9.2 KiB
9.2 KiB
RdpBroker Deployment Guide
This document provides detailed instructions for deploying RdpBroker to a Kubernetes cluster.
Table of Contents
- Prerequisites
- Building the Container Image
- Preparing the Environment
- Deploying with Helm
- Manual Deployment
- Configuration
- Testing the Deployment
- Troubleshooting
- Upgrading
- Uninstalling
Prerequisites
Required Tools
- kubectl (1.20+) - Kubernetes command-line tool
- helm (3.x) - Kubernetes package manager
- docker - Container runtime for building images
- Kubernetes cluster (1.20+) - Running cluster with appropriate access
Required Services
- Samba Active Directory server - Accessible from the Kubernetes cluster
- RDP target machines - Reachable from Kubernetes pods
- Container registry - For storing the RdpBroker image (Docker Hub, GCR, ECR, etc.)
Building the Container Image
1. Build the Image
Navigate to the source directory and build the Docker image:
cd src/
docker build -t rdpbroker:1.0.0 .
2. Tag for Your Registry
Tag the image for your container registry:
# Docker Hub
docker tag rdpbroker:1.0.0 yourusername/rdpbroker:1.0.0
# Google Container Registry
docker tag rdpbroker:1.0.0 gcr.io/your-project/rdpbroker:1.0.0
# AWS ECR
docker tag rdpbroker:1.0.0 123456789012.dkr.ecr.us-east-1.amazonaws.com/rdpbroker:1.0.0
3. Push to Registry
# Docker Hub
docker push yourusername/rdpbroker:1.0.0
# Google Container Registry
docker push gcr.io/your-project/rdpbroker:1.0.0
# AWS ECR
docker push 123456789012.dkr.ecr.us-east-1.amazonaws.com/rdpbroker:1.0.0
Preparing the Environment
1. Create Namespace
kubectl create namespace rdpbroker
2. Configure Targets
Edit the targets.yaml file to define your RDP targets:
targets:
- name: "Production Server"
host: "192.168.1.10"
port: 3389
description: "Production Environment"
- name: "Development Server"
host: "192.168.1.20"
port: 3389
description: "Development Environment"
3. Create ConfigMap (Optional)
If you prefer to manage targets separately:
kubectl create configmap rdpbroker-targets \
--from-file=targets.yaml=targets.yaml \
-n rdpbroker
Deploying with Helm
1. Create Custom Values File
Create a file named my-values.yaml:
image:
repository: yourusername/rdpbroker
tag: "1.0.0"
config:
sambaAD:
server: "ad.example.com"
port: 389
baseDN: "DC=example,DC=com"
rdp:
listenPort: 3389
logging:
level: "INFO"
service:
type: LoadBalancer
# Optional: specify a static IP
# loadBalancerIP: "10.0.0.100"
resources:
limits:
cpu: 1000m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
# If you created a ConfigMap for targets
targets:
existingConfigMap: "rdpbroker-targets"
# Or define inline
# data: |
# targets:
# - name: "Server 01"
# host: "192.168.1.10"
# port: 3389
# description: "Production"
2. Install the Chart
helm install rdpbroker ./chart/rdpbroker \
-f my-values.yaml \
-n rdpbroker
3. Verify Installation
# Check pod status
kubectl get pods -n rdpbroker
# Check service
kubectl get svc -n rdpbroker
# View logs
kubectl logs -f deployment/rdpbroker -n rdpbroker
Manual Deployment
If you prefer not to use Helm, you can deploy manually:
1. Create ConfigMap
kubectl create configmap rdpbroker-targets \
--from-file=targets.yaml=targets.yaml \
-n rdpbroker
2. Create Deployment
Create deployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: rdpbroker
namespace: rdpbroker
spec:
replicas: 1
selector:
matchLabels:
app: rdpbroker
template:
metadata:
labels:
app: rdpbroker
spec:
containers:
- name: rdpbroker
image: yourusername/rdpbroker:1.0.0
env:
- name: SAMBA_AD_SERVER
value: "ad.example.com"
- name: SAMBA_AD_PORT
value: "389"
- name: SAMBA_AD_BASE_DN
value: "DC=example,DC=com"
- name: RDP_LISTEN_PORT
value: "3389"
- name: TARGETS_CONFIG_PATH
value: "/etc/rdpbroker/targets.yaml"
- name: LOG_LEVEL
value: "INFO"
ports:
- containerPort: 3389
name: rdp
volumeMounts:
- name: targets-config
mountPath: /etc/rdpbroker
readOnly: true
resources:
limits:
cpu: 1000m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
volumes:
- name: targets-config
configMap:
name: rdpbroker-targets
3. Create Service
Create service.yaml:
apiVersion: v1
kind: Service
metadata:
name: rdpbroker
namespace: rdpbroker
spec:
type: LoadBalancer
ports:
- port: 3389
targetPort: 3389
protocol: TCP
name: rdp
selector:
app: rdpbroker
4. Apply Manifests
kubectl apply -f deployment.yaml
kubectl apply -f service.yaml
Configuration
Environment Variables
| Variable | Description | Required | Default |
|---|---|---|---|
SAMBA_AD_SERVER |
Samba AD server hostname/IP | Yes | - |
SAMBA_AD_PORT |
LDAP port | No | 389 |
SAMBA_AD_BASE_DN |
LDAP base DN | Yes | - |
RDP_LISTEN_PORT |
Port to listen for RDP | No | 3389 |
TARGETS_CONFIG_PATH |
Path to targets.yaml | No | /etc/rdpbroker/targets.yaml |
LOG_LEVEL |
Logging level | No | INFO |
Network Considerations
-
Firewall Rules: Ensure Kubernetes nodes can reach:
- Samba AD server (port 389 or 636)
- RDP target machines (port 3389)
-
Load Balancer: Configure your cloud provider's load balancer for RDP traffic
-
Network Policies: If using network policies, allow:
- Ingress on port 3389
- Egress to Samba AD and RDP targets
Testing the Deployment
1. Get Service IP
kubectl get svc rdpbroker -n rdpbroker
# Wait for EXTERNAL-IP
export RDP_BROKER_IP=$(kubectl get svc rdpbroker -n rdpbroker -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo $RDP_BROKER_IP
2. Connect with RDP Client
Linux (xfreerdp)
xfreerdp /v:$RDP_BROKER_IP:3389 /u:yourusername
Windows
mstsc /v:$RDP_BROKER_IP:3389
macOS
Use Microsoft Remote Desktop from the App Store.
3. Test Authentication
- Enter your Samba AD credentials
- Verify you see the target list
- Select a target and verify connection
4. Monitor Sessions
# View logs
kubectl logs -f deployment/rdpbroker -n rdpbroker
# Check active sessions
kubectl exec -it deployment/rdpbroker -n rdpbroker -- ps aux
Troubleshooting
Pod Not Starting
# Check pod status
kubectl describe pod -l app=rdpbroker -n rdpbroker
# View events
kubectl get events -n rdpbroker --sort-by='.lastTimestamp'
Authentication Failures
-
Verify Samba AD connectivity:
kubectl exec -it deployment/rdpbroker -n rdpbroker -- nc -zv ad.example.com 389 -
Check credentials and base DN configuration
-
Review logs:
kubectl logs deployment/rdpbroker -n rdpbroker | grep -i auth
Target Connection Issues
-
Test target reachability:
kubectl exec -it deployment/rdpbroker -n rdpbroker -- nc -zv 192.168.1.10 3389 -
Verify targets.yaml configuration:
kubectl get configmap rdpbroker-targets -n rdpbroker -o yaml
Performance Issues
-
Check resource usage:
kubectl top pod -n rdpbroker -
Adjust resources in values.yaml
-
Enable horizontal pod autoscaling
Upgrading
Using Helm
# Update image tag in values
helm upgrade rdpbroker ./chart/rdpbroker \
-f my-values.yaml \
-n rdpbroker
Manual Upgrade
# Update image
kubectl set image deployment/rdpbroker \
rdpbroker=yourusername/rdpbroker:1.1.0 \
-n rdpbroker
# Monitor rollout
kubectl rollout status deployment/rdpbroker -n rdpbroker
Uninstalling
Using Helm
helm uninstall rdpbroker -n rdpbroker
Manual Uninstall
kubectl delete deployment rdpbroker -n rdpbroker
kubectl delete service rdpbroker -n rdpbroker
kubectl delete configmap rdpbroker-targets -n rdpbroker
kubectl delete namespace rdpbroker
Production Recommendations
-
Security:
- Use TLS/SSL for RDP connections
- Enable network policies
- Use secrets for sensitive configuration
- Run security scans on container images
-
High Availability:
- Enable horizontal pod autoscaling
- Use multiple replicas
- Configure pod disruption budgets
-
Monitoring:
- Set up Prometheus metrics
- Configure alerting
- Enable logging aggregation
-
Backups:
- Back up ConfigMaps and values files
- Document custom configurations
- Version control all manifests
-
Compliance:
- Enable audit logging
- Implement session recording
- Regular security audits