GDK on Remote Development/Workspaces
The purpose of this is to document my journey getting GDK running in a remote-development workspace. From here I'll create other issues (and MRs) to make it work better. This can also serve as a starting point for a blog post.
The Short Story
I have a fork of gdk with a .devfile.yaml in the root, using a modified version of the gdk bootstrapped container I built for remote development (pre workspaces) I’ve had to fiddle with some things along the way, and there’s a bit of handcrafting once the workspace is up, but it’s reproducible.
The Long Story
- Followed the prerequisite steps here
- Used a GKE environment, created by terraform. This allows me to 'quickly' destroy and/or recreate the cluster.
- Terraform was lifted out of this tutorial with some small modifications:
- Created the cluster in a zone rather than a whole region. This keeps it to a single initial node.
- Enabled autoscaling from 1 to 3 nodes.
- Installed
ingress-nginx
- Created records in a personal dns zone.
- Created a set of certs (using certbot and allowing for dns challenges)
- Created the oauth application in gitlab
- Installed the gitlab-workspaces-proxy
- I decided to do much of this in a personal group (gitlab.com/srza) just to be able to get the 'full' experience.
- I created a private project in my group for the gitlab agent, and created a blank
config.yaml
- Installed the gitlab agent for Kubernetes into my cluster
- Reconfigured the agent for
remote-development
- For a 'public project' I initially simply forked this demo into the same group.
- I initially encountered an issue which needed me to recreate my agent - I possibly could have simply bounced the pod. Remote Development Setup: Workspaces not creati... (gitlab-org/gitlab#413971 - closed)
- At this point I was able to spawn a workspace for the example project forked above.
- I then created a fork in the same group of gitlab-org/gitlab.
- Created a devfile (with appropriate limits). I used a container from the work I did several weeks ago, with a small modification here. I also annotated the ports I thought I might need access to. (This allows the proxy to speak to them).
- After creating a workspace I noticed the workspace creation was failing. Allow configuration of project cloning approach (gitlab-org/gitlab#414011)
- I switched up to a fresh fork of the GDK project: https://gitlab.com/srza/gdk-rdev
- Adding devfile to the GDK fork enabled me to spawn a workspace. However, I was unable to do much inside the workspace, as
asdf
and the bootstrapping was all done as the userremote
and our running workspace has a different uid. - The next step was to update my container following the guidelines from the workspaces docs: https://gitlab.com/gitlab-org/community-relations/contributor-success/gitlab-rd-web-ide-docker/-/commit/3d2ca498dff39281e41be80ae48f29a09daf80db
- This still didn't work as
asdf
by default expects to find itself and other files in a.asdf
directory inside your$HOME
. After a bit of searching, I found you could tellasdf
to install in a different place. https://gitlab.com/gitlab-org/community-relations/contributor-success/gitlab-rd-web-ide-docker/-/commit/10476edd9fabf1385b821dc15d492035af8e36a7 - At this point, I could create a workspace with GDK bootstrapped, and the
asdf
andgdk
commands were being picked up from the path (after runningexec bash
in the terminal) -
gdk
, however, was still not happy with an 'unknown' user. But here (for now) we hardcode the uid inside the container to 5001. - So I updated my container to use a uid of 5001: https://gitlab.com/gitlab-org/community-relations/contributor-success/gitlab-rd-web-ide-docker/-/commit/3c5b72facbac9c6209997290b22c5df3d7c204ad (Also updated my devfile as this created a new tag) - Success! I was able to run
gdk
in a new workspace. I proceeded with runninggdk install
- GDK installed and could run in the background, but I still had no access to it through the proxy, as it only listens on a loopback interface by default.
- Several iterations of a
gdk.yml
later and some reconfigures/restarts - I was able to access the 'gdk is booting' screen through the proxy. - At this point I noticed that rails seemed to be crashing regularly after about 45 seconds. Looking at the logs, it seemed that
fs.inotify.max_user_watches
was set to a low number (~12500) gitlab-org/gitlab-development-kit#307 (closed) - As you're running inside a cluster, you're not able to elevate your privileges to set kernel parameters. I built a DaemonSet to install on my cluster that runs with elevated privileges and sets the kernel parameter and effectively resets it regularly. (A Kubernetes DaemonSet effectively runs a copy of the pod on every node in the cluster. If we later add more nodes, it'll 'magically' run there too.)
- After confirming that the kernel parameter was now set appropriately, I (gracefully) restarted
gdk
and violá!
Actions
This is an unsorted braindump and starting point to create issues and/or MRs in the right places
-
Workspace needs to inject URL into ENV: Workspaces: Inject domain template as an enviro... (gitlab-org/gitlab#415328 - closed) -
Make something that can generate the required gdk.yml
from information available -
Run certain commands on workspace spinup (gdk install?) -
Fix/clean up the container image and build it regularly -
Make the Daemonset more robust and documented -
Add documentation into the GDK to help others along this path -
Anything else?
Edited by Raimund Hook