Kubernetes

As of version 1.16.0 Kasm Workspaces core services can be deployed to Kubernetes. In a Kubernetes deployment, each container (api, manager, guac, rdp-gateway, rdp-https-gateway, share) is a service that can be scaled up/down as needed. Kasm maintains an open-source helm chart that can be used as an example. For containerized sessions, the Kasm Agent component still resides outside of Kubernetes. If you wish to support container based desktop/app sessions, you would deploy Kasm to Kubernetes and then either manually add static agents to the deployment, or configure auto scaling. As of version 1.16.0 Kasm supports auto-scaling agents and generic VMs in Harvester and generic KubeVirt.

Technical Preview

Kasm Workspaces on Kubernetes is currently in Technical Preview for 1.16.0. For this version we recommend organizations try Kasm in Kubernetes on non-production deployments. We welcome any and all feedback in the Helm Project issue tracker. Kasm deployed to Kubernetes is not supported through normal support contracts until it is out of the Technical Preview phase.

Limitations

Kubernetes deployments have the following known limitations. These limitations may be due to limitations in the product, limitations in the current helm chart examples, or both.

  • While Kasm Workspaces is agnostic to the flavor of Kubernetes, we have done much more extensive testing on Rancher. The helm chart may need adjustments to work in your specific environment.

  • The helm chart example is currently limited to a single region. Multi-region deployments should be possible, but would have to be in different namespaces and/or different kubernetes clusters. More work on the helm chart examples is needed to build out a multi-region/zone deployment.

  • All managers, Guac, RDP Gateway, and RDP HTTPS Gateway components are ephemeral and can be scaled up and down, however, they must all be treated identically.

  • There is a 1 to 1 relationship between a Kubernetes namespace and a Kasm zone. Do not attempt to alter the helm chart to include multiple zones in a single namespace deployment of Kasm.

  • While the RDP Gateway service is defined and is running, there is no exposed ingress for port 3389, use the RDP HTTPS Gateway for RDP clients that support RDP over HTTPS.