mirror of
https://github.com/bluxmit/alnoda-workspaces.git
synced 2024-09-30 09:16:14 +13:00
more readme updates
This commit is contained in:
parent
d46ade973a
commit
5ab4676f7d
6 changed files with 113 additions and 16 deletions
10
README.md
10
README.md
|
@ -9,6 +9,7 @@
|
||||||
* [Workspaces-in-docker vs. cloud IDE](#workspaces-in-docker-vs.-cloud-ide)
|
* [Workspaces-in-docker vs. cloud IDE](#workspaces-in-docker-vs.-cloud-ide)
|
||||||
* [Workspaces-in-docker vs. other docker workspaces](#workspaces-in-docker-vs.-other-docker-workspaces)
|
* [Workspaces-in-docker vs. other docker workspaces](#workspaces-in-docker-vs.-other-docker-workspaces)
|
||||||
* [Workspaces-in-docker principles](#workspaces-in-docker-principles)
|
* [Workspaces-in-docker principles](#workspaces-in-docker-principles)
|
||||||
|
* [Publications](#publications)
|
||||||
* [Feedback and contribution](#feedback-an-contribution)
|
* [Feedback and contribution](#feedback-an-contribution)
|
||||||
|
|
||||||
|
|
||||||
|
@ -80,13 +81,13 @@ designed to be used entirely through browser-based interfaces. Base-Workspace ha
|
||||||
convenient work, such as File Browser to easily exchange files and folders with workspace, Cronicle - advanced job scheduler with great UI,
|
convenient work, such as File Browser to easily exchange files and folders with workspace, Cronicle - advanced job scheduler with great UI,
|
||||||
MkDocs for documentation of the workspace and projects. This workspace includes all the features of the *Ubuntu-workspace*.
|
MkDocs for documentation of the workspace and projects. This workspace includes all the features of the *Ubuntu-workspace*.
|
||||||
|
|
||||||
3. [`Workspace-in-docker`](./workspaces/workspace-in-docker/README.md) - has all the featuures of the *Base-Workspace*, and in addition -
|
3. [`Workspace-in-docker`](./workspaces/workspace-in-docker/README.md) - has all the features of the *Base-Workspace*, and in addition -
|
||||||
a powerful browser-based version of Visual Studio Code. This workspace allows complete isolation of many IT-related projects, such as
|
a powerful browser-based version of Visual Studio Code. This workspace allows complete isolation of many IT-related projects, such as
|
||||||
software development, devops, QA, data analysis, data engineering, data science and other. Workspace can be used as local development environment,
|
software development, devops, QA, data analysis, data engineering, data science and other. Workspace can be used as local development environment,
|
||||||
as well as remote, when started on the cloud server, and can be secured with password. Workspace-in-docker allows to completely isolate and switch easily
|
as well as remote, when started on the cloud server, and can be secured with password. Workspace-in-docker allows to completely isolate and switch easily
|
||||||
between projects that involve multiple programming languages, different clouds, k8s clusters and have system dependencies. Withou this workspace
|
between projects that involve multiple programming languages, different clouds, k8s clusters and have system dependencies. Withou this workspace
|
||||||
swithing between such complex environments would require multiple actions and can be tedious work. Workspace-in-docker is great for collaborative work,
|
swithing between such complex environments would require multiple actions and can be tedious work. Workspace-in-docker is great for collaborative work,
|
||||||
can be easily shared, moved to any cloud server, backed up, has versions and can be easily extended and customised. Can be used as build, test or even
|
can be easily shared, moved to any cloud server, backed up, has versions and can be easily extended and customized. Can be used as build, test or even
|
||||||
runtime environment.
|
runtime environment.
|
||||||
|
|
||||||
## Why dev environmet in docker
|
## Why dev environmet in docker
|
||||||
|
@ -160,6 +161,11 @@ When developing our dockerized workspaces, we try to set and follow some rules:
|
||||||
databases, server resource monitors should not be the part of the workspace. Instead they should be integrated with
|
databases, server resource monitors should not be the part of the workspace. Instead they should be integrated with
|
||||||
workspace in docker compose.
|
workspace in docker compose.
|
||||||
|
|
||||||
|
## Publications
|
||||||
|
|
||||||
|
- [The way I use Docker as interactive environment for tries and experiments](https://medium.com/@bluxmit/the-way-i-use-docker-as-interactive-environment-for-tries-and-experiments-52ac06c0ec69)
|
||||||
|
- [Docker as a lightweight VM - docker image that you can use as VM substitute](https://medium.com/@bluxmit/docker-as-a-lightweight-vm-docker-image-that-you-can-use-as-vm-substitute-164032e4ed0b)
|
||||||
|
|
||||||
## Feedback and contribution
|
## Feedback and contribution
|
||||||
|
|
||||||
Workspaces in docker helped me to manage multiple projects in different clouds and k8s clusters. They made my work so much easier,
|
Workspaces in docker helped me to manage multiple projects in different clouds and k8s clusters. They made my work so much easier,
|
||||||
|
|
|
@ -56,7 +56,7 @@ run ETL scripts and many others.
|
||||||
|
|
||||||
Since these jobs are owned by multiple users we need some kind of isolation. Running separate servers for every user would be too cost-inefficient.
|
Since these jobs are owned by multiple users we need some kind of isolation. Running separate servers for every user would be too cost-inefficient.
|
||||||
Most periodic tasks utilize compute resources from time to time, and running the server all the time would be such a waste. It makes more sense
|
Most periodic tasks utilize compute resources from time to time, and running the server all the time would be such a waste. It makes more sense
|
||||||
to have one server where all these virtual environments are running. Aslo it easier for sysops to monitor and maintain a single server.
|
to have one server where all these virtual environments are running. Also it easier for sysops to monitor and maintain a single server.
|
||||||
|
|
||||||
Base-workspace is a way to provide isolated environments on a shared server, which is used by multiple users. It is more resource-efficient than VM,
|
Base-workspace is a way to provide isolated environments on a shared server, which is used by multiple users. It is more resource-efficient than VM,
|
||||||
it is secure (if running under defualit user), and it is convenient to use, becuause Base-workspace is bootstrapped with many commonly used applications,
|
it is secure (if running under defualit user), and it is convenient to use, becuause Base-workspace is bootstrapped with many commonly used applications,
|
||||||
|
|
|
@ -0,0 +1,75 @@
|
||||||
|
|
||||||
|
version: "3.3"
|
||||||
|
|
||||||
|
services:
|
||||||
|
|
||||||
|
traefik:
|
||||||
|
image: "traefik:v2.4"
|
||||||
|
container_name: "traefik"
|
||||||
|
command:
|
||||||
|
- "--api"
|
||||||
|
- "--api.dashboard"
|
||||||
|
- "--api.insecure"
|
||||||
|
- "--providers.docker"
|
||||||
|
- "--entrypoints.docs.address=:8020"
|
||||||
|
- "--entrypoints.filebrowser.address=:8021"
|
||||||
|
- "--entrypoints.staticfs.address=:8022"
|
||||||
|
- "--entrypoints.cronicle.address=:8023"
|
||||||
|
- "--entrypoints.ungit.address=:8024"
|
||||||
|
- "--entrypoints.terminal.address=:8026"
|
||||||
|
ports:
|
||||||
|
- 8080:8080
|
||||||
|
- "8020-8030:8020-8030"
|
||||||
|
volumes:
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||||
|
|
||||||
|
workspace:
|
||||||
|
image: alnoda/workspace-in-docker
|
||||||
|
environment:
|
||||||
|
- WRK_HOST="68.183.218.233"
|
||||||
|
labels:
|
||||||
|
# To create user:password pair, it's possible to use this command:
|
||||||
|
# In any workspace-in-docker execute in terminal: echo $(htpasswd -nB <userName>) | sed -e s/\\$/\\$\\$/g
|
||||||
|
# (csubstitute <userName> with the user name of your choice)
|
||||||
|
# and enter password (twice)
|
||||||
|
# by default the user:pass is admin:admin
|
||||||
|
# You can have multiple <user:pass> separated with ","
|
||||||
|
- "traefik.http.middlewares.basic-auth.basicauth.users=admin:$$2y$$05$$eub6CV.CwUYCCQjNBvSf5uZnzdRmVwGZ/ncxecb9O7WxCR8aLuM3K"
|
||||||
|
- "traefik.enable=true"
|
||||||
|
# docs
|
||||||
|
- "traefik.http.services.docs.loadbalancer.server.port=8020"
|
||||||
|
- "traefik.http.routers.docs.service=docs"
|
||||||
|
- "traefik.http.routers.docs.rule=PathPrefix(`/`)"
|
||||||
|
- "traefik.http.routers.docs.entrypoints=docs"
|
||||||
|
- "traefik.http.routers.docs.middlewares=basic-auth"
|
||||||
|
# filebrowser
|
||||||
|
- "traefik.http.services.filebrowser.loadbalancer.server.port=8021"
|
||||||
|
- "traefik.http.routers.filebrowser.service=filebrowser"
|
||||||
|
- "traefik.http.routers.filebrowser.rule=PathPrefix(`/`)"
|
||||||
|
- "traefik.http.routers.filebrowser.entrypoints=filebrowser"
|
||||||
|
- "traefik.http.routers.filebrowser.middlewares=basic-auth"
|
||||||
|
# static file server
|
||||||
|
- "traefik.http.services.staticfs.loadbalancer.server.port=8022"
|
||||||
|
- "traefik.http.routers.staticfs.service=staticfs"
|
||||||
|
- "traefik.http.routers.staticfs.rule=PathPrefix(`/`)"
|
||||||
|
- "traefik.http.routers.staticfs.entrypoints=staticfs"
|
||||||
|
- "traefik.http.routers.staticfs.middlewares=basic-auth"
|
||||||
|
# cronicle
|
||||||
|
- "traefik.http.services.cronicle.loadbalancer.server.port=8023"
|
||||||
|
- "traefik.http.routers.cronicle.service=cronicle"
|
||||||
|
- "traefik.http.routers.cronicle.rule=PathPrefix(`/`)"
|
||||||
|
- "traefik.http.routers.cronicle.entrypoints=cronicle"
|
||||||
|
- "traefik.http.routers.cronicle.middlewares=basic-auth"
|
||||||
|
# ungit
|
||||||
|
- "traefik.http.services.ungit.loadbalancer.server.port=8024"
|
||||||
|
- "traefik.http.routers.ungit.service=ungit"
|
||||||
|
- "traefik.http.routers.ungit.rule=PathPrefix(`/`)"
|
||||||
|
- "traefik.http.routers.ungit.entrypoints=ungit"
|
||||||
|
- "traefik.http.routers.ungit.middlewares=basic-auth"
|
||||||
|
# ide
|
||||||
|
- "traefik.http.services.terminal.loadbalancer.server.port=8026"
|
||||||
|
- "traefik.http.routers.terminal.service=ide"
|
||||||
|
- "traefik.http.routers.terminal.rule=PathPrefix(`/`)"
|
||||||
|
- "traefik.http.routers.terminal.entrypoints=ide"
|
||||||
|
- "traefik.http.routers.terminal.middlewares=basic-auth"
|
||||||
|
|
|
@ -122,7 +122,7 @@ Workspace has WEB-based terminal, and you will be able to use workspace from bro
|
||||||
It is very easy to run your workspace in cloud on any server. You are completely independent on the
|
It is very easy to run your workspace in cloud on any server. You are completely independent on the
|
||||||
cloud provider, can easily start, stop and move workspaces between servers.
|
cloud provider, can easily start, stop and move workspaces between servers.
|
||||||
|
|
||||||
It is recommended to start workspace with authenticationn, otherwise anyone will be
|
It is recommended to start workspace with authentication, otherwise anyone will be
|
||||||
able to use your workspace. Use this simple docker-compose file to start workspace in
|
able to use your workspace. Use this simple docker-compose file to start workspace in
|
||||||
cloud with basic authentication
|
cloud with basic authentication
|
||||||
|
|
||||||
|
@ -156,11 +156,18 @@ services:
|
||||||
This configuration launches workspace with the default authentication user:pass is **admin:admin**.
|
This configuration launches workspace with the default authentication user:pass is **admin:admin**.
|
||||||
You might want to generate new credentials.
|
You might want to generate new credentials.
|
||||||
|
|
||||||
The password for the traefik basic auth is generated with the **htpasswd**. For connvenience,
|
The password for the traefik basic auth must be encrypted with the **htpasswd**. For connvenience,
|
||||||
it is installed in every workspace-in-docker, and the easiest way is to generate the password
|
it is installed in every workspace-in-docker, and the easiest way is to generate the password
|
||||||
is to launch workspace locally first, use its terminal to create a password, and then start
|
is to launch workspace locally first, use its terminal to create a password, and then start
|
||||||
workspace on remote server. Don't forget to change this line in the docker-compose file with the
|
workspace on remote server.
|
||||||
new user:pass
|
|
||||||
|
To encrypt password open terminal of the local workspace and execute
|
||||||
|
|
||||||
|
> ```echo $(htpasswd -nB <userName>) | sed -e s/\\$/\\$\\$/g```
|
||||||
|
|
||||||
|
substitute `<userName>` with the new user name, and prowide password on prompt. After this htpasswd will output encrypted password.
|
||||||
|
|
||||||
|
Don't forget to change this line in the docker-compose file with the new user:encpypted_pass
|
||||||
|
|
||||||
```
|
```
|
||||||
- "traefik.http.middlewares.basic-auth.basicauth.users=admin:$$2y$$05$$eub6CV.CwUYCCQjNBvSf5uZnzdRmVwGZ/ncxecb9O7WxCR8aLuM3K"
|
- "traefik.http.middlewares.basic-auth.basicauth.users=admin:$$2y$$05$$eub6CV.CwUYCCQjNBvSf5uZnzdRmVwGZ/ncxecb9O7WxCR8aLuM3K"
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
# Workspace-in-docker
|
# Workspace-in-docker
|
||||||
|
|
||||||
Workspace-in-docker has all the featuures of the *Base-Workspace*, and in addition it includes
|
Workspace-in-docker has all the features of the *Base-Workspace*, and in addition it includes
|
||||||
a powerful browser-based version of Visual Studio Code.
|
a powerful browser-based version of Visual Studio Code. It is a lightweight VM alternative, which provides full isolation,
|
||||||
|
consumes little resources and contains full-fledged IDE.
|
||||||
|
|
||||||
![Workspaces are amazing!](./img/workspace-demo.gif)
|
![Workspaces are amazing!](./img/workspace-demo.gif)
|
||||||
|
|
||||||
|
@ -11,7 +12,7 @@ Workspace can be used as local development environment, as well as remote, when
|
||||||
Workspace-in-docker allows to completely isolate and switch easily between projects that involve multiple programming languages, cloud CLIs,
|
Workspace-in-docker allows to completely isolate and switch easily between projects that involve multiple programming languages, cloud CLIs,
|
||||||
k8s clusters, configurations and have system dependencies. Withou this workspace swithing between such complex environments would require multiple actions and can be tedious work.
|
k8s clusters, configurations and have system dependencies. Withou this workspace swithing between such complex environments would require multiple actions and can be tedious work.
|
||||||
|
|
||||||
Workspace-in-docker is great for collaborative work - itcan be easily shared, moved to any cloud server, backed up, has versions and can be easily extended and customised.
|
Workspace-in-docker is great for collaborative work - itcan be easily shared, moved to any cloud server, backed up, has versions and can be easily extended and customized.
|
||||||
Can be used as build, test or even runtime environment.
|
Can be used as build, test or even runtime environment.
|
||||||
|
|
||||||
Workspace-in-docker is a good choice if you want control and versatility. It is lightweight,
|
Workspace-in-docker is a good choice if you want control and versatility. It is lightweight,
|
||||||
|
|
|
@ -21,17 +21,25 @@ The places you need to change are marked on this picture:
|
||||||
![Change configs here](../img/auth-yaml.png)
|
![Change configs here](../img/auth-yaml.png)
|
||||||
|
|
||||||
- environmental variable `WRK_HOST` - set it to be the public IP of the server you've got
|
- environmental variable `WRK_HOST` - set it to be the public IP of the server you've got
|
||||||
- update authentication. The default user/pass is admin/admin, you might want to change it to your own user/pass. Traefik requires passwords
|
- update authentication. The default user/pass is admin/admin, you might want to change it to your own user/pass.
|
||||||
to be generated with [**htpasswd**](https://httpd.apache.org/docs/2.4/programs/htpasswd.html)
|
|
||||||
|
|
||||||
To save your time, ***htpasswd is already installed in the workspace-in-docker***. Simply launch workspace-in-docker locally, open IDE or terminal, and
|
The password for the traefik basic auth must be encrypted with the **htpasswd**. For connvenience,
|
||||||
execute
|
it is installed in every workspace-in-docker, and the easiest way is to generate the password
|
||||||
|
is to launch workspace locally first, use its terminal to create a password, and then start
|
||||||
|
workspace on remote server.
|
||||||
|
|
||||||
|
To encrypt password open terminal of the local workspace and execute
|
||||||
|
|
||||||
|
> ```echo $(htpasswd -nB <userName>) | sed -e s/\\$/\\$\\$/g```
|
||||||
|
|
||||||
|
substitute `<userName>` with the new user name, and prowide password on prompt. After this htpasswd will output encrypted password.
|
||||||
|
|
||||||
|
Don't forget to change this line in the docker-compose file with the new user:encpypted_pass
|
||||||
|
|
||||||
```
|
```
|
||||||
echo $(htpasswd -nB <userName>) | sed -e s/\\$/\\$\\$/g
|
- "traefik.http.middlewares.basic-auth.basicauth.users=admin:$$2y$$05$$eub6CV.CwUYCCQjNBvSf5uZnzdRmVwGZ/ncxecb9O7WxCR8aLuM3K"
|
||||||
```
|
```
|
||||||
|
|
||||||
Of course, change `<userName>` to the user name of your choice. Prompt will ask for password (twice)
|
|
||||||
|
|
||||||
ssh to the remote server and create file `remote-workspace-auth.yaml`. For example `nano remote-workspace-auth.yaml`, paste the content of the
|
ssh to the remote server and create file `remote-workspace-auth.yaml`. For example `nano remote-workspace-auth.yaml`, paste the content of the
|
||||||
modified file and save changes.
|
modified file and save changes.
|
||||||
|
|
Loading…
Reference in a new issue