Apache Guacamole is a clientless HTML5 web based remote desktop gateway that makes it easy to access remote servers and desktops through a web browser. It supports standard protocols like VNC, RDP, and SSH.
In this repository, we are going to learn how to setup Guacamole web-based remote desktop access tool on Kubernetes server.
You can see below a simple demo of Guacamole :
This Guacamole configuration use cert-manager and ingress-nginx, the configuration of these are stored in my kubernetes infrastructure repository.
If your database is not already initialized with the Guacamole schema, you will need to do so prior to using Guacamole. A convenience script for generating the necessary SQL to do this is included in the Guacamole image.
run this command in your kubernetes worker to generate a SQL script :
docker exec -i <APP CONTAINER ID> /opt/guacamole/bin/initdb.sh --mysql > /tmp/initdb.sqlAnd import initdb.sql to mariadb docker intance with the following command :
docker exec -i <DB CONTAINER ID> mysql -uguacamole -p<DB PASSWORD> guacamole < /tmp/test.sqlIf you want to add a second authentication to better protect your Guacamole instance, you must first add the Oauth2 configuration files available in the following github repository k8s-oauth2-proxy.
Add the following annotations in your ingress configuration to redirect unauthenticated users to your oauth2 proxy.
nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start"To complete oauth2 configuration, add the following code to your input configuration.
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: guacamole-oauth2
namespace: netboot-guacamole
spec:
tls:
- hosts:
- sc6rffd3d5.netboot.fr
secretName: guacamole-netboot-fr-tls
rules:
- host: sc6rffd3d5.netboot.fr
http:
paths:
- path: /oauth2
backend:
serviceName: guacamole-oauth2
servicePort: guacamole-oauth2