feat(guacamole-client): Add guacamole-client (#1696)

* feat(guacamole-client): Add guacamole-client

* doc port

* multiple line command

* test again

* hmm

* maybe?

* more scripting

* ok you lil princess

* okay

* array?

* maybe?

* -.-

* whoops

* ;

* making steps!

* try that way

* path

* clean it a bit

* apply hack

* try guacamole user

* fine fine

* check

* lets try

* whoops

* different approach

* test

* lets see

* almost there

* please no more initContainers :D

* cp

* clean up

* rem line

* bump common and pg

* move to configmap and prepare totp

* let image set the defaults

* comment out until is ready

* actually comment

* add header

* add api

* add json

* update json questions

* add duo

* update values

* update

* restructure

* error?

* nop

* add cas

* add openid

* restructure

* clean ui by hidding modules behide checkboxs + add required fields

* add radius ui, configmap pending

* finish radius

* no

* add ldap

* update common

* sync with the last changes

* keep portal path to questions for now

* doc frigate ports
This commit is contained in:
Stavros Kois
2022-01-14 10:34:14 +02:00
committed by GitHub
parent 0ee2dc80d7
commit b4845312ae
7 changed files with 1314 additions and 1 deletions
@@ -0,0 +1,33 @@
apiVersion: v2
appVersion: "1.4.0"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.13.0
- condition: postgresql.enabled
name: postgresql
repository: https://truecharts.org/
version: 6.0.49
description: Apache Guacamole is a clientless remote desktop gateway.
home: https://github.com/truecharts/apps/tree/master/charts/stable/guacamole-client
icon: https://truecharts.org/_static/img/appicons/guacamole-client-icon.png
keywords:
- guacamole
- remote
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: guacamole-client
sources:
- https://github.com/apache/guacamole-client
- https://hub.docker.com/r/guacamole/guacamole
- http://guacamole.incubator.apache.org/doc/gug/introduction.html
type: application
version: 0.0.1
annotations:
truecharts.org/catagories: |
- utilities
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
@@ -0,0 +1,811 @@
# Include{groups}
portals:
web_portal:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
path: "/guacamole"
questions:
- variable: portal
group: "Container Image"
label: "Configure Portal Button"
schema:
type: dict
hidden: true
attrs:
- variable: enabled
label: "Enable"
description: "enable the portal button"
schema:
hidden: true
editable: false
type: boolean
default: true
# Include{global}
- variable: controller
group: "Controller"
label: ""
schema:
type: dict
attrs:
- variable: advanced
label: "Show Advanced Controller Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: type
description: "Please specify type of workload to deploy"
label: "(Advanced) Controller Type"
schema:
type: string
default: "deployment"
required: true
enum:
- value: "deployment"
description: "Deployment"
- value: "statefulset"
description: "Statefulset"
- value: "daemonset"
description: "Daemonset"
- variable: replicas
description: "Number of desired pod replicas"
label: "Desired Replicas"
schema:
type: int
default: 1
required: true
- variable: strategy
description: "Please specify type of workload to deploy"
label: "(Advanced) Update Strategy"
schema:
type: string
default: "Recreate"
required: true
enum:
- value: "Recreate"
description: "Recreate: Kill existing pods before creating new ones"
- value: "RollingUpdate"
description: "RollingUpdate: Create new pods and then kill old ones"
- value: "OnDelete"
description: "(Legacy) OnDelete: ignore .spec.template changes"
# Include{controllerExpert}
- variable: env
group: "Container Configuration"
label: "Image Environment"
schema:
type: dict
attrs:
# Include{fixedEnv}
- variable: GUACD_HOSTNAME
label: "Guacd Hostname"
description: "The hostname of the guacd instance to use to establish remote desktop connections"
schema:
type: string
default: ""
- variable: GUACD_PORT
label: "Guacd Port"
description: "The port that Guacamole should use when connecting to guacd."
schema:
type: int
default: 4822
# Include{containerConfig}
- variable: api
group: "App Configuration"
label: "API Configuration"
schema:
type: dict
attrs:
- variable: API_SESSION_TIMEOUT
label: "API Session Timeout (Leave blank for default)"
schema:
type: string
default: ""
- variable: totp
group: "App Configuration"
label: "TOTP Configuration"
schema:
type: dict
attrs:
- variable: TOTP_ENABLED
label: "Enable TOTP"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: TOTP_ISSUER
label: "TOTP Issuer (Leave blank for default)"
schema:
type: string
default: ""
- variable: TOTP_DIGITS
label: "TOTP Digits"
schema:
type: string
default: ""
enum:
- value: ""
description: "default"
- value: "6"
description: "6"
- value: "7"
description: "7"
- value: "8"
description: "8"
- variable: TOTP_PERIOD
label: "TOTP Period (Leave blank for default)"
schema:
type: string
default: ""
- variable: TOTP_MODE
label: "TOTP Mode"
schema:
type: string
default: ""
enum:
- value: ""
description: "default"
- value: "sha1"
description: "sha1"
- value: "sha256"
description: "sha256"
- value: "sha512"
description: "sha512"
- variable: header
group: "App Configuration"
label: "Header Configuration"
schema:
type: dict
attrs:
- variable: HEADER_ENABLED
label: "Enable Header"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: HTTP_AUTH_HEADER
label: "HTTP Auth Header (Leave blank for default)"
schema:
type: string
default: ""
- variable: json
group: "App Configuration"
label: "JSON Configuration"
schema:
type: dict
attrs:
- variable: json_enabled
label: "Enable JSON"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: JSON_SECRET_KEY
label: "JSON Secret Key"
schema:
type: string
required: true
default: ""
- variable: JSON_TRUSTED_NETWORKS
label: "JSON Trusted Networks (Leave blank for unrestricted"
description: "Comma separated list e.g.: 127.0.0.0/8, 10.0.0.0/8"
schema:
type: string
default: ""
- variable: duo
group: "App Configuration"
label: "DUO Configuration"
schema:
type: dict
attrs:
- variable: duo_enabled
label: "Enable DUO"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: DUO_API_HOSTNAME
label: "DUO API Hostname (api-XXXXXXXX.duosecurity.com)"
schema:
type: string
required: true
default: ""
- variable: DUO_INTEGRATION_KEY
label: "DUO Integration Key (Exactly 20 chars)"
schema:
min_length: 20
max_length: 20
type: string
required: true
default: ""
- variable: DUO_SECRET_KEY
label: "DUO Secret Key (Exactly 40 chars)"
schema:
min_length: 40
max_length: 40
type: string
required: true
default: ""
- variable: DUO_APPLICATION_KEY
label: "DUO Application Key (At least 40 chars)"
schema:
min_length: 40
type: string
required: true
default: ""
- variable: cas
group: "App Configuration"
label: "CAS Configuration"
schema:
type: dict
attrs:
- variable: cas_enabled
label: "Enable CAS"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: CAS_AUTHORIZATION_ENDPOINT
label: "CAS Authorization Endpoint"
schema:
type: string
required: true
default: ""
- variable: CAS_REDIRECT_URI
label: "CAS Redirect URI"
schema:
type: string
required: true
default: ""
- variable: CAS_CLEARPASS_KEY
label: "CAS Clearpass Key"
schema:
type: string
default: ""
- variable: CAS_GROUP_ATTRIBUTE
label: "CAS Group Attribute"
schema:
type: string
default: ""
- variable: CAS_GROUP_FORMAT
label: "CAS Group Format"
schema:
type: string
default: ""
enum:
- value: ""
description: "default"
- value: "plain"
description: "plain"
- value: "ldap"
description: "ldap"
- variable: CAS_GROUP_LDAP_BASE_DN
label: "CAS Group LDAP Base DN"
schema:
type: string
default: ""
- variable: CAS_GROUP_LDAP_ATTRIBUTE
label: "CAS Group LDAP Attribute"
schema:
type: string
default: ""
- variable: openid
group: "App Configuration"
label: "OpenID Configuration"
schema:
type: dict
attrs:
- variable: openid_enabled
label: "Enable OpenID"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: OPENID_AUTHORIZATION_ENDPOINT
label: "OpenID Authorization Endpoint"
schema:
type: string
required: true
default: ""
- variable: OPENID_JWKS_ENDPOINT
label: "OpenID JWKS Endpoint"
schema:
type: string
required: true
default: ""
- variable: OPENID_ISSUER
label: "OpenID Issuer"
schema:
type: string
required: true
default: ""
- variable: OPENID_CLIENT_ID
label: "OpenID Client ID"
schema:
type: string
required: true
default: ""
- variable: OPENID_REDIRECT_URI
label: "OpenID Redirect URI"
schema:
type: string
required: true
default: ""
- variable: OPENID_USERNAME_CLAIM_TYPE
label: "OpenID Username Claim Type (Leave blank for default)"
schema:
type: string
default: ""
- variable: OPENID_GROUPS_CLAIM_TYPE
label: "OpenID Groups Claim Type (Leave blank for default)"
schema:
type: string
default: ""
- variable: OPENID_MAX_TOKEN_VALIDITY
label: "OpenID Max Token Validity (Leave blank for default)"
schema:
type: string
default: ""
- variable: radius
group: "App Configuration"
label: "Radius Configuration"
schema:
type: dict
attrs:
- variable: radius_enabled
label: "Enable Radius"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: RADIUS_SHARED_SECRET
label: "Radius Shared Secret"
schema:
type: string
required: true
default: ""
- variable: RADIUS_AUTH_PROTOCOL
label: "Radius Auth Protocol"
schema:
type: string
required: true
default: "eap-tls"
enum:
- value: "pap"
description: "pap"
- value: "chap"
description: "chap"
- value: "mschapv1"
description: "mschapv1"
- value: "mschapv2"
description: "mschapv2"
- value: "eap-md5"
description: "eap-md5"
- value: "eap-tls"
description: "eap-tls"
- value: "eap-ttls"
description: "eap-ttls"
- variable: RADIUS_HOSTNAME
label: "Radius Hostname (Leave blank for default)"
schema:
type: string
default: ""
- variable: RADIUS_AUTH_PORT
label: "Radius Auth Port (Leave blank for default)"
schema:
type: string
default: ""
- variable: RADIUS_KEY_FILE
label: "Radius Key File (Leave blank for default)"
schema:
type: string
default: ""
- variable: RADIUS_KEY_TYPE
label: "Radius Key Type"
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "pem"
description: "pem"
- value: "jceks"
description: "jceks"
- value: "jks"
description: "jks"
- value: "pkcs12"
description: "pkcs12"
- variable: RADIUS_KEY_PASSWORD
label: "Radius Key Password (Leave blank if no password)"
schema:
type: string
default: ""
- variable: RADIUS_CA_FILE
label: "Radius CA File (Leave blank for default)"
schema:
type: string
default: ""
- variable: RADIUS_CA_TYPE
label: "Radius CA Type"
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "pem"
description: "pem"
- value: "jceks"
description: "jceks"
- value: "jks"
description: "jks"
- value: "pkcs12"
description: "pkcs12"
- variable: RADIUS_CA_PASSWORD
label: "Radius CA Password (Leave blank if no password)"
schema:
type: string
default: ""
- variable: RADIUS_TRUST_ALL
label: "Radius Trust All"
schema:
type: boolean
default: false
- variable: RADIUS_RETRIES
label: "Radius Retries (Leave blank for default)"
schema:
type: string
default: ""
- variable: RADIUS_TIMEOUT
label: "Radius Timeout (Leave blank for default)"
schema:
type: string
default: ""
- variable: RADIUS_EAP_TTLS_INNER_PROTOCOL
label: "Radius eap-ttls Inner Protocol"
description: "Only has effect when RADIUS_AUTH_PROTOCOL is set to eap-ttls"
schema:
type: string
default: "eap-tls"
enum:
- value: "pap"
description: "pap"
- value: "chap"
description: "chap"
- value: "mschapv1"
description: "mschapv1"
- value: "mschapv2"
description: "mschapv2"
- value: "eap-md5"
description: "eap-md5"
- value: "eap-tls"
description: "eap-tls"
- variable: ldap
group: "App Configuration"
label: "LDAP Configuration"
schema:
type: dict
attrs:
- variable: ldap_enabled
label: "Enable LDAP"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: LDAP_HOSTNAME
label: "LDAP Hostname (Leave blank for default)"
schema:
type: string
required: true
default: ""
- variable: LDAP_USER_BASE_DN
label: "LDAP User Base DN"
schema:
type: string
required: true
default: ""
- variable: LDAP_PORT
label: "LDAP Port (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_ENCRYPTION_METHOD
label: "LDAP Encryption Method (Leave blank for default)"
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "none"
description: "none"
- value: "ssl"
description: "ssl"
- value: "starttls"
description: "starttls"
- variable: LDAP_MAX_SEARCH_RESULTS
label: "LDAP Max Search Results (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_SEARCH_BIND_DN
label: "LDAP Search Bind DN (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_USER_ATTRIBUTES
label: "LDAP User Attributes"
schema:
type: string
default: ""
- variable: LDAP_SEARCH_BIND_PASSWORD
label: "LDAP Search Bind Password (Leave blank if no password)"
schema:
type: string
default: ""
- variable: LDAP_USERNAME_ATTRIBUTE
label: "LDAP Username Attribute"
schema:
type: string
default: ""
- variable: LDAP_MEMBER_ATTRIBUTE
label: "LDAP Member Attribute"
schema:
type: string
default: ""
- variable: LDAP_USER_SEARCH_FILTER
label: "LDAP User Search Filter (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_CONFIG_BASE_DN
label: "LDAP Config Base DN"
schema:
type: string
default: ""
- variable: LDAP_GROUP_BASE_DN
label: "LDAP Group Base DN"
schema:
type: string
default: ""
- variable: LDAP_GROUP_SEARCH_FILTER
label: "LDAP Group Search Filter (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_MEMBER_ATTRIBUTE_TYPE
label: "LDAP Encryption Method"
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "dn"
description: "dn"
- value: "uid"
description: "uid"
- variable: LDAP_GROUP_NAME_ATTRIBUTE
label: "LDAP Group Name Attribute (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_DEREFERENCE_ALIASES
label: "LDAP Dereference Aliases"
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "never"
description: "never"
- value: "searching"
description: "searching"
- value: "finding"
description: "finding"
- value: "always"
description: "always"
- variable: LDAP_FOLLOW_REFERRALS
label: "LDAP Follow Referrals"
schema:
type: boolean
default: false
- variable: LDAP_MAX_REFERRAL_HOPS
label: "LDAP Max Referrals Hops (Leave blank for default)"
schema:
type: string
default: ""
- variable: LDAP_OPERATION_TIMEOUT
label: "LDAP Operation Timeout (Leave blank for default)"
schema:
type: string
default: ""
- variable: service
group: "Networking and Services"
label: "Configure Service(s)"
schema:
type: dict
attrs:
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
type: dict
attrs:
# Include{serviceSelector}
- variable: main
label: "Main Service Port Configuration"
schema:
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 10080
required: true
- variable: advanced
label: "Show Advanced settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: enabled
label: "Enable the port"
schema:
type: boolean
default: true
- variable: protocol
label: "Port Type"
schema:
type: string
default: "HTTP"
enum:
- value: HTTP
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- value: TCP
description: "TCP"
- value: "UDP"
description: "UDP"
- variable: nodePort
label: "Node Port (Optional)"
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
schema:
type: int
min: 9000
max: 65535
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 8080
- variable: serviceexpert
group: "Networking and Services"
label: "Show Expert Config"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostNetwork
group: "Networking and Services"
label: "Host-Networking (Complicated)"
schema:
type: boolean
default: false
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceList}
- variable: ingress
label: ""
group: "Ingress"
schema:
type: dict
attrs:
- variable: main
label: "Main Ingress"
schema:
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
# Include{ingressList}
- variable: advancedSecurity
label: "Show Advanced Security Settings"
group: "Security and Permissions"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: securityContext
label: "Security Context"
schema:
type: dict
attrs:
- variable: privileged
label: "Privileged mode"
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: true
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: "runAsNonRoot"
schema:
type: boolean
default: true
# Include{securityContextAdvanced}
- variable: podSecurityContext
group: "Security and Permissions"
label: "Pod Security Context"
schema:
type: dict
attrs:
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 568
- variable: runAsGroup
label: "runAsGroup"
description: The groupID this App of the user running the application"
schema:
type: int
default: 568
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 568
# Include{podSecurityContextAdvanced}
# Include{resources}
# Include{advanced}
# Include{addons}
@@ -0,0 +1,189 @@
{{/* Define the configmap */}}
{{- define "guacamole-client.configmap" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: guacamole-client-env
data:
{{/* API */}}
{{- if .Values.api.API_SESSION_TIMEOUT }}
API_SESSION_TIMEOUT: {{ .Values.api.API_SESSION_TIMEOUT | quote }}
{{- end }}
{{/* TOTP */}}
{{- if eq .Values.totp.TOTP_ENABLED true }}
TOTP_ENABLED: {{ .Values.totp.TOTP_ENABLED | quote }}
{{- if .Values.totp.TOTP_ISSUER }}
TOTP_ISSUER: {{ .Values.totp.TOTP_ISSUER | quote }}
{{- end }}
{{- if .Values.totp.TOTP_DIGITS }}
TOTP_DIGITS: {{ .Values.totp.TOTP_DIGITS | quote }}
{{- end }}
{{- if .Values.totp.TOTP_PERIOD }}
TOTP_PERIOD: {{ .Values.totp.TOTP_PERIOD | quote }}
{{- end }}
{{- if .Values.totp.TOTP_MODE }}
TOTP_MODE: {{ .Values.totp.TOTP_MODE | quote }}
{{- end }}
{{- end }}
{{/* HEADER */}}
{{- if eq .Values.header.HEADER_ENABLED true }}
HEADER_ENABLED: {{ .Values.header.HEADER_ENABLED | quote }}
{{- if .Values.header.HTTP_AUTH_HEADER }}
HTTP_AUTH_HEADER: {{ .Values.header.HTTP_AUTH_HEADER | quote }}
{{- end }}
{{- end }}
{{/* JSON */}}
{{- if .Values.json.JSON_SECRET_KEY }}
JSON_SECRET_KEY: {{ .Values.json.JSON_SECRET_KEY | quote }}
{{- if .Values.json.JSON_TRUSTED_NETWORKS }}
JSON_TRUSTED_NETWORKS: {{ .Values.json.JSON_TRUSTED_NETWORKS | quote }}
{{- end }}
{{- end }}
{{/* DUO */}}
{{- if and .Values.duo.DUO_API_HOSTNAME .Values.duo.DUO_INTEGRATION_KEY .Values.duo.DUO_SECRET_KEY .Values.duo.DUO_APPLICATION_KEY }}
DUO_API_HOSTNAME: {{ .Values.duo.DUO_API_HOSTNAME | quote }}
DUO_INTEGRATION_KEY: {{ .Values.duo.DUO_INTEGRATION_KEY | quote }}
DUO_SECRET_KEY: {{ .Values.duo.DUO_SECRET_KEY | quote }}
DUO_APPLICATION_KEY: {{ .Values.duo.DUO_APPLICATION_KEY | quote }}
{{- end }}
{{/* CAS */}}
{{- if and .Values.cas.CAS_AUTHORIZATION_ENDPOINT .Values.cas.CAS_REDIRECT_URI }}
CAS_AUTHORIZATION_ENDPOINT: {{ .Values.cas.CAS_AUTHORIZATION_ENDPOINT | quote }}
CAS_REDIRECT_URI: {{ .Values.cas.CAS_REDIRECT_URI | quote }}
{{- if .Values.cas.CAS_CLEARPASS_KEY }}
CAS_CLEARPASS_KEY: {{ .Values.cas.CAS_CLEARPASS_KEY | quote }}
{{- end }}
{{- if .Values.cas.CAS_GROUP_ATTRIBUTE }}
CAS_GROUP_ATTRIBUTE: {{ .Values.cas.CAS_GROUP_ATTRIBUTE | quote }}
{{- if .Values.cas.CAS_GROUP_FORMAT }}
CAS_GROUP_FORMAT: {{ .Values.cas.CAS_GROUP_FORMAT | quote }}
{{- if eq .Values.cas.CAS_GROUP_FORMAT "ldap" }}
{{- if .Values.cas.CAS_GROUP_LDAP_BASE_DN }}
CAS_GROUP_LDAP_BASE_DN: {{ .Values.cas.CAS_GROUP_LDAP_BASE_DN | quote }}
{{- if .Values.cas.CAS_GROUP_LDAP_ATTRIBUTE }}
CAS_GROUP_LDAP_ATTRIBUTE: {{ .Values.cas.CAS_GROUP_LDAP_ATTRIBUTE | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{/* OpenID */}}
{{- if and .Values.openid.OPENID_AUTHORIZATION_ENDPOINT .Values.openid.OPENID_JWKS_ENDPOINT .Values.openid.OPENID_ISSUER .Values.openid.OPENID_CLIENT_ID .Values.openid.OPENID_REDIRECT_URI }}
OPENID_AUTHORIZATION_ENDPOINT: {{ .Values.openid.OPENID_AUTHORIZATION_ENDPOINT | quote }}
OPENID_JWKS_ENDPOINT: {{ .Values.openid.OPENID_JWKS_ENDPOINT | quote }}
OPENID_ISSUER: {{ .Values.openid.OPENID_ISSUER | quote }}
OPENID_CLIENT_ID: {{ .Values.openid.OPENID_CLIENT_ID | quote }}
OPENID_REDIRECT_URI: {{ .Values.openid.OPENID_REDIRECT_URI | quote }}
{{- if .Values.openid.OPENID_USERNAME_CLAIM_TYPE }}
OPENID_USERNAME_CLAIM_TYPE: {{ .Values.openid.OPENID_USERNAME_CLAIM_TYPE | quote }}
{{- end }}
{{- if .Values.openid.OPENID_GROUPS_CLAIM_TYPE }}
OPENID_GROUPS_CLAIM_TYPE: {{ .Values.openid.OPENID_GROUPS_CLAIM_TYPE | quote }}
{{- end }}
{{- if .Values.openid.OPENID_MAX_TOKEN_VALIDITY }}
OPENID_MAX_TOKEN_VALIDITY: {{ .Values.openid.OPENID_MAX_TOKEN_VALIDITY | quote }}
{{- end }}
{{- end }}
{{/* RADIUS */}}
{{- if and .Values.radius.RADIUS_SHARED_SECRET .Values.radius.RADIUS_AUTH_PROTOCOL }}
RADIUS_SHARED_SECRET: {{ .Values.radius.RADIUS_SHARED_SECRET | quote }}
RADIUS_AUTH_PROTOCOL: {{ .Values.radius.RADIUS_AUTH_PROTOCOL | quote }}
{{- if .Values.radius.RADIUS_HOSTNAME }}
RADIUS_HOSTNAME: {{ .Values.radius.RADIUS_HOSTNAME | quote }}
{{- end }}
{{- if .Values.radius.RADIUS_AUTH_PORT }}
RADIUS_AUTH_PORT: {{ .Values.radius.RADIUS_AUTH_PORT | quote }}
{{- end }}
{{- if .Values.radius.RADIUS_KEY_FILE }}
RADIUS_KEY_FILE: {{ .Values.radius.RADIUS_KEY_FILE | quote }}
{{- end }}
{{- if .Values.radius.RADIUS_KEY_TYPE }}
RADIUS_KEY_TYPE: {{ .Values.radius.RADIUS_KEY_TYPE | quote }}
{{- end }}
{{- if .Values.radius.RADIUS_KEY_PASSWORD }}
RADIUS_KEY_PASSWORD: {{ .Values.radius.RADIUS_KEY_PASSWORD | quote }}
{{- end }}
{{- if .Values.radius.RADIUS_CA_FILE }}
RADIUS_CA_FILE: {{ .Values.radius.RADIUS_CA_FILE | quote }}
{{- end }}
{{- if .Values.radius.RADIUS_CA_TYPE }}
RADIUS_CA_TYPE: {{ .Values.radius.RADIUS_CA_TYPE | quote }}
{{- end }}
{{- if .Values.radius.RADIUS_CA_PASSWORD }}
RADIUS_CA_PASSWORD: {{ .Values.radius.RADIUS_CA_PASSWORD | quote }}
{{- end }}
{{- if .Values.radius.RADIUS_TRUST_ALL }}
RADIUS_TRUST_ALL: {{ .Values.radius.RADIUS_TRUST_ALL | quote }}
{{- end }}
{{- if .Values.radius.RADIUS_RETRIES }}
RADIUS_RETRIES: {{ .Values.radius.RADIUS_RETRIES | quote }}
{{- end }}
{{- if .Values.radius.RADIUS_TIMEOUT }}
RADIUS_TIMEOUT: {{ .Values.radius.RADIUS_TIMEOUT | quote }}
{{- end }}
{{- if .Values.radius.RADIUS_EAP_TTLS_INNER_PROTOCOL }}
RADIUS_EAP_TTLS_INNER_PROTOCOL: {{ .Values.radius.RADIUS_EAP_TTLS_INNER_PROTOCOL | quote }}
{{- end }}
{{- end }}
{{/* LDAP */}}
{{- if and .Values.ldap.LDAP_HOSTNAME .Values.ldap.LDAP_USER_BASE_DN }}
LDAP_HOSTNAME: {{ .Values.ldap.LDAP_HOSTNAME | quote }}
LDAP_USER_BASE_DN: {{ .Values.ldap.LDAP_USER_BASE_DN | quote }}
{{- if .Values.ldap.LDAP_PORT }}
LDAP_PORT: {{ .Values.ldap.LDAP_PORT | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_ENCRYPTION_METHOD }}
LDAP_ENCRYPTION_METHOD: {{ .Values.ldap.LDAP_ENCRYPTION_METHOD | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_MAX_SEARCH_RESULTS }}
LDAP_MAX_SEARCH_RESULTS: {{ .Values.ldap.LDAP_MAX_SEARCH_RESULTS | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_SEARCH_BIND_DN }}
LDAP_SEARCH_BIND_DN: {{ .Values.ldap.LDAP_SEARCH_BIND_DN | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_USER_ATTRIBUTES }}
LDAP_USER_ATTRIBUTES: {{ .Values.ldap.LDAP_USER_ATTRIBUTES | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_SEARCH_BIND_PASSWORD }}
LDAP_SEARCH_BIND_PASSWORD: {{ .Values.ldap.LDAP_SEARCH_BIND_PASSWORD | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_USERNAME_ATTRIBUTE }}
LDAP_USERNAME_ATTRIBUTE: {{ .Values.ldap.LDAP_USERNAME_ATTRIBUTE | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_MEMBER_ATTRIBUTE }}
LDAP_MEMBER_ATTRIBUTE: {{ .Values.ldap.LDAP_MEMBER_ATTRIBUTE | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_USER_SEARCH_FILTER }}
LDAP_USER_SEARCH_FILTER: {{ .Values.ldap.LDAP_USER_SEARCH_FILTER | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_CONFIG_BASE_DN }}
LDAP_CONFIG_BASE_DN: {{ .Values.ldap.LDAP_CONFIG_BASE_DN | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_GROUP_BASE_DN }}
LDAP_GROUP_BASE_DN: {{ .Values.ldap.LDAP_GROUP_BASE_DN | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_GROUP_SEARCH_FILTER }}
LDAP_GROUP_SEARCH_FILTER: {{ .Values.ldap.LDAP_GROUP_SEARCH_FILTER | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_MEMBER_ATTRIBUTE_TYPE }}
LDAP_MEMBER_ATTRIBUTE_TYPE: {{ .Values.ldap.LDAP_MEMBER_ATTRIBUTE_TYPE | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_GROUP_NAME_ATTRIBUTE }}
LDAP_GROUP_NAME_ATTRIBUTE: {{ .Values.ldap.LDAP_GROUP_NAME_ATTRIBUTE | quote }}
{{- end }}
{{- if .Values.ldap.LDAP_DEREFERENCE_ALIASES }}
LDAP_DEREFERENCE_ALIASES: {{ .Values.ldap.LDAP_DEREFERENCE_ALIASES | quote }}
{{- end }}
{{- if eq .Values.ldap.LDAP_FOLLOW_REFERRALS "true"}}
LDAP_FOLLOW_REFERRALS: {{ .Values.ldap.LDAP_FOLLOW_REFERRALS | quote }}
{{- if .Values.ldap.LDAP_MAX_REFERRAL_HOPS }}
LDAP_MAX_REFERRAL_HOPS: {{ .Values.ldap.LDAP_MAX_REFERRAL_HOPS | quote }}
{{- end }}
{{- end }}
{{- if .Values.ldap.LDAP_OPERATION_TIMEOUT }}
LDAP_OPERATION_TIMEOUT: {{ .Values.ldap.LDAP_OPERATION_TIMEOUT | quote }}
{{- end }}
{{- end }}
{{- end -}}
@@ -0,0 +1,8 @@
{{/* Make sure all variables are set properly */}}
{{ include "common.setup" . }}
{{/* Render configmap for vaultwarden */}}
{{- include "guacamole-client.configmap" . }}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}
@@ -0,0 +1,269 @@
image:
repository: tccr.io/truecharts/guacamole-client
pullPolicy: IfNotPresent
tag: v1.4.0@sha256:43f7b0575173f509b5215a89170dfea80ea07f0b2bfed405882a4bc7ec9dfa52
podSecurityContext:
runAsUser: 1001
runAsGroup: 1001
securityContext:
readOnlyRootFilesystem: false
service:
main:
ports:
main:
port: 10080
targetPort: 8080
env:
POSTGRES_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}"
POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}"
POSTGRES_PORT: 5432
GUACD_HOSTNAME: "localhost"
GUACD_PORT: 4822
totp:
TOTP_ENABLED: false
# TOTP_ISSUER: "Apache Guacamole"
# TOTP_DIGITS: "6"
# TOTP_PERIOD: "30"
# TOTP_MODE: "sha1"
header:
HEADER_ENABLED: false
# HTTP_AUTH_HEADER: "REMOTE_USER"
api: {}
# API_SESSION_TIMEOUT: "60"
json: {}
# JSON_SECRET_KEY: "random32charkey"
# JSON_TRUSTED_NETWORKS: "127.0.0.0/8, 10.0.0.0/8"
duo: {}
# DUO_API_HOSTNAME: "api-XXXXXXXX.duosecurity.com"
# DUO_INTEGRATION_KEY: "exactly20charkey"
# DUO_SECRET_KEY: "exactly40charkey"
# DUO_APPLICATION_KEY: "atleast40charkey"
cas: {}
# CAS_AUTHORIZATION_ENDPOINT: ""
# CAS_REDIRECT_URI: ""
# CAS_CLEARPASS_KEY: ""
# CAS_GROUP_ATTRIBUTE: ""
# CAS_GROUP_FORMAT: "plain"
# CAS_GROUP_LDAP_BASE_DN: ""
# CAS_GROUP_LDAP_ATTRIBUTE: ""
openid: {}
# OPENID_AUTHORIZATION_ENDPOINT: ""
# OPENID_JWKS_ENDPOINT: ""
# OPENID_ISSUER: ""
# OPENID_CLIENT_ID: ""
# OPENID_REDIRECT_URI: ""
# OPENID_USERNAME_CLAIM_TYPE: "email"
# OPENID_GROUPS_CLAIM_TYPE: "groups"
# OPENID_MAX_TOKEN_VALIDITY: "300"
radius: {}
# RADIUS_HOSTNAME: "localhost"
# RADIUS_AUTH_PORT: "1812"
# RADIUS_SHARED_SECRET: ""
# RADIUS_AUTH_PROTOCOL: "eap-tls"
# RADIUS_KEY_FILE: ""
# RADIUS_KEY_TYPE: "pkcs12"
# RADIUS_KEY_PASSWORD: ""
# RADIUS_CA_FILE: ""
# RADIUS_CA_TYPE: "pem"
# RADIUS_CA_PASSWORD: ""
# RADIUS_TRUST_ALL: "false"
# RADIUS_RETRIES: "5"
# RADIUS_TIMEOUT: "60"
# RADIUS_EAP_TTLS_INNER_PROTOCOL: "eap-tls"
ldap: {}
# LDAP_HOSTNAME: "localhost"
# LDAP_USER_BASE_DN: ""
# LDAP_PORT: "389"
# LDAP_ENCRYPTION_METHOD: "none"
# LDAP_MAX_SEARCH_RESULTS: "1000"
# LDAP_SEARCH_BIND_DN: ""
# LDAP_USER_ATTRIBUTES: ""
# LDAP_SEARCH_BIND_PASSWORD: ""
# LDAP_USERNAME_ATTRIBUTE: ""
# LDAP_MEMBER_ATTRIBUTE: ""
# LDAP_USER_SEARCH_FILTER: "(objectClass=*)"
# LDAP_CONFIG_BASE_DN: ""
# LDAP_GROUP_BASE_DN: ""
# LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)"
# LDAP_MEMBER_ATTRIBUTE_TYPE: "dn"
# LDAP_GROUP_NAME_ATTRIBUTE: "cn"
# LDAP_DEREFERENCE_ALIASES: "never"
# LDAP_FOLLOW_REFERRALS: "false"
# LDAP_MAX_REFERRAL_HOPS: "5"
# LDAP_OPERATION_TIMEOUT: "30"
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: guacamole
postgresqlDatabase: guacamole
envValueFrom:
POSTGRES_HOSTNAME:
secretKeyRef:
name: dbcreds
key: plainhost
POSTGRES_PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
probes:
liveness:
path: "/guacamole"
readiness:
path: "/guacamole"
startup:
path: "/guacamole"
persistence:
initdbdata:
enabled: true
mountPath: "/initdbdata"
# Both temphack and temphackalso will be removed on the next image release
temphack:
enabled: true
mountPath: "/opt/guacamole/postgresql-hack"
temphackalso:
enabled: true
mountPath: "/opt/guacamole/postgresql"
initContainers:
1-creat-initdb-file:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
volumeMounts:
- name: initdbdata
mountPath: "/initdbdata"
command: ["/bin/sh", "-c"]
args:
- >
echo "Creating initdb.sql file...";
/opt/guacamole/bin/initdb.sh --postgres > /initdbdata/initdb.sql;
if [ -e /initdbdata/initdb.sql ];
then
echo "Init file created successfully!";
exit 0;
else
echo "Init file failed to create.";
exit 1;
fi;
2-initdb:
image: "{{ .Values.postgresqlImage.repository }}:{{ .Values.postgresqlImage.tag }}"
env:
- name: POSTGRES_DATABASE
value: "{{ .Values.postgresql.postgresqlDatabase }}"
- name: POSTGRES_USER
value: "{{ .Values.postgresql.postgresqlUsername }}"
- name: POSTGRES_PORT
value: "5432"
- name: POSTGRES_HOSTNAME
valueFrom:
secretKeyRef:
name: dbcreds
key: plainhost
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: dbcreds
key: postgresql-password
volumeMounts:
- name: initdbdata
mountPath: "/initdbdata"
command: ["/bin/sh", "-c"]
args:
- >
echo "Waiting for DB to be ready...";
DBREADY=0;
for i in {1..10};
do pg_isready -t 5 -h $POSTGRES_HOSTNAME -d $POSTGRES_DATABASE -U $POSTGRES_USER -p $POSTGRES_PORT;
if [ $? -eq 0 ];
then echo "DB is ready!";
DBREADY=1;
break;
else echo "DB not ready yet.";
fi;
echo "Waiting...";
sleep 5;
done;
if [ $DBREADY -eq 1 ];
then echo "Initializing DB's schema...";
psql -h $POSTGRES_HOSTNAME -d $POSTGRES_DATABASE -U $POSTGRES_USER -p $POSTGRES_PORT -a -w -f /initdbdata/initdb.sql;
if [ $? -eq 0 ];
then echo "DB's schema initialized successfully!";
exit 0;
else echo "DB's schema failed to initialize.";
exit 1;
fi;
else echo "DB failed to start.";
fi;
# Until they release an image with the updated driver, we need to manually replace it.
# https://issues.apache.org/jira/browse/GUACAMOLE-1433
# https://github.com/apache/guacamole-client/pull/655
# Both 3-temp-hach and 4-temp-hack will be removed on the next image release
3-temp-hack:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
securityContext:
runAsUser: 1001
runAsGroup: 1001
volumeMounts:
- name: temphack
mountPath: "/opt/guacamole/postgresql-hack"
command: ["/bin/sh", "-c"]
args:
- >
echo "Checing postgresql driver version...";
if [ -e /opt/guacamole/postgresql/postgresql-42.2.24.jre7.jar ];
then echo "Version found is correct.";
exit 0;
else echo "Old version found. Will try to download a known-to-work version.";
echo "Downloading (postgresql-42.2.24.jre7.jar)...";
curl -L "https://jdbc.postgresql.org/download/postgresql-42.2.24.jre7.jar" > "/opt/guacamole/postgresql-hack/postgresql-42.2.24.jre7.jar";
if [ -e /opt/guacamole/postgresql-hack/postgresql-42.2.24.jre7.jar ];
then echo "Downloaded successfully!";
cp -r /opt/guacamole/postgresql/* /opt/guacamole/postgresql-hack/;
if [ -e /opt/guacamole/postgresql-hack/postgresql-9.4-1201.jdbc41.jar ];
then echo "Removing old version... (postgresql-9.4-1201.jdbc41.jar)";
rm "/opt/guacamole/postgresql-hack/postgresql-9.4-1201.jdbc41.jar";
if [ $? -eq 0 ];
then echo "Removed successfully!";
else "Failed to remove.";
exit 1;
fi;
fi;
else echo "Failed to download.";
exit 1;
fi;
fi;
4-temp-hack:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
securityContext:
runAsUser: 1001
runAsGroup: 1001
volumeMounts:
- name: temphack
mountPath: "/opt/guacamole/postgresql-hack"
- name: temphackalso
mountPath: "/opt/guacamole/postgresql"
command: ["/bin/sh", "-c"]
args:
- >
echo "Copying postgres driver into the final destination.";
cp -r /opt/guacamole/postgresql-hack/* /opt/guacamole/postgresql/;
if [ -e /opt/guacamole/postgresql/postgresql-42.2.24.jre7.jar ];
then echo "Driver copied successfully!";
else echo "Failed to copy the driver";
fi;
Binary file not shown.

After

Width:  |  Height:  |  Size: 17 KiB

+4 -1
View File
@@ -48,7 +48,8 @@ These defaults can of course be changed, but as we guarantee "sane, working defa
| node-red | main | main | 1880 | TCP | |
| mosquitto | main | main | 1883 | TCP | |
| minisatip | discovery | discovery | 1900 | UDP | |
| owncast | rtmp | rtmp | 1935 | TCP | |
| owncast | rtmp | rtmp | 1935 | TCP | Potential conflict with frigate |
| frigate | rtmp | rtmp | 1935 | TCP | Potential conflict with owncast |
| ubooquity | main | main | 2202 | TCP | |
| gitea | ssh | ssh | 2222 | TCP | |
| photoprism | main | main | 2342 | TCP | |
@@ -70,6 +71,7 @@ These defaults can of course be changed, but as we guarantee "sane, working defa
| navidrome | main | main | 4533 | TCP | |
| requestrr | main | main | 4545 | TCP | |
| guacd | main | main | 4822 | TCP | |
| frigate | main | main | 5000 | TCP | |
| ipfs | api | api | 5001 | TCP | |
| appdaemon | main | main | 5050 | TCP | |
| overseer | main | main | 5055 | TCP | |
@@ -224,6 +226,7 @@ These defaults can of course be changed, but as we guarantee "sane, working defa
| static | main | main | 10077 | TCP | |
| twtxt | main | main | 10078 | TCP | |
| emby | main | main | 10079 | TCP | |
| guacamole-client | main | main | 10080 | TCP | |
| davos | main | main | 10081 | TCP | |
| fireflyiii | main | main | 10082 | TCP | |
| fossil | main | main | 10083 | TCP | |