Initialisation depot

RdpBroker/docs/deployment.md

@@ -0,0 +1,458 @@
+# RdpBroker Deployment Guide
+
+This document provides detailed instructions for deploying RdpBroker to a Kubernetes cluster.
+
+## Table of Contents
+
+- [Prerequisites](#prerequisites)
+- [Building the Container Image](#building-the-container-image)
+- [Preparing the Environment](#preparing-the-environment)
+- [Deploying with Helm](#deploying-with-helm)
+- [Manual Deployment](#manual-deployment)
+- [Configuration](#configuration)
+- [Testing the Deployment](#testing-the-deployment)
+- [Troubleshooting](#troubleshooting)
+- [Upgrading](#upgrading)
+- [Uninstalling](#uninstalling)
+
+## Prerequisites
+
+### Required Tools
+
+- **kubectl** (1.20+) - Kubernetes command-line tool
+- **helm** (3.x) - Kubernetes package manager
+- **docker** - Container runtime for building images
+- **Kubernetes cluster** (1.20+) - Running cluster with appropriate access
+
+### Required Services
+
+- **Samba Active Directory server** - Accessible from the Kubernetes cluster
+- **RDP target machines** - Reachable from Kubernetes pods
+- **Container registry** - For storing the RdpBroker image (Docker Hub, GCR, ECR, etc.)
+
+## Building the Container Image
+
+### 1. Build the Image
+
+Navigate to the source directory and build the Docker image:
+
+```bash
+cd src/
+docker build -t rdpbroker:1.0.0 .
+```
+
+### 2. Tag for Your Registry
+
+Tag the image for your container registry:
+
+```bash
+# Docker Hub
+docker tag rdpbroker:1.0.0 yourusername/rdpbroker:1.0.0
+
+# Google Container Registry
+docker tag rdpbroker:1.0.0 gcr.io/your-project/rdpbroker:1.0.0
+
+# AWS ECR
+docker tag rdpbroker:1.0.0 123456789012.dkr.ecr.us-east-1.amazonaws.com/rdpbroker:1.0.0
+```
+
+### 3. Push to Registry
+
+```bash
+# Docker Hub
+docker push yourusername/rdpbroker:1.0.0
+
+# Google Container Registry
+docker push gcr.io/your-project/rdpbroker:1.0.0
+
+# AWS ECR
+docker push 123456789012.dkr.ecr.us-east-1.amazonaws.com/rdpbroker:1.0.0
+```
+
+## Preparing the Environment
+
+### 1. Create Namespace
+
+```bash
+kubectl create namespace rdpbroker
+```
+
+### 2. Configure Targets
+
+Edit the `targets.yaml` file to define your RDP targets:
+
+```yaml
+targets:
+  - name: "Production Server"
+    host: "192.168.1.10"
+    port: 3389
+    description: "Production Environment"
+  
+  - name: "Development Server"
+    host: "192.168.1.20"
+    port: 3389
+    description: "Development Environment"
+```
+
+### 3. Create ConfigMap (Optional)
+
+If you prefer to manage targets separately:
+
+```bash
+kubectl create configmap rdpbroker-targets \
+  --from-file=targets.yaml=targets.yaml \
+  -n rdpbroker
+```
+
+## Deploying with Helm
+
+### 1. Create Custom Values File
+
+Create a file named `my-values.yaml`:
+
+```yaml
+image:
+  repository: yourusername/rdpbroker
+  tag: "1.0.0"
+
+config:
+  sambaAD:
+    server: "ad.example.com"
+    port: 389
+    baseDN: "DC=example,DC=com"
+  
+  rdp:
+    listenPort: 3389
+  
+  logging:
+    level: "INFO"
+
+service:
+  type: LoadBalancer
+  # Optional: specify a static IP
+  # loadBalancerIP: "10.0.0.100"
+
+resources:
+  limits:
+    cpu: 1000m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
+# If you created a ConfigMap for targets
+targets:
+  existingConfigMap: "rdpbroker-targets"
+  # Or define inline
+  # data: |
+  #   targets:
+  #     - name: "Server 01"
+  #       host: "192.168.1.10"
+  #       port: 3389
+  #       description: "Production"
+```
+
+### 2. Install the Chart
+
+```bash
+helm install rdpbroker ./chart/rdpbroker \
+  -f my-values.yaml \
+  -n rdpbroker
+```
+
+### 3. Verify Installation
+
+```bash
+# Check pod status
+kubectl get pods -n rdpbroker
+
+# Check service
+kubectl get svc -n rdpbroker
+
+# View logs
+kubectl logs -f deployment/rdpbroker -n rdpbroker
+```
+
+## Manual Deployment
+
+If you prefer not to use Helm, you can deploy manually:
+
+### 1. Create ConfigMap
+
+```bash
+kubectl create configmap rdpbroker-targets \
+  --from-file=targets.yaml=targets.yaml \
+  -n rdpbroker
+```
+
+### 2. Create Deployment
+
+Create `deployment.yaml`:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rdpbroker
+  namespace: rdpbroker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: rdpbroker
+  template:
+    metadata:
+      labels:
+        app: rdpbroker
+    spec:
+      containers:
+      - name: rdpbroker
+        image: yourusername/rdpbroker:1.0.0
+        env:
+        - name: SAMBA_AD_SERVER
+          value: "ad.example.com"
+        - name: SAMBA_AD_PORT
+          value: "389"
+        - name: SAMBA_AD_BASE_DN
+          value: "DC=example,DC=com"
+        - name: RDP_LISTEN_PORT
+          value: "3389"
+        - name: TARGETS_CONFIG_PATH
+          value: "/etc/rdpbroker/targets.yaml"
+        - name: LOG_LEVEL
+          value: "INFO"
+        ports:
+        - containerPort: 3389
+          name: rdp
+        volumeMounts:
+        - name: targets-config
+          mountPath: /etc/rdpbroker
+          readOnly: true
+        resources:
+          limits:
+            cpu: 1000m
+            memory: 512Mi
+          requests:
+            cpu: 100m
+            memory: 128Mi
+      volumes:
+      - name: targets-config
+        configMap:
+          name: rdpbroker-targets
+```
+
+### 3. Create Service
+
+Create `service.yaml`:
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: rdpbroker
+  namespace: rdpbroker
+spec:
+  type: LoadBalancer
+  ports:
+  - port: 3389
+    targetPort: 3389
+    protocol: TCP
+    name: rdp
+  selector:
+    app: rdpbroker
+```
+
+### 4. Apply Manifests
+
+```bash
+kubectl apply -f deployment.yaml
+kubectl apply -f service.yaml
+```
+
+## Configuration
+
+### Environment Variables
+
+| Variable | Description | Required | Default |
+|----------|-------------|----------|---------|
+| `SAMBA_AD_SERVER` | Samba AD server hostname/IP | Yes | - |
+| `SAMBA_AD_PORT` | LDAP port | No | 389 |
+| `SAMBA_AD_BASE_DN` | LDAP base DN | Yes | - |
+| `RDP_LISTEN_PORT` | Port to listen for RDP | No | 3389 |
+| `TARGETS_CONFIG_PATH` | Path to targets.yaml | No | /etc/rdpbroker/targets.yaml |
+| `LOG_LEVEL` | Logging level | No | INFO |
+
+### Network Considerations
+
+1. **Firewall Rules**: Ensure Kubernetes nodes can reach:
+   - Samba AD server (port 389 or 636)
+   - RDP target machines (port 3389)
+
+2. **Load Balancer**: Configure your cloud provider's load balancer for RDP traffic
+
+3. **Network Policies**: If using network policies, allow:
+   - Ingress on port 3389
+   - Egress to Samba AD and RDP targets
+
+## Testing the Deployment
+
+### 1. Get Service IP
+
+```bash
+kubectl get svc rdpbroker -n rdpbroker
+
+# Wait for EXTERNAL-IP
+export RDP_BROKER_IP=$(kubectl get svc rdpbroker -n rdpbroker -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+echo $RDP_BROKER_IP
+```
+
+### 2. Connect with RDP Client
+
+#### Linux (xfreerdp)
+
+```bash
+xfreerdp /v:$RDP_BROKER_IP:3389 /u:yourusername
+```
+
+#### Windows
+
+```
+mstsc /v:$RDP_BROKER_IP:3389
+```
+
+#### macOS
+
+Use Microsoft Remote Desktop from the App Store.
+
+### 3. Test Authentication
+
+1. Enter your Samba AD credentials
+2. Verify you see the target list
+3. Select a target and verify connection
+
+### 4. Monitor Sessions
+
+```bash
+# View logs
+kubectl logs -f deployment/rdpbroker -n rdpbroker
+
+# Check active sessions
+kubectl exec -it deployment/rdpbroker -n rdpbroker -- ps aux
+```
+
+## Troubleshooting
+
+### Pod Not Starting
+
+```bash
+# Check pod status
+kubectl describe pod -l app=rdpbroker -n rdpbroker
+
+# View events
+kubectl get events -n rdpbroker --sort-by='.lastTimestamp'
+```
+
+### Authentication Failures
+
+1. Verify Samba AD connectivity:
+   ```bash
+   kubectl exec -it deployment/rdpbroker -n rdpbroker -- nc -zv ad.example.com 389
+   ```
+
+2. Check credentials and base DN configuration
+
+3. Review logs:
+   ```bash
+   kubectl logs deployment/rdpbroker -n rdpbroker | grep -i auth
+   ```
+
+### Target Connection Issues
+
+1. Test target reachability:
+   ```bash
+   kubectl exec -it deployment/rdpbroker -n rdpbroker -- nc -zv 192.168.1.10 3389
+   ```
+
+2. Verify targets.yaml configuration:
+   ```bash
+   kubectl get configmap rdpbroker-targets -n rdpbroker -o yaml
+   ```
+
+### Performance Issues
+
+1. Check resource usage:
+   ```bash
+   kubectl top pod -n rdpbroker
+   ```
+
+2. Adjust resources in values.yaml
+
+3. Enable horizontal pod autoscaling
+
+## Upgrading
+
+### Using Helm
+
+```bash
+# Update image tag in values
+helm upgrade rdpbroker ./chart/rdpbroker \
+  -f my-values.yaml \
+  -n rdpbroker
+```
+
+### Manual Upgrade
+
+```bash
+# Update image
+kubectl set image deployment/rdpbroker \
+  rdpbroker=yourusername/rdpbroker:1.1.0 \
+  -n rdpbroker
+
+# Monitor rollout
+kubectl rollout status deployment/rdpbroker -n rdpbroker
+```
+
+## Uninstalling
+
+### Using Helm
+
+```bash
+helm uninstall rdpbroker -n rdpbroker
+```
+
+### Manual Uninstall
+
+```bash
+kubectl delete deployment rdpbroker -n rdpbroker
+kubectl delete service rdpbroker -n rdpbroker
+kubectl delete configmap rdpbroker-targets -n rdpbroker
+kubectl delete namespace rdpbroker
+```
+
+## Production Recommendations
+
+1. **Security**:
+   - Use TLS/SSL for RDP connections
+   - Enable network policies
+   - Use secrets for sensitive configuration
+   - Run security scans on container images
+
+2. **High Availability**:
+   - Enable horizontal pod autoscaling
+   - Use multiple replicas
+   - Configure pod disruption budgets
+
+3. **Monitoring**:
+   - Set up Prometheus metrics
+   - Configure alerting
+   - Enable logging aggregation
+
+4. **Backups**:
+   - Back up ConfigMaps and values files
+   - Document custom configurations
+   - Version control all manifests
+
+5. **Compliance**:
+   - Enable audit logging
+   - Implement session recording
+   - Regular security audits