DevContainer User
5565354127
Implements unified Helm chart supporting both deployment modes: - persistent: Traditional PVC-based deployment (v1.x behavior) - dynamic: Serverless Knative with auto-scaling and dynamic routing ## Chart Changes - Chart.yaml: Bump to v2.0.0-dev with deployment mode support - values.yaml: Add deploymentMode field and dynamic configuration - All templates: Conditional rendering based on deploymentMode ## Dynamic Mode Templates - knative-service.yaml: Auto-scaling dev containers with repo routing - routing-proxy.yaml: GitHub repo extraction service - dynamic-ingress.yaml: Ingress with Authentik auth support ## Usage Examples ```bash # Traditional persistent mode (default) helm install mydev ./chart --set name=mydev --set githubRepo=... # Dynamic serverless mode helm install mydev ./chart -f values-dynamic.yaml \ --set name=mydev --set dynamic.ingress.host=devcontainer.example.com # Development builds helm install mydev ./chart --set deploymentMode=dynamic \ --set image.tag=2.0.0-dev --set dynamic.ingress.host=... ``` All existing persistent deployments remain compatible (deploymentMode defaults to "persistent"). Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
100 lines
1.9 KiB
YAML
100 lines
1.9 KiB
YAML
{{- if eq .Values.deploymentMode "persistent" }}
|
|
{{- $access := .Values.clusterAccess | default "none" }}
|
|
{{- $name := include "devcontainer.fullname" . }}
|
|
{{- $ns := .Release.Namespace }}
|
|
{{- $labels := include "devcontainer.labels" . }}
|
|
|
|
{{- if ne $access "none" }}
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: {{ $name }}
|
|
namespace: {{ $ns }}
|
|
labels:
|
|
{{- $labels | nindent 4 }}
|
|
|
|
{{- if or (eq $access "readonlyns") (eq $access "readwritens") }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: {{ $name }}
|
|
namespace: {{ $ns }}
|
|
labels:
|
|
{{- $labels | nindent 4 }}
|
|
rules:
|
|
- apiGroups: ["*"]
|
|
resources: ["*"]
|
|
verbs:
|
|
{{- if eq $access "readonlyns" }}
|
|
- get
|
|
- list
|
|
- watch
|
|
{{- else }}
|
|
- "*"
|
|
{{- end }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: {{ $name }}
|
|
namespace: {{ $ns }}
|
|
labels:
|
|
{{- $labels | nindent 4 }}
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ $name }}
|
|
namespace: {{ $ns }}
|
|
roleRef:
|
|
kind: Role
|
|
name: {{ $name }}
|
|
apiGroup: rbac.authorization.k8s.io
|
|
{{- end }}
|
|
|
|
{{- if or (eq $access "readonly") (eq $access "readwrite") }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ $name }}
|
|
labels:
|
|
{{- $labels | nindent 4 }}
|
|
rules:
|
|
- apiGroups: ["*"]
|
|
resources: ["*"]
|
|
verbs:
|
|
{{- if eq $access "readonly" }}
|
|
- get
|
|
- list
|
|
- watch
|
|
{{- else }}
|
|
- "*"
|
|
{{- end }}
|
|
- nonResourceURLs: ["*"]
|
|
verbs:
|
|
{{- if eq $access "readonly" }}
|
|
- get
|
|
{{- else }}
|
|
- "*"
|
|
{{- end }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: {{ $name }}
|
|
labels:
|
|
{{- $labels | nindent 4 }}
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ $name }}
|
|
namespace: {{ $ns }}
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: {{ $name }}
|
|
apiGroup: rbac.authorization.k8s.io
|
|
{{- end }}
|
|
|
|
{{- end }}
|
|
{{- end }}
|