RdpBroker/docs/deployment.md

# RdpBroker Deployment Guide

This document provides detailed instructions for deploying RdpBroker to a Kubernetes cluster.

## Table of Contents

- [Prerequisites](#prerequisites)
- [Building the Container Image](#building-the-container-image)
- [Preparing the Environment](#preparing-the-environment)
- [Deploying with Helm](#deploying-with-helm)
- [Manual Deployment](#manual-deployment)
- [Configuration](#configuration)
- [Testing the Deployment](#testing-the-deployment)
- [Troubleshooting](#troubleshooting)
- [Upgrading](#upgrading)
- [Uninstalling](#uninstalling)

## Prerequisites

### Required Tools

- **kubectl** (1.20+) - Kubernetes command-line tool
- **helm** (3.x) - Kubernetes package manager
- **docker** - Container runtime for building images
- **Kubernetes cluster** (1.20+) - Running cluster with appropriate access

### Required Services

- **Samba Active Directory server** - Accessible from the Kubernetes cluster
- **RDP target machines** - Reachable from Kubernetes pods
- **Container registry** - For storing the RdpBroker image (Docker Hub, GCR, ECR, etc.)

## Building the Container Image

### 1. Build the Image

Navigate to the source directory and build the Docker image:

```bash
cd src/
docker build -t rdpbroker:1.0.0 .
```

### 2. Tag for Your Registry

Tag the image for your container registry:

```bash
# Docker Hub
docker tag rdpbroker:1.0.0 yourusername/rdpbroker:1.0.0

# Google Container Registry
docker tag rdpbroker:1.0.0 gcr.io/your-project/rdpbroker:1.0.0

# AWS ECR
docker tag rdpbroker:1.0.0 123456789012.dkr.ecr.us-east-1.amazonaws.com/rdpbroker:1.0.0
```

### 3. Push to Registry

```bash
# Docker Hub
docker push yourusername/rdpbroker:1.0.0

# Google Container Registry
docker push gcr.io/your-project/rdpbroker:1.0.0

# AWS ECR
docker push 123456789012.dkr.ecr.us-east-1.amazonaws.com/rdpbroker:1.0.0
```

## Preparing the Environment

### 1. Create Namespace

```bash
kubectl create namespace rdpbroker
```

### 2. Configure Targets

Edit the `targets.yaml` file to define your RDP targets:

```yaml
targets:
  - name: "Production Server"
    host: "192.168.1.10"
    port: 3389
    description: "Production Environment"
  
  - name: "Development Server"
    host: "192.168.1.20"
    port: 3389
    description: "Development Environment"
```

### 3. Create ConfigMap (Optional)

If you prefer to manage targets separately:

```bash
kubectl create configmap rdpbroker-targets \
  --from-file=targets.yaml=targets.yaml \
  -n rdpbroker
```

## Deploying with Helm

### 1. Create Custom Values File

Create a file named `my-values.yaml`:

```yaml
image:
  repository: yourusername/rdpbroker
  tag: "1.0.0"

config:
  sambaAD:
    server: "ad.example.com"
    port: 389
    baseDN: "DC=example,DC=com"
  
  rdp:
    listenPort: 3389
  
  logging:
    level: "INFO"

service:
  type: LoadBalancer
  # Optional: specify a static IP
  # loadBalancerIP: "10.0.0.100"

resources:
  limits:
    cpu: 1000m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 128Mi

# If you created a ConfigMap for targets
targets:
  existingConfigMap: "rdpbroker-targets"
  # Or define inline
  # data: |
  #   targets:
  #     - name: "Server 01"
  #       host: "192.168.1.10"
  #       port: 3389
  #       description: "Production"
```

### 2. Install the Chart

```bash
helm install rdpbroker ./chart/rdpbroker \
  -f my-values.yaml \
  -n rdpbroker
```

### 3. Verify Installation

```bash
# Check pod status
kubectl get pods -n rdpbroker

# Check service
kubectl get svc -n rdpbroker

# View logs
kubectl logs -f deployment/rdpbroker -n rdpbroker
```

## Manual Deployment

If you prefer not to use Helm, you can deploy manually:

### 1. Create ConfigMap

```bash
kubectl create configmap rdpbroker-targets \
  --from-file=targets.yaml=targets.yaml \
  -n rdpbroker
```

### 2. Create Deployment

Create `deployment.yaml`:

```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: rdpbroker
  namespace: rdpbroker
spec:
  replicas: 1
  selector:
    matchLabels:
      app: rdpbroker
  template:
    metadata:
      labels:
        app: rdpbroker
    spec:
      containers:
      - name: rdpbroker
        image: yourusername/rdpbroker:1.0.0
        env:
        - name: SAMBA_AD_SERVER
          value: "ad.example.com"
        - name: SAMBA_AD_PORT
          value: "389"
        - name: SAMBA_AD_BASE_DN
          value: "DC=example,DC=com"
        - name: RDP_LISTEN_PORT
          value: "3389"
        - name: TARGETS_CONFIG_PATH
          value: "/etc/rdpbroker/targets.yaml"
        - name: LOG_LEVEL
          value: "INFO"
        ports:
        - containerPort: 3389
          name: rdp
        volumeMounts:
        - name: targets-config
          mountPath: /etc/rdpbroker
          readOnly: true
        resources:
          limits:
            cpu: 1000m
            memory: 512Mi
          requests:
            cpu: 100m
            memory: 128Mi
      volumes:
      - name: targets-config
        configMap:
          name: rdpbroker-targets
```

### 3. Create Service

Create `service.yaml`:

```yaml
apiVersion: v1
kind: Service
metadata:
  name: rdpbroker
  namespace: rdpbroker
spec:
  type: LoadBalancer
  ports:
  - port: 3389
    targetPort: 3389
    protocol: TCP
    name: rdp
  selector:
    app: rdpbroker
```

### 4. Apply Manifests

```bash
kubectl apply -f deployment.yaml
kubectl apply -f service.yaml
```

## Configuration

### Environment Variables

| Variable | Description | Required | Default |
|----------|-------------|----------|---------|
| `SAMBA_AD_SERVER` | Samba AD server hostname/IP | Yes | - |
| `SAMBA_AD_PORT` | LDAP port | No | 389 |
| `SAMBA_AD_BASE_DN` | LDAP base DN | Yes | - |
| `RDP_LISTEN_PORT` | Port to listen for RDP | No | 3389 |
| `TARGETS_CONFIG_PATH` | Path to targets.yaml | No | /etc/rdpbroker/targets.yaml |
| `LOG_LEVEL` | Logging level | No | INFO |

### Network Considerations

1. **Firewall Rules**: Ensure Kubernetes nodes can reach:
   - Samba AD server (port 389 or 636)
   - RDP target machines (port 3389)

2. **Load Balancer**: Configure your cloud provider's load balancer for RDP traffic

3. **Network Policies**: If using network policies, allow:
   - Ingress on port 3389
   - Egress to Samba AD and RDP targets

## Testing the Deployment

### 1. Get Service IP

```bash
kubectl get svc rdpbroker -n rdpbroker

# Wait for EXTERNAL-IP
export RDP_BROKER_IP=$(kubectl get svc rdpbroker -n rdpbroker -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo $RDP_BROKER_IP
```

### 2. Connect with RDP Client

#### Linux (xfreerdp)

```bash
xfreerdp /v:$RDP_BROKER_IP:3389 /u:yourusername
```

#### Windows

```
mstsc /v:$RDP_BROKER_IP:3389
```

#### macOS

Use Microsoft Remote Desktop from the App Store.

### 3. Test Authentication

1. Enter your Samba AD credentials
2. Verify you see the target list
3. Select a target and verify connection

### 4. Monitor Sessions

```bash
# View logs
kubectl logs -f deployment/rdpbroker -n rdpbroker

# Check active sessions
kubectl exec -it deployment/rdpbroker -n rdpbroker -- ps aux
```

## Troubleshooting

### Pod Not Starting

```bash
# Check pod status
kubectl describe pod -l app=rdpbroker -n rdpbroker

# View events
kubectl get events -n rdpbroker --sort-by='.lastTimestamp'
```

### Authentication Failures

1. Verify Samba AD connectivity:
   ```bash
   kubectl exec -it deployment/rdpbroker -n rdpbroker -- nc -zv ad.example.com 389
   ```

2. Check credentials and base DN configuration

3. Review logs:
   ```bash
   kubectl logs deployment/rdpbroker -n rdpbroker | grep -i auth
   ```

### Target Connection Issues

1. Test target reachability:
   ```bash
   kubectl exec -it deployment/rdpbroker -n rdpbroker -- nc -zv 192.168.1.10 3389
   ```

2. Verify targets.yaml configuration:
   ```bash
   kubectl get configmap rdpbroker-targets -n rdpbroker -o yaml
   ```

### Performance Issues

1. Check resource usage:
   ```bash
   kubectl top pod -n rdpbroker
   ```

2. Adjust resources in values.yaml

3. Enable horizontal pod autoscaling

## Upgrading

### Using Helm

```bash
# Update image tag in values
helm upgrade rdpbroker ./chart/rdpbroker \
  -f my-values.yaml \
  -n rdpbroker
```

### Manual Upgrade

```bash
# Update image
kubectl set image deployment/rdpbroker \
  rdpbroker=yourusername/rdpbroker:1.1.0 \
  -n rdpbroker

# Monitor rollout
kubectl rollout status deployment/rdpbroker -n rdpbroker
```

## Uninstalling

### Using Helm

```bash
helm uninstall rdpbroker -n rdpbroker
```

### Manual Uninstall

```bash
kubectl delete deployment rdpbroker -n rdpbroker
kubectl delete service rdpbroker -n rdpbroker
kubectl delete configmap rdpbroker-targets -n rdpbroker
kubectl delete namespace rdpbroker
```

## Production Recommendations

1. **Security**:
   - Use TLS/SSL for RDP connections
   - Enable network policies
   - Use secrets for sensitive configuration
   - Run security scans on container images

2. **High Availability**:
   - Enable horizontal pod autoscaling
   - Use multiple replicas
   - Configure pod disruption budgets

3. **Monitoring**:
   - Set up Prometheus metrics
   - Configure alerting
   - Enable logging aggregation

4. **Backups**:
   - Back up ConfigMaps and values files
   - Document custom configurations
   - Version control all manifests

5. **Compliance**:
   - Enable audit logging
   - Implement session recording
   - Regular security audits