Skip to content
DevSpace Cloud ⚡ Turn Kubernetes into a Powerful Developer Platform
Smarty
Branch: master
Clone or download
Latest commit 0b11078 Oct 14, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
chart Bump ingress controller version Oct 14, 2019
kube Update cert manager Oct 10, 2019
rego Update ingress hosts Oct 11, 2019
static/img scale down logo Aug 21, 2019
.gitignore improve install and purge for docker k8s clusters Sep 27, 2019
.prettierignore Initial commit Jul 17, 2019
README.md update README + move local cluster specialties Oct 2, 2019
devspace.yaml Bump version to 0.1.8 Oct 14, 2019
version.txt Bump version to 0.1.8 Oct 14, 2019

README.md

InstallationArchitectureDocumentationSlack                                       

DevSpace Cloud lets you securely provision Kubernetes namespaces for developers

  • Secure Multi-Tenancy & Namespace Isolation ensure that cluster users cannot break out of their namespaces
  • On-Demand Namespace Provisioning allows developers to create isolated namespaces with a single command
  • >70% Cost Savings With Sleep Mode that automatically scales down pod replicas when users are not working

DevSpace Demo

Click here to watch the full-length video with explanations on YouTube [10min]

⭐️ Do you like DevSpace Cloud? Support the project with a star ⭐️


Contents


Features

DevSpace allows developer teams to work together in shared Kubernetes clusters. Simply add your team members and create isolated namespaces for different users and workloads.

Strict Namespace Isolation

  • Automatic Service Account: every service account is restricted by RBAC to only access its namespace
  • Automatic RBAC (role-based access control) for every service account / namespace
  • Automatic Pod Security Policies to ensure that users cannot break out of their pod limits
  • Automatic Network Policies to isolate network traffic between namespaces (zero trust policy by default)
  • Automatic Resource Quotas to limit computing and storage resources available per user and namespace
  • Automatic Limit Ranges to automatically define resource limits for containers and pods
  • Admission Controller to validate every API server request and to perform extensive security checks

Admin UI for Managing Users & Permissions

  • Secure Invite Links for adding users to teams and clusters while performing secure token exchange
  • User Management that allows to set admins and control who can access which cluster
  • Limit Configuration to define limits per namespace and user (e.g. X GB RAM, Y number of namespaces etc.)
  • Visual Ingress Manager that allows developers to easily and securely expose services with a few clicks

Great Developer Experience

  • On-Demand Namespace Creation and Automatic Isolation with a single command
  • Automatic kubectl Context Setup on the developer's machine (+ automatic context updates)
  • Automatic Subdomain(s) for Every Namespace to allow service access via ingresses
  • Single-Command Application Deployment via DevSpace CLI (optional)
  • In-Cluster Development with Hot Reloading of Containers via DevSpace CLI (optional)

More info and install intructions for DevSpace CLI on: www.github.com/devspace-cloud/devspace

Sleep Mode for Namespaces

  • >70% Savings on Cloud Infrastructure when cluster auto-scaling is enabled
  • Detects Namespace Inactivity (kube context not used for X minutes)
  • Automatically Scales Down Replicas to Zero (remembers original replica number and keeps persistent data and configuration)
  • Automatically Scales Up Replicas when developers start working again (e.g. running a kubectl, helm etc. command)

Ships Everything Your Team Needs

  • Automatic Ingress Controller Setup & Configuration (optional)
  • Automatic Cert Manager Setup & Configuration for automatic SSL certificate provisioning (optional)
  • In-Build Image Registry for Every Developer and Team (optional)
  • Self-Service Signup for Users via Email, GitHub or LDAP (optional)

Architecture

DevSpace Architecture

DevSpace Cloud can either be used as-a-Service on devspace.cloud or installed as an on-premise edition (see www.github.com/devspace-cloud/devspace-cloud for instructions).

No matter which edition you use, DevSpace Cloud allows you to connect any Kubernetes cluster with just a single command using DevSpace CLI: devspace connect cluster

After connecting a cluster, DevSpace installs a lightweight control plane inside your cluster as well as optional comfort services (e.g. ingress controller, cert manager, container registry). With the visual admin UI of DevSpace Cloud, you can now generate invite links and send them to developers. You can set limits and permissions for every developer as well as for teams of developers.

Developers can use DevSpace CLI to create isolated namespaces on-demand using a single command: devspace create space

DevSpace CLI runs as a single binary tool directly on a developer's computer and ideally, developers use it straight from their terminal within their favorite IDE. DevSpace CLI per-se does not require a server-side component as it communicates directly to the connected Kubernetes clusters using the kubectl context. However, using DevSpace Cloud in combination with DevSpace CLI allows you to provision namespaces for developers on-demand while DevSpace Cloud ensures that developers are restricted to their namespaces and stay within the limits that the cluster admins configured using the admin UI.

While it is entirely possible to access the isolated namespaces directly via kubectl, helm or other tools, developers can also use DevSpace CLI to streamline the deployment process and deploy complex micro service applications with just a single command: devspace deploy

More info and install intructions for DevSpace CLI on: www.github.com/devspace-cloud/devspace


Install DevSpace Cloud

You can install DevSpace Cloud to any Kubernetes cluster. You can even install it to local clusters such as minikube or Docker Desktop Kubernetes to test it out.


1. Clone Repository

git clone https://github.com/devspace-cloud/devspace-cloud.git

2. Create Namespace

Make sure you have kubectl installed and the current context points to the cluster where you want to install DevSpace Cloud into. Create the devspace-cloud namespace via:

kubectl create namespace devspace-cloud

3. Create Secret with Private Key & Certificate

Create a private key, a certificate and a Kubernetes secret with the following commands:

# Create private key
openssl genrsa -out key.pem 2048

# Create certificate
openssl req -x509 -new -key key.pem -out cert.pem -subj '/CN=localhost'

# Create kubernetes secret
kubectl create secret generic devspace-auth-secret \
            --from-file=key.pem \
            --from-file=cert.pem \
            --dry-run -o yaml | kubectl -n devspace-cloud apply -f -

This secret will be used for signing tokens issued by DevSpace Cloud and should be kept private.


4. Install DevSpace CLI

Install DevSpace Cloud using these install instructions.


5. Deploy DevSpace Cloud

Local Test Cluster (without SSL)
    for local Kubernetes clusters (minikube, kind, k3s, mikrok8s etc.)

5.1 Only for Docker Desktop Kubernetes

To ensure that your data will not be deleted when you restart your cluster, make sure your default storage class is actually provisioning persistent volumes which survive a cluster restart.

If you are unsure if your storage class provisions persistent volumes which survive a cluster restart, follow these install instructions to setup a storage class for your local cluster.

Then, make sure your cluster time is up-to-date either by restarting Docker or by running this command:

HOST_TIME=$(date -u +"%Y.%m.%d-%H:%M:%S");
docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v /:/docker-vm alpine /bin/sh -c "date -s $HOST_TIME"

5.2 Deploy DevSpace Cloud

devspace run deploy-devspace-cloud-no-tls

Make sure you enter a safe database password.

5.3 Open DevSpace Cloud

Wait until all pods are running:

kubectl get pod -w

Then open DevSpace Cloud in the browser on: http://localhost/.


Productive Cluster with Public IP Address (with SSL)
    for any Kubernetes cluster with a public IP address (GKE, EKS, AKS etc.)

5.1 Deploy DevSpace Cloud

devspace run deploy-devspace-cloud

Make sure you enter a safe database password and a domain (e.g. devspace.my-domain.tld) where DevSpace Cloud should be available on.

5.2 Create DNS Record

Create an DNS A record pointing to the IP of the load balancer that is created when installing DevSpace Cloud. You can retrieve the IP address of this load balancer using this command:

kubectl get service devspace-cloud-nginx-ingress-controller -n devspace-cloud

Use the external-ip of the load balancer for the DNS record.

If the external-ip of the service remains pending for a long time, make sure your Kubernetes cluster supports load balancers.

5.3 Open DevSpace Cloud

Wait until all pods are running:

kubectl get pod -w

Wait until the Let's Encrypt certificate for your DevSpace Cloud domain is provisioned:

kubectl get secret tls-devspace-cloud

Then open DevSpace Cloud in the browser on the domain you provided. You should see the login screen when accessing your DevSpace Cloud domain.


Productive Cluster without Public IP Address (without SSL)
    for clusters in private clouds, behind firewalls etc.

5.1 Deploy DevSpace Cloud

devspace run deploy-devspace-cloud-no-tls

Make sure you enter a safe database password and a domain (e.g. devspace.my-domain.tld) where DevSpace Cloud should be available on.

5.2 Create DNS Record

Create an DNS A record pointing to the IP of the load balancer that is created when installing DevSpace Cloud. You can retrieve the IP address of this load balancer using this command:

kubectl get service devspace-cloud-nginx-ingress-controller -n devspace-cloud

Use the external-ip of the load balancer for the DNS record.

If the external-ip of the service remains pending for a long time, make sure your Kubernetes cluster supports load balancers.

5.3 Open DevSpace Cloud

Wait until all pods are running:

kubectl get pod -w

Then open DevSpace Cloud in the browser on the domain you provided. You should see the login screen when accessing your DevSpace Cloud domain.


6. Create Admin Account

You can now create a new user via the signup form under https://devspace.my-domain.tld/signup-email.

The first user you are creating will have admin privileges. Any further users created via this form will not have admin rights by default but they can be granted to additional users via the UI.


7. Configure CLI

In order to tell DevSpace to use your on-premise instance of DevSpace Cloud instead of the SaaS platform, run the following command:

devspace use provider devspace.my-domain.tld

8. Connect a Cluster

You can now connect a new cluster to your DevSpace Cloud instance using:

devspace connect cluster

You can connect the same cluster that DevSpace Cloud is running in. However, this is not recommended for production use cases.


9. Invite Users & Create Spaces

After connecing a cluster, you can add users, set resource limits and permissions for users via the UI and create isolated namespaces using:

devspace create space [name]

Upgrade DevSpace Cloud

1. Update Cloned Repository

Getting updates is as easy as pulling the newest commits from the DevSpace Cloud git repository:

git pull

2. Run Upgrade Command

Run one of the following commands to upgrade DevSpace Cloud:

Local Test Cluster (without SSL)
    for local Kubernetes clusters (minikube, kind, k3s, mikrok8s etc.)
devspace run deploy-devspace-cloud-no-tls

Productive Cluster (with SSL)
    for any other Kubernetes cluster
devspace run deploy-devspace-cloud
You can’t perform that action at this time.