This project will deploy Kasm Workspaces in a single-server deployment on DigitalOcean.
If digitalocean is not already managing your domain you will need to have your registrar point to the DigitalOcean nameservers: https://www.digitalocean.com/community/tutorials/how-to-point-to-digitalocean-nameservers-from-common-domain-registrars
Create a personal access token with read/write permissions at https://cloud.digitalocean.com/account/api/tokens
This project will launch a droplet and allow connections using the ssh keys defined by ssh_key_fingerprints
. You can copy the fingerprint from the desired ssh keys from https://cloud.digitalocean.com/account/security
-
Initialize the project
terraform init
-
Open
settings.tf
and update the variables. The variable definitions and descriptions can be found invariables.tf
.
NOTE: This document assumes you are using a separate file named
secrets.tfvars
for the DigitalOcean token credential. The .gitignore file in this repository will ignore any files namedsecrets.tfvars
since they are expected to have sensitive values in them. This will prevent you from accidentally committing them to source control. Refer to the Generating a DigitalOcean Access Token document if you need help with this process.
-
Verify the configuration
terraform plan -var-file secrets.tfvars
-
Deploy
terraform apply -var-file secrets.tfvars
-
Login to the Deployment as an Admin via the domain defined e.g
https://kasm.contoso.com
. Single server installs download all workspaces images during the install process so it may take ~15 minutes for the server to fully come online.
Name | Version |
---|---|
terraform | ~> 1.0 |
digitalocean | ~> 2.0 |
No providers.
Name | Source | Version |
---|---|---|
kasm | ./module | n/a |
No resources.
Name | Description | Type | Default | Required |
---|---|---|---|---|
admin_password | The default password to be used for the default [email protected] account. Only use alphanumeric characters | string |
"changeme" |
no |
allow_kasm_web_cidrs | CIDR notation of the bastion host allowed to SSH in to the machines | list(string) |
[ |
no |
allow_ssh_cidrs | CIDR notation of the bastion host allowed to SSH in to the machines | list(string) |
[ |
no |
digital_ocean_droplet_slug | The Default Digital Ocean Droplet Slug: https://slugs.do-api.dev/ | string |
"s-2vcpu-4gb-intel" |
no |
digital_ocean_image | Default Image for Ubuntu 20.04 LTS with Docker | string |
"docker-20-04" |
no |
digital_ocean_region | The Digital Ocean region where you wish to deploy Kasm | string |
"nyc3" |
no |
digital_ocean_token | Authentication Token For Digital Ocean | string |
n/a | yes |
do_domain_name | The domain name that users will use to access Kasm | string |
n/a | yes |
kasm_build_url | The Kasm build file to install | string |
"https://kasm-static-content.s3.amazonaws.com/kasm_release_1.12.0.d4fd8a.tar.gz" |
no |
project_name | The name of the project/deployment/company eg (acme). | string |
n/a | yes |
ssh_key_fingerprints | Keys used for sshing into kasm hosts | list(string) |
n/a | yes |
swap_size | The amount of swap (in GB) to configure inside the compute instances | number |
n/a | yes |
user_password | The default password to be used for the default [email protected] account. Only use alphanumeric characters | string |
"changeme" |
no |
vpc_subnet_cidr | VPC Subnet CIDR where you wish to deploy Kasm | string |
"10.0.0.0/24" |
no |
No outputs.