diff --git a/charts/incubator/guacamole-client/Chart.yaml b/charts/incubator/guacamole-client/Chart.yaml new file mode 100644 index 00000000000..3d13f8ba238 --- /dev/null +++ b/charts/incubator/guacamole-client/Chart.yaml @@ -0,0 +1,33 @@ +apiVersion: v2 +appVersion: "1.4.0" +dependencies: +- name: common + repository: https://truecharts.org + version: 8.13.0 +- condition: postgresql.enabled + name: postgresql + repository: https://truecharts.org/ + version: 6.0.49 +description: Apache Guacamole is a clientless remote desktop gateway. +home: https://github.com/truecharts/apps/tree/master/charts/stable/guacamole-client +icon: https://truecharts.org/_static/img/appicons/guacamole-client-icon.png +keywords: +- guacamole +- remote +kubeVersion: '>=1.16.0-0' +maintainers: +- email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: guacamole-client +sources: +- https://github.com/apache/guacamole-client +- https://hub.docker.com/r/guacamole/guacamole +- http://guacamole.incubator.apache.org/doc/gug/introduction.html +type: application +version: 0.0.1 +annotations: + truecharts.org/catagories: | + - utilities + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/charts/incubator/guacamole-client/questions.yaml b/charts/incubator/guacamole-client/questions.yaml new file mode 100644 index 00000000000..441743c11c2 --- /dev/null +++ b/charts/incubator/guacamole-client/questions.yaml @@ -0,0 +1,811 @@ +# Include{groups} +portals: + web_portal: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" + path: "/guacamole" +questions: + - variable: portal + group: "Container Image" + label: "Configure Portal Button" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enable" + description: "enable the portal button" + schema: + hidden: true + editable: false + type: boolean + default: true +# Include{global} + - variable: controller + group: "Controller" + label: "" + schema: + type: dict + attrs: + - variable: advanced + label: "Show Advanced Controller Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: "Please specify type of workload to deploy" + label: "(Advanced) Controller Type" + schema: + type: string + default: "deployment" + required: true + enum: + - value: "deployment" + description: "Deployment" + - value: "statefulset" + description: "Statefulset" + - value: "daemonset" + description: "Daemonset" + - variable: replicas + description: "Number of desired pod replicas" + label: "Desired Replicas" + schema: + type: int + default: 1 + required: true + - variable: strategy + description: "Please specify type of workload to deploy" + label: "(Advanced) Update Strategy" + schema: + type: string + default: "Recreate" + required: true + enum: + - value: "Recreate" + description: "Recreate: Kill existing pods before creating new ones" + - value: "RollingUpdate" + description: "RollingUpdate: Create new pods and then kill old ones" + - value: "OnDelete" + description: "(Legacy) OnDelete: ignore .spec.template changes" +# Include{controllerExpert} + + - variable: env + group: "Container Configuration" + label: "Image Environment" + schema: + type: dict + attrs: +# Include{fixedEnv} + - variable: GUACD_HOSTNAME + label: "Guacd Hostname" + description: "The hostname of the guacd instance to use to establish remote desktop connections" + schema: + type: string + default: "" + - variable: GUACD_PORT + label: "Guacd Port" + description: "The port that Guacamole should use when connecting to guacd." + schema: + type: int + default: 4822 + +# Include{containerConfig} + - variable: api + group: "App Configuration" + label: "API Configuration" + schema: + type: dict + attrs: + - variable: API_SESSION_TIMEOUT + label: "API Session Timeout (Leave blank for default)" + schema: + type: string + default: "" + - variable: totp + group: "App Configuration" + label: "TOTP Configuration" + schema: + type: dict + attrs: + - variable: TOTP_ENABLED + label: "Enable TOTP" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: TOTP_ISSUER + label: "TOTP Issuer (Leave blank for default)" + schema: + type: string + default: "" + - variable: TOTP_DIGITS + label: "TOTP Digits" + schema: + type: string + default: "" + enum: + - value: "" + description: "default" + - value: "6" + description: "6" + - value: "7" + description: "7" + - value: "8" + description: "8" + - variable: TOTP_PERIOD + label: "TOTP Period (Leave blank for default)" + schema: + type: string + default: "" + - variable: TOTP_MODE + label: "TOTP Mode" + schema: + type: string + default: "" + enum: + - value: "" + description: "default" + - value: "sha1" + description: "sha1" + - value: "sha256" + description: "sha256" + - value: "sha512" + description: "sha512" + - variable: header + group: "App Configuration" + label: "Header Configuration" + schema: + type: dict + attrs: + - variable: HEADER_ENABLED + label: "Enable Header" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: HTTP_AUTH_HEADER + label: "HTTP Auth Header (Leave blank for default)" + schema: + type: string + default: "" + - variable: json + group: "App Configuration" + label: "JSON Configuration" + schema: + type: dict + attrs: + - variable: json_enabled + label: "Enable JSON" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: JSON_SECRET_KEY + label: "JSON Secret Key" + schema: + type: string + required: true + default: "" + - variable: JSON_TRUSTED_NETWORKS + label: "JSON Trusted Networks (Leave blank for unrestricted" + description: "Comma separated list e.g.: 127.0.0.0/8, 10.0.0.0/8" + schema: + type: string + default: "" + - variable: duo + group: "App Configuration" + label: "DUO Configuration" + schema: + type: dict + attrs: + - variable: duo_enabled + label: "Enable DUO" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: DUO_API_HOSTNAME + label: "DUO API Hostname (api-XXXXXXXX.duosecurity.com)" + schema: + type: string + required: true + default: "" + - variable: DUO_INTEGRATION_KEY + label: "DUO Integration Key (Exactly 20 chars)" + schema: + min_length: 20 + max_length: 20 + type: string + required: true + default: "" + - variable: DUO_SECRET_KEY + label: "DUO Secret Key (Exactly 40 chars)" + schema: + min_length: 40 + max_length: 40 + type: string + required: true + default: "" + - variable: DUO_APPLICATION_KEY + label: "DUO Application Key (At least 40 chars)" + schema: + min_length: 40 + type: string + required: true + default: "" + - variable: cas + group: "App Configuration" + label: "CAS Configuration" + schema: + type: dict + attrs: + - variable: cas_enabled + label: "Enable CAS" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: CAS_AUTHORIZATION_ENDPOINT + label: "CAS Authorization Endpoint" + schema: + type: string + required: true + default: "" + - variable: CAS_REDIRECT_URI + label: "CAS Redirect URI" + schema: + type: string + required: true + default: "" + - variable: CAS_CLEARPASS_KEY + label: "CAS Clearpass Key" + schema: + type: string + default: "" + - variable: CAS_GROUP_ATTRIBUTE + label: "CAS Group Attribute" + schema: + type: string + default: "" + - variable: CAS_GROUP_FORMAT + label: "CAS Group Format" + schema: + type: string + default: "" + enum: + - value: "" + description: "default" + - value: "plain" + description: "plain" + - value: "ldap" + description: "ldap" + - variable: CAS_GROUP_LDAP_BASE_DN + label: "CAS Group LDAP Base DN" + schema: + type: string + default: "" + - variable: CAS_GROUP_LDAP_ATTRIBUTE + label: "CAS Group LDAP Attribute" + schema: + type: string + default: "" + - variable: openid + group: "App Configuration" + label: "OpenID Configuration" + schema: + type: dict + attrs: + - variable: openid_enabled + label: "Enable OpenID" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: OPENID_AUTHORIZATION_ENDPOINT + label: "OpenID Authorization Endpoint" + schema: + type: string + required: true + default: "" + - variable: OPENID_JWKS_ENDPOINT + label: "OpenID JWKS Endpoint" + schema: + type: string + required: true + default: "" + - variable: OPENID_ISSUER + label: "OpenID Issuer" + schema: + type: string + required: true + default: "" + - variable: OPENID_CLIENT_ID + label: "OpenID Client ID" + schema: + type: string + required: true + default: "" + - variable: OPENID_REDIRECT_URI + label: "OpenID Redirect URI" + schema: + type: string + required: true + default: "" + - variable: OPENID_USERNAME_CLAIM_TYPE + label: "OpenID Username Claim Type (Leave blank for default)" + schema: + type: string + default: "" + - variable: OPENID_GROUPS_CLAIM_TYPE + label: "OpenID Groups Claim Type (Leave blank for default)" + schema: + type: string + default: "" + - variable: OPENID_MAX_TOKEN_VALIDITY + label: "OpenID Max Token Validity (Leave blank for default)" + schema: + type: string + default: "" + - variable: radius + group: "App Configuration" + label: "Radius Configuration" + schema: + type: dict + attrs: + - variable: radius_enabled + label: "Enable Radius" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: RADIUS_SHARED_SECRET + label: "Radius Shared Secret" + schema: + type: string + required: true + default: "" + - variable: RADIUS_AUTH_PROTOCOL + label: "Radius Auth Protocol" + schema: + type: string + required: true + default: "eap-tls" + enum: + - value: "pap" + description: "pap" + - value: "chap" + description: "chap" + - value: "mschapv1" + description: "mschapv1" + - value: "mschapv2" + description: "mschapv2" + - value: "eap-md5" + description: "eap-md5" + - value: "eap-tls" + description: "eap-tls" + - value: "eap-ttls" + description: "eap-ttls" + - variable: RADIUS_HOSTNAME + label: "Radius Hostname (Leave blank for default)" + schema: + type: string + default: "" + - variable: RADIUS_AUTH_PORT + label: "Radius Auth Port (Leave blank for default)" + schema: + type: string + default: "" + - variable: RADIUS_KEY_FILE + label: "Radius Key File (Leave blank for default)" + schema: + type: string + default: "" + - variable: RADIUS_KEY_TYPE + label: "Radius Key Type" + schema: + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "pem" + description: "pem" + - value: "jceks" + description: "jceks" + - value: "jks" + description: "jks" + - value: "pkcs12" + description: "pkcs12" + - variable: RADIUS_KEY_PASSWORD + label: "Radius Key Password (Leave blank if no password)" + schema: + type: string + default: "" + - variable: RADIUS_CA_FILE + label: "Radius CA File (Leave blank for default)" + schema: + type: string + default: "" + - variable: RADIUS_CA_TYPE + label: "Radius CA Type" + schema: + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "pem" + description: "pem" + - value: "jceks" + description: "jceks" + - value: "jks" + description: "jks" + - value: "pkcs12" + description: "pkcs12" + - variable: RADIUS_CA_PASSWORD + label: "Radius CA Password (Leave blank if no password)" + schema: + type: string + default: "" + - variable: RADIUS_TRUST_ALL + label: "Radius Trust All" + schema: + type: boolean + default: false + - variable: RADIUS_RETRIES + label: "Radius Retries (Leave blank for default)" + schema: + type: string + default: "" + - variable: RADIUS_TIMEOUT + label: "Radius Timeout (Leave blank for default)" + schema: + type: string + default: "" + - variable: RADIUS_EAP_TTLS_INNER_PROTOCOL + label: "Radius eap-ttls Inner Protocol" + description: "Only has effect when RADIUS_AUTH_PROTOCOL is set to eap-ttls" + schema: + type: string + default: "eap-tls" + enum: + - value: "pap" + description: "pap" + - value: "chap" + description: "chap" + - value: "mschapv1" + description: "mschapv1" + - value: "mschapv2" + description: "mschapv2" + - value: "eap-md5" + description: "eap-md5" + - value: "eap-tls" + description: "eap-tls" + - variable: ldap + group: "App Configuration" + label: "LDAP Configuration" + schema: + type: dict + attrs: + - variable: ldap_enabled + label: "Enable LDAP" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: LDAP_HOSTNAME + label: "LDAP Hostname (Leave blank for default)" + schema: + type: string + required: true + default: "" + - variable: LDAP_USER_BASE_DN + label: "LDAP User Base DN" + schema: + type: string + required: true + default: "" + - variable: LDAP_PORT + label: "LDAP Port (Leave blank for default)" + schema: + type: string + default: "" + - variable: LDAP_ENCRYPTION_METHOD + label: "LDAP Encryption Method (Leave blank for default)" + schema: + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "none" + description: "none" + - value: "ssl" + description: "ssl" + - value: "starttls" + description: "starttls" + - variable: LDAP_MAX_SEARCH_RESULTS + label: "LDAP Max Search Results (Leave blank for default)" + schema: + type: string + default: "" + - variable: LDAP_SEARCH_BIND_DN + label: "LDAP Search Bind DN (Leave blank for default)" + schema: + type: string + default: "" + - variable: LDAP_USER_ATTRIBUTES + label: "LDAP User Attributes" + schema: + type: string + default: "" + - variable: LDAP_SEARCH_BIND_PASSWORD + label: "LDAP Search Bind Password (Leave blank if no password)" + schema: + type: string + default: "" + - variable: LDAP_USERNAME_ATTRIBUTE + label: "LDAP Username Attribute" + schema: + type: string + default: "" + - variable: LDAP_MEMBER_ATTRIBUTE + label: "LDAP Member Attribute" + schema: + type: string + default: "" + - variable: LDAP_USER_SEARCH_FILTER + label: "LDAP User Search Filter (Leave blank for default)" + schema: + type: string + default: "" + - variable: LDAP_CONFIG_BASE_DN + label: "LDAP Config Base DN" + schema: + type: string + default: "" + - variable: LDAP_GROUP_BASE_DN + label: "LDAP Group Base DN" + schema: + type: string + default: "" + - variable: LDAP_GROUP_SEARCH_FILTER + label: "LDAP Group Search Filter (Leave blank for default)" + schema: + type: string + default: "" + - variable: LDAP_MEMBER_ATTRIBUTE_TYPE + label: "LDAP Encryption Method" + schema: + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "dn" + description: "dn" + - value: "uid" + description: "uid" + - variable: LDAP_GROUP_NAME_ATTRIBUTE + label: "LDAP Group Name Attribute (Leave blank for default)" + schema: + type: string + default: "" + - variable: LDAP_DEREFERENCE_ALIASES + label: "LDAP Dereference Aliases" + schema: + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "never" + description: "never" + - value: "searching" + description: "searching" + - value: "finding" + description: "finding" + - value: "always" + description: "always" + - variable: LDAP_FOLLOW_REFERRALS + label: "LDAP Follow Referrals" + schema: + type: boolean + default: false + - variable: LDAP_MAX_REFERRAL_HOPS + label: "LDAP Max Referrals Hops (Leave blank for default)" + schema: + type: string + default: "" + - variable: LDAP_OPERATION_TIMEOUT + label: "LDAP Operation Timeout (Leave blank for default)" + schema: + type: string + default: "" + + - variable: service + group: "Networking and Services" + label: "Configure Service(s)" + schema: + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + type: dict + attrs: +# Include{serviceSelector} + - variable: main + label: "Main Service Port Configuration" + schema: + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10080 + required: true + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 8080 + + - variable: serviceexpert + group: "Networking and Services" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: "Networking and Services" + label: "Host-Networking (Complicated)" + schema: + type: boolean + default: false + +# Include{serviceExpert} + +# Include{serviceList} + +# Include{persistenceList} + + - variable: ingress + label: "" + group: "Ingress" + schema: + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + type: dict + attrs: +# Include{ingressDefault} + +# Include{ingressTLS} + +# Include{ingressTraefik} + +# Include{ingressExpert} + +# Include{ingressList} + + - variable: advancedSecurity + label: "Show Advanced Security Settings" + group: "Security and Permissions" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: "Security Context" + schema: + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: true +# Include{securityContextAdvanced} + - variable: podSecurityContext + group: "Security and Permissions" + label: "Pod Security Context" + schema: + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: The groupID this App of the user running the application" + schema: + type: int + default: 568 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 +# Include{podSecurityContextAdvanced} + +# Include{resources} + +# Include{advanced} + +# Include{addons} diff --git a/charts/incubator/guacamole-client/templates/_configmap.tpl b/charts/incubator/guacamole-client/templates/_configmap.tpl new file mode 100644 index 00000000000..99f95ae0160 --- /dev/null +++ b/charts/incubator/guacamole-client/templates/_configmap.tpl @@ -0,0 +1,189 @@ +{{/* Define the configmap */}} +{{- define "guacamole-client.configmap" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: guacamole-client-env +data: + {{/* API */}} + {{- if .Values.api.API_SESSION_TIMEOUT }} + API_SESSION_TIMEOUT: {{ .Values.api.API_SESSION_TIMEOUT | quote }} + {{- end }} + {{/* TOTP */}} + {{- if eq .Values.totp.TOTP_ENABLED true }} + TOTP_ENABLED: {{ .Values.totp.TOTP_ENABLED | quote }} + {{- if .Values.totp.TOTP_ISSUER }} + TOTP_ISSUER: {{ .Values.totp.TOTP_ISSUER | quote }} + {{- end }} + {{- if .Values.totp.TOTP_DIGITS }} + TOTP_DIGITS: {{ .Values.totp.TOTP_DIGITS | quote }} + {{- end }} + {{- if .Values.totp.TOTP_PERIOD }} + TOTP_PERIOD: {{ .Values.totp.TOTP_PERIOD | quote }} + {{- end }} + {{- if .Values.totp.TOTP_MODE }} + TOTP_MODE: {{ .Values.totp.TOTP_MODE | quote }} + {{- end }} + {{- end }} + {{/* HEADER */}} + {{- if eq .Values.header.HEADER_ENABLED true }} + HEADER_ENABLED: {{ .Values.header.HEADER_ENABLED | quote }} + {{- if .Values.header.HTTP_AUTH_HEADER }} + HTTP_AUTH_HEADER: {{ .Values.header.HTTP_AUTH_HEADER | quote }} + {{- end }} + {{- end }} + {{/* JSON */}} + {{- if .Values.json.JSON_SECRET_KEY }} + JSON_SECRET_KEY: {{ .Values.json.JSON_SECRET_KEY | quote }} + {{- if .Values.json.JSON_TRUSTED_NETWORKS }} + JSON_TRUSTED_NETWORKS: {{ .Values.json.JSON_TRUSTED_NETWORKS | quote }} + {{- end }} + {{- end }} + {{/* DUO */}} + {{- if and .Values.duo.DUO_API_HOSTNAME .Values.duo.DUO_INTEGRATION_KEY .Values.duo.DUO_SECRET_KEY .Values.duo.DUO_APPLICATION_KEY }} + DUO_API_HOSTNAME: {{ .Values.duo.DUO_API_HOSTNAME | quote }} + DUO_INTEGRATION_KEY: {{ .Values.duo.DUO_INTEGRATION_KEY | quote }} + DUO_SECRET_KEY: {{ .Values.duo.DUO_SECRET_KEY | quote }} + DUO_APPLICATION_KEY: {{ .Values.duo.DUO_APPLICATION_KEY | quote }} + {{- end }} + {{/* CAS */}} + {{- if and .Values.cas.CAS_AUTHORIZATION_ENDPOINT .Values.cas.CAS_REDIRECT_URI }} + CAS_AUTHORIZATION_ENDPOINT: {{ .Values.cas.CAS_AUTHORIZATION_ENDPOINT | quote }} + CAS_REDIRECT_URI: {{ .Values.cas.CAS_REDIRECT_URI | quote }} + {{- if .Values.cas.CAS_CLEARPASS_KEY }} + CAS_CLEARPASS_KEY: {{ .Values.cas.CAS_CLEARPASS_KEY | quote }} + {{- end }} + {{- if .Values.cas.CAS_GROUP_ATTRIBUTE }} + CAS_GROUP_ATTRIBUTE: {{ .Values.cas.CAS_GROUP_ATTRIBUTE | quote }} + {{- if .Values.cas.CAS_GROUP_FORMAT }} + CAS_GROUP_FORMAT: {{ .Values.cas.CAS_GROUP_FORMAT | quote }} + {{- if eq .Values.cas.CAS_GROUP_FORMAT "ldap" }} + {{- if .Values.cas.CAS_GROUP_LDAP_BASE_DN }} + CAS_GROUP_LDAP_BASE_DN: {{ .Values.cas.CAS_GROUP_LDAP_BASE_DN | quote }} + {{- if .Values.cas.CAS_GROUP_LDAP_ATTRIBUTE }} + CAS_GROUP_LDAP_ATTRIBUTE: {{ .Values.cas.CAS_GROUP_LDAP_ATTRIBUTE | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{/* OpenID */}} + {{- if and .Values.openid.OPENID_AUTHORIZATION_ENDPOINT .Values.openid.OPENID_JWKS_ENDPOINT .Values.openid.OPENID_ISSUER .Values.openid.OPENID_CLIENT_ID .Values.openid.OPENID_REDIRECT_URI }} + OPENID_AUTHORIZATION_ENDPOINT: {{ .Values.openid.OPENID_AUTHORIZATION_ENDPOINT | quote }} + OPENID_JWKS_ENDPOINT: {{ .Values.openid.OPENID_JWKS_ENDPOINT | quote }} + OPENID_ISSUER: {{ .Values.openid.OPENID_ISSUER | quote }} + OPENID_CLIENT_ID: {{ .Values.openid.OPENID_CLIENT_ID | quote }} + OPENID_REDIRECT_URI: {{ .Values.openid.OPENID_REDIRECT_URI | quote }} + {{- if .Values.openid.OPENID_USERNAME_CLAIM_TYPE }} + OPENID_USERNAME_CLAIM_TYPE: {{ .Values.openid.OPENID_USERNAME_CLAIM_TYPE | quote }} + {{- end }} + {{- if .Values.openid.OPENID_GROUPS_CLAIM_TYPE }} + OPENID_GROUPS_CLAIM_TYPE: {{ .Values.openid.OPENID_GROUPS_CLAIM_TYPE | quote }} + {{- end }} + {{- if .Values.openid.OPENID_MAX_TOKEN_VALIDITY }} + OPENID_MAX_TOKEN_VALIDITY: {{ .Values.openid.OPENID_MAX_TOKEN_VALIDITY | quote }} + {{- end }} + {{- end }} + {{/* RADIUS */}} + {{- if and .Values.radius.RADIUS_SHARED_SECRET .Values.radius.RADIUS_AUTH_PROTOCOL }} + RADIUS_SHARED_SECRET: {{ .Values.radius.RADIUS_SHARED_SECRET | quote }} + RADIUS_AUTH_PROTOCOL: {{ .Values.radius.RADIUS_AUTH_PROTOCOL | quote }} + {{- if .Values.radius.RADIUS_HOSTNAME }} + RADIUS_HOSTNAME: {{ .Values.radius.RADIUS_HOSTNAME | quote }} + {{- end }} + {{- if .Values.radius.RADIUS_AUTH_PORT }} + RADIUS_AUTH_PORT: {{ .Values.radius.RADIUS_AUTH_PORT | quote }} + {{- end }} + {{- if .Values.radius.RADIUS_KEY_FILE }} + RADIUS_KEY_FILE: {{ .Values.radius.RADIUS_KEY_FILE | quote }} + {{- end }} + {{- if .Values.radius.RADIUS_KEY_TYPE }} + RADIUS_KEY_TYPE: {{ .Values.radius.RADIUS_KEY_TYPE | quote }} + {{- end }} + {{- if .Values.radius.RADIUS_KEY_PASSWORD }} + RADIUS_KEY_PASSWORD: {{ .Values.radius.RADIUS_KEY_PASSWORD | quote }} + {{- end }} + {{- if .Values.radius.RADIUS_CA_FILE }} + RADIUS_CA_FILE: {{ .Values.radius.RADIUS_CA_FILE | quote }} + {{- end }} + {{- if .Values.radius.RADIUS_CA_TYPE }} + RADIUS_CA_TYPE: {{ .Values.radius.RADIUS_CA_TYPE | quote }} + {{- end }} + {{- if .Values.radius.RADIUS_CA_PASSWORD }} + RADIUS_CA_PASSWORD: {{ .Values.radius.RADIUS_CA_PASSWORD | quote }} + {{- end }} + {{- if .Values.radius.RADIUS_TRUST_ALL }} + RADIUS_TRUST_ALL: {{ .Values.radius.RADIUS_TRUST_ALL | quote }} + {{- end }} + {{- if .Values.radius.RADIUS_RETRIES }} + RADIUS_RETRIES: {{ .Values.radius.RADIUS_RETRIES | quote }} + {{- end }} + {{- if .Values.radius.RADIUS_TIMEOUT }} + RADIUS_TIMEOUT: {{ .Values.radius.RADIUS_TIMEOUT | quote }} + {{- end }} + {{- if .Values.radius.RADIUS_EAP_TTLS_INNER_PROTOCOL }} + RADIUS_EAP_TTLS_INNER_PROTOCOL: {{ .Values.radius.RADIUS_EAP_TTLS_INNER_PROTOCOL | quote }} + {{- end }} + {{- end }} + {{/* LDAP */}} + {{- if and .Values.ldap.LDAP_HOSTNAME .Values.ldap.LDAP_USER_BASE_DN }} + LDAP_HOSTNAME: {{ .Values.ldap.LDAP_HOSTNAME | quote }} + LDAP_USER_BASE_DN: {{ .Values.ldap.LDAP_USER_BASE_DN | quote }} + {{- if .Values.ldap.LDAP_PORT }} + LDAP_PORT: {{ .Values.ldap.LDAP_PORT | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_ENCRYPTION_METHOD }} + LDAP_ENCRYPTION_METHOD: {{ .Values.ldap.LDAP_ENCRYPTION_METHOD | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_MAX_SEARCH_RESULTS }} + LDAP_MAX_SEARCH_RESULTS: {{ .Values.ldap.LDAP_MAX_SEARCH_RESULTS | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_SEARCH_BIND_DN }} + LDAP_SEARCH_BIND_DN: {{ .Values.ldap.LDAP_SEARCH_BIND_DN | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_USER_ATTRIBUTES }} + LDAP_USER_ATTRIBUTES: {{ .Values.ldap.LDAP_USER_ATTRIBUTES | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_SEARCH_BIND_PASSWORD }} + LDAP_SEARCH_BIND_PASSWORD: {{ .Values.ldap.LDAP_SEARCH_BIND_PASSWORD | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_USERNAME_ATTRIBUTE }} + LDAP_USERNAME_ATTRIBUTE: {{ .Values.ldap.LDAP_USERNAME_ATTRIBUTE | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_MEMBER_ATTRIBUTE }} + LDAP_MEMBER_ATTRIBUTE: {{ .Values.ldap.LDAP_MEMBER_ATTRIBUTE | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_USER_SEARCH_FILTER }} + LDAP_USER_SEARCH_FILTER: {{ .Values.ldap.LDAP_USER_SEARCH_FILTER | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_CONFIG_BASE_DN }} + LDAP_CONFIG_BASE_DN: {{ .Values.ldap.LDAP_CONFIG_BASE_DN | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_GROUP_BASE_DN }} + LDAP_GROUP_BASE_DN: {{ .Values.ldap.LDAP_GROUP_BASE_DN | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_GROUP_SEARCH_FILTER }} + LDAP_GROUP_SEARCH_FILTER: {{ .Values.ldap.LDAP_GROUP_SEARCH_FILTER | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_MEMBER_ATTRIBUTE_TYPE }} + LDAP_MEMBER_ATTRIBUTE_TYPE: {{ .Values.ldap.LDAP_MEMBER_ATTRIBUTE_TYPE | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_GROUP_NAME_ATTRIBUTE }} + LDAP_GROUP_NAME_ATTRIBUTE: {{ .Values.ldap.LDAP_GROUP_NAME_ATTRIBUTE | quote }} + {{- end }} + {{- if .Values.ldap.LDAP_DEREFERENCE_ALIASES }} + LDAP_DEREFERENCE_ALIASES: {{ .Values.ldap.LDAP_DEREFERENCE_ALIASES | quote }} + {{- end }} + {{- if eq .Values.ldap.LDAP_FOLLOW_REFERRALS "true"}} + LDAP_FOLLOW_REFERRALS: {{ .Values.ldap.LDAP_FOLLOW_REFERRALS | quote }} + {{- if .Values.ldap.LDAP_MAX_REFERRAL_HOPS }} + LDAP_MAX_REFERRAL_HOPS: {{ .Values.ldap.LDAP_MAX_REFERRAL_HOPS | quote }} + {{- end }} + {{- end }} + {{- if .Values.ldap.LDAP_OPERATION_TIMEOUT }} + LDAP_OPERATION_TIMEOUT: {{ .Values.ldap.LDAP_OPERATION_TIMEOUT | quote }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/incubator/guacamole-client/templates/common.yaml b/charts/incubator/guacamole-client/templates/common.yaml new file mode 100644 index 00000000000..47ce0e2be48 --- /dev/null +++ b/charts/incubator/guacamole-client/templates/common.yaml @@ -0,0 +1,8 @@ +{{/* Make sure all variables are set properly */}} +{{ include "common.setup" . }} + +{{/* Render configmap for vaultwarden */}} +{{- include "guacamole-client.configmap" . }} + +{{/* Render the templates */}} +{{ include "common.postSetup" . }} diff --git a/charts/incubator/guacamole-client/values.yaml b/charts/incubator/guacamole-client/values.yaml new file mode 100644 index 00000000000..d236ea4ae11 --- /dev/null +++ b/charts/incubator/guacamole-client/values.yaml @@ -0,0 +1,269 @@ +image: + repository: tccr.io/truecharts/guacamole-client + pullPolicy: IfNotPresent + tag: v1.4.0@sha256:43f7b0575173f509b5215a89170dfea80ea07f0b2bfed405882a4bc7ec9dfa52 + +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + +securityContext: + readOnlyRootFilesystem: false + +service: + main: + ports: + main: + port: 10080 + targetPort: 8080 + +env: + POSTGRES_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}" + POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}" + POSTGRES_PORT: 5432 + GUACD_HOSTNAME: "localhost" + GUACD_PORT: 4822 + +totp: + TOTP_ENABLED: false + # TOTP_ISSUER: "Apache Guacamole" + # TOTP_DIGITS: "6" + # TOTP_PERIOD: "30" + # TOTP_MODE: "sha1" + +header: + HEADER_ENABLED: false + # HTTP_AUTH_HEADER: "REMOTE_USER" + +api: {} + # API_SESSION_TIMEOUT: "60" + +json: {} + # JSON_SECRET_KEY: "random32charkey" + # JSON_TRUSTED_NETWORKS: "127.0.0.0/8, 10.0.0.0/8" + +duo: {} + # DUO_API_HOSTNAME: "api-XXXXXXXX.duosecurity.com" + # DUO_INTEGRATION_KEY: "exactly20charkey" + # DUO_SECRET_KEY: "exactly40charkey" + # DUO_APPLICATION_KEY: "atleast40charkey" + +cas: {} + # CAS_AUTHORIZATION_ENDPOINT: "" + # CAS_REDIRECT_URI: "" + # CAS_CLEARPASS_KEY: "" + # CAS_GROUP_ATTRIBUTE: "" + # CAS_GROUP_FORMAT: "plain" + # CAS_GROUP_LDAP_BASE_DN: "" + # CAS_GROUP_LDAP_ATTRIBUTE: "" + +openid: {} + # OPENID_AUTHORIZATION_ENDPOINT: "" + # OPENID_JWKS_ENDPOINT: "" + # OPENID_ISSUER: "" + # OPENID_CLIENT_ID: "" + # OPENID_REDIRECT_URI: "" + # OPENID_USERNAME_CLAIM_TYPE: "email" + # OPENID_GROUPS_CLAIM_TYPE: "groups" + # OPENID_MAX_TOKEN_VALIDITY: "300" + +radius: {} + # RADIUS_HOSTNAME: "localhost" + # RADIUS_AUTH_PORT: "1812" + # RADIUS_SHARED_SECRET: "" + # RADIUS_AUTH_PROTOCOL: "eap-tls" + # RADIUS_KEY_FILE: "" + # RADIUS_KEY_TYPE: "pkcs12" + # RADIUS_KEY_PASSWORD: "" + # RADIUS_CA_FILE: "" + # RADIUS_CA_TYPE: "pem" + # RADIUS_CA_PASSWORD: "" + # RADIUS_TRUST_ALL: "false" + # RADIUS_RETRIES: "5" + # RADIUS_TIMEOUT: "60" + # RADIUS_EAP_TTLS_INNER_PROTOCOL: "eap-tls" + +ldap: {} + # LDAP_HOSTNAME: "localhost" + # LDAP_USER_BASE_DN: "" + # LDAP_PORT: "389" + # LDAP_ENCRYPTION_METHOD: "none" + # LDAP_MAX_SEARCH_RESULTS: "1000" + # LDAP_SEARCH_BIND_DN: "" + # LDAP_USER_ATTRIBUTES: "" + # LDAP_SEARCH_BIND_PASSWORD: "" + # LDAP_USERNAME_ATTRIBUTE: "" + # LDAP_MEMBER_ATTRIBUTE: "" + # LDAP_USER_SEARCH_FILTER: "(objectClass=*)" + # LDAP_CONFIG_BASE_DN: "" + # LDAP_GROUP_BASE_DN: "" + # LDAP_GROUP_SEARCH_FILTER: "(objectClass=*)" + # LDAP_MEMBER_ATTRIBUTE_TYPE: "dn" + # LDAP_GROUP_NAME_ATTRIBUTE: "cn" + # LDAP_DEREFERENCE_ALIASES: "never" + # LDAP_FOLLOW_REFERRALS: "false" + # LDAP_MAX_REFERRAL_HOPS: "5" + # LDAP_OPERATION_TIMEOUT: "30" + +postgresql: + enabled: true + existingSecret: "dbcreds" + postgresqlUsername: guacamole + postgresqlDatabase: guacamole + +envValueFrom: + POSTGRES_HOSTNAME: + secretKeyRef: + name: dbcreds + key: plainhost + POSTGRES_PASSWORD: + secretKeyRef: + name: dbcreds + key: postgresql-password + +probes: + liveness: + path: "/guacamole" + readiness: + path: "/guacamole" + startup: + path: "/guacamole" + +persistence: + initdbdata: + enabled: true + mountPath: "/initdbdata" +# Both temphack and temphackalso will be removed on the next image release + temphack: + enabled: true + mountPath: "/opt/guacamole/postgresql-hack" + temphackalso: + enabled: true + mountPath: "/opt/guacamole/postgresql" + +initContainers: + 1-creat-initdb-file: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + volumeMounts: + - name: initdbdata + mountPath: "/initdbdata" + command: ["/bin/sh", "-c"] + args: + - > + echo "Creating initdb.sql file..."; + /opt/guacamole/bin/initdb.sh --postgres > /initdbdata/initdb.sql; + if [ -e /initdbdata/initdb.sql ]; + then + echo "Init file created successfully!"; + exit 0; + else + echo "Init file failed to create."; + exit 1; + fi; + 2-initdb: + image: "{{ .Values.postgresqlImage.repository }}:{{ .Values.postgresqlImage.tag }}" + env: + - name: POSTGRES_DATABASE + value: "{{ .Values.postgresql.postgresqlDatabase }}" + - name: POSTGRES_USER + value: "{{ .Values.postgresql.postgresqlUsername }}" + - name: POSTGRES_PORT + value: "5432" + - name: POSTGRES_HOSTNAME + valueFrom: + secretKeyRef: + name: dbcreds + key: plainhost + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: dbcreds + key: postgresql-password + volumeMounts: + - name: initdbdata + mountPath: "/initdbdata" + command: ["/bin/sh", "-c"] + args: + - > + echo "Waiting for DB to be ready..."; + DBREADY=0; + for i in {1..10}; + do pg_isready -t 5 -h $POSTGRES_HOSTNAME -d $POSTGRES_DATABASE -U $POSTGRES_USER -p $POSTGRES_PORT; + if [ $? -eq 0 ]; + then echo "DB is ready!"; + DBREADY=1; + break; + else echo "DB not ready yet."; + fi; + echo "Waiting..."; + sleep 5; + done; + if [ $DBREADY -eq 1 ]; + then echo "Initializing DB's schema..."; + psql -h $POSTGRES_HOSTNAME -d $POSTGRES_DATABASE -U $POSTGRES_USER -p $POSTGRES_PORT -a -w -f /initdbdata/initdb.sql; + if [ $? -eq 0 ]; + then echo "DB's schema initialized successfully!"; + exit 0; + else echo "DB's schema failed to initialize."; + exit 1; + fi; + else echo "DB failed to start."; + fi; + + # Until they release an image with the updated driver, we need to manually replace it. + # https://issues.apache.org/jira/browse/GUACAMOLE-1433 + # https://github.com/apache/guacamole-client/pull/655 + # Both 3-temp-hach and 4-temp-hack will be removed on the next image release + 3-temp-hack: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + volumeMounts: + - name: temphack + mountPath: "/opt/guacamole/postgresql-hack" + command: ["/bin/sh", "-c"] + args: + - > + echo "Checing postgresql driver version..."; + if [ -e /opt/guacamole/postgresql/postgresql-42.2.24.jre7.jar ]; + then echo "Version found is correct."; + exit 0; + else echo "Old version found. Will try to download a known-to-work version."; + echo "Downloading (postgresql-42.2.24.jre7.jar)..."; + curl -L "https://jdbc.postgresql.org/download/postgresql-42.2.24.jre7.jar" > "/opt/guacamole/postgresql-hack/postgresql-42.2.24.jre7.jar"; + if [ -e /opt/guacamole/postgresql-hack/postgresql-42.2.24.jre7.jar ]; + then echo "Downloaded successfully!"; + cp -r /opt/guacamole/postgresql/* /opt/guacamole/postgresql-hack/; + if [ -e /opt/guacamole/postgresql-hack/postgresql-9.4-1201.jdbc41.jar ]; + then echo "Removing old version... (postgresql-9.4-1201.jdbc41.jar)"; + rm "/opt/guacamole/postgresql-hack/postgresql-9.4-1201.jdbc41.jar"; + if [ $? -eq 0 ]; + then echo "Removed successfully!"; + else "Failed to remove."; + exit 1; + fi; + fi; + else echo "Failed to download."; + exit 1; + fi; + fi; + 4-temp-hack: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + volumeMounts: + - name: temphack + mountPath: "/opt/guacamole/postgresql-hack" + - name: temphackalso + mountPath: "/opt/guacamole/postgresql" + command: ["/bin/sh", "-c"] + args: + - > + echo "Copying postgres driver into the final destination."; + cp -r /opt/guacamole/postgresql-hack/* /opt/guacamole/postgresql/; + if [ -e /opt/guacamole/postgresql/postgresql-42.2.24.jre7.jar ]; + then echo "Driver copied successfully!"; + else echo "Failed to copy the driver"; + fi; diff --git a/docs/_static/img/appicons/guacamole-client-icon.png b/docs/_static/img/appicons/guacamole-client-icon.png new file mode 100644 index 00000000000..da34f01e5c7 Binary files /dev/null and b/docs/_static/img/appicons/guacamole-client-icon.png differ diff --git a/docs/manual/default-ports.md b/docs/manual/default-ports.md index 7c71bc60931..f613917935a 100644 --- a/docs/manual/default-ports.md +++ b/docs/manual/default-ports.md @@ -48,7 +48,8 @@ These defaults can of course be changed, but as we guarantee "sane, working defa | node-red | main | main | 1880 | TCP | | | mosquitto | main | main | 1883 | TCP | | | minisatip | discovery | discovery | 1900 | UDP | | -| owncast | rtmp | rtmp | 1935 | TCP | | +| owncast | rtmp | rtmp | 1935 | TCP | Potential conflict with frigate | +| frigate | rtmp | rtmp | 1935 | TCP | Potential conflict with owncast | | ubooquity | main | main | 2202 | TCP | | | gitea | ssh | ssh | 2222 | TCP | | | photoprism | main | main | 2342 | TCP | | @@ -70,6 +71,7 @@ These defaults can of course be changed, but as we guarantee "sane, working defa | navidrome | main | main | 4533 | TCP | | | requestrr | main | main | 4545 | TCP | | | guacd | main | main | 4822 | TCP | | +| frigate | main | main | 5000 | TCP | | | ipfs | api | api | 5001 | TCP | | | appdaemon | main | main | 5050 | TCP | | | overseer | main | main | 5055 | TCP | | @@ -224,6 +226,7 @@ These defaults can of course be changed, but as we guarantee "sane, working defa | static | main | main | 10077 | TCP | | | twtxt | main | main | 10078 | TCP | | | emby | main | main | 10079 | TCP | | +| guacamole-client | main | main | 10080 | TCP | | | davos | main | main | 10081 | TCP | | | fireflyiii | main | main | 10082 | TCP | | | fossil | main | main | 10083 | TCP | |