diff --git a/community/rust-desk/1.0.0/Chart.lock b/community/rust-desk/1.0.0/Chart.lock new file mode 100644 index 0000000000..092aa80b83 --- /dev/null +++ b/community/rust-desk/1.0.0/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common + version: 1.1.1 +digest: sha256:a7dbe3e4d42dbcd4325776e5e01a1d630c7f185f79e7ebf22b1b9cc80f56eed7 +generated: "2023-09-05T17:35:07.358112662+03:00" diff --git a/community/rust-desk/1.0.0/Chart.yaml b/community/rust-desk/1.0.0/Chart.yaml new file mode 100644 index 0000000000..e431087bde --- /dev/null +++ b/community/rust-desk/1.0.0/Chart.yaml @@ -0,0 +1,26 @@ +name: rust-desk +description: Rust Desk is an open-source remote desktop, and alternative to TeamViewer. +annotations: + title: Rust Desk +type: application +version: 1.0.0 +apiVersion: v2 +appVersion: '1.1.8-2' +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ + email: dev@ixsystems.com +dependencies: + - name: common + repository: file://../../../common + version: 1.1.1 +home: https://rustdesk.com +icon: https://avatars.githubusercontent.com/u/71636191 +sources: + - https://hub.docker.com/r/rustdesk/rustdesk-server + - https://github.com/truenas/charts/tree/master/community/rust-desk + - https://github.com/rustdesk/rustdesk-server +keywords: + - remote + - desktop diff --git a/community/rust-desk/1.0.0/README.md b/community/rust-desk/1.0.0/README.md new file mode 100644 index 0000000000..7680db0a53 --- /dev/null +++ b/community/rust-desk/1.0.0/README.md @@ -0,0 +1,8 @@ +# Rust Desk + +[Rust Desk](https://rustdesk.com) is an open-source remote desktop, and alternative to TeamViewer. + +> When application is installed, a container will be launched with **root** privileges. +> This is required in order to apply the correct permissions to the `Rust Desk` directories. +> Afterward, the `Rust Desk` container will run as a **non**-root user (Default: `568`). +> All mounted storage(s) will be `chown`ed only if the parent directory does not match the configured user. diff --git a/community/rust-desk/1.0.0/app-readme.md b/community/rust-desk/1.0.0/app-readme.md new file mode 100644 index 0000000000..7680db0a53 --- /dev/null +++ b/community/rust-desk/1.0.0/app-readme.md @@ -0,0 +1,8 @@ +# Rust Desk + +[Rust Desk](https://rustdesk.com) is an open-source remote desktop, and alternative to TeamViewer. + +> When application is installed, a container will be launched with **root** privileges. +> This is required in order to apply the correct permissions to the `Rust Desk` directories. +> Afterward, the `Rust Desk` container will run as a **non**-root user (Default: `568`). +> All mounted storage(s) will be `chown`ed only if the parent directory does not match the configured user. diff --git a/community/rust-desk/1.0.0/charts/common-1.1.1.tgz b/community/rust-desk/1.0.0/charts/common-1.1.1.tgz new file mode 100644 index 0000000000..39c0df9de4 Binary files /dev/null and b/community/rust-desk/1.0.0/charts/common-1.1.1.tgz differ diff --git a/community/rust-desk/1.0.0/ci/basic-values.yaml b/community/rust-desk/1.0.0/ci/basic-values.yaml new file mode 100644 index 0000000000..d6e1822e58 --- /dev/null +++ b/community/rust-desk/1.0.0/ci/basic-values.yaml @@ -0,0 +1,15 @@ +rustStorage: + data: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/data + +rustNetwork: + natTypeTestPort: 31115 + idRegHolePunchPort: 31116 + relayPort: 31117 + serverWebClientsPort: 31118 + relayWebClientsPort: 31119 + +rustRunAs: + user: 1000 + group: 1000 diff --git a/community/rust-desk/1.0.0/ci/only-encrypted-values.yaml b/community/rust-desk/1.0.0/ci/only-encrypted-values.yaml new file mode 100644 index 0000000000..26f85a6098 --- /dev/null +++ b/community/rust-desk/1.0.0/ci/only-encrypted-values.yaml @@ -0,0 +1,18 @@ +rustStorage: + data: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/data + +rustConfig: + allowOnlyEncryptedConnections: true + +rustNetwork: + natTypeTestPort: 31115 + idRegHolePunchPort: 31116 + relayPort: 31117 + serverWebClientsPort: 31118 + relayWebClientsPort: 31119 + +rustRunAs: + user: 1000 + group: 1000 diff --git a/community/rust-desk/1.0.0/ix_values.yaml b/community/rust-desk/1.0.0/ix_values.yaml new file mode 100644 index 0000000000..1858d82bc4 --- /dev/null +++ b/community/rust-desk/1.0.0/ix_values.yaml @@ -0,0 +1,33 @@ +image: + repository: rustdesk/rustdesk-server + pullPolicy: IfNotPresent + tag: '1.1.8-2' + +resources: + limits: + cpu: 4000m + memory: 8Gi + +rustConfig: + allowOnlyEncryptedConnections: false + additionalRelayServers: [] + additionalEnvs: [] + +rustNetwork: + natTypeTestPort: 21115 + idRegHolePunchPort: 21116 + relayPort: 21117 + enableWebClientPorts: true + serverWebClientsPort: 21118 + relayWebClientsPort: 21119 + hostNetwork: false + +rustRunAs: + user: 568 + group: 568 + +rustStorage: + data: + type: ixVolume + datasetName: data + additionalStorages: [] diff --git a/community/rust-desk/1.0.0/metadata.yaml b/community/rust-desk/1.0.0/metadata.yaml new file mode 100644 index 0000000000..3d4b0bbcf8 --- /dev/null +++ b/community/rust-desk/1.0.0/metadata.yaml @@ -0,0 +1,8 @@ +runAsContext: + - userName: rust-desk + groupName: rust-desk + gid: 568 + uid: 568 + description: Rust Desk can run as any non-root user. +capabilities: [] +hostMounts: [] diff --git a/community/rust-desk/1.0.0/questions.yaml b/community/rust-desk/1.0.0/questions.yaml new file mode 100644 index 0000000000..906c5b3fb7 --- /dev/null +++ b/community/rust-desk/1.0.0/questions.yaml @@ -0,0 +1,302 @@ +groups: + - name: Rust Desk Configuration + description: Configure Rust Desk + - name: User and Group Configuration + description: Configure User and Group for Rust Desk + - name: Network Configuration + description: Configure Network for Rust Desk + - name: Storage Configuration + description: Configure Storage for Rust Desk + - name: Resources Configuration + description: Configure Resources for Rust Desk + +questions: + - variable: rustConfig + label: "" + group: Rust Desk Configuration + schema: + type: dict + attrs: + - variable: allowOnlyEncryptedConnections + label: Allow Only Encrypted Connections + description: | + Allow only encrypted connections.
+ Clients have to use the generated key to connect to the server. + schema: + type: boolean + default: false + - variable: additionalRelayServers + label: Additional Relay Servers + description: | + Configure additional relay servers for Rust Desk.
+ The internal relay server will be added automatically.
+ Format:
host:port + schema: + type: list + default: [] + items: + - variable: relayServer + label: Relay Server + schema: + type: string + required: true + - variable: additionalEnvs + label: Additional Environment Variables + description: Configure additional environment variables for Rust Desk. + schema: + type: list + default: [] + items: + - variable: env + label: Environment Variable + schema: + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: rustRunAs + label: "" + group: User and Group Configuration + schema: + type: dict + attrs: + - variable: user + label: User ID + description: The user id that Rust Desk will run as. + schema: + type: int + min: 2 + default: 568 + required: true + - variable: group + label: Group ID + description: The group id that Rust Desk will run as. + schema: + type: int + min: 2 + default: 568 + required: true + + - variable: rustNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: natTypeTestPort + label: NAT Type Test Port + description: | + The port to use for NAT type test.
+ Internal port will always be 21115 + schema: + type: int + default: 21115 + min: 9000 + max: 65535 + required: true + - variable: idRegHolePunchPort + label: ID Registration and Hole Punching Port + description: | + The port to use for ID registration and Hole punching.
+ Internal port will always be 21116 (TCP/UDP) + schema: + type: int + default: 21116 + min: 9000 + max: 65535 + required: true + - variable: relayPort + label: Relay Port + description: | + The port to use for relay.
+ Internal port will always be 21117 + schema: + type: int + default: 21117 + min: 9000 + max: 65535 + required: true + - variable: enableWebClientPorts + label: Enable Web Client Ports + description: | + Enable web client ports.
+ This is only required for web clients.
+ schema: + type: boolean + default: true + - variable: serverWebClientsPort + label: Server Web Clients Port + description: | + The port to use for server web clients.
+ Internal port will always be 21118 + schema: + type: int + default: 21118 + min: 9000 + max: 65535 + required: true + show_if: [["enableWebClientPorts", "=", true]] + - variable: relayWebClientsPort + label: Relay Web Clients Port + description: | + The port to use for relay web clients.
+ Internal port will always be 21119 + schema: + type: int + default: 21119 + min: 9000 + max: 65535 + required: true + show_if: [["enableWebClientPorts", "=", true]] + - variable: hostNetwork + label: Host Network + description: | + Bind to the host network. It's recommended to keep this disabled.
+ schema: + type: boolean + default: false + + - variable: rustStorage + label: "" + group: Storage Configuration + schema: + type: dict + attrs: + - variable: data + label: Rust Desk Data Storage + description: The path to store Rust Desk Data. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: "ixVolume" + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: "data" + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + - variable: additionalStorages + label: Additional Storage + description: Additional storage for Rust Desk. + schema: + type: list + default: [] + items: + - variable: storageEntry + label: Storage Entry + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: "ixVolume" + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - variable: mountPath + label: Mount Path + description: The path inside the container to mount the storage. + schema: + type: path + required: true + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + required: true + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + immutable: true + default: "storage_entry" + $ref: + - "normalize/ixVolume" + + - variable: resources + group: Resources Configuration + label: "" + schema: + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for Rust Desk. + schema: + type: string + max_length: 6 + valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$' + valid_chars_error: | + Valid CPU limit formats are
+ - Plain Integer - eg. 1
+ - Float - eg. 0.5
+ - Milicpu - eg. 500m + default: "4000m" + required: true + - variable: memory + label: Memory + description: Memory limit for Rust Desk. + schema: + type: string + max_length: 12 + valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$' + valid_chars_error: | + Valid Memory limit formats are
+ - Suffixed with E/P/T/G/M/K - eg. 1G
+ - Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi
+ - Plain Integer in bytes - eg. 1024
+ - Exponent - eg. 134e6 + default: "8Gi" + required: true diff --git a/community/rust-desk/1.0.0/templates/NOTES.txt b/community/rust-desk/1.0.0/templates/NOTES.txt new file mode 100644 index 0000000000..ba4e01146c --- /dev/null +++ b/community/rust-desk/1.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/community/rust-desk/1.0.0/templates/_persistence.tpl b/community/rust-desk/1.0.0/templates/_persistence.tpl new file mode 100644 index 0000000000..ac61c4737d --- /dev/null +++ b/community/rust-desk/1.0.0/templates/_persistence.tpl @@ -0,0 +1,33 @@ +{{- define "rust.persistence" -}} +persistence: + data: + enabled: true + type: {{ .Values.rustStorage.data.type }} + datasetName: {{ .Values.rustStorage.data.datasetName | default "" }} + hostPath: {{ .Values.rustStorage.data.hostPath | default "" }} + targetSelector: + server: + server: + mountPath: /root + 01-permissions: + mountPath: /mnt/directories/data + relay: + relay: + mountPath: /root + {{- range $idx, $storage := .Values.rustStorage.additionalStorages }} + {{ printf "rust-%v" (int $idx) }}: + enabled: true + type: {{ $storage.type }} + datasetName: {{ $storage.datasetName | default "" }} + hostPath: {{ $storage.hostPath | default "" }} + targetSelector: + server: + server: + mountPath: {{ $storage.mountPath }} + 01-permissions: + mountPath: /mnt/directories{{ $storage.mountPath }} + relay: + relay: + mountPath: {{ $storage.mountPath }} + {{- end }} +{{- end -}} diff --git a/community/rust-desk/1.0.0/templates/_rust-desk-relay.tpl b/community/rust-desk/1.0.0/templates/_rust-desk-relay.tpl new file mode 100644 index 0000000000..61db714f07 --- /dev/null +++ b/community/rust-desk/1.0.0/templates/_rust-desk-relay.tpl @@ -0,0 +1,43 @@ +{{- define "rust-relay.workload" -}} +workload: + relay: + enabled: true + type: Deployment + podSpec: + hostNetwork: {{ .Values.rustNetwork.hostNetwork }} + containers: + relay: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: {{ .Values.rustRunAs.user }} + runAsGroup: {{ .Values.rustRunAs.group }} + command: + - hbbr + {{ if .Values.rustConfig.allowOnlyEncryptedConnections }} + args: + - -k + - _ + {{ end }} + {{ with .Values.rustConfig.additionalEnvs }} + envList: + {{ range $env := . }} + - name: {{ $env.name }} + value: {{ $env.value }} + {{ end }} + {{ end }} + probes: + liveness: + enabled: true + type: tcp + port: 21117 + readiness: + enabled: true + type: tcp + port: 21117 + startup: + enabled: true + type: tcp + port: 21117 +{{- end -}} diff --git a/community/rust-desk/1.0.0/templates/_rust-desk-server.tpl b/community/rust-desk/1.0.0/templates/_rust-desk-server.tpl new file mode 100644 index 0000000000..32c4b03d3f --- /dev/null +++ b/community/rust-desk/1.0.0/templates/_rust-desk-server.tpl @@ -0,0 +1,55 @@ +{{- define "rust-server.workload" -}} +{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}} +{{- $relay := (printf "%s-relay:%v" $fullname .Values.rustNetwork.relayPort) -}} +{{- $relays := mustAppend .Values.rustConfig.additionalRelayServers $relay }} +workload: + server: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: {{ .Values.rustNetwork.hostNetwork }} + containers: + server: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: {{ .Values.rustRunAs.user }} + runAsGroup: {{ .Values.rustRunAs.group }} + command: + - hbbs + args: + - -r + - "{{ join "," $relays }}" + {{ if .Values.rustConfig.allowOnlyEncryptedConnections }} + - -k + - _ + {{ end }} + {{ with .Values.rustConfig.additionalEnvs }} + envList: + {{ range $env := . }} + - name: {{ $env.name }} + value: {{ $env.value }} + {{ end }} + {{ end }} + probes: + liveness: + enabled: true + type: tcp + port: 21115 + readiness: + enabled: true + type: tcp + port: 21115 + startup: + enabled: true + type: tcp + port: 21115 + initContainers: + {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions" + "UID" .Values.rustRunAs.user + "GID" .Values.rustRunAs.group + "mode" "check" + "type" "init") | nindent 8 }} +{{- end -}} diff --git a/community/rust-desk/1.0.0/templates/_service.tpl b/community/rust-desk/1.0.0/templates/_service.tpl new file mode 100644 index 0000000000..279b58f0fc --- /dev/null +++ b/community/rust-desk/1.0.0/templates/_service.tpl @@ -0,0 +1,59 @@ +{{- define "rust.service" -}} +# https://rustdesk.com/docs/en/self-host/rustdesk-server-oss/docker/ +service: + server1: + enabled: true + primary: true + type: NodePort + targetSelector: server + ports: + nat-type-test: + enabled: true + primary: true + port: {{ .Values.rustNetwork.natTypeTestPort }} + nodePort: {{ .Values.rustNetwork.natTypeTestPort }} + targetPort: 21115 + targetSelector: server + web-clients: + enabled: {{ .Values.rustNetwork.enableWebClientPorts }} + port: {{ .Values.rustNetwork.serverWebClientsPort }} + nodePort: {{ .Values.rustNetwork.serverWebClientsPort }} + targetPort: 21118 + targetSelector: server + server2: + enabled: true + type: NodePort + targetSelector: server + ports: + tcp-hole-punch: + enabled: true + port: {{ .Values.rustNetwork.idRegHolePunchPort }} + nodePort: {{ .Values.rustNetwork.idRegHolePunchPort }} + targetPort: 21116 + targetSelector: server + id-registration: + enabled: true + port: {{ .Values.rustNetwork.idRegHolePunchPort }} + nodePort: {{ .Values.rustNetwork.idRegHolePunchPort }} + targetPort: 21116 + protocol: udp + targetSelector: server + relay: + enabled: true + type: NodePort + targetSelector: relay + ports: + relay: + enabled: true + primary: true + port: {{ .Values.rustNetwork.relayPort }} + nodePort: {{ .Values.rustNetwork.relayPort }} + targetPort: 21117 + targetSelector: relay + web-clients: + enabled: {{ .Values.rustNetwork.enableWebClientPorts }} + port: {{ .Values.rustNetwork.relayWebClientsPort }} + nodePort: {{ .Values.rustNetwork.relayWebClientsPort }} + targetPort: 21119 + targetSelector: relay +{{- end -}} diff --git a/community/rust-desk/1.0.0/templates/common.yaml b/community/rust-desk/1.0.0/templates/common.yaml new file mode 100644 index 0000000000..cd6cff1af7 --- /dev/null +++ b/community/rust-desk/1.0.0/templates/common.yaml @@ -0,0 +1,9 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "rust-server.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "rust-relay.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "rust.persistence" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "rust.service" $ | fromYaml) -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/community/rust-desk/item.yaml b/community/rust-desk/item.yaml new file mode 100644 index 0000000000..5cf55c179e --- /dev/null +++ b/community/rust-desk/item.yaml @@ -0,0 +1,7 @@ +icon_url: https://avatars.githubusercontent.com/u/71636191 +categories: + - productivity +screenshots: [] +tags: + - remote + - desktop