Merge pull request #64453 from sabrinajess/CNV20183

abhatt-rh · web-flow · commit f0cdb826b0fc · 2023-11-13T10:46:23.000Z
CNV-20183- new content temporary token VNC
diff --git a/modules/virt-temporary-token-VNC.adoc b/modules/virt-temporary-token-VNC.adoc
@@ -0,0 +1,69 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-consoles.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-temporary-token-VNC_{context}"]
+= Generating a temporary token for the VNC console
+
+Generate a temporary authentication bearer token for the Kubernetes API to access the VNC of a virtual machine (VM).
+
+[NOTE]
+====
+Kubernetes also supports authentication using client certificates, instead of a bearer token, by modifying the curl command.
+====
+
+.Prerequisites
+
+* A running virtual machine with {VirtProductName} 4.14 or later and xref:../../virt/about-virt/virt-architecture#virt-about-ssp-operator_virt-architecture[`ssp-operator`] 4.14 or later
+
+.Procedure
+
+. Enable the feature gate in the HyperConverged (`HCO`) custom resource (CR):
++
+[source,terminal,subs="attributes+"]
+----
+$ oc patch hyperconverged kubevirt-hyperconverged -n {CNVNamespace} --type json -p '[{"op": "replace", "path": "/spec/featureGates/deployVmConsoleProxy", "value": true}]'
+# ...
+----
+
+. Generate a token by running the following command:
++
+[source,terminal]
+----
+$ curl --header "Authorization: Bearer ${TOKEN}" \
+     "https://api.<cluster_fqdn>/apis/token.kubevirt.io/v1alpha1/namespaces/<namespace>/virtualmachines/<vm_name>/vnc?duration=<duration>" <1>
+----
+<1> Duration can be in hours and minutes, with a minimum duration of 10 minutes. Example: `5h30m`. The token is valid for 10 minutes by default if this parameter is not set.
++
+Sample output:
++
+[source,terminal]
+----
+{ "token": "eyJhb..." }
+----
+
+. Optional: Use the token provided in the output to create a variable:
++
+[source,terminal]
+----
+$ export VNC_TOKEN="<token>"
+----
+
+You can now use the token to access the VNC console of a VM.
+
+.Verification
+
+.  Log in to the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc login --token ${VNC_TOKEN}
+----
+
+.  Use `virtctl` to test access to the VNC console of the VM by running the following command:
++
+[source,terminal]
+----
+$ virtctl vnc <vm_name> -n <namespace>
+----
diff --git a/virt/virtual_machines/virt-accessing-vm-consoles.adoc b/virt/virtual_machines/virt-accessing-vm-consoles.adoc
@@ -23,6 +23,10 @@ include::modules/virt-connecting-to-vm-console-web.adoc[leveloffset=+2]
 include::modules/virt-connecting-vm-virtctl.adoc[leveloffset=+2]
 :!vnc-console:
 
+:context: vnc-console
+include::modules/virt-temporary-token-VNC.adoc[leveloffset=+2]
+:!vnc-console:
+
 [id="serial-console_virt-accessing-vm-consoles"]
 == Connecting to the serial console
 
