Working in large organizations that create software, it's almost inevitable that new engineers join every month. While setting up your workstation has undoubtly become easier with the help of Homebrew, more often than not it is still a significant challenge to get everything set up in an environment that is new to the joiner.
Browser based IDEs partially solved this problem (shoutout Eclipse Che), by dynamically creating an environment that is tailored for the project you open. However, the obvious drawback here is that it is running in a browser, and though it is visually like the IDE you are used to, it does not offer that native feel of the IDE you've been working with for years.
This is where DevPod comes into play. Created by Loft Labs, the company behind vcluster. DevPod offers an easy way to run a part of your IDE remotely. Leveraging VSCode's Remote Development using SSH feature, or alternatively the Jetbrains Gateway, it offers a (near) native experience, while having the server do the heavy lifting.
In this blog series, I'd like to guide you in setting up a basic multi-tenant environment to run DevPod on, using Kyverno and Kubernetes for policy enforcement and scheduling. This series will not cover all aspects of running a multi-tenant environment, so I discourage you from running this as-is in a production environment..
- We assume that by default, software engineering teams have limited permissions on this Kubernetes cluster.
- A private registry must be used to host the DevPod images.
- Software engineers are limited to a single namespace, in which they will be able to run multiple IDE instances and projects.
- Software engineers own their namespace, and should have full control within their namespace.
- A Kubernetes cluster (AKS, GKE, EKS, any should do really, though I haven't tested on ARM based clusters)
- cluster-admin permissions are recommended for the purpose of following this guide
- DevPod application
- VSCode or Jetbrains Gateway (needs license), alternatively VSCode Browser IDE is supported, but does not offer that native experience we're aiming for