Skip to content

Latest commit

 

History

History
122 lines (79 loc) · 7.77 KB

README.md

File metadata and controls

122 lines (79 loc) · 7.77 KB
Raw

OCI Single Server

This project will deploy Kasm Workspaces in a single-server deployment in OCI.

Diagram

Pre-Configuration

Consider creating a new Compartment for the Kasm Workspaces deployment.

DNS Zone

In OCI create a public DNS zone that matches the desired domain name for the deployment. e.g kasm.contoso.com.

API Keys

Create an administative user in the OCI console that will be used for the terraform deployment. Add the user to the Administrators Group. Generate an API Key for the user. The API Key Fingerprint will be used as a variable in the deployment configuration. Save the private key to the local directory replacing oci-private-key.pem.

SSL Certificate Options

Terraform-generated Let's Encrypt Certificate

To use Terraform to generate a Let's Encrypt certificate automatically, set the letsencrypt_cert_support_email to a valid email address and set the letsencrypt_server_type to either "staging" or "prod" and leave the kasm_ssl_crt_path and kasm_ssl_key_path variables empty.

NOTE:

  • Staging generates certificates that a browser will not trust, but are formatted correctly and are designed for testing and validating the system configuraiton and deployment and has a limit of hundreds of certificates per domain per week.
  • Prod generates trusted Let's Encrypt certificates but is limited to 5 certificates per week per domain.

Bring Your Own Certificates

Create an SSL certificate that matches the desired domain for the deployment. e.g (kasm.contoso.com). Place the pem encoded cert and key in this directory overwriting kasm_ssl.crt and kasm_ssl.key.

Terraform Configuration

  1. Initialize the project

    terraform init

  2. Open settings.tfvars and update the variables. The variable definitions, descriptions, and validation requirements can be found in variables.tf, or in the table below.

  3. Verify the configuration

    terraform plan

  4. Deploy

    terraform apply

  5. Login to the Deployment as an Admin via the domain defined e.g https://kasm.contoso.com. Single server installs download all workspaces images during the install process so it may take ~15 minutes for the server to fully come online.

Requirements

Name Version
terraform ~> 1.0
acme ~> 2.0
oci ~> 5.0
tls ~> 4.0

Providers

No providers.

Modules

Name Source Version
kasm ./module n/a

Resources

No resources.

Inputs

Name Description Type Default Required
admin_password The administrative user password. No special characters string n/a yes
allow_ssh_cidrs The CIDR notation to allow SSH access to the systems. list(string) n/a yes
allow_web_cidrs The CIDR notation to allow HTTPS access to the systems. list(string) n/a yes
compartment_ocid The Compartment OCID string n/a yes
fingerprint API Key Fingerprint string n/a yes
instance_image_ocid The OCID for the instance image , such as ubuntu 20.04, to use. string n/a yes
instance_shape The instance shape to use. Should be a Flex type. string n/a yes
kasm_build_url The URL for the Kasm Workspaces build string n/a yes
kasm_server_cpus The number of CPUs to configure for the Kasm instance number n/a yes
kasm_server_hdd_size The size in GBs of the Kasm instance HDD number n/a yes
kasm_server_memory The amount of memory to configure for the Kasm instance number n/a yes
kasm_ssl_crt_path The file path to the PEM encoded SSL Certificate. Leave this empty if you are using Lets Encrypt to automatically generate your certificates. string "" no
kasm_ssl_key_path The file path to the PEM encoded SSL Certificate Key. Leave this empty if you are using Lets Encrypt to automatically generate your certificates. string "" no
letsencrypt_cert_support_email Email address to use for Let's Encrypt SSL certificates for OCI Deployment string "" no
letsencrypt_server_type SSL Server type to generate. Valid options are staging and prod, and prod certificates are limited to 5 certificates per week. string "" no
oci_domain_name The public Zone used for the dns entries. This must already exist in the OCI account. (e.g kasm.contoso.com). The deployment will be accessed via this zone name via https string n/a yes
private_key_path The path to the OCI API Key PEM encoded Private Key string n/a yes
project_name The name of the deployment (e.g dev, staging). A short single word string n/a yes
region The OCI Region eg: (us-ashburn-1) string n/a yes
ssh_authorized_keys The SSH Public Keys to be installed on the OCI compute instance string n/a yes
swap_size The amount of swap (in GB) to configure inside the compute instances number n/a yes
tenancy_ocid The Tenancy OCID. string n/a yes
user_ocid The User OCID. string n/a yes
user_password The standard (non administrator) user password. No special characters string n/a yes
vcn_subnet_cidr VCN Subnet CIDR where you wish to deploy Kasm string n/a yes

Outputs

Name Description
ssh_key_info SSH Keys to use with Kasm Deployment

Detailed Terraform Deployment Diagram

Detailed Diagram