Skip to content

Commit

Permalink
chore: Update docs to reflect current API
Browse files Browse the repository at this point in the history
Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
  • Loading branch information
akrejcir committed Aug 4, 2023
1 parent da56dd7 commit a971920
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 38 deletions.
30 changes: 2 additions & 28 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# VM Console Proxy

It provides an endpoint to generate time limited tokens that are then used to access VNC.
This project adds a new API extension to Kubernetes,
that can be used to generate time limited tokens to access VNC.

**Note:** This project no longer provides VNC proxy functionality, so the project name should be changed in the future.

Expand All @@ -18,30 +19,3 @@ kubectl apply -f "https://github.com/kubevirt/vm-console-proxy/releases/latest/d

## API
See the [API documentation](docs/api.md).

## Exposing the service

The `Service` is not exposed by default, because the `Ingress` configuration
can depend on the cluster where it is running. For example this `Ingress` can be used:

[//]: # (TODO: This ingress currently does not work with OpenShit. Look into why.)

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vm-console
namespace: ${VM_CONSOLE_PROXY_NAMESPACE}
spec:
rules:
- host: ${HOSTNAME}
http:
paths:
- backend:
service:
name: vm-console-proxy
port:
number: 443
path: /
pathType: Prefix
```
12 changes: 2 additions & 10 deletions docs/api.md
Original file line number Diff line number Diff line change
@@ -1,25 +1,17 @@
# API

The commands in this document use environment variable `PROXY_URL`,
which should be set to the URL where the `vm-console-proxy` service is
exposed to the outside of the cluster.

## Generate a token

A temporary token can be generated using:
```
GET /api/v1alpha1/${VMI_NAMESPACE}/${VMI_NAME}/token
GET /apis/token.kubevirt.io/v1alpha1/namespaces/${VMI_NAMESPACE}/virtualmachines/${VMI_NAME}/vnc
```
Where `${VMI_NAMESPACE}` and `${VMI_NAME}` are the namespace
and name of a running VMI.

#### Parameters
- `duration` - Duration while the token is valid

#### Headers
- `Authorization` - Contains Bearer token that is used to check
RBAC permissions to access `/vnc` subresource on a VMI

#### Result
Result is a JSON object containing the token:
```json
Expand All @@ -29,7 +21,7 @@ Result is a JSON object containing the token:
### Example
```bash
curl --header "Authorization: Bearer ${KUBERNETES_USER_TOKEN}" \
"https://${PROXY_URL}/api/v1alpha1/${VMI_NAMESPACE}/${VMI_NAME}/token?duration=${DURATION}"
"https://${K8S_API_URL}/apis/token.kubevirt.io/v1alpha1/namespaces/${VMI_NAMESPACE}/virtualmachines/${VMI_NAME}/vnc?duration=${DURATION}"
```

The `KUBERNETES_USER_TOKEN` variable is a bearer token used to authenticate with
Expand Down

0 comments on commit a971920

Please sign in to comment.