Using the Dev Container Environment

Setup

Rancher Desktop

Rancher Desktop was chosen to be our the default container platform as the presumptive default, Docker Desktop, has restrictive and expensive licensing.

Installation is straightforward with installers provided for various platforms. Please consult the Rancher Desktop Installation Guide for detailed instructions.

Once installed, Kubernetes can be enabled in the Rancher Desktop app, by going to Preferences, then clicking on the Kubernetes tab and enabling it there. The new environment will be available to you on the rancher-desktop context.

Note There is a drop-down when you go to enable Kubernetes to select the version you want to run.

By default, the container engine will default to Docker's Moby which is ideal for the included k3s Kubernetes implementation.

Dev Container Setup

In order to facilitate developer setup, a group effort resulted in a docker image that provides a curated group of tools.

The workstation image can be found in a project in code.vt.edu.

You will need to add code.vt.edu as a docker repo using a gitlab token:

docker login -u username-workstation-readonly -p <personal access token> code.vt.edu:5005

The image is designed to utilize environment variables to facilitate configuration. In addition to the available tunables, the ability to pass a persistent home folder, and a unique sudo password are provided.

In addition to being able to pass a folder to use at the home folder,

The following tools are available by default:

• aws-iam-authenticator*
• bash
• curl
• flux
• glab
• govc*
• helm
• jq
• kubectl*
• kubectx
• kubens
• kubeseal*
• netcat
• [openconnect]
• packer*
• pinentry
• ping
• python3
• saml2aws
• starship
• sudo
• tfswitch
• thesilversearcher
• tmux
• traceroute
• trivy
• vault*
• vcommands
• wget
• zsh

* indicates package is currently version-controlled

Use of Dev Container in Kubernetes

Configuring the kubernetes manifest

Once Kubernetes is enabled, you can create a namespace or leave it in the default namespace and deploy the workstation pod.

The recommended way to do this is to get the example kubernetes manifest workstation-pod.yml provided from the workstation project and edit it.

Be sure to edit the home-mount hostPath path, currently to set to /host/path/home, to be the home folder you wish for it to use. In addition, under the container, you will need to set the mountPath for the volume mount home-mount, currently set to /container/path/home, to be /home/<YOUR_USERNAME_VARIABLE>. Remember, if you are on a *nix system, and you assign this to be your home folder, things in the container including settings will intermingle with your user's settings in the host OS. It may be wise to setup a different path deeper in your home folder than simply passing the whole thing.

Ensure USERNAME it set to your username on your system which will likely be your pid and match the current $USERNAME.

The UIDNUMBER will help with ownership if set correctly. As the first user on most *nix systems is 1000, this is likely to need changed, but you can verify this by running id to get your user id.

The SHELL variable is available to switch between BASH and ZSH, with BASH currently being the more mature option.

After configuration, you can apply the manifest to the namespace of your choosing.

Note Change your kubectl client to the Rancher context rancher-desktop to ensure you apply the manifest to intended environment.

Once the container is running, running the following command will exec into the container and have the shell assume your chosen user. In the example below, it is assumed you have set USERNAME to the same user as you are launching the prompt from:

kubectl exec --stdin --tty workstation -- /bin/bash -c "su - $USERNAME"

Alternate: Use of the Dev Container inside Docker

To run the container directly with the docker engine(without kubernetes), modify the following example to your needs/environment:

docker run -d --cap-add=NET_ADMIN --env USERNAME=$USERNAME --env UIDNUMBER=1000 --env shell="/bin/bash" -v /Users/vtuser:/home/$USERNAME --name workstation code.vt.edu:5005/it-common-platform/public-images/workstation:latest

Then, simply run the following command to exec into the container(changing "vtuser" to your username):

docker exec -it workstation /bin/bash -c "su - $USERNAME"

NOTE You will receive an WARNING message, however the container will still run. Also, see the note above related to the docker login requirement when utilizing the docker engine.

Using the Dev Container

The sudo password for the newly created user can be found in /sudo_password.txt in the container.

Additionally, it is recommended to use a different KUBECONFIG location within the container, so that your KUBECONFIG does not conflict with your host system's configuration. Adding the following to your .bashrc(or other profile options, depending on the shell utilized within the container, as long as it is not the same shell used as the host system):

export KUBECONFIG="${HOME}/.kube/workstation-config"

NOTE The container used to support starting a connection to the VPN, however changes in the authentication require the user of a pop-up browser window. Without X or Wayland easily available inside the container, we suggest using the VPN client on your host OS.

Resource Usage

By default, Rancher will spawn a virtual machine with some reasonable defaults. If you need to adjust these settings, they are available in the Rancher app's interface in the File->Preferences menu under Virtual Machines.

You may want to change these from default if you are running a full ephemeral cluster. Additionally, running highly demanding resources outside your Rancher environment may require you to release resources from your virtualized cluster.