## DevContainer(Kubernetes + Istio)本地运行 仅保留三点:Istio 1.27.1 安装、app.ini 手动配置、安装 Devcontainer CRD(内嵌 YAML)。 ### 1) 安装 Istio 1.27.1(指定版本) ```bash ISTIO_VER=1.27.1 curl -L https://istio.io/downloadIstio | ISTIO_VERSION=${ISTIO_VER} sh - export PATH="$PWD/istio-${ISTIO_VER}/bin:$PATH" istioctl x precheck istioctl install -y --set profile=default kubectl -n istio-system get svc istio-ingressgateway -o wide ``` 说明:本项目 WebTerminal 使用 HTTP/80,经 `istio-ingressgateway` 进入,无需立刻配置 HTTPS。 ### 2) 本地 app.ini 手动配置(非helm安装的 devstar 不会自动写入) 文件:`devstar/custom/conf/app.ini` ```ini [devstar.devcontainer] NAMESPACE = default # 创建的devcontainer所在的命名空间 HOST = 192.168.23.138 # 和[server].DOMAIN一致 ``` 保存后重启后端以加载配置。 ### 3) 安装 Devcontainer CRD(内嵌 YAML,可直接 apply) 可直接复制以下清单,通过标准输入安装: ```bash kubectl apply -f - <<'YAML' --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.1 name: devcontainerapps.devcontainer.devstar.cn spec: group: devcontainer.devstar.cn names: kind: DevcontainerApp listKind: DevcontainerAppList plural: devcontainerapps singular: devcontainerapp scope: Namespaced versions: - name: v1 schema: openAPIV3Schema: description: DevcontainerApp is the Schema for the devcontainerapps API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: DevcontainerAppSpec defines the desired state of DevcontainerApp properties: failedJobsHistoryLimit: description: |- The number of failed finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. format: int32 minimum: 0 type: integer service: description: ServiceSpec specifies Service for DevContainer properties: extraPorts: description: ExtraPorts 定义额外的端口配置 items: description: ExtraPortSpec 定义额外端口配置 properties: containerPort: description: ContainerPort 是容器内的端口号 maximum: 65535 minimum: 1 type: integer name: description: Name 是端口的名称 type: string servicePort: description: ServicePort 是服务暴露的端口号 maximum: 65535 minimum: 1 type: integer required: - containerPort - servicePort type: object type: array nodePort: maximum: 32767 minimum: 30000 type: integer servicePort: minimum: 1 type: integer type: object startingDeadlineSeconds: description: |- Optional deadline in seconds for starting the job if it misses scheduled time for any reason. Missed jobs executions will be counted as failed ones. format: int64 minimum: 0 type: integer statefulset: description: StatefulSetSpec specifies StatefulSet for DevContainer properties: command: items: type: string type: array containerPort: minimum: 1 type: integer gitRepositoryURL: type: string image: type: string sshPublicKeyList: description: 至少包含一个 SSH Public Key 才能通过校验规则 items: type: string minItems: 1 type: array required: - command - gitRepositoryURL - image - sshPublicKeyList type: object successfulJobsHistoryLimit: description: |- The number of successful finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. format: int32 minimum: 0 type: integer suspend: description: |- This flag tells the controller to suspend subsequent executions, it does not apply to already started executions. Defaults to false. type: boolean required: - statefulset type: object status: description: DevcontainerAppStatus defines the observed state of DevcontainerApp properties: active: description: A list of pointers to currently running jobs. items: description: ObjectReference contains enough information to let you inspect or modify the referred object. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic type: array extraPortsAssigned: description: ExtraPortsAssigned 存储额外端口映射的 NodePort items: description: ExtraPortAssigned 定义已分配的额外端口信息 properties: containerPort: description: ContainerPort 是容器内的端口号 type: integer name: description: Name 是端口的名称 type: string nodePort: description: NodePort 是 Kubernetes 分配的 NodePort type: integer servicePort: description: ServicePort 是服务暴露的端口号 type: integer required: - containerPort - nodePort - servicePort type: object type: array lastScheduleTime: description: Information when was the last time the job was successfully scheduled. format: date-time type: string nodePortAssigned: description: NodePortAssigned 存储 DevcontainerApp CRD调度后集群分配的 NodePort type: integer ready: description: Ready 标识 DevcontainerApp 管理的 Pod 的 Readiness Probe 是否达到就绪状态 type: boolean type: object type: object served: true storage: true subresources: status: {} YAML ``` 验证 CRD: ```bash kubectl get crd devcontainerapps.devcontainer.devstar.cn -o wide ``` ### 4) 编译与运行 controller-manager(必需) controller-manager 负责监听 `DevcontainerApp` CR,并创建/更新/删除底层 K8s 资源(StatefulSet、Service 等),并回写 `Status.Ready` 等状态。仅安装 CRD 不会触发任何实际资源变更,必须运行 controller-manager 才会生效。 - 在主目录编译并运行: ```bash cd /home/psx/devstar-main make controller-manager ./controller-manager # 观察日志:应能看到 Reconcile 日志;创建 DevcontainerApp 后会创建 sts/svc ```