GitHub user mike-jumper opened a pull request:
https://github.com/apache/guacamole-server/pull/186
GUACAMOLE-623: Add support for attaching to the terminals of containers in
Kubernetes pods.
As described in
[GUACAMOLE-623](https://issues.apache.org/jira/browse/GUACAMOLE-623), this mere
~2.7K line change adds a new protocol plugin to guacamole-server,
"libguac-client-kubernetes", which supports Kubernetes' web service / API.
The new plugin leverages libwebsockets and libssl to connect to the
endpoint used for attaching to containers, exposing the data transferred
through that endpoint through the common terminal emulator. From the user
perspective, things behave essentially identically to SSH and telnet.
Sadly, the Kubernetes API documentation regarding attaching to a container
does not exist. I managed to determine how the endpoint functions by:
* Looking at the "attach" implementation in Kubernetes' Java API:
https://github.com/kubernetes-client/java (attach uses WebSockets for streaming)
* Looking at the WebSocket implementation within Kubernetes' Python API to
determine how messages are actually framed:
https://github.com/kubernetes-client/python-base (there is a concept of
"channels", with the leading byte of each WebSocket message denoting the
channel receiving/sending the data)
* Looking at old Kubernetes pull requests to get a rough idea of how
terminal resize was implemented (it uses a separate channel and JSON message
containing the new width and height)
* Verifying all the above using a tcpdump capture of traffic between
kubectl and a test minikube instance with the insecure, unencrypted API server
enabled
The plugin implements two methods of connecting: (1) unencrypted and
without authentication, and (2) SSL/TLS with client authentication via a
certificate and private key.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mike-jumper/guacamole-server kubernetes
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/guacamole-server/pull/186.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #186
----
commit 89e575b8cf8caf18e02322d411bb7fc62b3b2aff
Author: Michael Jumper <mjumper@...>
Date: 2018-09-10T03:03:40Z
GUACAMOLE-623: Add base skeleton for Kubernetes protocol support.
commit c8360b593798250a3656510f63c3df8e49e0e3b2
Author: Michael Jumper <mjumper@...>
Date: 2018-09-10T04:49:58Z
GUACAMOLE-623: libwebsockets requires an integer port number.
commit bcb77c33a4b79f5f5d82fb03bc6043cdf722de4b
Author: Michael Jumper <mjumper@...>
Date: 2018-09-10T05:54:50Z
GUACAMOLE-623: Default to unencrypted Kubernetes connections.
commit a4704e6c5c38a59fe96927b9e7fbded52afbe740
Author: Michael Jumper <mjumper@...>
Date: 2018-09-10T05:55:38Z
GUACAMOLE-623: Stub out implementation of WebSocket client for Kubernetes.
commit eff93b2f736cbea39ed9be9859cb3251137a1258
Author: Michael Jumper <mjumper@...>
Date: 2018-09-10T06:50:30Z
GUACAMOLE-623: Handle data received from Kubernetes.
commit ee055213445ff96c4121ffee9b9c87e15b939573
Author: Michael Jumper <mjumper@...>
Date: 2018-09-10T07:25:49Z
GUACAMOLE-623: Do not return -1 from libwebsockets callback. Doing so
results in automatic cleanup of part of the context, resulting in a segfault
when lws_context_destroy() is invoked.
commit 9c0d66c9ec8b42a0e3eb81cfbf434ec610157a1c
Author: Michael Jumper <mjumper@...>
Date: 2018-09-10T08:26:13Z
GUACAMOLE-623: Add outbound message buffer.
commit 5697d3c9501e07a825e179d7d7b68cc47bde86d2
Author: Michael Jumper <mjumper@...>
Date: 2018-09-10T09:16:36Z
GUACAMOLE-623: Send typed data to Kubernetes via the STDIN channel.
commit a5295066ad2d08f108aca6e4cf4085beb2a5ed35
Author: Michael Jumper <mjumper@...>
Date: 2018-09-10T09:50:15Z
GUACAMOLE-623: Add support for terminal resize. Redraw Kubernetes container
upon connect.
commit 8c79b1399820ad02462feddfe3c6c5ed7587db97
Author: Michael Jumper <mjumper@...>
Date: 2018-09-10T22:01:48Z
GUACAMOLE-623: Redirect libwebsockets logging to guacd's debug level log.
commit 3b149747abeeb53b46c73f16b1c63ed4de01dbef
Author: Michael Jumper <mjumper@...>
Date: 2018-09-11T01:39:06Z
GUACAMOLE-623: Generate Kubernetes API endpoint dynamically.
commit c622b604b0a658654c479df1181f9f6d958b58e0
Author: Michael Jumper <mjumper@...>
Date: 2018-09-11T03:00:44Z
GUACAMOLE-623: Add configure test for LWS_CALLBACK_CLIENT_CLOSED (only
defined in recent libwebsockets and required if present).
commit a751e01578b39fb3fab85e5785418c9a705eb90d
Author: Michael Jumper <mjumper@...>
Date: 2018-09-11T03:09:36Z
GUACAMOLE-623: Add warning when Kubernetes support will not be built. Fix
summary output from configure.
commit 66407ba3bdb94f5aa03e7a40c3f689bbc7defd64
Author: Michael Jumper <mjumper@...>
Date: 2018-09-11T04:05:23Z
GUACAMOLE-623: Add missin includes. Remove unnecessary includes.
commit fbe24399276b34f90874586e998efae2b49c78e2
Author: Michael Jumper <mjumper@...>
Date: 2018-09-11T04:08:19Z
GUACAMOLE-623: Add missing documentation for URL character test.
commit f5be25ee264146f63631407825488d54c1bf0f64
Author: Michael Jumper <mjumper@...>
Date: 2018-09-11T05:55:02Z
GUACAMOLE-623: Move I/O-related functions into separate files.
commit e6481b93656c5017740574fa5bde85c475dfb448
Author: Michael Jumper <mjumper@...>
Date: 2018-09-11T10:03:17Z
GUACAMOLE-623: Add support for SSL.
commit c9183e0b52b7db7190042b3c448ff843a846a782
Author: Michael Jumper <mjumper@...>
Date: 2018-09-11T10:17:00Z
GUACAMOLE-623: Clean up logging (libwebsockets adds newline characters).
----
---
