261 lines
7.5 KiB
YAML
261 lines
7.5 KiB
YAML
# =============================================================================
|
|
# BASIC CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Instance name — used to generate resource names (devcontainer-{name}, userhome-{name})
|
|
name: ""
|
|
|
|
# Deployment mode controls the infrastructure pattern
|
|
# - persistent: Traditional model with PVC storage, single long-lived deployment
|
|
# - dynamic: Serverless model with Knative, auto-scaling from 0, dynamic GitHub routing
|
|
deploymentMode: persistent # persistent | dynamic
|
|
|
|
# Container image configuration
|
|
image:
|
|
repository: ghcr.io/cpfarhood/devcontainer
|
|
tag: latest
|
|
pullPolicy: Always
|
|
|
|
# GitHub repository to clone into /workspace (ignored in dynamic mode - uses URL routing)
|
|
githubRepo: ""
|
|
|
|
# =============================================================================
|
|
# ACCESS & INTERFACE
|
|
# =============================================================================
|
|
|
|
# IDE configuration
|
|
ide:
|
|
# Options: vscode | antigravity | none
|
|
type: vscode
|
|
|
|
# SSH access configuration
|
|
ssh:
|
|
enabled: false
|
|
|
|
# Web file manager — built-in upload/download via the VNC web interface (port 5800)
|
|
# Uses the base image's WEB_FILE_MANAGER feature (no extra sidecar needed)
|
|
fileManager:
|
|
enabled: false
|
|
# Paths the file manager can access (default: AUTO = mapped volumes)
|
|
# Options: AUTO | ALL | comma-separated list of paths
|
|
allowedPaths: "/workspace,/config"
|
|
# Paths to deny (takes precedence over allowedPaths)
|
|
deniedPaths: ""
|
|
|
|
# VNC display settings
|
|
display:
|
|
width: "1920"
|
|
height: "1080"
|
|
secureConnection: "0" # Set to "1" when TLS is not terminated upstream
|
|
|
|
# User configuration
|
|
user:
|
|
id: "1000"
|
|
groupId: "1000"
|
|
|
|
# =============================================================================
|
|
# INFRASTRUCTURE & RESOURCES
|
|
# =============================================================================
|
|
|
|
# Storage configuration
|
|
storage:
|
|
size: 32Gi
|
|
className: "" # Empty string uses the cluster's default StorageClass (must support ReadWriteMany)
|
|
|
|
# Resource allocation
|
|
resources:
|
|
requests:
|
|
memory: "2Gi"
|
|
cpu: "1000m"
|
|
limits:
|
|
memory: "8Gi"
|
|
cpu: "4000m"
|
|
|
|
# Shared memory for Electron apps (Chrome, Antigravity)
|
|
shm:
|
|
sizeLimit: 2Gi
|
|
|
|
# Kubernetes cluster access via RBAC
|
|
# Options: none | readonlyns | readwritens | readonly | readwrite
|
|
clusterAccess: none
|
|
|
|
# =============================================================================
|
|
# INTEGRATIONS
|
|
# =============================================================================
|
|
|
|
# MCP (Model Context Protocol) server sidecars
|
|
mcp:
|
|
sidecars:
|
|
# Kubernetes API access
|
|
kubernetes:
|
|
enabled: true
|
|
image:
|
|
repository: quay.io/containers/kubernetes_mcp_server
|
|
tag: v0.0.57
|
|
port: 8080
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "256Mi"
|
|
cpu: "500m"
|
|
|
|
# Flux GitOps operations
|
|
flux:
|
|
enabled: true
|
|
image:
|
|
repository: ghcr.io/controlplaneio-fluxcd/flux-operator-mcp
|
|
tag: v0.41.1
|
|
port: 8081
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "256Mi"
|
|
cpu: "500m"
|
|
|
|
|
|
# Helm chart browsing and management
|
|
helm:
|
|
enabled: true
|
|
image:
|
|
repository: ghcr.io/zekker6/mcp-helm
|
|
tag: v1.3.1
|
|
port: 8012
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "256Mi"
|
|
cpu: "500m"
|
|
|
|
# Home Assistant smart home control
|
|
homeassistant:
|
|
enabled: false # Requires HOMEASSISTANT_URL and HOMEASSISTANT_TOKEN
|
|
image:
|
|
repository: ghcr.io/homeassistant-ai/ha-mcp
|
|
tag: "6.7.1"
|
|
port: 8087
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "256Mi"
|
|
cpu: "500m"
|
|
|
|
# PostgreSQL performance tuning
|
|
pgtuner:
|
|
enabled: false # Requires DATABASE_URI in secrets
|
|
image:
|
|
repository: dog830228/pgtuner_mcp
|
|
tag: latest
|
|
port: 8085
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "256Mi"
|
|
cpu: "500m"
|
|
|
|
# Browser automation and web testing
|
|
playwright:
|
|
enabled: true
|
|
image:
|
|
repository: mcr.microsoft.com/playwright/mcp
|
|
tag: v0.0.68
|
|
port: 8086
|
|
resources:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "512Mi"
|
|
cpu: "1000m"
|
|
|
|
# =============================================================================
|
|
# SMART DEFAULTS & AUTO-DETECTION
|
|
# =============================================================================
|
|
|
|
# Environment auto-detection based on name patterns
|
|
# Automatically adjusts defaults for dev/test/prod/team environments
|
|
autoDetect:
|
|
environment: true # Auto-detect dev/prod/team from name
|
|
storageClass: true # Auto-detect ReadWriteMany storage class
|
|
resources: true # Auto-size resources based on enabled features
|
|
|
|
# Resource profiles (auto-selected based on environment and features)
|
|
# Override specific values above to customize
|
|
resourceProfile: auto # auto | small | medium | large | xlarge
|
|
|
|
# =============================================================================
|
|
# DYNAMIC MODE CONFIGURATION (deploymentMode: dynamic)
|
|
# =============================================================================
|
|
|
|
# Dynamic mode uses Knative Services and routing proxy for serverless operation
|
|
dynamic:
|
|
# Knative Service configuration
|
|
knative:
|
|
# Scaling configuration
|
|
minScale: 0 # Scale to zero when not in use
|
|
maxScale: 10 # Maximum number of concurrent instances
|
|
target: 1 # Requests per instance (isolation = 1 request per pod)
|
|
scaleToZeroGracePeriod: "5m" # Keep instances warm for 5 minutes
|
|
|
|
# Container startup timeout (repo cloning + IDE startup)
|
|
timeoutSeconds: 600 # 10 minutes
|
|
|
|
# Resource configuration (per instance)
|
|
resources:
|
|
requests:
|
|
memory: "1Gi"
|
|
cpu: "500m"
|
|
limits:
|
|
memory: "4Gi"
|
|
cpu: "2000m"
|
|
|
|
# Routing proxy configuration (extracts GitHub repo from URL)
|
|
routingProxy:
|
|
enabled: true
|
|
replicas: 2 # High availability
|
|
image:
|
|
repository: ghcr.io/cpfarhood/devcontainer-routing-proxy
|
|
tag: latest
|
|
pullPolicy: Always
|
|
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "256Mi"
|
|
cpu: "500m"
|
|
|
|
# Ingress configuration for dynamic mode
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
host: "" # Set this to your domain (e.g., devcontainer.farh.net)
|
|
|
|
# TLS configuration
|
|
tls:
|
|
enabled: true
|
|
secretName: "" # Auto-generated if empty
|
|
issuer: "letsencrypt-prod" # cert-manager ClusterIssuer
|
|
|
|
# Authentik forward auth configuration
|
|
authentik:
|
|
enabled: false # Set to true when Authentik is configured
|
|
authUrl: "http://authentik.authentik.svc.cluster.local/outpost.goauthentik.io/auth/nginx"
|
|
signIn: "https://auth.example.com/outpost.goauthentik.io/start?rd=$escaped_request_uri"
|
|
|
|
# =============================================================================
|
|
# ADVANCED CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Custom env secret name (defaults to: devcontainer-{name}-secrets-env)
|
|
envSecretName: "" |