{"id":15130020,"url":"https://github.com/davidliyutong/idekube-container","last_synced_at":"2026-01-05T09:15:15.717Z","repository":{"id":251689693,"uuid":"834890047","full_name":"davidliyutong/idekube-container","owner":"davidliyutong","description":"Collection of dev containers for IDEKube project","archived":false,"fork":false,"pushed_at":"2025-03-26T08:51:45.000Z","size":12315,"stargazers_count":4,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-26T09:41:04.280Z","etag":null,"topics":["cloud-computing","docker","ide","k8s"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/davidliyutong.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-28T17:06:38.000Z","updated_at":"2025-03-26T08:51:48.000Z","dependencies_parsed_at":null,"dependency_job_id":"9ef82ba3-5d35-4f30-8d9d-d48e4daa7ccd","html_url":"https://github.com/davidliyutong/idekube-container","commit_stats":null,"previous_names":["davidliyutong/idekube-container"],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidliyutong%2Fidekube-container","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidliyutong%2Fidekube-container/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidliyutong%2Fidekube-container/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidliyutong%2Fidekube-container/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davidliyutong","download_url":"https://codeload.github.com/davidliyutong/idekube-container/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247387025,"owners_count":20930759,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-computing","docker","ide","k8s"],"created_at":"2024-09-26T02:27:01.982Z","updated_at":"2026-01-05T09:15:15.703Z","avatar_url":"https://github.com/davidliyutong.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# idekube container\n\n\u003cdiv style=\"text-align: center;\"\u003e\n \u003cimg src=\"assets/screenshot-0.jpg\" alt=\"Screenshot\" style=\"width: 100%; max-width: 100%; height: auto;\"\u003e\n\u003c/div\u003e\nThe IDEKUBE project was initiated to provide an IDE container, facilitating development work within Kubernetes clusters. This is a continuously updated collection of containers, primarily used in scenarios such as robotics, simulations, machine learning, and education. The project has been utilized in courses at the Shanghai Jiao Tong University Paris Elite Institute of Technology (SPEIT).\n\nThe project is divided into three branches: `coder` and `jupyter`, each offering IDE containers based on Coder and Jupyter respectively, and `featured`, which provides a desktop environment and Coder. All branches offer SSH support based on Websocat tunnels. All exposed services are reverse-proxied by the built-in Nginx on port 80 of the container, with the following endpoints:\n\n| Endpoint | Service |\n|----------------------|--------------------------|\n| `/coder/` | Coder service |\n| `/jupyter/` | Jupyter service |\n| `/vnc/` | noVNC service |\n| `/vnc/websockify/` | noVNC websockify service |\n| `/ssh` | Websocat-proxied SSH |\n\nThe desktop environment supports hardware acceleration based on EGL (using VirtualGL), thus eliminating the need for /tmp/.X11-unix mapping. When the container runs on an NVIDIA runtime, it should load NVIDIA's OpenGL libraries and enable hardware acceleration. If the container is not configured with a GPU, it will switch to software rendering mode. The container has been tested in Kubernetes clusters with `nvidia-device-plugin`, WSL, and `nvidia-container-toolkit`, an external display is not required.\n\nThe container supports architectures including `amd64` and `arm64`.\n\n\u003e Due to a lack of hardware, GPU hardware acceleration on the `arm64` architecture has not been tested.\n\n## Get Started\n\nThis image is designed to be used in a Kubernetes cluster. The following is an example deployment for `k3s` and `nvidia-device-plugin` combo:\n\n```yaml\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: test-pod\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: test-pod\n template:\n metadata:\n labels:\n app: test-pod\n spec:\n runtimeClassName: nvidia\n containers:\n - name: container-0\n image: docker.io/davidliyutong/idekube-container:featured-base-v0.3.1\n env:\n - name: NVIDIA_DRIVER_CAPABILITIES # For Vulkan, OpenGL, NVEncode, etc, avoid manually mapping libs.\n value: all\n ports:\n - containerPort: 80\n name: 80tcp\n protocol: TCP\n resources: # GPU allocation\n limits:\n nvidia.com/gpu: \"1\"\n requests:\n nvidia.com/gpu: \"1\"\n securityContext:\n allowPrivilegeEscalation: true\n privileged: false\n volumeMounts:\n - mountPath: /home/idekube\n name: your-volume\n - mountPath: /dev/shm # For deep learning frameworks, e.g. PyTorch\n name: shm-volume\n volumes:\n - name: your-volume # Use a volume claim for persistent storage\n persistentVolumeClaim:\n claimName: your-pvc\n - name: shm-volume\n emptyDir:\n medium: Memory\n sizeLimit: 256Mi\n```\n\nHowever, it can also be used as a standalone container. The following is an example docker-compose file:\n\n```yaml\nservices:\n idekube_container:\n image: davidliyutong/idekube-container:coder-base-v0.3.1\n ports:\n - \"3000:80\"\n volumes:\n - idekube_volume:/home/idekube\n - \u003cyour_extra_data_path\u003e:/mnt/data\n deploy:\n resources:\n reservations:\n devices:\n - driver: nvidia\n count: 1\n capabilities: [\"gpu\"]\n ipc: host\n\nvolumes:\n idekube_volume:\n driver: local\n```\n\nTo run OpenGL applications in the container, you need to use `vglrun` from `VirtualGL`. For example\n\n```shell\nvglrun glxgears\n```\n\nYou can monitor the CPU usage of the container with `htop`.\n\n## Architecture Explained\n\nThere are three flavors: `featured` with noVNC support and `jupyter`/`coder` without noVNC support.\n\nThe container runs a `supervisord` process that starts services. A nginx server is used to reverse proxy the services.\n\nThe `artifacts/$flavor/startup.sh` script is used to start the container. It configure the container according to environment variables and starts the `supervisord` process.\n\n| Name | Description | Default |\n|---------------------------|---------------------------------------------------------------|-------------|\n| `IDEKUBE_INIT_HOME` | any value if need to init home with /etc/skel/ | empty |\n| `IDEKUBE_PREFERED_SHELL` | path to shell | `/bin/bash` |\n| `IDEKUBE_AUTHORIZED_KEYS` | base64 encoded authorized keys | `\"\"` |\n| `IDEKUBE_INGRESS_PATH` | Ingress path, e.g. \u003cuuid\u003e/, leave empty for `/` | `\"\"` |\n| `I_AM_INIT_CONTAINER` | any value if the container is an init container | empty |\n\n### Special Environment `I_AM_INIT_CONTAINER`\n\nIf the environment variable `I_AM_INIT_CONTAINER` is set, the container will detect if `/rootfs` is an external mount. If so, it will copy the `/` over to `/rootfs`, excluding certain directories.\n\n### Special Directory `/rootfs`\n\nIf the directory `/rootfs` exists and is mounted from the host, the container will chroot into it and run the services there.\n\n\u003e This feature requires the container to run in `privileged` mode.\n\n## Usage\n\n| URL/CMD | Service | Note |\n|-------------------------------------------------------------------------------------------------------|----------------------|---------------------------|\n| `$SCHEME://INGRESS_HOST$IDEKUBE_INGRESS_PATH/coder/` | Coder service | tailing slash is required |\n| `$SCHEME://INGRESS_HOST$IDEKUBE_INGRESS_PATH/jupyter/` | Jupyter service | tailing slash is required |\n| `$SCHEME://INGRESS_HOST$IDEKUBE_INGRESS_PATH/novnc/` | noVNC service | tailing slash is required |\n| `ssh -o ProxyCommand=\"websocat --binary ws://INGRESS_HOST$IDEKUBE_INGRESS_PATH/ssh/\" idekube@idekube` | Websocat-proxied SSH | |\n\n### SSH Proxy\n\nYou can also use this ssh config snippet:\n\n```ssh-config\nHost idekube\n User idekube\n ProxyCommand websocat --binary ws://$INGRESS_HOST$IDEKUBE_INGRESS_PATH/ssh/\n```\n\n\u003e If you have SSL enabled, you can use `wss` instead of `ws`.\n\n### Build Sysetem\n\nThe project use Makefile to build the container. A script `scripts/shell/build_image.sh` is used to parse `.dockerargs` file and generate docker build arguments. Image produced are taged as `$REGISTRY/$AUTHOR/$NAME:$BRANCH-$ARCH` etc. Mutli-arch build is supported with `docker buildx` via `scripts/shell/buildx_image.sh`.\n\n## Build the container\n\nFirst use `make pull_deps` to pull the dependencies.\n\nSet `BRANCH` to the branch you want to build (e.g. featured/base), then use`make build` to build native image and `make buildx` to build the container for multi-arch.\n\n\u003e Use `make buildx_all` to build all branches sequentially.\n\n### Build Stage Variables\n\nYou can configure environment variables to control the build process. The following variables are available:\n\n| Name | Description | Default |\n|------------------|------------------------------------------------------|-----------------------|\n| `REGISTRY` | The registry to push the image to. | `\"docker.io\"` |\n| `AUTHOR` | The username for the registry. Also the project name | `\"davidliyutong\"` |\n| `NAME` | The project name | `\"idekube-container\"` |\n| `USE_APT_MIRROR` | Use apt mirror for faster build if set to `true` | `false` |\n| `APT_MIRROR` | The apt mirror to use | `\"\"` |\n| `USE_PIP_MIRROR` | Use pypi mirror for faster build if set to `true` | `false` |\n| `PIP_MIRROR_URL` | The pypi mirror to use | `\"\"` |\n| `GIT_TAG` | Use pypi mirror for faster build if set to `true` | `false` |\n\n### Publishing\n\nFor multi-arch publish, you can also first publish each architecture with `make publish`, then use `make manifest` to create the manifest list. You may also use `make publishx` to push the multi-arch container directly to the registry.\n\n\u003e Use `make publishx_all` to push all branches to the registry.\n\n### Testing the Container\n\nHere is a checklist for testing the container:\n\n- [x] Coder is working\n- [x] VNC is working, with `turbovnc` and `noVNC`, autocorrect resolution\n- [x] Jupyter is working\n- [x] SSH is working, with `websocat` proxy\n- [x] `glxgears` is working\n- [x] `chromium` is working, hardware acceleration is enabled\n- [x] `nvidia-smi` is working\n- [x] shell highlight is working\n- [x] `dind` is working\n- [x] Contaienr runs in the `nvidia` runtime class with GPU\n- [x] Container runs without GPU\n- [x] Container runs in the non-root user mode\n- [x] IDEKUBE_INIT_HOME works\n\n## Known Issues\n\n- For Kubernetes with Nginx Ingress Controller, `nginx.org/websocket-services: \"code-server\"` annotation is required for the coder service to work properly, where code-server is the service name. Optional configurations are `nginx.org/proxy-read-timeout: \"3600\"` and `nginx.org/proxy-send-timeout: \"3600\"`.\n\n\n### Non-Working Features in Rootless Mode\n\nThese are features that do not work when the container is run in rootless mode:\n\n- `FUSE` is not supported in rootless container. However, **this has bugs with `nvidia-device-plugin`**.\n- Chromium sandboxing features are not available in rootless mode. You may need to run `chromium --no-sandbox` to launch it.\n- `mount --bind` commands will fail in rootless mode, so the `/rootfs` chroot feature will not work.\n\n Use `privileged: true` (Kubernetes Deployment) or `--priviledged=true` (Docker) to enable them.\n\n## Roadmap\n\n- [ ] Add a new branch `jupyter/nlp` for NLP support\n- [ ] Test multus CNI for multiple network interfaces\n- [x] Find how to configure overlay fs for `/` persistency\n- [ ] Support for `ubuntu:20.04` and `ubuntu:22.04` base image\n- [ ] Support for Authorization Header\n\n## Acknowledgement\n\nMany thanks to the authors of the following projects:\n\n* https://github.com/theasp/docker-novnc\n* https://github.com/VirtualGL/virtualgl\n* https://github.com/TurboVNC/turbovnc\n* https://github.com/coder/coder\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidliyutong%2Fidekube-container","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavidliyutong%2Fidekube-container","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidliyutong%2Fidekube-container/lists"}