farhoodlabs/devcontainer
8
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 39 Wiki Activity

catchup

Browse Source
This commit is contained in:
Chris Farhood
2026-02-19 19:55:05 -05:00
parent 7003d860b7
commit dfc0a3c1e3
10 changed files with 169 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.mcp.json
+29
View File
@@ -0,0 +1,29 @@
{
"mcpServers": {
"github": {
"command": "github-mcp-server",
"args": ["stdio"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "${CLAUDE_GITHUB_TOKEN}"
}
},
"kubernetes (local)": {
"command": "npx",
"args": [
"-y",
"kubernetes-mcp-server@latest"
]
},
"flux (local)":{
"command":"flux-operator-mcp",
"args":["serve"],
"env":{
"KUBECONFIG":"/Users/cpfarhood/.kube/config"
}
},
"playwright": {
"command": "npx",
"args": ["-y", "@playwright/mcp@latest"]
}
}
}
k8s/configmap.yaml → flux/configmap.yaml.example
+2 -2
View File
@@ -2,11 +2,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: antigravity
name: devcontainer
data:
# GitHub repository to clone on startup
# Example: "https://github.com/username/repository"
github-repo: "https://github.com/privilegedescalation/headlamp-polaris-plugin"
# github-repo: "https://github.com/username/repository"
# Happy Coder configuration (optional)
# happy-server-url: "https://api.cluster-fluster.com"
flux/httproute.yaml
+20
View File
@@ -0,0 +1,20 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: antigravity
spec:
parentRefs:
- name: external
namespace: gateway-system
hostnames:
- ${FQDN}
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: antigravity
port: 5800
weight: 1
k8s/kustomization.yaml → flux/kustomization.yaml
+2 -4
View File
@@ -1,12 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cpfarhood
resources:
- configmap.yaml
# - configmap.yaml
- statefulset.yaml
- service.yaml
# Uncomment to create secrets from files
# secretGenerator:
k8s/secrets-example.yaml → flux/secrets.yaml.example
View File
flux/service.yaml
+13
View File
@@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: devcontainer
labels:
app: devcontainer
spec:
ports:
- port: 5800
name: vnc-web
protocol: TCP
selector:
app: devcontainer
flux/statefulset.yaml
+83
View File
@@ -0,0 +1,83 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: antigravity
spec:
serviceName: "antigravity"
replicas: 1
selector:
matchLabels:
app: devcontainer
template:
metadata:
labels:
app: devcontainer
spec:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
containers:
- name: antigravity
image: ghcr.io/cpfarhood/devcontainer:latest
imagePullPolicy: Always
ports:
- containerPort: 5800
name: vnc-web
protocol: TCP
volumeMounts:
- name: userhome
mountPath: /home
- name: workspace
mountPath: /workspace
env:
# User/Group IDs for the claude user
- name: USER_ID
value: "1000"
- name: GROUP_ID
value: "1000"
# VNC display settings
- name: DISPLAY_WIDTH
value: "1920"
- name: DISPLAY_HEIGHT
value: "1080"
- name: SECURE_CONNECTION
value: "0"
- name: HAPPY_HOME_DIR
value: "/home/user/.happy"
- name: HAPPY_EXPERIMENTAL
value: "true"
envFrom:
- configMapRef: ${ENV_CONFIGMAP}
- secretRef: ${ENV_SECRETS}
resources:
requests:
memory: "2Gi"
cpu: "1000m"
limits:
memory: "8Gi"
cpu: "4000m"
livenessProbe:
httpGet:
path: /
port: 5800
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 5800
initialDelaySeconds: 10
periodSeconds: 5
volumes:
- name: workspace
emptyDir: {}
volumeClaimTemplates:
- metadata:
name: userhome
spec:
accessModes: ["ReadWriteMany"]
storageClassName: "ceph-filesystem"
resources:
requests:
storage: 10Gi
k8s/httproute.yaml
-20
View File
@@ -1,20 +0,0 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: antigravity
spec:
parentRefs:
- name: external
namespace: gateway-system
hostnames:
- "antigravity.farh.net"
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: antigravity
port: 5800
weight: 1
k8s/statefulset.yaml
-127
View File
@@ -1,127 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: antigravity
labels:
app: antigravity
spec:
ports:
- port: 5800
name: vnc-web
protocol: TCP
clusterIP: None
selector:
app: antigravity
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: antigravity
spec:
serviceName: "antigravity"
replicas: 1
selector:
matchLabels:
app: antigravity
template:
metadata:
labels:
app: antigravity
spec:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
containers:
- name: antigravity
image: ghcr.io/cpfarhood/devcontainer:latest
imagePullPolicy: Always
ports:
- containerPort: 5800
name: vnc-web
protocol: TCP
volumeMounts:
- name: userhome
mountPath: /home
- name: workspace
mountPath: /workspace
env:
# User/Group IDs for the claude user
- name: USER_ID
value: "1000"
- name: GROUP_ID
value: "1000"
# VNC display settings
- name: DISPLAY_WIDTH
value: "1920"
- name: DISPLAY_HEIGHT
value: "1080"
- name: SECURE_CONNECTION
value: "0"
- name: VNC_PASSWORD
valueFrom:
secretKeyRef:
name: antigravity
key: vnc-password
optional: true
# GitHub configuration
- name: GITHUB_REPO
valueFrom:
configMapKeyRef:
name: antigravity
key: github-repo
optional: true
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
name: antigravity
key: github-token
optional: true
# Happy Coder configuration (optional)
- name: HAPPY_SERVER_URL
valueFrom:
configMapKeyRef:
name: antigravity
key: happy-server-url
optional: true
- name: HAPPY_WEBAPP_URL
valueFrom:
configMapKeyRef:
name: antigravity
key: happy-webapp-url
optional: true
- name: HAPPY_HOME_DIR
value: "/home/claude/.happy"
- name: HAPPY_EXPERIMENTAL
value: "true"
resources:
requests:
memory: "2Gi"
cpu: "1000m"
limits:
memory: "8Gi"
cpu: "4000m"
livenessProbe:
httpGet:
path: /
port: 5800
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 5800
initialDelaySeconds: 10
periodSeconds: 5
volumes:
- name: workspace
emptyDir: {}
volumeClaimTemplates:
- metadata:
name: userhome
spec:
accessModes: [ "ReadWriteMany" ]
storageClassName: "ceph-filesystem"
resources:
requests:
storage: 10Gi
memory/MEMORY.md
+20
View File
@@ -0,0 +1,20 @@
# Antigravity Dev Container - Session Notes
## Key Architecture Facts
- Image: `ghcr.io/cpfarhood/devcontainer:latest` (repo name is `devcontainer`, not `antigravity`)
- `imagePullPolicy: Always` in statefulset (set during initial deployment debugging)
- Service must NOT be headless (`clusterIP: None`) — Cilium gateway can't route to headless services
- `SECURE_CONNECTION=0` — TLS is terminated at the gateway, not the app
- Container user is `user` (UID 1000) — baseimage-gui runs startapp.sh as `app` user, sudo is not available
- HTTPRoute is managed by Authentik outpost, not in kustomization
## Cluster Patterns
- External gateway: `external` in `gateway-system`, handles `*.farh.net` on port 443 HTTPS only
- Hostnames must be exactly `*.farh.net` (not `*.subdomain.farh.net`) to match gateway listener
- Authentik outpost Terraform lives in `../kubernetes/terraform/authentik-*-proxy/`
- Outpost config uses `external` gateway for public apps, `internal` for internal apps
## Common Gotchas
- `baseimage-gui` creates user dynamically — don't hardcode usernames in scripts, use numeric UID/GID
- `chown /home` fails (PVC root not owned by container) — only chown subdirectories
- `sudo` not available in startapp.sh — script already runs as correct user