kasm-wip -- might have to shelve

This commit is contained in:
Joseph Hanson 2024-08-21 15:59:52 -05:00
parent 356085793f
commit b2f151b9a6
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
11 changed files with 1959 additions and 0 deletions

View file

@ -0,0 +1,30 @@
apiVersion: batch/v1
kind: Job
metadata:
name: kasm-www-update
spec:
template:
spec:
containers:
- name: kasm-www-update
image: docker.io/library/alpine:latest
command: ["/bin/sh", "-c"]
env:
- name: KASM_VERSION
value: "1.15.0.06fdc8"
args:
- >
apk add --no-cache curl;
rm -rf /srv/www/*;
mkdir -p /tmp/kasm_download &&
curl -o /tmp/kasm_download/kasm_release.tar.gz https://kasm-static-content.s3.amazonaws.com/kasm_release_${KASM_VERSION}.tar.gz &&
tar -xzvf /tmp/kasm_download/kasm_release.tar.gz -C /tmp/kasm_download kasm_release/www/ &&
cp -r /tmp/kasm_download/kasm_release/www/* /srv/www/;
volumeMounts:
- name: kasm-www
mountPath: /srv/www
restartPolicy: OnFailure
volumes:
- name: kasm-www
persistentVolumeClaim:
claimName: kasm-www

View file

@ -0,0 +1,24 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: kasm
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: kasm-secret
template:
engineVersion: v2
data:
DB_HOST: "postgres-primary-real.database.svc"
DB_PORT: "5432"
DB_USER: "{{ .KASM_POSTGRES_USER }}"
DB_PASS: "{{ .KASM_POSTGRES_PASSWORD }}"
DB_NAME: "kasm"
DB_USE_SSL: "false" # Whether to enable ssl for database connection
dataFrom:
- extract:
key: kasm

View file

@ -0,0 +1,146 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app kasm
namespace: default
spec:
chart:
spec:
chart: app-template
version: 3.3.2
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
interval: 30m
values:
controllers:
kasm:
annotations:
reloader.stakater.com/auto: "true"
initContainers:
kasm-www-update:
env:
KASM_VERSION: "1.15.0"
KASM_BUILD: "06fdc8"
KASM_TAR_URL: https://kasm-static-content.s3.amazonaws.com/kasm_release_${KASM_VERSION}.${KASM_BUILD}.tar.gz
image:
repository: alpine
tag: latest
command:
- /bin/sh
- -c
args:
- >
apk add --no-cache curl;
rm -rf /www/*;
mkdir -p /tmp/kasm_download &&
curl -o /tmp/kasm_download/kasm_release.tar.gz "${KASM_TAR_URL}" &&
tar -xzvf /tmp/kasm_download/kasm_release.tar.gz -C /tmp/kasm_download kasm_release/www/ &&
cp -r /tmp/kasm_download/kasm_release/www/* /www/;
install:
image:
repository: kasmweb/api
tag: &version 1.15.0-rolling-alpine
command:
- /usr/bin/kasm_server.so
- --initialize-database
- --cfg
- /opt/kasm/current/conf/app/api.app.config.yaml
- --populate-production
- --seed-file
- /tmp/default_properties.yaml
containers:
manager:
envFrom:
- secretRef:
name: kasm-manager-secret
image:
repository: kasmweb/manager
tag: *version
probes:
liveness:
enabled: true
readiness:
enabled: true
api:
image:
repository: kasmweb/api
tag: *version
probes:
liveness:
enabled: true
readiness:
enabled: true
guac:
image:
repository: kasmweb/kasm-guac
tag: *version
probes:
liveness:
enabled: true
readiness:
enabled: true
service:
manager:
controller: kasm
ports:
http:
port: &manger-port 80
api:
controller: kasm
ports:
http:
port: &api-port 80
ingress:
manager:
className: internal-nginx
hosts:
- host: &host kasm.jahanson.tech
paths:
# - path: /
# service:
# identifier: static
# port: http
- path: /api/
service:
identifier: api
port: http
- path: /api/admin/
service:
identifier: api
port: http
- path: /manager_api/
service:
identifier: manager
port: http
tls:
- hosts:
- *host
persistence:
config:
existingClaim: kasm
globalMounts:
- path: /opt/kasm/current/conf
logs:
type: persistentVolumeClaim
accessMode: ReadWriteOnce
size: 1Gi
globalMounts:
- path: /opt/kasm/current/log
tmp:
type: emptyDir
globalMounts:
- path: /opt/kasm/current/tmp
www:
existingClaim: kasm-www

View file

@ -0,0 +1,11 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./externalsecret.yaml
- ./helmrelease.yaml
- ./pvc.yaml
generatorOptions:
disableNameSuffixHash: true

View file

@ -0,0 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kasm-www
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

View file

@ -0,0 +1,82 @@
agent:
auto_generate_kasm_docker_networks: false
default_host_key: 1234
disk_usage_limit: 0.90
docker_async_script_timeout: 900
docker_port_listen_addr: "localhost"
docker_script_timeout: 180
forward_logs_to_manager: true
heartbeat_interval: 30000
images_interval: 3600
log_container_stats: false
log_heartbeat_data: false
max_concurrent_docker_pulls: 2
nginx_container_dir: /etc/nginx/conf.d/containers.d/
persist_config_interval: 100000
persist_config_updates: true
port: 4444
provider: hardware
public_hostname: kasm-proxy
public_port: 443
remove_failed_containers: true
retention_period: 24
server_id: A0EEBC99-9C0B-4EF8-BB6D-6BB9BD380A11
starting_nginx_port: 5971
type: host
validate_images: true
manager:
client_cert: /srv/provision_agent/client_cert.pem
config_path: /manager_api/api/v1/agent_config
heartbeat_path: /manager_api/api/v1/heartbeat
hostnames: ["kasm-proxy"]
images_path: /manager_api/api/v1/images
public_port: 443
scheme: https
server_cert: /srv/provision_agent/server_cert.pem
token: ImaRsCutMtlKRLMpOiue
logging:
agent:
formatters:
pythonjsonlogger:
(): pythonjsonlogger.jsonlogger.JsonFormatter
fmt: "%(asctime) %(name) %(processName) %(filename) %(funcName) %(levelname) %(lineno) %(module) %(threadName) %(message)"
timestamp: true
standard:
format: "%(asctime)s [%(levelname)s] %(name)s: %(message)s"
handlers:
file_handler:
backupCount: 5
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/agent.log
formatter: standard
level: DEBUG
maxBytes: 10485760
file_handler_json:
backupCount: 5
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/agent_json.log
formatter: pythonjsonlogger
level: DEBUG
maxBytes: 10485760
stream:
class: logging.StreamHandler
formatter: standard
level: DEBUG
syslog:
class: logging.handlers.SysLogHandler
formatter: pythonjsonlogger
level: DEBUG
loggers:
"":
handlers:
- stream
- syslog
- file_handler
- file_handler_json
level: DEBUG
propagate: true
tornado:
level: INFO
version: 1

View file

@ -0,0 +1,317 @@
database:
name: kasm
username: kasmapp
password: test
host: dbpostgres-primary-real.database.svc
port: 5432
type: postgres
ssl: true
pool_size: 10
max_overflow: 20
redis:
host: dragonfly.database.svc.cluster.local
port: 6379
redis_password: ""
manager:
manager_id: 00000000-0000-0000-0000-000000000000
update_timer: 86400
server:
server_id: 00000000-0000-0000-0000-000000000000
server_hostname: kasm-proxy
zone_name: default
sanitize_errors: true
share:
share_id: 00000000-0000-0000-0000-000000000000
logging:
agent:
formatters:
pythonjsonlogger:
(): pythonjsonlogger.jsonlogger.JsonFormatter
fmt: "%(asctime) %(name) %(processName) %(filename) %(funcName) %(levelname) %(lineno) %(module) %(threadName) %(message)"
timestamp: true
standard:
format: "%(asctime)s [%(levelname)s] %(name)s: %(message)s"
handlers:
file_handler:
backupCount: 20
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/agent.log
formatter: standard
level: DEBUG
maxBytes: 10485760
file_handler_json:
backupCount: 20
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/agent_json.log
formatter: pythonjsonlogger
level: DEBUG
maxBytes: 10485760
stream:
class: logging.StreamHandler
formatter: standard
level: INFO
syslog:
class: logging.handlers.SysLogHandler
formatter: pythonjsonlogger
level: DEBUG
loggers:
"":
handlers:
- stream
- syslog
- file_handler
- file_handler_json
level: DEBUG
propagate: true
version: 1
kasm_share:
formatters:
pythonjsonlogger:
(): pythonjsonlogger.jsonlogger.JsonFormatter
fmt: "%(asctime) %(name) %(processName) %(filename) %(funcName) %(levelname) %(lineno) %(module) %(threadName) %(message)"
timestamp: true
standard:
format: "%(asctime)s [%(levelname)s] %(name)s: %(message)s"
handlers:
file_handler:
backupCount: 20
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/share.log
formatter: standard
level: DEBUG
maxBytes: 10485760
file_handler_json:
backupCount: 20
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/share_json.log
formatter: pythonjsonlogger
level: DEBUG
maxBytes: 10485760
stream:
class: logging.StreamHandler
formatter: standard
level: DEBUG
syslog:
class: logging.handlers.SysLogHandler
formatter: pythonjsonlogger
level: DEBUG
loggers:
"":
handlers:
- stream
- syslog
- file_handler
- file_handler_json
level: DEBUG
propagate: true
tornado.application:
level: DEBUG
tornado.access:
level: DEBUG
tornado.general:
level: DEBUG
version: 1
manager_api_server:
filters:
internal_log_filter:
(): log.handlers.InternalLogFilter
web_filter_log_filter:
(): log.handlers.ExternalLogFilter
application: "kasm_squid_adapter"
formatters:
pythonjsonlogger:
(): pythonjsonlogger.jsonlogger.JsonFormatter
fmt: "%(asctime) %(name) %(processName) %(filename) %(funcName) %(levelname) %(lineno) %(module) %(threadName) %(message)"
timestamp: true
standard:
format: "%(asctime)s [%(levelname)s] %(name)s: %(message)s"
handlers:
file_handler:
backupCount: 20
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/manager_api_server.log
formatter: standard
level: DEBUG
maxBytes: 10485760
filters: [internal_log_filter]
file_handler_json:
backupCount: 20
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/manager_api_server_json.log
formatter: pythonjsonlogger
level: DEBUG
maxBytes: 10485760
filters: [internal_log_filter]
web_filter_file_handler:
backupCount: 20
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/web_filter_access_json.log
level: DEBUG
maxBytes: 10485760
filters: [web_filter_log_filter]
stream:
class: logging.StreamHandler
formatter: standard
level: INFO
filters: [internal_log_filter]
syslog:
class: logging.handlers.SysLogHandler
formatter: pythonjsonlogger
level: DEBUG
filters: [internal_log_filter]
loggers:
"":
handlers:
- stream
- syslog
- file_handler
- file_handler_json
- web_filter_file_handler
level: DEBUG
propagate: true
__main__.handler:
level: DEBUG
googleapiclient.discovery_cache:
level: ERROR
provider_manager:
level: DEBUG
provider:
level: DEBUG
tornado:
level: INFO
sqlalchemy.pool:
level: WARNING
sqlalchemy.pool.status:
level: WARNING
sqlalchemy.engine:
level: WARNING
sqlalchemy.dialects:
level: WARNING
sqlalchemy.orm:
level: WARNING
botocore:
level: WARNING
azure:
level: WARNING
database_models:
level: INFO
keystoneauth.session:
level: WARNING
novaclient.v2.client:
level: WARNING
version: 1
api_server:
filters:
request_context_filter:
(): utils.RequestContextFilter
formatters:
pythonjsonlogger:
(): pythonjsonlogger.jsonlogger.JsonFormatter
fmt: "%(asctime) %(name) %(processName) %(filename) %(funcName) %(levelname) %(lineno) %(module) %(threadName) %(message)"
timestamp: true
standard:
format: "%(asctime)s [%(levelname)s] %(name)s: %(message)s"
handlers:
file_handler:
backupCount: 20
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/api_server.log
formatter: standard
level: DEBUG
maxBytes: 10485760
file_handler_json:
backupCount: 20
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/api_server_json.log
formatter: pythonjsonlogger
level: DEBUG
maxBytes: 10485760
filters: [request_context_filter]
subscription_file_handler:
backupCount: 20
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/subscription_api_server.log
formatter: standard
level: DEBUG
maxBytes: 10485760
admin_file_handler:
backupCount: 20
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/admin_api_server.log
formatter: standard
level: DEBUG
maxBytes: 10485760
client_file_handler:
backupCount: 20
class: logging.handlers.RotatingFileHandler
encoding: utf8
filename: /opt/kasm/current/log/client_api_server.log
formatter: standard
level: DEBUG
maxBytes: 10485760
stream:
class: logging.StreamHandler
formatter: standard
level: DEBUG
syslog:
class: logging.handlers.SysLogHandler
formatter: pythonjsonlogger
level: DEBUG
loggers:
"":
handlers:
- stream
- syslog
- file_handler
- file_handler_json
level: DEBUG
propagate: true
client_api_server:
handlers:
- client_file_handler
admin_api_server:
handlers:
- admin_file_handler
subscription_api_server:
handlers:
- subscription_file_handler
cherrypy.error:
level: INFO
cherrypy.access:
level: INFO
sqlalchemy.pool:
level: WARNING
sqlalchemy.pool.status:
level: WARNING
sqlalchemy.engine:
level: WARNING
sqlalchemy.dialects:
level: WARNING
sqlalchemy.orm:
level: WARNING
requests_oauthlib:
level: INFO
database_models:
level: INFO
googleapiclient.discovery_cache:
level: ERROR
keystoneauth.session:
level: WARNING
novaclient.v2.client:
level: WARNING
botocore:
level: WARNING
azure:
level: WARNING
version: 1

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,3 @@
\c kasm\\
CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA public;
COMMENT ON EXTENSION "uuid-ossp" IS 'generate universally unique identifiers (UUIDs)';

View file

@ -0,0 +1,33 @@
kasmguac:
cluster_size: CLUSTER_SIZE
id: 00000000-0000-0000-0000-000000000000
kasm_delete_session_watch_interval: 60
port: 3000
registration_token: REGISTRATION_TOKEN
server_address: SERVER_ADDRESS
server_port: SERVER_PORT
zone: ZONE
recording:
default_width: 1920
default_height: 1080
default_framerate: 12
default_bitrate: 8
retention_period_in_hours: 24
encoding_queue_size: 2
processing_interval: 30
processing_cutoff: 30
summary_interval: 300
summary_include_intial_logs: true
logging:
errorEventName: error
logDirectory: /opt/kasm/current/log/
fileNamePattern: kasmguac-<DATE>.log
dateFormat: YYYY.MM.DD
timestampFormat: YYYY-MM-DD HH:mm:ss.SSS
api:
hostnames: ["kasm-proxy"]
port: 443
auth_token: JWTTOKEN
allow_self_signed_cert: true
hostname_refresh_interval: 30
public_jwt_cert: PUBLICCERT

View file