphack
|
||||
mountPath: "/opt/guacamole/postgresql-hack"
|
||||
- name: temphackalso
|
||||
mountPath: "/opt/guacamole/postgresql"
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- >
|
||||
echo "Copying postgres driver into the final destination.";
|
||||
cp -r /opt/guacamole/postgresql-hack/* /opt/guacamole/postgresql/;
|
||||
if [ -e /opt/guacamole/postgresql/postgresql-42.2.24.jre7.jar ];
|
||||
then echo "Driver copied successfully!";
|
||||
else echo "Failed to copy the driver";
|
||||
fi;
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 17 KiB |
@@ -48,7 +48,8 @@ These defaults can of course be changed, but as we guarantee "sane, working defa
|
||||
| node-red | main | main | 1880 | TCP | |
|
||||
| mosquitto | main | main | 1883 | TCP | |
|
||||
| minisatip | discovery | discovery | 1900 | UDP | |
|
||||
| owncast | rtmp | rtmp | 1935 | TCP | |
|
||||
| owncast | rtmp | rtmp | 1935 | TCP | Potential conflict with frigate |
|
||||
| frigate | rtmp | rtmp | 1935 | TCP | Potential conflict with owncast |
|
||||
| ubooquity | main | main | 2202 | TCP | |
|
||||
| gitea | ssh | ssh | 2222 | TCP | |
|
||||
| photoprism | main | main | 2342 | TCP | |
|
||||
@@ -70,6 +71,7 @@ These defaults can of course be changed, but as we guarantee "sane, working defa
|
||||
| navidrome | main | main | 4533 | TCP | |
|
||||
| requestrr | main | main | 4545 | TCP | |
|
||||
| guacd | main | main | 4822 | TCP | |
|
||||
| frigate | main | main | 5000 | TCP | |
|
||||
| ipfs | api | api | 5001 | TCP | |
|
||||
| appdaemon | main | main | 5050 | TCP | |
|
||||
| overseer | main | main | 5055 | TCP | |
|
||||
@@ -224,6 +226,7 @@ These defaults can of course be changed, but as we guarantee "sane, working defa
|
||||
| static | main | main | 10077 | TCP | |
|
||||
| twtxt | main | main | 10078 | TCP | |
|
||||
| emby | main | main | 10079 | TCP | |
|
||||
| guacamole-client | main | main | 10080 | TCP | |
|
||||
| davos | main | main | 10081 | TCP | |
|
||||
| fireflyiii | main | main | 10082 | TCP | |
|
||||
| fossil | main | main | 10083 | TCP | |
|
||||
|
||||
Reference in New Issue
Block a user