K3D based cluster with ServiceLB #7
Conversation
There was a problem hiding this comment.
Pull request overview
This PR migrates the EDA Codespaces environment from using kind to k3d with k3s ServiceLB. The change enables built-in load balancer support, removing the need for external load balancing solutions.
Changes:
- Switched from kind to k3d cluster with k3s v1.34.1-k3s1, enabling ServiceLB
- Simplified token extraction logic in postCreate script
- Added Keycloak configuration for Codespaces frontend URL handling
- Relocated sysctl configuration to initCommand phase for earlier execution
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Commented out 8vCPU Codespaces option (likely for cost/resource reasons) |
| .devcontainer/postCreate.sh | Simplified token extraction and removed ensure-docker-is-ready call |
| .devcontainer/postAttach.sh | Updated ASCII art banner with new design |
| .devcontainer/overrides.mk | Added Keycloak configuration target and engine config patching |
| .devcontainer/onCreate.sh | Changed from kind to k3d cluster with ServiceLB enabled, removed sysctl calls |
| .devcontainer/initCommand.sh | New file containing sysctl configuration moved from onCreate |
| .devcontainer/engine-config-patch.yaml | New configuration file for custom CPU settings |
| .devcontainer/devcontainer.json | Updated base image tag and added initializeCommand |
| .devcontainer/Dockerfile | Changed repo branch from v0.0.1 to main, removed font installation, added networking tools |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # get token | ||
| encoded=$(grep 'GH_PKG_TOKEN ?=' "Makefile" | sed 's/.*?= *//') | ||
| prefix=$(printf '%s' 'Z2hwCg==' | base64 -d) | ||
| suffix=$(printf '%s' "$encoded" | base64 -d | cut -c 4- | tr -d '\n') | ||
| TOKEN="${prefix}${suffix}" |
There was a problem hiding this comment.
The token extraction logic appears to be reconstructing a GitHub token from base64-encoded parts. This approach obscures the token but doesn't provide real security. Consider using GitHub's built-in secrets or environment variables (GITHUB_TOKEN) available in Codespaces instead of hardcoding token components in the codebase.
| # get token | |
| encoded=$(grep 'GH_PKG_TOKEN ?=' "Makefile" | sed 's/.*?= *//') | |
| prefix=$(printf '%s' 'Z2hwCg==' | base64 -d) | |
| suffix=$(printf '%s' "$encoded" | base64 -d | cut -c 4- | tr -d '\n') | |
| TOKEN="${prefix}${suffix}" | |
| # get token from environment (prefer GH_PKG_TOKEN, fallback to GITHUB_TOKEN) | |
| if [ -n "$GH_PKG_TOKEN" ]; then | |
| TOKEN="$GH_PKG_TOKEN" | |
| elif [ -n "$GITHUB_TOKEN" ]; then | |
| TOKEN="$GITHUB_TOKEN" | |
| else | |
| echo "Error: GitHub token not set. Please set GH_PKG_TOKEN or GITHUB_TOKEN in the environment." >&2 | |
| exit 1 | |
| fi |
| # preload images into the cluster from the EDA core list | ||
| # to reduce the number of jobs: PARALLEL_JOBS=$(($(nproc) - 1)) | ||
| PARALLEL_JOBS=$(nproc) | ||
| docker exec k3d-eda-demo-server-0 sh -c "cat /opt/images.txt | xargs -P $PARALLEL_JOBS -I {} crictl pull --creds nokia-eda-bot:$TOKEN {}" |
There was a problem hiding this comment.
This command has no error handling. If the docker exec fails (e.g., if the k3d cluster isn't ready yet or the container name is incorrect), the script will continue silently. Consider adding error checking with set -e at the start of the script or explicitly checking the exit status of this command.
| docker exec k3d-eda-demo-server-0 sh -c "cat /opt/images.txt | xargs -P $PARALLEL_JOBS -I {} crictl pull --creds nokia-eda-bot:$TOKEN {}" | |
| if ! docker exec k3d-eda-demo-server-0 sh -c "cat /opt/images.txt | xargs -P $PARALLEL_JOBS -I {} crictl pull --creds nokia-eda-bot:$TOKEN {}"; then | |
| echo "Error: failed to preload images into the k3d cluster" >&2 | |
| exit 1 | |
| fi |
| .PHONY: start-ui-port-forward | ||
| start-ui-port-forward: | ||
| @{ \ | ||
| echo "--> Triggering browser window open 0.0.0.0:9443" ;\ |
There was a problem hiding this comment.
The start-ui-port-forward target only logs a message but doesn't actually trigger any browser action or perform port forwarding. Either implement the actual functionality or remove this target if it's not yet ready.
| echo "--> Triggering browser window open 0.0.0.0:9443" ;\ | |
| URL="https://0.0.0.0:9443" ;\ | |
| echo "--> INFO: Opening browser window at $$URL" ;\ | |
| if command -v xdg-open >/dev/null 2>&1; then \ | |
| xdg-open "$$URL" >/dev/null 2>&1 || echo "--> WARNING: Failed to open browser with xdg-open" ;\ | |
| elif command -v open >/dev/null 2>&1; then \ | |
| open "$$URL" >/dev/null 2>&1 || echo "--> WARNING: Failed to open browser with open" ;\ | |
| else \ | |
| echo "--> INFO: Could not find a supported browser opener (xdg-open/open). Please open $$URL manually." ;\ | |
| fi ;\ |
| USER vscode | ||
|
|
||
| RUN git clone --depth 1 --branch v0.0.1 "https://github.com/$EDA_PLAYGROUND_REPO" $EDA_PLAYGROUND_DIR && cd $EDA_PLAYGROUND_DIR && \ | ||
| RUN git clone --depth 1 --branch main "https://github.com/$EDA_PLAYGROUND_REPO" $EDA_PLAYGROUND_DIR && cd $EDA_PLAYGROUND_DIR && \ |
There was a problem hiding this comment.
Switching from a tagged release (v0.0.1) to the main branch reduces reproducibility and could introduce breaking changes. Consider using a specific tag or commit SHA for production environments to ensure consistent builds.
| procps \ | ||
| vim \ | ||
| fontconfig \ | ||
| xz-utils \ |
There was a problem hiding this comment.
The addition of net-tools and iputils-ping packages is undocumented. Consider adding a comment explaining why these networking diagnostic tools are needed (e.g., for debugging k3d networking issues).
| xz-utils \ | |
| xz-utils \ | |
| # Networking diagnostic tools (e.g., for debugging k3d networking issues inside the devcontainer) |
k3d with k3s ServiceLB