File tree 1 file changed +46
-0
lines changed
1 file changed +46
-0
lines changed Original file line number Diff line number Diff line change 1+ # guacamole-k8s
2+
3+ This repository contains a Guacamole plugin that automatically discovers Kubernetes
4+ services and adds them to the Guacamole interface.
5+
6+ ## Usage
7+
8+ First, make sure your authentication method of choice has priority over this one.
9+ For example, if you're using the ` openid ` plugin, make sure it's prioritized in
10+ ` $GUACAMOLE_HOME/guacamole.properties ` .
11+
12+ ``` properties
13+ extension-priority: openid
14+ ```
15+
16+ Then, make sure your Guacamole instance has access to the Kubernetes API. This
17+ can be done by creating a cluster role that allows access to services.
18+
19+ ``` hcl
20+ resource "kubernetes_cluster_role" "guacamole" {
21+ metadata {
22+ name = "guacamole"
23+ }
24+ rule {
25+ api_groups = [""]
26+ resources = ["services"]
27+ verbs = ["get", "list", "watch"]
28+ }
29+ }
30+ ```
31+
32+ Create a Kubernetes pod that runs a VNC server. Then, create an associated service
33+ that has the following labels...
34+
35+ ``` yaml
36+ guacamole.njha.dev/enabled : " true"
37+ ` ` `
38+
39+ And also the following annotations (replace ` 5900` with the port the VNC server
40+ is running on). The `owner` annotation is used to determine who can access the
41+ service. Authentication can be handled by any one of the other Guacamole plugins.
42+
43+ ` ` ` yaml
44+ guacamole.njha.dev/vnc: "5900"
45+ guacamole.njha.dev/owner: "foo@example.com"
46+ ` ` `
You can’t perform that action at this time.
0 commit comments