Here we are , another apache guacamole implementation in kubernetes
This service is designed to avoid the usage of mysql and create a standalone project
The main idea is to use the user-mapping.xml as a config map
For production environment i suggest to add the ldap auth (ad.openldap,freeipa),
mysql database should be managed with a dedicated instances and mantained in case of “exit”
what is a bastion host
On the Internet, a bastion host is the only host computer that a company allows to be addressed
directly from the public network and that is designed to screen the rest of its network from security exposure.
how this tool can be used
The tool is designed to be used when you have some dedicated service in production and you have to keep
the control of access and account used , guacamole has the ability to manage the most used platforms (windows and linux)
as host in backend to be reached from developers … contractors …
why in kubernetes
Since the auth method could scale by configmap or ldap or mysql , is designed to scale
we have also the benefits to have a low footprint compared to a traditional vm.
https://github.com/lorenzogirardi/kubernetes-guacamole
config to change
Before deploy you need to specify the following parameters in guacamole folder
- YOUR_DOMAIN to reflect your domain url in 03-guacamole-ing.yaml
- user YOUR_USERNAME / YOUR_MD5_PWD and hosts xml configuration in 04-guacamole-cfm.yaml following https://guacamole.apache.org/doc/gug/configuring-guacamole.html#user-mapping
screenshots
deploy
kubectl apply -f guacd
kubectl apply -f guacamole
You can secure the connection with kube-lego and use cillium to add network rules
