DevContainer User
b69cd80cae
Implements a complete serverless development container platform:
## Architecture
- Authentik forward auth for authentication/authorization
- NGINX routing proxy extracts GitHub repo from URL path
- Knative Service auto-scales dev container instances from 0
- Dynamic GitHub repo routing via /github/{owner}/{repo}
## Components
- routing-proxy: NGINX-based service for repo extraction and forwarding
- deployment.yaml: Complete K8s manifests (proxy, Knative, ingress, secrets)
- authentik-config.yaml: Authentik application and provider configs
- serverless scripts: Dynamic repo initialization and startup handling
- Comprehensive documentation and Makefile for ops
## Key Features
- Scale to zero when not in use (cost-effective)
- Per-request isolation (each repo gets own container)
- Built-in file manager for upload/download
- Support for private repos via GitHub tokens
- User attribution via Authentik headers
- WebSocket support for VNC connections
Example usage: https://devcontainer.farh.net/github/microsoft/vscode
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
112 lines
3.3 KiB
YAML
112 lines
3.3 KiB
YAML
apiVersion: serving.knative.dev/v1
|
|
kind: Service
|
|
metadata:
|
|
name: devcontainer-serverless
|
|
namespace: devcontainers
|
|
annotations:
|
|
# Scale to zero when not in use (saves resources)
|
|
autoscaling.knative.dev/minScale: "0"
|
|
autoscaling.knative.dev/maxScale: "10"
|
|
# Keep instances warm for 5 minutes after last request
|
|
autoscaling.knative.dev/scale-to-zero-grace-period: "5m"
|
|
# Target 1 concurrent request per pod (ensures isolation)
|
|
autoscaling.knative.dev/target: "1"
|
|
spec:
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
# Container port for VNC web interface
|
|
autoscaling.knative.dev/targetPort: "5800"
|
|
# Timeout for cold starts (dev containers need time to initialize)
|
|
serving.knative.dev/timeoutSeconds: "300"
|
|
spec:
|
|
# Give containers more time to start (repo cloning + IDE launch)
|
|
timeoutSeconds: 300
|
|
containers:
|
|
- name: devcontainer
|
|
image: ghcr.io/cpfarhood/devcontainer:latest
|
|
ports:
|
|
- containerPort: 5800
|
|
name: vnc-web
|
|
env:
|
|
# Dynamic repo extraction will be handled by a startup script
|
|
- name: DYNAMIC_GITHUB_ROUTING
|
|
value: "true"
|
|
- name: IDE
|
|
value: "vscode"
|
|
- name: DISPLAY_WIDTH
|
|
value: "1920"
|
|
- name: DISPLAY_HEIGHT
|
|
value: "1080"
|
|
- name: SECURE_CONNECTION
|
|
value: "0"
|
|
- name: USER_ID
|
|
value: "1000"
|
|
- name: GROUP_ID
|
|
value: "1000"
|
|
# Enable file manager for easy upload/download
|
|
- name: WEB_FILE_MANAGER
|
|
value: "1"
|
|
- name: WEB_FILE_MANAGER_ALLOWED_PATHS
|
|
value: "/workspace,/config"
|
|
# Happy Coder config
|
|
- name: HAPPY_HOME_DIR
|
|
value: "/config/userdata/.happy"
|
|
- name: HAPPY_EXPERIMENTAL
|
|
value: "true"
|
|
# Use secrets for sensitive data
|
|
envFrom:
|
|
- secretRef:
|
|
name: devcontainer-serverless-secrets
|
|
optional: true
|
|
resources:
|
|
requests:
|
|
memory: "1Gi"
|
|
cpu: "500m"
|
|
limits:
|
|
memory: "4Gi"
|
|
cpu: "2000m"
|
|
volumeMounts:
|
|
- name: userhome
|
|
mountPath: /config
|
|
- name: shm
|
|
mountPath: /dev/shm
|
|
# Readiness probe - VNC must be ready
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 5800
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 5
|
|
timeoutSeconds: 3
|
|
# Liveness probe - ensure container stays healthy
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 5800
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
volumes:
|
|
- name: userhome
|
|
emptyDir: {} # Ephemeral - each instance gets fresh home
|
|
- name: shm
|
|
emptyDir:
|
|
medium: Memory
|
|
sizeLimit: 2Gi
|
|
---
|
|
# Secret template for GitHub tokens, VNC passwords, etc.
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: devcontainer-serverless-secrets
|
|
namespace: devcontainers
|
|
type: Opaque
|
|
data:
|
|
# Base64 encoded values - update as needed
|
|
# echo -n "your-github-token" | base64
|
|
GITHUB_TOKEN: ""
|
|
# echo -n "your-vnc-password" | base64
|
|
VNC_PASSWORD: ""
|
|
# echo -n "your-anthropic-key" | base64
|
|
ANTHROPIC_API_KEY: "" |