.. title:: Images Images =========== Kasm Workspaces allows administrators to specify images that users can provision. These images can provide a full desktop or a single application. Default Images -------------- Kasm Technologies maintains and publishes several default Images. The **rolling** editions are automatically built and pushed regularly with the latest software updates and security patches. The Kasm installation will regularly pull the updated images and start using them for newly created sessions. The following are the Kasm Technologies maintained images. Sourcecode for the Images is available on `GitHub `__. .. table:: Default Images :widths: 10, 85, 20 +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | | **Image** | **Dockerhub** | **AMD64** | **ARM64** | **GPU** | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/atom.png | kasmweb/atom:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/audacity.png | kasmweb/audacity:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/brave.png | kasmweb/brave:|release| | `DockerHub `__ | **X** | | **X** | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/centos.png | kasmweb/centos-7-desktop:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/chrome.png | kasmweb/chrome:|release| | `DockerHub `__ | **X** | | **X** | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/chromium.png | kasmweb/chromium:|release| | `DockerHub `__ | **X** | **X** | **X** | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/deluge.png | kasmweb/deluge:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/kasm.png | kasmweb/desktop:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/kasm.png | kasmweb/desktop-deluxe:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/discord.png | kasmweb/discord:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/doom.png | kasmweb/doom:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/edge.png | kasmweb/edge:|release| | `DockerHub `__ | **X** | | **X** | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/filezilla.png | kasmweb/filezilla:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/firefox.png | kasmweb/firefox:|release| | `DockerHub `__ | **X** | **X** | **X** | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/gimp.png | kasmweb/gimp:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/inkscape.png | kasmweb/inkscape:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/insomnia.png | kasmweb/insomnia:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/java-dev.png | kasmweb/java-dev:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/libreoffice.svg | kasmweb/libre-office:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/only-office.png | kasmweb/only-office:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/opensuse.png | kasmweb/opensuse-15-desktop:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/oracle.png | kasmweb/oracle-7-desktop:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/oracle.png | kasmweb/oracle-8-desktop:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/pinta.png | kasmweb/pinta:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/postman.png | kasmweb/postman:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/qbittorrent.png | kasmweb/qbittorrent:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/remmina.png | kasmweb/remmina:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/signal.png | kasmweb/signal:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/steam.png | kasmweb/steam:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/sublime-text.png | kasmweb/sublime-text:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/teams.png | kasmweb/teams:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/telegram.png | kasmweb/telegram:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/terminal.png | kasmweb/terminal:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/thunderbird.png | kasmweb/thunderbird:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/tor-browser.png | kasmweb/tor-browser:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/ubuntu.png | kasmweb/ubuntu-focal-desktop:|release| | `DockerHub `__ | **X** | **X** | **X** | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/vlc.png | kasmweb/vlc:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/vs-code.png | kasmweb/vs-code:|release| | `DockerHub `__ | **X** | **X** | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/zoom.png | kasmweb/zoom:|release| | `DockerHub `__ | **X** | | | +----------------------------------------------------+----------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ Core Images ----------- The core images contain the minimum set of software/configurations to allow the container to operate within the Kasm Workspaces platform. All subsequent images are based from one of these. Sourcecode for the Images is available on `GitHub `__. .. table:: Core Images :widths: 10, 85, 20 +------------------------------------------------------------+---------------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | | **Image** | **Dockerhub** | **AMD64** | **ARM64** | **GPU** | +------------------------------------------------------------+---------------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/ubuntu.png | kasmweb/core-ubuntu-focal:|release| | `DockerHub `__ | **X** | **X** | **X** | +------------------------------------------------------------+---------------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/centos.png | kasmweb/core-centos-7:|release| | `DockerHub `__ | **X** | | | +------------------------------------------------------------+---------------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/nvidia.png | kasmweb/core-cuda-focal:|release| | `DockerHub `__ | **X** | | **X** | +------------------------------------------------------------+---------------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/opensuse.png | kasmweb/core-opensuse-15:|release| | `DockerHub `__ | **X** | **X** | | +------------------------------------------------------------+---------------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/oracle.png | kasmweb/core-oracle-7:|release| | `DockerHub `__ | **X** | | | +------------------------------------------------------------+---------------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/oracle.png | kasmweb/core-oracle-8:|release| | `DockerHub `__ | **X** | **X** | | +------------------------------------------------------------+---------------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/remnux.png | kasmweb/core-remnux-focal:|release| | `DockerHub `__ | **X** | | | +------------------------------------------------------------+---------------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ | .. image:: /images/thumbnails/kali.png | kasmweb/core-kali-rolling:|release| | `DockerHub `__ | **X** | | | +------------------------------------------------------------+---------------------------------------------------+----------------------------------------------------------------------------------------------+-----------+-----------+-----------+ .. _rolling-images: Rolling Images -------------- Kasm Technologies also publishes **rolling** editions (previously named **edge**) of the Default images that are automatically built and published nightly with the latest software and patches. Administrators may choose to use these images to always have up-to-date end-user sessions. .. tip:: If Workspaces is configured to use the rolling images it is recommended to enable **Automatically Prune Images** on the Agent(s). This will reclaim diskpace that would otherwise be taken up by the old images once the new ones are pulled. See :doc:`Agent Settings` for more details. Custom Images ------------- A powerful component of Kasm Workspaces is the ability for administrators to create their own images with the software and configurations they desire. Please see the :doc:`Building Custom Images` and :doc:`Creating Image Maintenance Processes` guides for details. Add/Edit Images --------------- From the Images menu you can edit existing images or add new images. There are a number of properties that can be defined for an image. +----------------------------------+-----------------------------------------------------------------------------------+ | Docker Image | The Docker Image and tag | +----------------------------------+-----------------------------------------------------------------------------------+ | Description | Description of Image | +----------------------------------+-----------------------------------------------------------------------------------+ | Friendly Name | Image name shown to user | +----------------------------------+-----------------------------------------------------------------------------------+ | Thumbnail URL | (Optional) Address of container icon | +----------------------------------+-----------------------------------------------------------------------------------+ | Cores | Amount of CPU cores allocated per Image | +----------------------------------+-----------------------------------------------------------------------------------+ | Memory | Amount of Memory allocated per Image, in megabytes | +----------------------------------+-----------------------------------------------------------------------------------+ | GPU Count | When the session is created, the system will map in this many GPUs into the | | | the container. See `Agent Settings `_. | +----------------------------------+-----------------------------------------------------------------------------------+ | Enabled | The image is enabled for use. If unchecked the image | | | will not be available for users to provision. Agents | | | will not be given instructions to download Images | | | that are disabled. | +----------------------------------+-----------------------------------------------------------------------------------+ | Docker Registry | The docker registry to pull the images from | | | For Docker Hub use https://index.docker.io/v1/ | | | Leave this option blank if you intend to use local | | | images built directly on the Agent server. | +----------------------------------+-----------------------------------------------------------------------------------+ | Docker Registry Username | (Optional) Username | +----------------------------------+-----------------------------------------------------------------------------------+ | Docker Registry Password | (Optional) Password | +----------------------------------+-----------------------------------------------------------------------------------+ | Hash | (Optional) hash of image | +----------------------------------+-----------------------------------------------------------------------------------+ | Persistent Profile Path | (Optional) Absolute path of the location to store | | | user's persistent profile. See | | | `Persistent Profiles <../how_to/persistent_profiles.html>`_ | | | for more details. | +----------------------------------+-----------------------------------------------------------------------------------+ | Volume Mappings | (Optional) Json data for | | | `Volume Mappings <../how_to/volume_mapping.html>`_ | +----------------------------------+-----------------------------------------------------------------------------------+ | Docker Run Config Override | (Optional) Json data for specifying additional | | | docker run arguments, see `Docker Run Config`_ for more info. | +----------------------------------+-----------------------------------------------------------------------------------+ | Docker Exec Config | (Optional) Json data for specifying commands | | | to executed when a Kasm is started or resumed. | | | See the `Docker Exec Config`_ for details | +----------------------------------+-----------------------------------------------------------------------------------+ | Web Filter Policy | Enables web filtering and sets the | | | :doc:`Web Filter Policy <../../guide/web_filtering>` to be used. Policies can | | | also be set via Group Settings. Policies assigned to Images take priority over | | | those defined via Group Settings. Selecting **Inherit** will instruct the system | | | to use a policy if defined on a Group Setting. Selecting **Force Disabled** will | | | instruct the system to not use a policy even if one is defined in a Group Setting | +----------------------------------+-----------------------------------------------------------------------------------+ | Categories | Define a list of categories the image belongs to. These categories will be | | | displayed on the Workspaces dashboard for uses to select. The first category | | | listed is the one displayed for the image when looking at a list of all images. | +----------------------------------+-----------------------------------------------------------------------------------+ | Session Time Limit | The amount of time (in seconds) a session will automatically expire. | | | A countdown timer will be displayed to the user. | +----------------------------------+-----------------------------------------------------------------------------------+ | Allow Network Selection | When enabled, users will be presented with a dropdown of available docker | | | networks when creating a session. The list of available networks can be | | | limited if **Restrict Image to Docker Network** is configured | +----------------------------------+-----------------------------------------------------------------------------------+ | Restrict Image to Docker Network | (Optional) Instances of this image will only | | | be created on agent servers with this docker | | | network. | +----------------------------------+-----------------------------------------------------------------------------------+ | Restrict Image to Kasm Agent | (Optional) Instances of this image will only | | | be created on this agent server. | +----------------------------------+-----------------------------------------------------------------------------------+ | Restrict Image to Zone | (Optional) Instances of this image will only | | | be created on Agents within the selected | | | :term:`Deployment Zone` | +----------------------------------+-----------------------------------------------------------------------------------+ | Notes | (Optional) A free form field used for taking notes about the image. | | | This is only displayed when editing or viewing an image configuration. | | | This is a great way to let other admins know about anything specific | | | to this image. | +----------------------------------+-----------------------------------------------------------------------------------+ .. note:: The Images are by default added to the all users group. This behavior can be changed with the `Add Images To Default Group `_ server setting. Docker Exec Config ------------------ The Docker Exec configurations allow administrators to configure custom commands to be executed when a user creates or resumes a Kasm. This JSON dictionary configuration accepts three top-level keys **first_launch**, **go**, and **assign**. * first_launch This command is executed after the session is launched. * go This command is executed when the user requests to create or resume a session via the /go url. If the session doesn't exist yet, and will be created for the first time, the **first_launch** command will take priority. If the user is assigned a :doc:`Staged Session ` as part of the request, the **assign** command will take priority. * assign This command is executed when the user is assigned a :doc:`Staged Session ` via direct request, the /go url, or via :code:`request_kasm` api The following example demonstrates how to use the Docker Exec Config for the default **kasmweb/chrome** Image for a seamless browser isolation configuration. See `Browser Isolation `_ for more details. .. code-block:: Javascript { "first_launch": { "cmd": "bash -c 'google-chrome --start-maximized \"$KASM_URL\"'", "environment": { "LAUNCH_URL": "" } }, "go": { "cmd": "bash -c 'google-chrome --start-maximized \"$KASM_URL\"'" }, "assign": { "cmd": "bash -c 'google-chrome --start-maximized \"$KASM_URL\"'" } } .. _docker-run-config: Docker Run Config ------------------ The Docker Run Config Override setting may be used by administrators to pass custom docker run options when the session container is created. Many items that can be invoked by the :code:`docker run` commandline tool can be defined in the json structure mirroring the keyword arguments defined in the docker python API :code:`Container.run` function. Detailed specs can be found in the `Docker SDK for Python Documentation `__. Examples ^^^^^^^^ - Setting environment variables. .. code-block:: Javascript { "environment": { "FOO": "BAR", "BIN" : "BAZ" } } - Setting the container hostname. .. code-block:: Javascript { "hostname": "HOST-123" } - Setting the user. see :doc:`Running as root <../how_to/running_as_root>` for more details .. code-block:: Javascript { "user": "root" } - Mapping in devices. .. code-block:: Javascript { "devices": [ "/dev/input/event0:/dev/input/event0:rwm", "/dev/net/tun:/dev/net/tun:rwm" ] } - Adjusting security options. .. code-block:: Javascript { "security_opt": [ "seccomp=unconfined" ] } - Adjusting the size of /dev/shm. .. code-block:: Javascript { "shm_size" : "4g" } - Running the container as privileged. .. code-block:: Javascript { "privileged" : true } - Adding / Removing Linux Kernel capabilities. .. code-block:: Javascript { "cap_add" : ["SYS_ADMIN", "MKNOD"], "cap_drop" : ["SYS_RESOURCE"] }