├── Dockerfile ├── README.md ├── code-server-openshift-template.yaml ├── entrypoint └── exec /Dockerfile: -------------------------------------------------------------------------------- 1 | # How to run it: 2 | # 3 | # With OpenShift: 4 | # $ oc new-app -f https://raw.githubusercontent.com/jefferyb/code-server-openshift/master/code-server-openshift-template.yaml -p URL=vscode.example.com -p CODER_PASSWORD=welcome2vscode 5 | # 6 | # With Kubernetes: 7 | # $ kubectl run code-server --image=jefferyb/code-server -e CODER_PASSWORD=welcome2vscode 8 | # 9 | # With Docker: 10 | # $ docker run -itd --name code-server -e CODER_PASSWORD=welcome2vscode -p 9000:9000 -v "${PWD}:/home/coder/project" jefferyb/code-server 11 | # 12 | ### OpenVPN 13 | # If you want to use OpenVPN, add '--cap-add=NET_ADMIN' to your docker command or uncomment the vpn section in the openshift template 14 | # have your client config file at /home/coder/projects/.openvpn/openvpn-client-conf.ovpn 15 | # and connect using, "sudo /usr/sbin/openvpn --config /home/coder/projects/.openvpn/openvpn-client-conf.ovpn" 16 | # 17 | # ref: 18 | # https://github.com/sr229/code-server-openshift 19 | # https://github.com/cdr/code-server/releases 20 | # https://caveofcode.com/2017/06/how-to-setup-a-vpn-connection-from-inside-a-pod-in-kubernetes/ 21 | ####### 22 | 23 | FROM ubuntu:latest 24 | 25 | ENV LANG=en_US.UTF-8 \ 26 | LC_ALL=en_US.UTF-8 \ 27 | LANGUAGE=en_US.UTF-8 \ 28 | TZ=America/Los_Angeles \ 29 | # adding a sane default is needed since we're not erroring out via exec. 30 | CODER_PASSWORD="coder" \ 31 | oc_version="v3.11.0" \ 32 | oc_version_commit="0cbc58b" \ 33 | PATH="${PATH}:/home/coder/.local/bin" 34 | 35 | COPY exec /opt 36 | 37 | RUN . /etc/lsb-release && \ 38 | apt-get update && \ 39 | export DEBIAN_FRONTEND=noninteractive && ln -fs /usr/share/zoneinfo/${TZ} /etc/localtime && \ 40 | apt-get install -y curl locales gnupg2 tzdata && locale-gen en_US.UTF-8 && \ 41 | curl -sL https://deb.nodesource.com/setup_current.x | bash - && \ 42 | apt-get upgrade -y && \ 43 | apt-get install -y \ 44 | sudo \ 45 | openssl \ 46 | net-tools \ 47 | openvpn \ 48 | jq \ 49 | git \ 50 | tree \ 51 | locales \ 52 | curl \ 53 | dumb-init \ 54 | wget \ 55 | httpie \ 56 | nodejs \ 57 | python \ 58 | python3-pip \ 59 | joe \ 60 | ansible \ 61 | bash-completion \ 62 | openssh-client \ 63 | default-jdk && \ 64 | npm install -g npm && \ 65 | apt clean && \ 66 | rm -rf /var/lib/apt/lists/* 67 | 68 | RUN locale-gen en_US.UTF-8 && \ 69 | cd /tmp && \ 70 | # install code-server 71 | ansible localhost -m apt -a "deb=$(curl -s https://api.github.com/repos/cdr/code-server/releases/latest | jq -r '.assets[] | select(.browser_download_url | contains("amd64.deb")) | .browser_download_url')" && \ 72 | # install openshift/kubernetes client tools 73 | wget -O - https://github.com/openshift/origin/releases/download/${oc_version}/openshift-origin-client-tools-${oc_version}-${oc_version_commit}-linux-64bit.tar.gz | tar -xzv --strip 1 openshift-origin-client-tools-${oc_version}-${oc_version_commit}-linux-64bit/oc openshift-origin-client-tools-${oc_version}-${oc_version_commit}-linux-64bit/kubectl && \ 74 | mv oc kubectl /usr/bin/ && \ 75 | /usr/bin/oc completion bash >> /etc/bash_completion.d/oc_completion && \ 76 | /usr/bin/kubectl completion bash >> /etc/bash_completion.d/kubectl_completion && \ 77 | # for openvpn 78 | mkdir -p /dev/net && \ 79 | mknod /dev/net/tun c 10 200 && \ 80 | chmod 600 /dev/net/tun && \ 81 | echo "user ALL=(ALL) NOPASSWD: /usr/sbin/openvpn --config /home/coder/projects/.openvpn/openvpn-client-conf.ovpn" >> /etc/sudoers.d/openvpn-client && \ 82 | # add user coder 83 | adduser --disabled-password --gecos '' coder && \ 84 | echo '%sudo ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers && \ 85 | echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd && \ 86 | chmod g+rw /home/coder && \ 87 | chmod a+x /opt/exec && \ 88 | chgrp -R 0 /home/coder /etc/ansible && \ 89 | chmod -R g=u /home/coder /etc/ansible /etc/resolv.conf && \ 90 | chmod g=u /etc/passwd /etc/resolv.conf /etc/ssl/certs/ca-certificates.crt 91 | 92 | ENV LC_ALL=en_US.UTF-8 93 | 94 | WORKDIR /home/coder 95 | 96 | USER coder 97 | 98 | RUN mkdir -p projects && mkdir -p certs && \ 99 | curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.35.3/install.sh | bash && \ 100 | sudo chmod -R g+rw projects/ && \ 101 | sudo chmod -R g+rw certs/ && \ 102 | sudo chmod -R g+rw .nvm && \ 103 | sudo rm -frv .config/ && \ 104 | sudo chgrp -R 0 /home/coder 105 | 106 | COPY entrypoint /home/coder 107 | 108 | VOLUME ["/home/coder/projects", "/home/coder/certs"]; 109 | 110 | USER 10001 111 | 112 | ENTRYPOINT ["/home/coder/entrypoint"] 113 | 114 | EXPOSE 9000 8080 115 | 116 | CMD ["/opt/exec"] 117 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Coder/vscode OpenShift Template 2 | An OpenShift Template to run a distribution of Coder's [Visual Studio Code in browser](https://github.com/codercom/code-server) on your OpenShift Cluster 3 | 4 | Based on [https://github.com/sr229/code-server-openshift](https://github.com/sr229/code-server-openshift) and [https://github.com/codercom/code-server/releases](https://github.com/codercom/code-server/releases) 5 | 6 | 7 | ## Docker images 8 | 9 | The `latest` tag is updated weekly using the [latest code-server release](https://github.com/codercom/code-server/releases) 10 | 11 | ## Running 12 | ### Using Openshift CLI 13 | ```bash 14 | oc new-app -f https://raw.githubusercontent.com/jefferyb/code-server-openshift/master/code-server-openshift-template.yaml -p URL=vscode.example.com -p CODER_PASSWORD=welcome2vscode 15 | 16 | # OR 17 | 18 | oc process -f https://raw.githubusercontent.com/jefferyb/code-server-openshift/master/code-server-openshift-template.yaml -p URL=vscode.example.com -p CODER_PASSWORD=welcome2vscode | oc create -f - 19 | 20 | # OR 21 | 22 | oc new-app --name=code-server --image=jefferyb/code-server -e CODER_PASSWORD=welcome2vscode 23 | oc create route edge code-server --insecure-policy=Redirect --service=code-server --hostname=vscode.example.com 24 | ``` 25 | 26 | ### Using Kubernetes CLI 27 | ```bash 28 | # Deploy 29 | kubectl run code-server --image=jefferyb/code-server -e CODER_PASSWORD=welcome2vscode 30 | ``` 31 | 32 | ### Using Docker 33 | ```bash 34 | # Deploy 35 | docker run -itd --name code-server -e CODER_PASSWORD=welcome2vscode -p 9000:9000 -v "${PWD}:/home/coder/project" jefferyb/code-server 36 | ``` 37 | 38 | If we find `/home/coder/projects/.setup/setup-vscode` file in the container, we'll run/execute it to setup VS Code on startup. Useful when a container restarts and want to run a script to it setup automatically 39 | 40 | ## Default Parameters for the OpenShift Template ( code-server-openshift-template.yaml ) 41 | 42 | * NAME=code-server 43 | * URL= 44 | * CONTAINER_HOSTNAME=coder 45 | * CODER_PASSWORD=coder 46 | * CODER_ENABLE_AUTH=true 47 | * PVC_STORAGE=10Gi 48 | * DOCKER_IMAGE=jefferyb/code-server:latest 49 | 50 | ## Added Packages 51 | 52 | Added a few packages that can be used in vs code terminal 53 | 54 | * git 55 | * java 56 | * httpie 57 | * nodejs 58 | * python 59 | * ansible 60 | * OpenVPN 61 | * python3-pip 62 | * openssh-client 63 | * oc (OpenShift client) 64 | * kubectl (Kubernetes client) 65 | -------------------------------------------------------------------------------- /code-server-openshift-template.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # How to run it: 3 | # $ oc new-app -f code-server-openshift-template.yaml -p URL=vscode.example.com -p CODER_PASSWORD=welcome2vscode 4 | # 5 | # OR 6 | # 7 | # $ oc process -f code-server-openshift-template.yaml -p URL=vscode.example.com -p CODER_PASSWORD=welcome2vscode | oc create -f - 8 | # 9 | ####### 10 | 11 | apiVersion: v1 12 | kind: Template 13 | metadata: 14 | name: vscode-template 15 | annotations: 16 | openshift.io/display-name: "Visual Studio Code in browser" 17 | description: "A distribution of Coder's Visual Studio Code in browser designed to work for CNCF-compliant orchestators." 18 | tags: "coder,code,vscode" 19 | openshift.io/provider-display-name: "Code Server" 20 | openshift.io/documentation-url: "https://github.com/jefferyb/code-server-openshift" 21 | parameters: 22 | - name: NAME 23 | description: Name of your application 24 | value: code-server 25 | required: true 26 | - name: CONTAINER_HOSTNAME 27 | description: Hostname of your container 28 | value: coder 29 | - name: DOCKER_IMAGE 30 | description: Docker image to use 31 | value: jefferyb/code-server:latest 32 | # value: chinodesuuu/coder:openshift 33 | required: true 34 | - name: URL 35 | description: Name of your application 36 | required: true 37 | - name: CODER_ENABLE_AUTH 38 | description: Enable auth 39 | value: "true" 40 | - name: CODER_PASSWORD 41 | description: Provide your own password, else, it defaults to "coder" 42 | - name: PVC_STORAGE 43 | description: Persistent Volume Claim Storage space 44 | value: 10Gi 45 | 46 | objects: 47 | - apiVersion: image.openshift.io/v1 48 | kind: ImageStream 49 | metadata: 50 | name: ${NAME} 51 | labels: 52 | app: ${NAME} 53 | spec: 54 | lookupPolicy: 55 | local: false 56 | tags: 57 | - annotations: 58 | openshift.io/imported-from: ${DOCKER_IMAGE} 59 | from: 60 | kind: DockerImage 61 | name: ${DOCKER_IMAGE} 62 | importPolicy: 63 | scheduled: true 64 | name: latest 65 | referencePolicy: 66 | type: Source 67 | 68 | - apiVersion: v1 69 | kind: PersistentVolumeClaim 70 | metadata: 71 | name: ${NAME}-projects 72 | labels: 73 | app: ${NAME} 74 | spec: 75 | accessModes: 76 | - ReadWriteOnce 77 | resources: 78 | requests: 79 | storage: ${PVC_STORAGE} 80 | 81 | - apiVersion: apps.openshift.io/v1 82 | kind: DeploymentConfig 83 | metadata: 84 | name: ${NAME} 85 | labels: 86 | app: ${NAME} 87 | spec: 88 | replicas: 1 89 | selector: 90 | app: ${NAME} 91 | deploymentconfig: ${NAME} 92 | template: 93 | metadata: 94 | labels: 95 | app: ${NAME} 96 | deploymentconfig: ${NAME} 97 | spec: 98 | hostname: ${CONTAINER_HOSTNAME} 99 | containers: 100 | - name: ${NAME} 101 | image: ' ' 102 | imagePullPolicy: IfNotPresent 103 | env: 104 | - name: CODER_ENABLE_AUTH 105 | value: "${CODER_ENABLE_AUTH}" 106 | - name: CODER_PASSWORD 107 | value: ${CODER_PASSWORD} 108 | ports: 109 | - containerPort: 9000 110 | protocol: TCP 111 | resources: {} 112 | volumeMounts: 113 | - mountPath: /home/coder/certs 114 | name: ${NAME}-certs 115 | - mountPath: /home/coder/projects 116 | name: ${NAME}-projects 117 | dnsPolicy: ClusterFirst 118 | restartPolicy: Always 119 | securityContext: {} 120 | volumes: 121 | - emptyDir: {} 122 | name: ${NAME}-certs 123 | - name: ${NAME}-projects 124 | persistentVolumeClaim: 125 | claimName: ${NAME}-projects 126 | test: false 127 | triggers: 128 | - type: ConfigChange 129 | - type: ImageChange 130 | imageChangeParams: 131 | automatic: true 132 | containerNames: 133 | - ${NAME} 134 | from: 135 | kind: ImageStreamTag 136 | name: ${NAME}:latest 137 | 138 | - apiVersion: v1 139 | kind: Service 140 | metadata: 141 | name: ${NAME} 142 | labels: 143 | app: ${NAME} 144 | spec: 145 | ports: 146 | - name: 9000-tcp 147 | port: 9000 148 | protocol: TCP 149 | targetPort: 9000 150 | selector: 151 | app: ${NAME} 152 | deploymentconfig: ${NAME} 153 | type: ClusterIP 154 | 155 | - apiVersion: route.openshift.io/v1 156 | kind: Route 157 | metadata: 158 | name: ${NAME} 159 | labels: 160 | app: ${NAME} 161 | spec: 162 | host: ${URL} 163 | port: 164 | targetPort: 9000-tcp 165 | tls: 166 | insecureEdgeTerminationPolicy: Redirect 167 | termination: edge 168 | to: 169 | kind: Service 170 | name: ${NAME} 171 | weight: 100 172 | wildcardPolicy: None 173 | 174 | labels: 175 | app: "${NAME}" 176 | template: "vscode-template" 177 | -------------------------------------------------------------------------------- /entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | export HOME=/home/coder 4 | export PASSWORD=${CODER_PASSWORD} 5 | export USER_ID=$(id -u) 6 | export GROUP_ID=$(id -g) 7 | 8 | if [ -w /etc/passwd ]; then 9 | echo "user:x:$(id -u):$(id -g):user user:${HOME}:/bin/bash" >> /etc/passwd 10 | fi 11 | 12 | ### Display code-server version: 13 | echo 14 | echo "----------------------------------------------" 15 | echo "[ INFO ] Current code-server version: " 16 | code-server --version 17 | echo "----------------------------------------------" 18 | echo 19 | 20 | ### Setup VS Code automatically 21 | if [ -f /home/coder/projects/.setup/setup-vscode ]; then 22 | echo 23 | echo "----------------------------------------------" 24 | echo "[ INFO ] Running your setup script" 25 | cd /home/coder/projects/.setup/ || return 26 | ./setup-vscode 27 | echo "----------------------------------------------" 28 | fi 29 | 30 | exec "$@" 31 | -------------------------------------------------------------------------------- /exec: -------------------------------------------------------------------------------- 1 | #!/usr/bin/dumb-init /bin/sh 2 | 3 | # Special exec script to handle user cases that needs auth or 4 | # stuff I can think of. 5 | 6 | # check for $CODER_ENABLE_AUTH. 7 | if [ -z "$CODER_ENABLE_AUTH" ]; then 8 | if [ -z "$CODER_ENABLE_TLS" ]; then 9 | /usr/bin/code-server --bind-addr 0.0.0.0:9000 /home/coder/projects; 10 | elif [ -n "$CODER_ENABLE_TLS" ]; then 11 | case "$CODER_ENABLE_TLS" in 12 | true) 13 | echo "WARNING: Make sure you mounted your Certificates in /home/coder/certs!" 14 | echo "your cert should be named 'coder.crt' and 'coder.key', else the script won't recognize it." 15 | /usr/bin/code-server --bind-addr 0.0.0.0:9000 --cert=/home/coder/certs/coder.crt --cert-key=/home/coder/certs/coder.key /home/coder/projects 16 | ;; 17 | false) 18 | /usr/bin/code-server --bind-addr 0.0.0.0:9000 /home/coder/projects 19 | ;; 20 | *) 21 | /usr/bin/code-server --bind-addr 0.0.0.0:9000 /home/coder/projects 22 | ;; 23 | esac 24 | fi 25 | elif [ -n "$CODER_ENABLE_AUTH" ]; then 26 | case "$CODER_ENABLE_AUTH" in 27 | true) 28 | if [ -z "$CODER_ENABLE_TLS" ]; then 29 | PASSWORD="$CODER_PASSWORD" /usr/bin/code-server --auth password --bind-addr 0.0.0.0:9000 /home/coder/projects; 30 | elif [ -n "$CODER_ENABLE_TLS" ]; then 31 | case "$CODER_ENABLE_TLS" in 32 | true) 33 | echo "WARNING: Make sure you mounted your Certificates in /home/coder/certs!" 34 | echo "your cert should be named 'coder.crt' and 'coder.key', else the script won't recognize it." 35 | PASSWORD="$CODER_PASSWORD" /usr/bin/code-server --auth password --bind-addr 0.0.0.0:9000 --cert=/home/coder/certs/coder.crt --cert-key=/home/coder/certs/coder.key /home/coder/projects 36 | ;; 37 | false) 38 | PASSWORD="$CODER_PASSWORD" /usr/bin/code-server --auth password --bind-addr 0.0.0.0:9000 /home/coder/projects 39 | ;; 40 | *) 41 | PASSWORD="$CODER_PASSWORD" /usr/bin/code-server --auth password --bind-addr 0.0.0.0:9000 /home/coder/projects 42 | ;; 43 | esac 44 | fi 45 | ;; 46 | false) 47 | if [ -z "$CODER_ENABLE_TLS" ]; then 48 | /usr/bin/code-server --bind-addr 0.0.0.0:9000 /home/coder/projects; 49 | elif [ -n "$CODER_ENABLE_TLS" ]; then 50 | case "$CODER_ENABLE_TLS" in 51 | true) 52 | echo "WARNING: Make sure you mounted your Certificates in /home/coder/certs!" 53 | echo "your cert should be named 'coder.crt' and 'coder.key', else the script won't recognize it." 54 | /usr/bin/code-server --bind-addr 0.0.0.0:9000 --cert=/home/coder/certs/coder.crt --cert-key=/home/coder/certs/coder.key /home/coder/projects 55 | ;; 56 | false) 57 | /usr/bin/code-server --bind-addr 0.0.0.0:9000 /home/coder/projects 58 | ;; 59 | *) 60 | /usr/bin/code-server --bind-addr 0.0.0.0:9000 /home/coder/projects 61 | ;; 62 | esac 63 | fi 64 | ;; 65 | *) 66 | if [ -z "$CODER_ENABLE_TLS" ]; then 67 | /usr/bin/code-server --bind-addr 0.0.0.0:9000 /home/coder/projects; 68 | elif [ -n "$CODER_ENABLE_TLS" ]; then 69 | case "$CODER_ENABLE_TLS" in 70 | true) 71 | echo "WARNING: Make sure you mounted your Certificates in /home/coder/certs!" 72 | echo "your cert should be named 'coder.crt' and 'coder.key', else the script won't recognize it." 73 | /usr/bin/code-server --bind-addr 0.0.0.0:9000 --cert=/home/coder/certs/coder.crt --cert-key=/home/coder/certs/coder.key /home/coder/projects 74 | ;; 75 | false) 76 | /usr/bin/code-server --bind-addr 0.0.0.0:9000 /home/coder/projects 77 | ;; 78 | *) 79 | /usr/bin/code-server --bind-addr 0.0.0.0:9000 /home/coder/projects 80 | ;; 81 | esac 82 | fi 83 | ;; 84 | esac 85 | fi 86 | --------------------------------------------------------------------------------