fix(kasm): rework (#4208)

This commit is contained in:
Stavros Kois
2022-10-28 02:06:40 +03:00
committed by GitHub
parent 974cc443f1
commit 4ed7ef3110
6 changed files with 264 additions and 159 deletions

View File

@@ -9,7 +9,7 @@ dependencies:
repository: https://library-charts.truecharts.org
version: 10.7.7
deprecated: false
description: "Kasm(https://www.kasmweb.com/) Workspaces is a Chart container streaming platform for delivering browser-based access to desktops, applications, and web services. Kasm uses devops-enabled Containerized Desktop Infrastructure (CDI) to create on-demand, disposable, Chart Charts that are accessible via web browser. Example use-cases include Remote Browser Isolation (RBI), Data Loss Prevention (DLP), Desktop as a Service (DaaS), Secure Remote Access Services (RAS), and Open Source Intelligence (OSINT) collections.\n"
description: Kasm Workspaces is a streaming platform for delivering browser-based access to desktops, applications, and web services.
home: https://truecharts.org/docs/charts/incubator/kasm
icon: https://truecharts.org/img/hotlink-ok/chart-icons/kasm.png
keywords:
@@ -27,4 +27,4 @@ sources:
- https://github.com/orgs/linuxserver/packages/container/package/kasm
- https://github.com/linuxserver/docker-kasm#readme
type: application
version: 0.0.42
version: 1.0.0

View File

@@ -2,6 +2,13 @@
portals:
open:
# Include{portalLink}
admin:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$variable-service.admin.ports.admin.port"
questions:
# Include{global}
# Include{controller}
@@ -12,42 +19,31 @@ questions:
# Include{recreate}
# Include{controllerExpert}
# Include{controllerExpertExtraArgs}
- variable: env
group: "Container Configuration"
label: "Image Environment"
- variable: secretEnv
group: Container Configuration
label: Image Secrets
schema:
additional_attrs: true
type: dict
attrs:
- variable: KASM_PORT
label: "KASM_PORT"
description: "Specify the port you bind to the outside for Kasm Workspaces."
schema:
type: string
default: ""
- variable: DOCKER_HUB_USERNAME
label: "DOCKER_HUB_USERNAME"
description: "Optionally specify a DockerHub Username to pull private images."
label: Docker Hub Username
description: Optionally specify a DockerHub Username to pull private images.
schema:
type: string
default: ""
- variable: DOCKER_HUB_PASSWORD
label: "DOCKER_HUB_PASSWORD"
description: "Optionally specify a DockerHub password to pull private images."
schema:
type: string
default: ""
- variable: UMASK
label: "UMASK"
description: "Container Variable UMASK"
label: Docker Hub Password
description: Optionally specify a DockerHub password to pull private images.
schema:
type: string
private: true
default: ""
# Include{containerConfig}
# Include{serviceRoot}
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
label: Main Service
description: The Primary service on which the healthcheck runs, often the webUI
schema:
additional_attrs: true
type: dict
@@ -55,71 +51,62 @@ questions:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: main
label: "Main Service Port Configuration"
label: Main Service Port Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
label: Port
description: This port exposes the container port on the service
schema:
type: int
default: 3000
default: 10350
required: true
# Include{advancedPortHTTP}
# Include{advancedPortHTTPS}
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
label: Target Port
description: The internal(!) port on the container the Application runs on
schema:
type: int
default: 3000
- variable: port6333
label: 'port6333 service'
description: "Kasm Workspaces interface. (https)"
default: 10350
- variable: admin
label: Admin Service
description: The Admin service
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: port6333
label: "port6333 Service Port Configuration"
- variable: admin
label: Admin Service Port Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
label: Port
description: This port exposes the container port on the service
schema:
type: int
default: 6333
default: 10351
required: true
# Include{advancedPortTCP}
# Include{advancedPortHTTPS}
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
label: Target Port
description: The internal(!) port on the container the Application runs on
schema:
type: int
default: 6333
default: 3000
# Include{serviceExpertRoot}
default: false
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceRoot}
- variable: pathopt
label: "pathopt Storage"
description: "Docker and installation storage. (requires mntcacheappdatapath or direct disk mount)"
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
- variable: pathprofiles
label: "pathprofiles Storage"
description: "Optionally specify a path for persistent profile storage."
- variable: data
label: Data Storage
description: /opt Storage
schema:
additional_attrs: true
type: dict
@@ -129,7 +116,7 @@ questions:
# Include{persistenceList}
# Include{ingressRoot}
- variable: main
label: "Main Ingress"
label: Main Ingress
schema:
additional_attrs: true
type: dict
@@ -142,45 +129,45 @@ questions:
# Include{security}
# Include{securityContextAdvancedRoot}
- variable: privileged
label: "Privileged mode"
label: Privileged mode
schema:
type: boolean
default: false
default: true
- variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem"
label: ReadOnly Root Filesystem
schema:
type: boolean
default: false
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
label: Allow Privilege Escalation
schema:
type: boolean
default: false
default: true
- variable: runAsNonRoot
label: "runAsNonRoot"
label: runAsNonRoot
schema:
type: boolean
default: false
# Include{securityContextAdvanced}
# Include{podSecurityContextRoot}
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
label: runAsUser
description: The UserID of the user running the application
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: The groupID this App of the user running the application"
label: runAsGroup
description: The groupID this App of the user running the application
schema:
type: int
default: 0
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
label: fsGroup
description: The group that should own ALL storage.
schema:
type: int
default: 568
default: 0
# Include{podSecurityContextAdvanced}
# Include{resources}
# Include{advanced}

View File

@@ -1,40 +1,61 @@
env:
DOCKER_HUB_PASSWORD: ""
DOCKER_HUB_USERNAME: ""
KASM_PORT: ""
UMASK: ""
image:
pullPolicy: IfNotPresent
repository: tccr.io/truecharts/kasm
tag: latest@sha256:73ea3cf977959343c4d6812e234ebc99453c6934f512f7bda51a38ffe965c562
persistence:
pathopt:
enabled: true
mountPath: /opt
pathprofiles:
enabled: true
mountPath: /profiles
tag: 1.1.0@sha256:fe25f667de3f1e4c1d5774c9108216dc433ea621516df8e9138eeb517858aeca
podSecurityContext:
runAsGroup: 0
runAsUser: 0
fsGroup: 0
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
allowPrivilegeEscalation: true
privileged: true
secretEnv:
DOCKER_HUB_PASSWORD: ""
DOCKER_HUB_USERNAME: ""
env:
KASM_PORT: "{{ .Values.service.main.ports.main.port }}"
probes:
liveness:
type: HTTPS
path: /
port: "{{ .Values.service.admin.ports.admin.targetPort }}"
readiness:
type: HTTPS
path: /
port: "{{ .Values.service.admin.ports.admin.targetPort }}"
startup:
type: HTTPS
path: /
port: "{{ .Values.service.admin.ports.admin.targetPort }}"
service:
main:
ports:
main:
port: 3000
protocol: HTTP
targetPort: 3000
port6333:
port: 10350
protocol: HTTPS
admin:
enabled: true
ports:
port6333:
admin:
enabled: true
port: 6333
protocol: TCP
targetPort: 6333
port: 10351
protocol: HTTPS
targetPort: 3000
persistence:
data:
enabled: true
mountPath: /opt
varrun:
enabled: true
portal:
enabled: true

View File

@@ -2,7 +2,7 @@ apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: meshcentral
appVersion: "1.0.90"
version: 5.0.12
version: 5.0.13
description: MeshCentral is a full computer management web site
type: application
deprecated: false

View File

@@ -37,18 +37,21 @@ questions:
description: Set this to the primary DNS name of this MeshCentral server.
schema:
type: string
required: true
default: ""
- variable: tlsOffload
label: tlsOffload
description: When true, indicates that a TLS offloader is in front of the MeshCentral server. More typically, set this to the IP address of the reverse proxy or TLS offloader so that IP forwarding headers will be trusted. For example traefik.ix-traefik.svc.cluster.local
schema:
type: string
required: true
default: ""
- variable: trustedProxy
label: trustedProxy
description: Trust forwarded headers from these IPs or domains. Providing the magic string "CloudFlare" will cause the server to download the IP address list of trusted CloudFlare proxies directly from CloudFlare on each server start. For example traefik.ix-traefik.svc.cluster.local
schema:
type: string
required: true
default: ""
- variable: WANonly
label: WANonly
@@ -121,30 +124,35 @@ questions:
description: When specified, sends data to the browser at x seconds interval and expects a response from the browser.
schema:
type: int
required: true
default: -99
- variable: browserPong
label: browserPong
description: When specified, sends data to the browser at x seconds interval.
schema:
type: int
required: true
default: -99
- variable: agentPing
label: agentPing
description: When specified, sends data to the agent at x seconds interval and expects a response from the agent.
schema:
type: int
required: true
default: -99
- variable: agentPong
label: agentPong
description: When specified, sends data to the agent at x seconds interval.
schema:
type: int
required: true
default: -99
- variable: agentIdleTimeout
label: agentIdleTimeout
description: How much time in seconds with no traffic from an agent before dropping the agent connection.
schema:
type: int
required: true
default: -99
- variable: maxInvalidLogin
label: Section <maxInvalidLogin>
@@ -157,18 +165,21 @@ questions:
description: Time in minutes over which the a maximum number of invalid login attempts is allowed from an IP address.
schema:
type: int
required: true
default: 10
- variable: count
label: count
description: Maximum number of invalid login attempts from an IP address in the time period.
schema:
type: int
required: true
default: 10
- variable: coolofftime
label: coolofftime
description: Additional time in minute that login attempts will be denied once the invalid login limit is reached.
schema:
type: int
required: true
default: 30
- variable: exclude
label: exclude
@@ -187,18 +198,21 @@ questions:
description: Time in minutes over which the a maximum number of invalid 2FA attempts is allowed from an IP address.
schema:
type: int
required: true
default: 10
- variable: count
label: count
description: Maximum number of invalid 2FA attempts from an IP address in the time period.
schema:
type: int
required: true
default: 10
- variable: coolofftime
label: coolofftime
description: Additional time in minute that 2FA attempts will be denied once the invalid login limit is reached.
schema:
type: int
required: true
default: 30
- variable: exclude
label: exclude
@@ -231,8 +245,9 @@ questions:
type: string
private: true
default: ""
- variable: setupWebDav
- variable: _setupWebDav
label: Backup to Web DAV
description: Enabled automated upload of the server backups to a WebDAV account.
schema:
type: boolean
default: false
@@ -299,6 +314,73 @@ questions:
schema:
type: boolean
default: false
- variable: _setupMessaging
label: Setup Messaging
description: This section allow MeshCentral to send messages over user messaging networks like Discord
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: messaging
label: Section <messaging>
schema:
additional_attrs: true
type: dict
attrs:
- variable: _setupTelegram
label: Setup Telegram
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: telegram
label: telegram
description: Configure Telegram messaging system
schema:
additional_attrs: true
type: dict
attrs:
- variable: apiid
label: apiid
schema:
type: string
default: ""
- variable: apihash
label: apihash
schema:
type: string
default: ""
- variable: session
label: session
schema:
type: string
default: ""
- variable: _setupDiscord
label: Setup Discord
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: discord
label: discord
description: Configure Discord messaging system
schema:
additional_attrs: true
type: dict
attrs:
- variable: serverurl
label: serverurl
schema:
type: string
default: ""
- variable: token
label: token
schema:
type: string
default: ""
- variable: domains
label: Section <domains>
schema:
@@ -316,7 +398,7 @@ questions:
description: HTTPS URL when to get the TLS certificate that MeshAgent's will see when connecting to this server. This setting is used when a reverse proxy like Traefik is used in front of MeshCentral.
schema:
type: string
# required: true
required: true
default: ""
- variable: title
label: title
@@ -324,14 +406,14 @@ questions:
schema:
type: string
required: true
default: TrueCharts MeshCentral
default: MeshCentral
- variable: title2
label: title2
description: Secondary title text that is placed on the upper right on the title on many web pages.
schema:
type: string
required: true
default: TrueCharts MeshCentral
default: TrueCharts
- variable: welcomeText
label: welcomeText
description: Text that will be shown on the login screen.
@@ -417,66 +499,74 @@ questions:
schema:
type: boolean
default: true
- variable: agentCustomization
label: Section <agentCustomization>
- variable: _setupAgentCustomization
label: Setup Agent Customization
description: Use this section to customize the agent branding.
schema:
additional_attrs: true
type: dict
attrs:
- variable: displayName
label: displayName
description: The name of the agent as displayed to the user.
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: agentCustomization
label: Section <agentCustomization>
schema:
type: string
default: MeshCentral Agent
- variable: description
label: description
description: The description of the agent as displayed to the user.
schema:
type: string
default: Mesh Agent Background Service
- variable: companyName
label: companyName
description: This will be used as the path to install the agent, by default this is 'Mesh Agent' in Windows and 'meshagent' in other OS's.
schema:
type: string
default: Mesh Agent
- variable: serviceName
label: serviceName
description: The name of the background service, by default this is 'Mesh Agent' in Windows and 'meshagent' in other OS's but should be set to an all lower case, no space string.
schema:
type: string
default: Mesh Agent
- variable: installText
label: installText
description: Text string to show in the agent installation dialog box.
schema:
type: string
default: ""
- variable: image
label: image
description: The filename of a image file in .png format located in meshcentral-data to display in the MeshCentral Agent installation dialog, image should be square and from 64x64 to 200x200.
schema:
type: string
default: ""
- variable: fileName
label: fileName
description: The agent filename.
schema:
type: string
default: meshagent
- variable: foregroundColor
label: foregroundColor
description: 'Foreground text color, valid values are RBG in format 0,0,0 to 255,255,255 or format "#000000" to "#FFFFFF".'
schema:
type: string
default: ""
- variable: backgroundColor
label: backgroundColor
description: 'Background color, valid values are RBG in format 0,0,0 to 255,255,255 or format "#000000" to "#FFFFFF".'
schema:
type: string
default: ""
additional_attrs: true
type: dict
attrs:
- variable: displayName
label: displayName
description: The name of the agent as displayed to the user.
schema:
type: string
default: MeshCentral Agent
- variable: description
label: description
description: The description of the agent as displayed to the user.
schema:
type: string
default: Mesh Agent Background Service
- variable: companyName
label: companyName
description: This will be used as the path to install the agent, by default this is 'Mesh Agent' in Windows and 'meshagent' in other OS's.
schema:
type: string
default: Mesh Agent
- variable: serviceName
label: serviceName
description: The name of the background service, by default this is 'Mesh Agent' in Windows and 'meshagent' in other OS's but should be set to an all lower case, no space string.
schema:
type: string
default: Mesh Agent
- variable: installText
label: installText
description: Text string to show in the agent installation dialog box.
schema:
type: string
default: ""
- variable: image
label: image
description: The filename of a image file in .png format located in meshcentral-data to display in the MeshCentral Agent installation dialog, image should be square and from 64x64 to 200x200.
schema:
type: string
default: ""
- variable: fileName
label: fileName
description: The agent filename.
schema:
type: string
default: meshagent
- variable: foregroundColor
label: foregroundColor
description: 'Foreground text color, valid values are RBG in format 0,0,0 to 255,255,255 or format "#000000" to "#FFFFFF".'
schema:
type: string
default: ""
- variable: backgroundColor
label: backgroundColor
description: 'Background color, valid values are RBG in format 0,0,0 to 255,255,255 or format "#000000" to "#FFFFFF".'
schema:
type: string
default: ""
# Include{containerConfig}
# Include{serviceRoot}
- variable: main

View File

@@ -280,10 +280,17 @@ meshcentral:
# - This section allow MeshCentral to send messages over user messaging networks like Telegram
_messaging:
# - Configure Telegram messaging system
telegram:
apiid: null
apihash: null
session: null
_telegram:
apiid: ""
apihash: ""
session: ""
# - Configure Discord messaging system
_discord:
# - An optional HTTP link to the discord server the user must join to get notifications.
serverurl: ""
# - A Discord bot token that MeshCentral will use to login to Discord.
token: ""
# - Any settings in this section is used as default setting for all domains
_domaindefaults:
title: Default Title
@@ -292,9 +299,9 @@ meshcentral:
# - HTTPS URL when to get the TLS certificate that MeshAgent's will see when connecting to this server. This setting is used when a reverse proxy like Traefik is used in front of MeshCentral.
certUrl: https://mc.domain.com
# - The title of this web site. All web pages will have this title.
title: TrueCharts MeshCentral
title: MeshCentral
# - Secondary title text that is placed on the upper right on the title on many web pages.
title2: TrueCharts MeshCentral
title2: TrueCharts
# - When enabled, the server will send reduced sized web pages.
minify: true
# - 0 = User selects day/night mode, 1 = Always night mode, 2 = Always day mode