I’m a newbie in the ONE world so raising this topic to discuss and check wether this is a genuine request or I’m missing something big.
I noticed that on my nodes KVM was being spawned so that VNC was listening on 0.0.0.0. After further digging (and after reading a lot of configuration files and trying tweaking qemu.conf to no avail) I realised this is a template/vm level configuration parameter:
I flipped them all to listen on my tun0 interface only, which is where the frontend is connecting from to proxy those requests. Also have to remind to do the same in case in the future I will import a new VM / download a new template from the marketplace.
My feeling is this should be a cluster-wide configuration parameter (in case you can add some logic to make it listen on “eth0”) or worst case node-wide (where you can set a proper IP). Usually in a cluster you have the level of uniformity you need to say that, ie, all nodes should open VNC ports to eth1.