$ virtctl vnc <vm_name>
You can connect to the following consoles to access running virtual machines (VMs):
You can connect to the VNC console of a virtual machine by using the OpenShift Container Platform web console or the virtctl
command line tool.
You can connect to the VNC console of a virtual machine (VM) by using the OpenShift Container Platform web console.
If you connect to a Windows VM with a vGPU assigned as a mediated device, you can switch between the default display and the vGPU display. |
On the Virtualization → VirtualMachines page, click a VM to open the VirtualMachine details page.
Click the Console tab. The VNC console session starts automatically.
Optional: To switch to the vGPU display of a Windows VM, select Ctl + Alt + 2 from the Send key list.
Select Ctl + Alt + 1 from the Send key list to restore the default display.
To end the console session, click outside the console pane and then click Disconnect.
You can use the virtctl
command line tool to connect to the VNC console of a running virtual machine.
If you run the |
You must install the virt-viewer
package.
Run the following command to start the console session:
$ virtctl vnc <vm_name>
If the connection fails, run the following command to collect troubleshooting information:
$ virtctl vnc <vm_name> -v 4
To access the VNC of a virtual machine (VM), generate a temporary authentication bearer token for the Kubernetes API.
Kubernetes also supports authentication using client certificates, instead of a bearer token, by modifying the curl command. |
A running VM with OpenShift Virtualization 4.14 or later and ssp-operator
4.14 or later
Enable the feature gate in the HyperConverged (HCO
) custom resource (CR):
$ oc patch hyperconverged kubevirt-hyperconverged -n openshift-cnv --type json -p '[{"op": "replace", "path": "/spec/featureGates/deployVmConsoleProxy", "value": true}]'
Generate a token by entering the following command:
$ curl --header "Authorization: Bearer ${TOKEN}" \
"https://api.<cluster_fqdn>/apis/token.kubevirt.io/v1alpha1/namespaces/<namespace>/virtualmachines/<vm_name>/vnc?duration=<duration>"
The <duration>
parameter can be set in hours and minutes, with a minimum duration of 10 minutes. For example: 5h30m
. If this parameter is not set, the token is valid for 10 minutes by default.
Sample output:
{ "token": "eyJhb..." }
Optional: Use the token provided in the output to create a variable:
$ export VNC_TOKEN="<token>"
You can now use the token to access the VNC console of a VM.
Log in to the cluster by entering the following command:
$ oc login --token ${VNC_TOKEN}
Test access to the VNC console of the VM by using the virtctl
command:
$ virtctl vnc <vm_name> -n <namespace>
It is currently not possible to revoke a specific token. To revoke a token, you must delete the service account that was used to create it. However, this also revokes all other tokens that were created by using the service account. Use the following command with caution:
|
As a cluster administrator, you can install a cluster role and bind it to a user or service account to allow access to the endpoint that generates tokens for the VNC console.
Choose to bind the cluster role to either a user or service account.
Run the following command to bind the cluster role to a user:
$ kubectl create rolebinding "${ROLE_BINDING_NAME}" --clusterrole="token.kubevirt.io:generate" --user="${USER_NAME}"
Run the following command to bind the cluster role to a service account:
$ kubectl create rolebinding "${ROLE_BINDING_NAME}" --clusterrole="token.kubevirt.io:generate" --serviceaccount="${SERVICE_ACCOUNT_NAME}"
You can connect to the serial console of a virtual machine by using the OpenShift Container Platform web console or the virtctl
command line tool.
Running concurrent VNC connections to a single virtual machine is not currently supported. |
You can connect to the serial console of a virtual machine (VM) by using the OpenShift Container Platform web console.
On the Virtualization → VirtualMachines page, click a VM to open the VirtualMachine details page.
Click the Console tab. The VNC console session starts automatically.
Click Disconnect to end the VNC console session. Otherwise, the VNC console session continues to run in the background.
Select Serial console from the console list.
To end the console session, click outside the console pane and then click Disconnect.
You can connect to a Windows virtual machine (VM) by using the desktop viewer and the Remote Desktop Protocol (RDP).
You can connect to the desktop viewer of a Windows virtual machine (VM) by using the OpenShift Container Platform web console.
You installed the QEMU guest agent on the Windows VM.
You have an RDP client installed.
On the Virtualization → VirtualMachines page, click a VM to open the VirtualMachine details page.
Click the Console tab. The VNC console session starts automatically.
Click Disconnect to end the VNC console session. Otherwise, the VNC console session continues to run in the background.
Select Desktop viewer from the console list.
Click Create RDP Service to open the RDP Service dialog.
Select Expose RDP Service and click Save to create a node port service.
Click Launch Remote Desktop to download an .rdp
file and launch the desktop viewer.