apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: devcontainer-serverless
  namespace: devcontainers
  annotations:
    # Scale to zero when not in use (saves resources)
    autoscaling.knative.dev/minScale: "0"
    autoscaling.knative.dev/maxScale: "10"
    # Keep instances warm for 5 minutes after last request
    autoscaling.knative.dev/scale-to-zero-grace-period: "5m"
    # Target 1 concurrent request per pod (ensures isolation)
    autoscaling.knative.dev/target: "1"
spec:
  template:
    metadata:
      annotations:
        # Container port for VNC web interface
        autoscaling.knative.dev/targetPort: "5800"
        # Timeout for cold starts (dev containers need time to initialize)
        serving.knative.dev/timeoutSeconds: "300"
    spec:
      # Give containers more time to start (repo cloning + IDE launch)
      timeoutSeconds: 300
      containers:
      - name: devcontainer
        image: ghcr.io/cpfarhood/devcontainer:latest
        ports:
        - containerPort: 5800
          name: vnc-web
        env:
        # Dynamic repo extraction will be handled by a startup script
        - name: DYNAMIC_GITHUB_ROUTING
          value: "true"
        - name: IDE
          value: "vscode"
        - name: DISPLAY_WIDTH
          value: "1920"
        - name: DISPLAY_HEIGHT
          value: "1080"
        - name: SECURE_CONNECTION
          value: "0"
        - name: USER_ID
          value: "1000"
        - name: GROUP_ID
          value: "1000"
        # Enable file manager for easy upload/download
        - name: WEB_FILE_MANAGER
          value: "1"
        - name: WEB_FILE_MANAGER_ALLOWED_PATHS
          value: "/workspace,/config"
        # Use secrets for sensitive data
        envFrom:
        - secretRef:
            name: devcontainer-serverless-secrets
            optional: true
        resources:
          requests:
            memory: "1Gi"
            cpu: "500m"
          limits:
            memory: "4Gi"
            cpu: "2000m"
        volumeMounts:
        - name: userhome
          mountPath: /config
        - name: shm
          mountPath: /dev/shm
        # Readiness probe - VNC must be ready
        readinessProbe:
          httpGet:
            path: /
            port: 5800
          initialDelaySeconds: 30
          periodSeconds: 5
          timeoutSeconds: 3
        # Liveness probe - ensure container stays healthy
        livenessProbe:
          httpGet:
            path: /
            port: 5800
          initialDelaySeconds: 60
          periodSeconds: 10
          timeoutSeconds: 5
      volumes:
      - name: userhome
        emptyDir: {}  # Ephemeral - each instance gets fresh home
      - name: shm
        emptyDir:
          medium: Memory
          sizeLimit: 2Gi
---
# Secret template for GitHub tokens, VNC passwords, etc.
apiVersion: v1
kind: Secret
metadata:
  name: devcontainer-serverless-secrets
  namespace: devcontainers
type: Opaque
data:
  # Base64 encoded values - update as needed
  # echo -n "your-github-token" | base64
  GITHUB_TOKEN: ""
  # echo -n "your-vnc-password" | base64
  VNC_PASSWORD: ""
  # echo -n "your-anthropic-key" | base64
  ANTHROPIC_API_KEY: ""