The present project consisted of developing and deploying a solution that would allow students of the school to access the software that they use in practical labs without worrying about installation, compatibility and lack of resources often encountered, using containerization using Docker and deployment using Kubernetes.
The proposed solution consists of containerizing two chosen applications (based on usage frequency) and implementing a custom onsite Kubernetes cluster architecture to deploy and manage students/teachers access and activity to these applications through a common web plateform named EasyTP.
- Gns3
- Logisim
To dockerize and remotely access GUI applications, the container contains the following stack described in ./Dockerfiles/\<appname>/Dockerfile
.
- Debian as the base image.
- Supervisord (insures/restrict application/user access inside container) described through supervisord.conf.
- Application and its dependencies
- Openbox (Windows manager) described through menu.xml file.
- x11 provided by TigerVNC
- VNC server provided by TigerVNC
- Websocket to view VNC content through browser provided by easy-novnc.
- Storage through NFS technology
- Networking through proxy / ingress.
- Deployement: the solution is ready to be deployed locally through LAN distributed cluster, VMs or through cloud (soon).
EasyTP is a web application developed with Django that aims to facilitate and customize cluster management according to our specific needs. It serves, in the first place, authenticate the different users of the system, then communicates with the control plane to create pods and services associated with the applications requested by the users. System users are : students, teachers and administrator. Here are the functional and technical specifications of the EasyTP application in detail.
- The application starts a new pod and kubernetes service for each application/user.
- The system allows all users to access the application from the browser.
- The system allows all users of the application to authenticate themselves.
- The system allows to save the user's session for future use.
- The system allows to send an email to new users containing their usernames and passwords.
- The system should delete the pod/container after the user logs out.
We count 3 types of users:
- The system allows an "administrator" user to consult the dashboard.
- The system allows an "administrator" user to add a list of users from a CSV file.
- The administrator must be able to create, update and delete applications.
- The administrator must be able to assign applications to students.
- The administrator must be able to manage access and privileges.
- The system allows a "teacher" user to view all student pods.
- The system allows a "teacher" user to access any student's pod.
- The system allows a teacher user to access student storage spaces.
- The system allows a "teacher" user to launch applications.
- The system allows a teacher user to upload files related to the course to his/her own storage space to be shared with students.
- The system allows a "student" user to launch applications (Lab environement).
- The system allows a student user to upload files from his own local machine or from the space shared with the teacher to his allocated space.
- The system allows a students to collaborate in the same project ( pair,team..etc ) .
- Authentication (only @esi.dz emails are allowed)
- Student
- Teacher
- Admin
- Connect to the web plateforme hosted locally (http://server_IP:31313/login).
- Authenticate, then choose an application to launch, you will be directed to a new tab to access the lab.
- Enter VNC password and connect to your lab !
These instructions will get you a copy of this project up running on your local environement.
- Docker
- cri-dockerd (you can get it from here)
- Kubernetes (you can follow this tutorial to install kubeadm, kubelet and kubectl)
- Create your cluster
swapoff -a
sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --cri-socket=unix:///var/run/cri-dockerd.sock --apiserver-advertise-address=<your ip>
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# install flannel: network plugin
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# enable scheduling on master
kubectl taint node --all node-role.kubernetes.io/master:NoSchedule-
kubectl taint node --all node-role.kubernetes.io/control-plane:NoSchedule-
- Clone the repo
git clone https://github.com/TheDhm/container-manager-app.git
-
Create NFS storage (you can follow this tutorial)
- create DB folder in your nfs server (for postgres DB)
- create USERDATA folder ( users storage space )
- create READONLY folder
- make sure to change nfs server IP in:
- postgres-pv.yaml
- django-deployment.yaml
- persistentVolume.yaml
-
Build the web app image
cd container-manager-app
docker build --rm -t django-app:latest .
- Before you start the project make sur you have docker images locally :
you can build the images using dockerfiles in Dockerfiles
(Logisim & GNS3)
docker build -t <ImageName> <DockerfilePath>
- Deploy on Kubernetes cluster
cd container-manager-app
sh deploy-all.sh
- Migrate
kubectl -n django-space exec -it <django pod> -- python manage.py migrate
- Create superuser
kubectl -n django-space exec -it <django pod> -- python manage.py createsuperuser
- Add Users, Apps and AccessGroups using Django Admin.
- Congrats, You can now start your journey!
Special thanks to M. BELHADI Zohir for helping us through this project.
The below space, a list of the most helpful resources that we would like to give credit to.
- Delivering Desktop Apps in Containers.
- How to create and run GUI application in a Docker container.
- VNC vs RDP: which remote desktop tool is the best?
- Kubernetes tutorial
- FIX: Pod IP address is out of range specified in --pod-network-cidr
Contact KubeLeads Team:
- Anfal Bourouina : [email protected]
- Abderrahmane Melek : [email protected]
- Mohamed Branki Regani : [email protected]
- Mohamed Elghazali Kimeche : [email protected]
- Younes Otmani : [email protected]
- Kenza Makhloufi : [email protected]
The source code for this project is licensed under the MIT license, which you can find in the LICENSE file.