README
ΒΆ
StreamSpace
Stream any app to your browser
An open source, platform-agnostic container streaming platform
Features β’ Quick Start β’ Architecture β’ Documentation β’ Contributing
[!NOTE] Current Version: v2.0-beta.1 - Production Ready
StreamSpace v2.0-beta.1 is ready for production deployment with multi-tenancy, enterprise security, and comprehensive observability.
π Project Board: StreamSpace v2.0 Development
π Overview
StreamSpace delivers browser-based access to containerized applications. It features a central Control Plane (API/WebUI) that manages distributed Agents across various platforms (Kubernetes, Docker).
What's New in v2.0-beta.1
Core Platform:
- β Multi-Platform Architecture: Control Plane + Agent model
- β Secure VNC Proxy: WebSocket-based VNC tunneling (<100ms latency)
- β K8s Agent: Kubernetes agent with session lifecycle management
- β Docker Agent: Docker platform support with HA backends
- β High Availability: Multi-pod API, leader election, automatic failover
Enterprise Features:
- β Multi-Tenancy: Org-scoped access control, JWT claims, cross-tenant prevention
- β Observability: 3 Grafana dashboards, 12 Prometheus alert rules
- β
API Documentation: OpenAPI 3.0 spec with Swagger UI at
/api/docs - β Security: 15 CVEs fixed, security headers, 0 Critical/High vulnerabilities
Test Coverage:
- β Backend: 100% handler coverage (9/9 packages)
- β UI: 98% test passing (189/191 tests)
See ROADMAP.md for future plans.
β¨ Features
| Core Features | Enterprise Features |
|---|---|
| π₯οΈ Browser-based VNC access | π SSO: SAML 2.0, OIDC, OAuth2 |
| π₯ Multi-tenancy with org scoping | π‘οΈ MFA with TOTP |
| πΎ Persistent home directories | π Audit Logging & Compliance |
| π€ Auto-hibernation (scale to zero) | π IP Whitelisting & Rate Limiting |
| π¦ 200+ Apps via templates | π Webhooks (16 event types) |
| π Grafana Dashboards | π Prometheus Alerts |
π οΈ Quick Start
Prerequisites
- Kubernetes 1.19+ (k3s recommended)
- Helm 3.0+
- PostgreSQL database
- NFS storage provisioner
Installation
-
Clone the repository
git clone https://github.com/streamspace-dev/streamspace.git cd streamspace -
Deploy CRDs
kubectl apply -f manifests/crds/ -
Install via Helm
helm install streamspace ./chart -n streamspace --create-namespace -
Create a Session
kubectl apply -f - <<EOF apiVersion: stream.space/v1alpha1 kind: Session metadata: name: my-firefox namespace: streamspace spec: user: john template: firefox-browser state: running resources: memory: 2Gi EOF
[!TIP] Production Setup: Before deploying to production, ensure you update the default secrets. See the Deployment Guide for details.
π― Production Status (v2.0-beta.1)
StreamSpace v2.0-beta.1 is production ready with comprehensive security, observability, and test coverage:
Test Coverage
| Component | Coverage | Status |
|---|---|---|
| API Backend | 100% | β All 9 handler packages |
| UI Components | 98% | β 189/191 tests passing |
| K8s Agent | ~80% | β Session lifecycle, VNC |
| Docker Agent | ~60% | β Platform support |
Security Status
- β 0 Critical/High CVEs - All 15 vulnerabilities fixed
- β Security Headers - HSTS, CSP, X-Frame-Options
- β Rate Limiting - 60 req/min default
- β Input Validation - JSON schema validation
Observability
- β 3 Grafana Dashboards - Control Plane, Sessions, Agents
- β 12 Prometheus Alerts - Latency, errors, heartbeat
- β Structured Logging - With trace IDs
Performance
| Metric | Target | Actual |
|---|---|---|
| API Latency (p99) | < 800ms | ~200ms |
| Session Startup | < 30s | ~6s |
| VNC Latency | < 100ms | <100ms |
| Agent Reconnection | < 60s | ~23s |
ποΈ Architecture
StreamSpace uses a Control Plane + Agent architecture for multi-platform support and scalability.
graph TD
User[User / Browser] -->|HTTPS| Ingress[Load Balancer]
Ingress -->|HTTPS| UI[Web UI]
Ingress -->|HTTPS/WSS| API[Control Plane API]
subgraph "Control Plane"
UI
API
Hub[WebSocket Hub]
VNCProxy[VNC Proxy]
DB[(PostgreSQL)]
API --> DB
API --> Hub
API --> VNCProxy
end
subgraph "Execution Plane - Kubernetes"
K8sAgent[K8s Agent]
K8sAgent <-->|WebSocket| Hub
K8sAgent -->|Manage| Pods[Session Pods]
VNCProxy <-.->|VNC Tunnel| K8sAgent
K8sAgent <-.->|VNC| Pods
end
subgraph "Execution Plane - Docker (v2.1)"
DockerAgent[Docker Agent]
DockerAgent <-->|WebSocket| Hub
DockerAgent -->|Manage| Containers[Session Containers]
end
Key Components:
- Control Plane: Central management, authentication, VNC proxy
- WebSocket Hub: Real-time agent communication and coordination
- VNC Proxy: Secure tunneling of VNC traffic through Control Plane
- K8s Agent: Manages Kubernetes pods and sessions
- Session Pods: Isolated containerized environments with VNC
For detailed architecture, see ARCHITECTURE.md.
π Available Applications
Templates are available via streamspace-templates.
- Browsers: Firefox, Chromium, Brave, LibreWolf
- Development: VS Code, GitHub Desktop
- Productivity: LibreOffice, OnlyOffice
- Media: GIMP, Blender, Audacity, Kdenlive
π» Development
Build Components
# Build K8s Agent
cd agents/k8s-agent && go build -o k8s-agent .
# Build API
cd api && go build -o streamspace-api
# Build UI
cd ui && npm install && npm run build
Run Tests
# Run all integration tests
cd tests && ./scripts/run-integration-tests.sh
See TESTING.md for detailed testing guides.
π Documentation
User Guides
- FEATURES.md: Complete feature list & implementation status
- DEPLOYMENT.md: Production deployment guide
- ARCHITECTURE.md: Deep dive into system design
- DISASTER_RECOVERY.md: Backup & DR procedures
API Documentation
- Swagger UI: Interactive API explorer
- OpenAPI Spec: OpenAPI 3.0 specification
Development
- CONTRIBUTING.md: How to contribute
- TESTING.md: Testing guides
- ROADMAP.md: Future development plans
Project Management
- Project Board: Live progress tracking
- Milestones: Release planning
- Issues: Bug reports & feature requests
π€ Contributing
Contributions are welcome! Please read CONTRIBUTING.md first.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
π License
StreamSpace is licensed under the MIT License.
Built with β€οΈ by the StreamSpace Team
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
api
module
|
|
|
plugins
|
|
|
streamspace-analytics-advanced
command
|
|
|
streamspace-audit-advanced
command
|
|
|
streamspace-auth-oauth
command
|
|
|
streamspace-auth-saml
command
|
|
|
streamspace-compliance
command
|
|
|
streamspace-datadog
command
|
|
|
streamspace-dlp
command
|
|
|
streamspace-elastic-apm
command
|
|
|
streamspace-honeycomb
command
|
|
|
streamspace-newrelic
command
|
|
|
streamspace-recording
command
|
|
|
streamspace-sentry
command
|
|
|
streamspace-snapshots
command
|
|
|
streamspace-storage-azure
command
|
|
|
streamspace-storage-gcs
command
|
|
|
streamspace-storage-s3
command
|
|
|
streamspace-workflows
command
|
Click to show internal directories.
Click to hide internal directories.