21 lines
1.2 KiB
Markdown
21 lines
1.2 KiB
Markdown
# Antigravity Dev Container - Session Notes
|
|
|
|
## Key Architecture Facts
|
|
- Image: `ghcr.io/cpfarhood/devcontainer:latest` (repo name is `devcontainer`, not `antigravity`)
|
|
- `imagePullPolicy: Always` in statefulset (set during initial deployment debugging)
|
|
- Service must NOT be headless (`clusterIP: None`) — Cilium gateway can't route to headless services
|
|
- `SECURE_CONNECTION=0` — TLS is terminated at the gateway, not the app
|
|
- Container user is `user` (UID 1000) — baseimage-gui runs startapp.sh as `app` user, sudo is not available
|
|
- HTTPRoute is managed by Authentik outpost, not in kustomization
|
|
|
|
## Cluster Patterns
|
|
- External gateway: `external` in `gateway-system`, handles `*.farh.net` on port 443 HTTPS only
|
|
- Hostnames must be exactly `*.farh.net` (not `*.subdomain.farh.net`) to match gateway listener
|
|
- Authentik outpost Terraform lives in `../kubernetes/terraform/authentik-*-proxy/`
|
|
- Outpost config uses `external` gateway for public apps, `internal` for internal apps
|
|
|
|
## Common Gotchas
|
|
- `baseimage-gui` creates user dynamically — don't hardcode usernames in scripts, use numeric UID/GID
|
|
- `chown /home` fails (PVC root not owned by container) — only chown subdirectories
|
|
- `sudo` not available in startapp.sh — script already runs as correct user
|