140 lines
3.5 KiB
YAML
140 lines
3.5 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: configmap
|
|
namespace: guacamole
|
|
data:
|
|
guacamole.properties: |
|
|
postgresql-hostname: localhost
|
|
postgresql-port: 5432
|
|
postgresql-database: guacamole_db
|
|
postgresql-username: guacamole
|
|
postgresql-password: null
|
|
|
|
ldap-hostname: ldap.undercloud.cf.
|
|
ldap-port: 389
|
|
ldap-encryption-method: none
|
|
ldap-search-bind-dn: cn=guacamole,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf
|
|
ldap-search-bind-password: secureGuacamolePW
|
|
ldap-user-base-dn: ou=users,dc=undercloud,dc=cf
|
|
ldap-username-attribute: uid
|
|
ldap-member-attribute: uniquemember
|
|
ldap-group-base-dn: ou=groups,dc=undercloud,dc=cf
|
|
---
|
|
apiVersion: storage.k8s.io/v1
|
|
kind: StorageClass
|
|
metadata:
|
|
name: guacamole
|
|
# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
|
|
provisioner: rook-ceph.cephfs.csi.ceph.com
|
|
parameters:
|
|
# clusterID is the namespace where the rook cluster is running
|
|
# If you change this namespace, also change the namespace below where the secret namespaces are defined
|
|
clusterID: rook-ceph
|
|
|
|
# CephFS filesystem name into which the volume shall be created
|
|
fsName: guacamole
|
|
|
|
# Ceph pool into which the volume shall be created
|
|
# Required for provisionVolume: "true"
|
|
pool: guacamole-replicated
|
|
|
|
# The secrets contain Ceph admin credentials. These are generated automatically by the operator
|
|
# in the same namespace as the cluster.
|
|
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
|
|
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
|
|
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
|
|
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
|
|
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
|
|
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
|
|
|
|
reclaimPolicy: Delete
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: config
|
|
namespace: guacamole
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 1G
|
|
storageClassName: guacamole
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: guacamole
|
|
namespace: guacamole
|
|
labels:
|
|
app: guacamole
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: guacamole
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: guacamole
|
|
spec:
|
|
dnsConfig:
|
|
options:
|
|
- name: ndots
|
|
value: "1"
|
|
#securityContext:
|
|
# runAsUser: 1000
|
|
# runAsGroup: 1000
|
|
# fsGroup: 1000
|
|
containers:
|
|
- name: guacamole
|
|
image: flcontainers/guacamole
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- containerPort: 8080
|
|
env:
|
|
- name: EXTENSIONS
|
|
value: "auth-ldap"
|
|
volumeMounts:
|
|
- mountPath: /config
|
|
name: config
|
|
- mountPath: /config/guacamole/guacamole.properties
|
|
name: configmap
|
|
subPath: guacamole.properties
|
|
volumes:
|
|
- name: config
|
|
persistentVolumeClaim:
|
|
claimName: config
|
|
readOnly: false
|
|
- name: configmap
|
|
configMap:
|
|
name: configmap
|
|
defaultMode: 0777
|
|
items:
|
|
- key: "guacamole.properties"
|
|
path: "guacamole.properties"
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: guacamole
|
|
namespace: guacamole
|
|
spec:
|
|
ipFamilies:
|
|
- IPv6
|
|
- IPv4
|
|
ipFamilyPolicy: PreferDualStack
|
|
#ipFamilyPolicy: SingleStack
|
|
type: ClusterIP
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: 8080
|
|
selector:
|
|
app: guacamole
|
|
sessionAffinity: None
|
|
|