Proxy that provides access to the VNC console of a Kubevirt VM.

It can generate time limited tokens that are then used to access VNC.

A temporary token can be generated using:

GET /api/v1alpha1/${VMI_NAMESPACE}/${VMI_NAME}/token

Where ${VMI_NAMESPACE} and ${VMI_NAME} are the namespace and name of a running VMI.

Parameters:

• duration - Duration while the token is valid

Headers:

• Authorization - Contains Bearer token that is used to check RBAC permissions to access /vnc subresource on a VMI

VNC can be accessed using websocket on this endpoint:

/api/v1alpha1/${VMI_NAMESPACE}/${VMI_NAME}/vnc

This subprotocol is used for authorization:

• base64url.bearer.authorization.k8s.io.${TOKEN} - The ${TOKEN} is a token generated by the above endpoint.

The Service is not exposed by default, because the Ingress configuration can depend on the cluster where it is running. For example this Ingress can be used:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: vm-console
  namespace: kubevirt
spec:
  rules:
    - host: ${HOSTNAME}
      http:
        paths:
          - backend:
              service:
                name: vm-console-proxy
                port:
                  number: 80
            path: /
            pathType: Prefix