1apiVersion: v1
2kind: Namespace
3metadata:
4 name: vnc
5 labels:
6 workload.edge.ncr.com: platform
7 platform.edge.ncr.com/component: novnc
8 annotations:
9 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
10 pallet.edge.ncr.com/name: novnc
11 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
12 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
13 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
14 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
15---
16apiVersion: v1
17kind: ServiceAccount
18metadata:
19 name: novnc-client
20 namespace: vnc
21 labels:
22 platform.edge.ncr.com/component: novnc
23 annotations:
24 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
25 pallet.edge.ncr.com/name: novnc
26 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
27 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
28 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
29 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
30---
31apiVersion: v1
32kind: ConfigMap
33metadata:
34 name: novnc-nginx-templates
35 namespace: vnc
36 labels:
37 platform.edge.ncr.com/component: novnc
38 annotations:
39 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
40 pallet.edge.ncr.com/name: novnc
41 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
42 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
43 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
44 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
45data:
46 novnc.conf.template: |
47 server {
48 listen 80;
49 listen [::]:80;
50 server_name localhost;
51 add_header Cache-Control no-cache;
52 #charset koi8-r;
53 #access_log /var/log/nginx/host.access.log main;
54
55 location / {
56 root /usr/share/nginx/html/novnc;
57 index vnc_lite.html;
58 }
59
60 location /ws {
61 resolver daemonsetdns.daemonsetdns.svc.cluster.local valid=1s ipv6=off;
62
63 # blacklist all headers by default
64 proxy_pass_request_headers off;
65
66 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
67 proxy_set_header Host $host;
68 proxy_set_header Connection "";
69 proxy_http_version 1.1;
70 proxy_set_header Upgrade $http_upgrade;
71 proxy_set_header Connection "upgrade";
72
73 # Header whitelist
74 proxy_set_header Origin $http_origin;
75 proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
76 proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
77 proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
78
79 if ($arg_token !~ "^[a-z0-9-.]+$") {
80 return 400 "Unacceptable Node Name";
81 }
82
83 proxy_read_timeout 900s;
84
85 proxy_pass http://${arg_token}.vncserver.${NAMESPACE}.pod-locator:5900;
86
87 # Disable proxy buffering
88 proxy_buffering off;
89 }
90
91 #error_page 404 /404.html;
92
93 # redirect server error pages to the static page /50x.html
94
95 error_page 500 502 503 504 /50x.html;
96 location = /50x.html {
97 root /usr/share/nginx/html;
98 }
99 }
100---
101apiVersion: v1
102kind: Service
103metadata:
104 name: novnc
105 namespace: vnc
106 labels:
107 platform.edge.ncr.com/component: novnc
108 annotations:
109 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
110 pallet.edge.ncr.com/name: novnc
111 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
112 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
113 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
114 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
115spec:
116 type: ClusterIP
117 selector:
118 app: novnc
119 platform.edge.ncr.com/component: novnc
120 ports:
121 - name: novnc
122 protocol: TCP
123 port: 80
124 targetPort: novnc-http-port
125---
126apiVersion: apps/v1
127kind: Deployment
128metadata:
129 name: novnc
130 labels:
131 app: novnc
132 platform.edge.ncr.com/component: novnc
133 namespace: vnc
134 annotations:
135 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
136 pallet.edge.ncr.com/name: novnc
137 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
138 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
139 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
140 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
141spec:
142 selector:
143 matchLabels:
144 app: novnc
145 platform.edge.ncr.com/component: novnc
146 template:
147 metadata:
148 labels:
149 app: novnc
150 platform.edge.ncr.com/component: novnc
151 annotations:
152 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
153 pallet.edge.ncr.com/name: novnc
154 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
155 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
156 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
157 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
158 spec:
159 serviceAccountName: novnc-client
160 automountServiceAccountToken: true
161 containers:
162 - name: novnc
163 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/novnc@sha256:65bea0cada2942c6ca588625c33c83c707a4c9f191711331f54fa681e20df93c
164 command: ["/bin/sh"]
165 args: ["-c", "envsubst '$NAMESPACE' < /etc/nginx/templates/novnc.conf.template > /etc/nginx/conf.d/novnc.conf && nginx -g 'daemon off;'"]
166 ports:
167 - name: novnc-http-port
168 containerPort: 80
169 env:
170 - name: NAMESPACE
171 valueFrom:
172 fieldRef:
173 fieldPath: metadata.namespace
174 resources:
175 limits:
176 cpu: "1m"
177 memory: "4Mi"
178 requests:
179 cpu: "1m"
180 memory: "2Mi"
181 volumeMounts:
182 - name: novnc-nginx-templates
183 mountPath: /etc/nginx/templates
184 imagePullPolicy: IfNotPresent
185 volumes:
186 - name: novnc-nginx-templates
187 configMap:
188 name: novnc-nginx-templates
189 imagePullSecrets:
190 - name: edge-docker-pull-secret
View as plain text