1.介绍:
NoVNC是一个使用WebSockets和HTML5 Canvas的javaScript VNC客户端。我们提供websocker api用于VNC访问下:
APISERVER:/apis/subresources.kubevirt.io/v1alpha3/namespaces/NAMESPACE/virtualmachineinstances/VM/vnc
但是我们不能直接访问VNC api,因为需要授权,为了解决这个问题,我们提供了一个组件kubectl proxy用来提供一个授权的vnc访问,我们命名这个组件virtVNC。
2.准备Docker镜像:
根据自己kubernetes的版本下载对应的镜像:Docker Hub,镜像执行如下:SHI
# cat Dockerfile
FROM bitnami/kubectl:1.21.2
CMD ["proxy", "--accept-hosts=^.*$", "--address=[::]", "--api-prefix=/k8s/"]
使用docker build构建docker镜像:
docker build -t quay.io/samblade/virtvnc:v0.1 .
3.使用kubernetes来部署virtvnc:
# cat virtvnc.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: virtvnc
namespace: kubevirt
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: virtvnc
subjects:
- kind: ServiceAccount
name: virtvnc
namespace: kubevirt
roleRef:
kind: ClusterRole
name: virtvnc
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: virtvnc
rules:
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/console
- virtualmachineinstances/vnc
verbs:
- get
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
- virtualmachineinstancepresets
- virtualmachineinstancereplicasets
- virtualmachineinstancemigrations
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: Service
metadata:
labels:
app: virtvnc
name: virtvnc
namespace: kubevirt
spec:
ports:
- port: 8001
protocol: TCP
targetPort: 8001
nodePort: 8001
selector:
app: virtvnc
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: virtvnc
namespace: kubevirt
spec:
replicas: 1
selector:
matchLabels:
app: virtvnc
template:
metadata:
labels:
app: virtvnc
spec:
serviceAccountName: virtvnc
nodeSelector:
node-role.kubernetes.io/master: ''
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Equal"
value: ""
effect: "NoSchedule"
containers:
- name: virtvnc
image: quay.io/samblade/virtvnc:v0.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
port: 8001
path: /
scheme: HTTP
failureThreshold: 30
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
执行如下命令:
kubectl apply -f virtvnc.yaml
查看virtvnc服务端口:
kubectl get svc -n kubevirt virtvnc