mirror of
https://github.com/bluxmit/alnoda-workspaces.git
synced 2024-06-26 10:10:47 +12:00
more readme updates
This commit is contained in:
parent
d46ade973a
commit
5ab4676f7d
10
README.md
10
README.md
|
@ -9,6 +9,7 @@
|
|||
* [Workspaces-in-docker vs. cloud IDE](#workspaces-in-docker-vs.-cloud-ide)
|
||||
* [Workspaces-in-docker vs. other docker workspaces](#workspaces-in-docker-vs.-other-docker-workspaces)
|
||||
* [Workspaces-in-docker principles](#workspaces-in-docker-principles)
|
||||
* [Publications](#publications)
|
||||
* [Feedback and contribution](#feedback-an-contribution)
|
||||
|
||||
|
||||
|
@ -80,13 +81,13 @@ designed to be used entirely through browser-based interfaces. Base-Workspace ha
|
|||
convenient work, such as File Browser to easily exchange files and folders with workspace, Cronicle - advanced job scheduler with great UI,
|
||||
MkDocs for documentation of the workspace and projects. This workspace includes all the features of the *Ubuntu-workspace*.
|
||||
|
||||
3. [`Workspace-in-docker`](./workspaces/workspace-in-docker/README.md) - has all the featuures of the *Base-Workspace*, and in addition -
|
||||
3. [`Workspace-in-docker`](./workspaces/workspace-in-docker/README.md) - has all the features of the *Base-Workspace*, and in addition -
|
||||
a powerful browser-based version of Visual Studio Code. This workspace allows complete isolation of many IT-related projects, such as
|
||||
software development, devops, QA, data analysis, data engineering, data science and other. Workspace can be used as local development environment,
|
||||
as well as remote, when started on the cloud server, and can be secured with password. Workspace-in-docker allows to completely isolate and switch easily
|
||||
between projects that involve multiple programming languages, different clouds, k8s clusters and have system dependencies. Withou this workspace
|
||||
swithing between such complex environments would require multiple actions and can be tedious work. Workspace-in-docker is great for collaborative work,
|
||||
can be easily shared, moved to any cloud server, backed up, has versions and can be easily extended and customised. Can be used as build, test or even
|
||||
can be easily shared, moved to any cloud server, backed up, has versions and can be easily extended and customized. Can be used as build, test or even
|
||||
runtime environment.
|
||||
|
||||
## Why dev environmet in docker
|
||||
|
@ -160,6 +161,11 @@ When developing our dockerized workspaces, we try to set and follow some rules:
|
|||
databases, server resource monitors should not be the part of the workspace. Instead they should be integrated with
|
||||
workspace in docker compose.
|
||||
|
||||
## Publications
|
||||
|
||||
- [The way I use Docker as interactive environment for tries and experiments](https://medium.com/@bluxmit/the-way-i-use-docker-as-interactive-environment-for-tries-and-experiments-52ac06c0ec69)
|
||||
- [Docker as a lightweight VM - docker image that you can use as VM substitute](https://medium.com/@bluxmit/docker-as-a-lightweight-vm-docker-image-that-you-can-use-as-vm-substitute-164032e4ed0b)
|
||||
|
||||
## Feedback and contribution
|
||||
|
||||
Workspaces in docker helped me to manage multiple projects in different clouds and k8s clusters. They made my work so much easier,
|
||||
|
|
|
@ -56,7 +56,7 @@ run ETL scripts and many others.
|
|||
|
||||
Since these jobs are owned by multiple users we need some kind of isolation. Running separate servers for every user would be too cost-inefficient.
|
||||
Most periodic tasks utilize compute resources from time to time, and running the server all the time would be such a waste. It makes more sense
|
||||
to have one server where all these virtual environments are running. Aslo it easier for sysops to monitor and maintain a single server.
|
||||
to have one server where all these virtual environments are running. Also it easier for sysops to monitor and maintain a single server.
|
||||
|
||||
Base-workspace is a way to provide isolated environments on a shared server, which is used by multiple users. It is more resource-efficient than VM,
|
||||
it is secure (if running under defualit user), and it is convenient to use, becuause Base-workspace is bootstrapped with many commonly used applications,
|
||||
|
|
|
@ -0,0 +1,75 @@
|
|||
|
||||
version: "3.3"
|
||||
|
||||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v2.4"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
- "--api"
|
||||
- "--api.dashboard"
|
||||
- "--api.insecure"
|
||||
- "--providers.docker"
|
||||
- "--entrypoints.docs.address=:8020"
|
||||
- "--entrypoints.filebrowser.address=:8021"
|
||||
- "--entrypoints.staticfs.address=:8022"
|
||||
- "--entrypoints.cronicle.address=:8023"
|
||||
- "--entrypoints.ungit.address=:8024"
|
||||
- "--entrypoints.terminal.address=:8026"
|
||||
ports:
|
||||
- 8080:8080
|
||||
- "8020-8030:8020-8030"
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
|
||||
workspace:
|
||||
image: alnoda/workspace-in-docker
|
||||
environment:
|
||||
- WRK_HOST="68.183.218.233"
|
||||
labels:
|
||||
# To create user:password pair, it's possible to use this command:
|
||||
# In any workspace-in-docker execute in terminal: echo $(htpasswd -nB <userName>) | sed -e s/\\$/\\$\\$/g
|
||||
# (csubstitute <userName> with the user name of your choice)
|
||||
# and enter password (twice)
|
||||
# by default the user:pass is admin:admin
|
||||
# You can have multiple <user:pass> separated with ","
|
||||
- "traefik.http.middlewares.basic-auth.basicauth.users=admin:$$2y$$05$$eub6CV.CwUYCCQjNBvSf5uZnzdRmVwGZ/ncxecb9O7WxCR8aLuM3K"
|
||||
- "traefik.enable=true"
|
||||
# docs
|
||||
- "traefik.http.services.docs.loadbalancer.server.port=8020"
|
||||
- "traefik.http.routers.docs.service=docs"
|
||||
- "traefik.http.routers.docs.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.routers.docs.entrypoints=docs"
|
||||
- "traefik.http.routers.docs.middlewares=basic-auth"
|
||||
# filebrowser
|
||||
- "traefik.http.services.filebrowser.loadbalancer.server.port=8021"
|
||||
- "traefik.http.routers.filebrowser.service=filebrowser"
|
||||
- "traefik.http.routers.filebrowser.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.routers.filebrowser.entrypoints=filebrowser"
|
||||
- "traefik.http.routers.filebrowser.middlewares=basic-auth"
|
||||
# static file server
|
||||
- "traefik.http.services.staticfs.loadbalancer.server.port=8022"
|
||||
- "traefik.http.routers.staticfs.service=staticfs"
|
||||
- "traefik.http.routers.staticfs.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.routers.staticfs.entrypoints=staticfs"
|
||||
- "traefik.http.routers.staticfs.middlewares=basic-auth"
|
||||
# cronicle
|
||||
- "traefik.http.services.cronicle.loadbalancer.server.port=8023"
|
||||
- "traefik.http.routers.cronicle.service=cronicle"
|
||||
- "traefik.http.routers.cronicle.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.routers.cronicle.entrypoints=cronicle"
|
||||
- "traefik.http.routers.cronicle.middlewares=basic-auth"
|
||||
# ungit
|
||||
- "traefik.http.services.ungit.loadbalancer.server.port=8024"
|
||||
- "traefik.http.routers.ungit.service=ungit"
|
||||
- "traefik.http.routers.ungit.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.routers.ungit.entrypoints=ungit"
|
||||
- "traefik.http.routers.ungit.middlewares=basic-auth"
|
||||
# ide
|
||||
- "traefik.http.services.terminal.loadbalancer.server.port=8026"
|
||||
- "traefik.http.routers.terminal.service=ide"
|
||||
- "traefik.http.routers.terminal.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.routers.terminal.entrypoints=ide"
|
||||
- "traefik.http.routers.terminal.middlewares=basic-auth"
|
||||
|
|
@ -122,7 +122,7 @@ Workspace has WEB-based terminal, and you will be able to use workspace from bro
|
|||
It is very easy to run your workspace in cloud on any server. You are completely independent on the
|
||||
cloud provider, can easily start, stop and move workspaces between servers.
|
||||
|
||||
It is recommended to start workspace with authenticationn, otherwise anyone will be
|
||||
It is recommended to start workspace with authentication, otherwise anyone will be
|
||||
able to use your workspace. Use this simple docker-compose file to start workspace in
|
||||
cloud with basic authentication
|
||||
|
||||
|
@ -156,11 +156,18 @@ services:
|
|||
This configuration launches workspace with the default authentication user:pass is **admin:admin**.
|
||||
You might want to generate new credentials.
|
||||
|
||||
The password for the traefik basic auth is generated with the **htpasswd**. For connvenience,
|
||||
The password for the traefik basic auth must be encrypted with the **htpasswd**. For connvenience,
|
||||
it is installed in every workspace-in-docker, and the easiest way is to generate the password
|
||||
is to launch workspace locally first, use its terminal to create a password, and then start
|
||||
workspace on remote server. Don't forget to change this line in the docker-compose file with the
|
||||
new user:pass
|
||||
workspace on remote server.
|
||||
|
||||
To encrypt password open terminal of the local workspace and execute
|
||||
|
||||
> ```echo $(htpasswd -nB <userName>) | sed -e s/\\$/\\$\\$/g```
|
||||
|
||||
substitute `<userName>` with the new user name, and prowide password on prompt. After this htpasswd will output encrypted password.
|
||||
|
||||
Don't forget to change this line in the docker-compose file with the new user:encpypted_pass
|
||||
|
||||
```
|
||||
- "traefik.http.middlewares.basic-auth.basicauth.users=admin:$$2y$$05$$eub6CV.CwUYCCQjNBvSf5uZnzdRmVwGZ/ncxecb9O7WxCR8aLuM3K"
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
# Workspace-in-docker
|
||||
|
||||
Workspace-in-docker has all the featuures of the *Base-Workspace*, and in addition it includes
|
||||
a powerful browser-based version of Visual Studio Code.
|
||||
Workspace-in-docker has all the features of the *Base-Workspace*, and in addition it includes
|
||||
a powerful browser-based version of Visual Studio Code. It is a lightweight VM alternative, which provides full isolation,
|
||||
consumes little resources and contains full-fledged IDE.
|
||||
|
||||
![Workspaces are amazing!](./img/workspace-demo.gif)
|
||||
|
||||
|
@ -11,7 +12,7 @@ Workspace can be used as local development environment, as well as remote, when
|
|||
Workspace-in-docker allows to completely isolate and switch easily between projects that involve multiple programming languages, cloud CLIs,
|
||||
k8s clusters, configurations and have system dependencies. Withou this workspace swithing between such complex environments would require multiple actions and can be tedious work.
|
||||
|
||||
Workspace-in-docker is great for collaborative work - itcan be easily shared, moved to any cloud server, backed up, has versions and can be easily extended and customised.
|
||||
Workspace-in-docker is great for collaborative work - itcan be easily shared, moved to any cloud server, backed up, has versions and can be easily extended and customized.
|
||||
Can be used as build, test or even runtime environment.
|
||||
|
||||
Workspace-in-docker is a good choice if you want control and versatility. It is lightweight,
|
||||
|
|
|
@ -21,17 +21,25 @@ The places you need to change are marked on this picture:
|
|||
![Change configs here](../img/auth-yaml.png)
|
||||
|
||||
- environmental variable `WRK_HOST` - set it to be the public IP of the server you've got
|
||||
- update authentication. The default user/pass is admin/admin, you might want to change it to your own user/pass. Traefik requires passwords
|
||||
to be generated with [**htpasswd**](https://httpd.apache.org/docs/2.4/programs/htpasswd.html)
|
||||
- update authentication. The default user/pass is admin/admin, you might want to change it to your own user/pass.
|
||||
|
||||
To save your time, ***htpasswd is already installed in the workspace-in-docker***. Simply launch workspace-in-docker locally, open IDE or terminal, and
|
||||
execute
|
||||
The password for the traefik basic auth must be encrypted with the **htpasswd**. For connvenience,
|
||||
it is installed in every workspace-in-docker, and the easiest way is to generate the password
|
||||
is to launch workspace locally first, use its terminal to create a password, and then start
|
||||
workspace on remote server.
|
||||
|
||||
To encrypt password open terminal of the local workspace and execute
|
||||
|
||||
> ```echo $(htpasswd -nB <userName>) | sed -e s/\\$/\\$\\$/g```
|
||||
|
||||
substitute `<userName>` with the new user name, and prowide password on prompt. After this htpasswd will output encrypted password.
|
||||
|
||||
Don't forget to change this line in the docker-compose file with the new user:encpypted_pass
|
||||
|
||||
```
|
||||
echo $(htpasswd -nB <userName>) | sed -e s/\\$/\\$\\$/g
|
||||
- "traefik.http.middlewares.basic-auth.basicauth.users=admin:$$2y$$05$$eub6CV.CwUYCCQjNBvSf5uZnzdRmVwGZ/ncxecb9O7WxCR8aLuM3K"
|
||||
```
|
||||
|
||||
Of course, change `<userName>` to the user name of your choice. Prompt will ask for password (twice)
|
||||
|
||||
ssh to the remote server and create file `remote-workspace-auth.yaml`. For example `nano remote-workspace-auth.yaml`, paste the content of the
|
||||
modified file and save changes.
|
||||
|
|
Loading…
Reference in a new issue