Home Platform9 Live - Stream Notes - VS Code Server - Kubeconfig
Post
Cancel

Platform9 Live - Stream Notes - VS Code Server - Kubeconfig

Posted Jun 1, 2022 Updated Sep 6, 2022
By Esten Rye
3 min read

VS Code Server Kube Config

Goals for the Stream

  • Modify my VS Code helm chart to setup a kubernetes role
    • Full privileges to the vscode-server namespace.
    • Link this role with a role binding to the service account generated by the helm chart.
    • configure my kubectl and vs code kubernetes plugins to use the service account token.

Creating a role for vscode-server

Resources Referenced

Cluster Role Binding Definition

For this role, I want full administrative permissions for the namespace.

To generate the ClusterRoleBinding:

1
2
3
4
5

k create clusterrolebinding \
  --serviceaccount=vscode-server:code-server-vscode-server \
  --clusterrole=admin admin-cluster-role-binding \
  --dry-run=client \
  -o yaml

1
2
3
4
5
6
7
8
9
10
11
12
13

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  creationTimestamp: null
  name: admin-cluster-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: admin
subjects:
- kind: ServiceAccount
  name: code-server-vscode-server
  namespace: vscode-server

Turning it into a template that can be executed by the Helm Chart

1
2
3
4
5
6
7
8
9
10
11
12
13

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: -binding
  labels:
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: admin
subjects:
- kind: ServiceAccount
  name: 
  namespace:

Building a Custom VS Code Server Image

In order to use brew to install pre-commit and other tools, I need build-essentials. To start with, we are going to add build-essentials to the image and create a build process.

References

Customizing the image

1
2
3
4
5
6
7

FROM linuxserver/code-server:4.4.0
ENV DEBIAN_FRONTEND=noninteractive
RUN apt update \
  && apt install -y \
         build-essential \
  && apt clean \
  && rm -rf /var/lib/apt/lists/*

Adding a reusable Github workflow

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

name: Build and Publish Docker Image

on:
  workflow_call:
    inputs:
      DOCKER_IMAGENAME:
        required: true
        type: string
      DOCKER_USERNAME:
        required: true
        type: string
      PUSH_IMAGE:
        required: true
        type: boolean
    secrets:
      docker_password:
        required: true

jobs:
  # define job to build and publish docker image
  build-and-push-docker-image:
    name: Build Docker image and push to repositories
    environment: Docker

    # run only when code is compiling and tests are passing
    runs-on: ubuntu-latest

    # steps to perform in job
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      # setup Docker buld action
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v1

      - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: $
          password: $

      - name: Build image and push to Docker Hub and GitHub Container Registry
        id: docker_build
        uses: docker/build-push-action@v2
        with:
          # relative path to the place where source code with Dockerfile is located
          context: docker/$/$
          # Note: tags has to be all lower-case
          tags: |
            $/$:latest
          # build on feature branches, push only on main branch
          push: $

Using reusable Github Workflow

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

# This is a basic workflow to help you get started with Actions

name: CI | Docker | estenrye/vscode-server


# Controls when the workflow will run
on:
  # Triggers the workflow on push or pull request events but only for the master branch
  push:
    paths:
      - docker/estenrye/vscode-server/**
      - .github/workflows/CI-estenrye-vscode-server.yml
      - .github/workflows/CI-Docker-Image-Build-Template.yml

  pull_request:
    branches: [ master ]
    paths:
      - docker/estenrye/vscode-server/**
      - .github/workflows/CI-estenrye-vscode-server.yml
      - .github/workflows/CI-Docker-Image-Build-Template.yml

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # define job to build and publish docker image
  build-and-push-docker-image:
    name: Build Docker image and push to repositories
    uses: ./.github/workflows/CI-Docker-Image-Build-Template.yml
    with:
      DOCKER_IMAGENAME: vscode-server
      DOCKER_USERNAME: estenrye
      PUSH_IMAGE: $
    secrets:
      docker_password: $
Platform9 Live
VS-Code-Server kubernetes
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents