Add sysbox support

.tasks/build.yaml

@@ -9,6 +9,11 @@ includes:
     internal: true
 
 vars:
+  KUSTOMIZE_CMD: '{{.LOCALBIN}}/kustomize-{{.KUSTOMIZE_VERSION}}'
+  CONTROLLER_GEN_CMD: '{{.LOCALBIN}}/controller-gen-{{.CONTROLLER_TOOLS_VERSION}}'
+  SETUP_ENVTEST_CMD: '{{.LOCALBIN}}/setup-envtest-{{.ENVTEST_VERSION}}'
+  GOLANGCI_LINT_CMD: '{{.LOCALBIN}}/golangci-lint-{{.GOLANGCI_LINT_VERSION}}'
+  HELMIFY_CMD: '{{.LOCALBIN}}/helmify-{{.HELMIFY_VERSION}}'
   BUILDER_NAME: "project-v3-builder"
 
 tasks:

.tasks/clusters.yaml

@@ -4,9 +4,13 @@ includes:
   build: 
     taskfile: build.yaml
     internal: true
+  sysbox: 
+    taskfile: sysbox.yaml
+    internal: true
 
 vars:
-  KIND_CONTROL_PLANE: "{{.KIND_CLUSTER_NAME}}-control-plane"
+  KIND_VERSION: 1.29.8
+  KIND_CONFIG: '{{.ROOT_DIR}}/hack/development/kind-config.yaml'
 
 tasks:
   set-context:
@@ -37,15 +41,16 @@ tasks:
       Variables:
         KIND_CLUSTER_NAME: Name of the Kind cluster (default defined in Taskfile)
         ENVTEST_K8S_VERSION: Kubernetes version to use for the cluster
+        KIND_CONFIG: Path to the Kind configuration file
 
       Note:
         This task will set the kubectl context to the newly created or existing Kind cluster.
     cmds:
       - task: set-context
       - |
         if ! kind get clusters | grep -q '^{{.KIND_CLUSTER_NAME}}$'; then
-          echo "Creating Kind cluster '{{.KIND_CLUSTER_NAME}}'..."
-          kind create cluster --name {{.KIND_CLUSTER_NAME}} --image kindest/node:v{{.ENVTEST_K8S_VERSION}}
+          echo "Creating Kind cluster '{{.KIND_CLUSTER_NAME}}' with config from {{.KIND_CONFIG}}..."
+          kind create cluster --name {{.KIND_CLUSTER_NAME}} --image kindest/node:v{{.KIND_VERSION}} --config {{.KIND_CONFIG}}
           echo "Setting kubectl context to the new Kind cluster..."
           kubectl config use-context kind-{{.KIND_CLUSTER_NAME}}
         else
@@ -55,12 +60,6 @@ tasks:
         fi
     silent: false
 
-  kind-create:
-    desc: Create a Kind cluster
-    cmds:
-      - task: set-context
-      - kind create cluster --name {{.KIND_CLUSTER_NAME}} --image kindest/node:v{{.ENVTEST_K8S_VERSION}}
-
   kind-destroy:
     desc: Delete the Kind cluster
     cmds:

.tasks/dev.yaml

@@ -20,6 +20,13 @@ includes:
     taskfile: envoy.yaml
     internal: true
 
+vars:
+  KUSTOMIZE_CMD: '{{.LOCALBIN}}/kustomize-{{.KUSTOMIZE_VERSION}}'
+  CONTROLLER_GEN_CMD: '{{.LOCALBIN}}/controller-gen-{{.CONTROLLER_TOOLS_VERSION}}'
+  SETUP_ENVTEST_CMD: '{{.LOCALBIN}}/setup-envtest-{{.ENVTEST_VERSION}}'
+  GOLANGCI_LINT_CMD: '{{.LOCALBIN}}/golangci-lint-{{.GOLANGCI_LINT_VERSION}}'
+  HELMIFY_CMD: '{{.LOCALBIN}}/helmify-{{.HELMIFY_VERSION}}'
+
 tasks:
   generate-manifests:
     desc: Generate RBAC manifests

.tasks/samples.yaml

@@ -11,23 +11,23 @@ tasks:
     vars:
       DEPLOY_TYPE: '{{if eq .USE_KIND_CONTEXT "true"}}kind{{else}}remote{{end}}'
     cmds:
-      - '{{.KUBECTL}} get -k {{.ROOT_DIR}}/config/samples/podtemplate/'
+      - '{{.KUBECTL}} get -k {{.ROOT_DIR}}/config/samples/containertemplate/'
       - '{{.KUBECTL}} get -k {{.ROOT_DIR}}/config/samples/entrypoint/'
       - '{{.KUBECTL}} get -k {{.ROOT_DIR}}/config/samples/kode/'
 
   base-apply:
     internal: true
     desc: Apply Kubernetes resources
     cmds:
-      - '{{.KUBECTL}} apply -k {{.ROOT_DIR}}/config/samples/podtemplate/'
+      - '{{.KUBECTL}} apply -k {{.ROOT_DIR}}/config/samples/containertemplate/'
       - '{{.KUBECTL}} apply -k {{.ROOT_DIR}}/config/samples/entrypoint/'
       - '{{.KUBECTL}} apply -k {{.ROOT_DIR}}/config/samples/kode/'
 
   base-delete:
     internal: true
     desc: Apply Kubernetes resources
     cmds:
-      - '{{.KUBECTL}} delete -k {{.ROOT_DIR}}/config/samples/podtemplate/'
+      - '{{.KUBECTL}} delete -k {{.ROOT_DIR}}/config/samples/containertemplate/'
       - '{{.KUBECTL}} delete -k {{.ROOT_DIR}}/config/samples/entrypoint/'
       - '{{.KUBECTL}} delete -k {{.ROOT_DIR}}/config/samples/kode/'
 

.tasks/sysbox.yaml

@@ -0,0 +1,36 @@
+version: '3'
+
+vars:
+  SYSBOX_INSTALL_MANIFEST: https://raw.githubusercontent.com/nestybox/sysbox/master/sysbox-k8s-manifests/sysbox-install.yaml
+
+tasks:
+  apply-sysbox:
+    desc: Apply Sysbox installation manifest
+    internal: true
+    cmds:
+      - kubectl apply -f https://raw.githubusercontent.com/nestybox/sysbox/master/sysbox-k8s-manifests/sysbox-install.yaml
+
+  wait-for-sysbox:
+    desc: Wait for Sysbox installation to complete
+    internal: true
+    cmds:
+      - |
+        echo "Waiting for Sysbox installation to complete..."
+        kubectl wait --for=condition=ready pod -l app=sysbox-deploy-k8s -n kube-system --timeout=300s
+
+  install:
+    desc: Install Sysbox on the Kind cluster
+    cmds:
+      - task: apply-sysbox
+      # - task: wait-for-sysbox
+      - echo "Sysbox installation completed. The Kubelet may restart on the nodes where Sysbox was installed."
+
+  uninstall:
+    desc: Uninstall Sysbox from the Kind cluster
+    cmds:
+      - kubectl delete -f https://raw.githubusercontent.com/nestybox/sysbox/master/sysbox-k8s-manifests/sysbox-install.yaml
+      - sleep 30
+      - kubectl apply -f https://raw.githubusercontent.com/nestybox/sysbox/master/sysbox-k8s-manifests/sysbox-uninstall.yaml
+      - sleep 60
+      - kubectl delete -f https://raw.githubusercontent.com/nestybox/sysbox/master/sysbox-k8s-manifests/sysbox-uninstall.yaml
+      - echo "Sysbox uninstallation completed. Make sure to stop all Sysbox pods before uninstalling."

.tasks/test.yaml

@@ -14,21 +14,25 @@ includes:
     taskfile: clusters.yaml
     internal: true
 
+vars:
+  TEST_VERBOSITY: -v
+
 tasks:
   unit:
     desc: Run unit tests with coverage
     cmds:
       - rm -rf coverage
       - mkdir -p coverage
-      - go test {{.TEST_VERBOSITY}} -tags=unit {{.ROOT_DIR}}/...
+      - go test {{.ROOT_DIR}}/api/...
+      - go test {{.ROOT_DIR}}/internal/...
     deps:
       - build:manifests
       - build:generate
       - lint:fmt
       - lint:vet
 
   integration:
-    desc: Run integration tests with coverage
+    desc: Run integration tests
     cmds:
       - rm -rf coverage
       - mkdir -p coverage
@@ -45,15 +49,15 @@ tasks:
   e2e:
     desc: Run end-to-end tests with Kind cluster
     cmds:
-      - go test {{.TEST_VERBOSITY}} -tags=e2e {{.ROOT_DIR}}/test/e2e/...
+      - go test {{.TEST_VERBOSITY}}n {{.ROOT_DIR}}/test/e2e/...
       - task: kind-delete-cluster
     deps:
       - build:manifests
       - build:generate
       - lint:fmt
       - lint:vet
       - build:docker-buildx
-      - clusters:kind-create
+      - clusters:kind-ensure
       - clusters:kind-load-images
 
   all:

PROJECT

@@ -43,17 +43,19 @@ resources:
 - api:
     crdVersion: v1
     namespaced: true
+  controller: true
   domain: jacero.io
   group: kode
-  kind: PodTemplate
+  kind: ContainerTemplate
   path: github.com/jacero-io/kode-operator/api/v1alpha2
   version: v1alpha2
 - api:
     crdVersion: v1
-    namespaced: false
+    namespaced: true
+  controller: true
   domain: jacero.io
   group: kode
-  kind: ClusterPodTemplate
+  kind: ClusterContainerTemplate
   path: github.com/jacero-io/kode-operator/api/v1alpha2
   version: v1alpha2
 version: "3"

README.md

@@ -19,9 +19,9 @@ Kode is a cloud-native development environment hosted inside a kubernetes cluste
 
 Kode-Operator is a Kubernetes operator that manages the entire lifecycle of various ephemeral and semi-ephemeral development environments. It integrates a comprehensive suite of security tools (Falco, Envoy proxy) and observability standards (OpenTelemetry), ensuring robust security and transparency.
 
-Currently, Kode-Operator supports Code-server, Webtop environments, with plans to support more in the future (eg. Jupyter). It is also easily extendable to support other environments and tools beyond those listed.
+Currently, Kode-Operator supports Code-server, Webtop environments, with plans to support more in the future (eg. Jupyter). It is also relatively easily extendable to support other environments and tools beyond those listed. It supports containerd as kubernetes runtime with plans to include kata containers in the future.
 
-The project has planned to manage in-cluster virtual machines using [Virtink](https://github.com/smartxworks/virtink) or external resources with Tofu/Terraform using [tofu-controller](https://github.com/flux-iac/tofu-controller)
+The project has planned to manage in-cluster virtual machines using [Virtink](https://github.com/smartxworks/virtink) or [KubeVirt](https://kubevirt.io/) or external resources with Tofu/Terraform using [tofu-controller](https://github.com/flux-iac/tofu-controller).
 
 ## Description
 
@@ -32,8 +32,9 @@ Kode-Operator simplifies the setup and management of development environments on
 * Define your development environments using CRDs for consistent and repeatable setups.
 * Integrated security tools like Falco and Envoy proxy protect your environments.
 * OpenTelemetry standards provide deep insights.
-* Manage a variety of development environments such as Code-server, Webtop, Jupyter.
-* Easily extendable to support additional environments and tools beyond the current offerings.
+* Manage a variety of development environments such as Code-server, Webtop, and Jupyter.
+* Easily choose between different runtimes (e.g. containerd, kata/firecracker, or kubevirt)
+* Easily extendable to support additional environments and tools beyond the current ones.
 * Customize your development environment beforehand by building your own images or inject scripts into the Kode instance using [init plugins]().
 
 ## Key Concepts
@@ -54,7 +55,7 @@ spec:
     password: mypassword
     enableBuiltinAuth: true
   templateRef:
-    kind: PodTemplate
+    kind: ContainerTemplate
     name: my-kode-template
   home: /home/myuser
   workspace: my-workspace
@@ -67,15 +68,15 @@ spec:
         storage: 5Gi
 ```
 
-### PodTemplate & ClusterPodTemplate
+### ContainerTemplate & ClusterContainerTemplate
 
 These are cluster scoped and namespace scoped templates. A template contains an image and some default configuration for that image. You can also include an Envoy Proxy configuration that is then applied to the sidecar of the resulting Kode instance.
 
-**Example for PodTemplate:**
+**Example for ContainerTemplate:**
 
 ```yaml
 apiVersion: kode.jacero.io/v1alpha2
-kind: PodTemplate
+kind: ContainerTemplate
 metadata:
   name: my-kode-template
   namespace: default
@@ -87,11 +88,11 @@ spec:
   defaultWorkspace: workspace
 ```
 
-**Example for ClusterPodTemplate:**
+**Example for ClusterContainerTemplate:**
 
 ```yaml
 apiVersion: kode.jacero.io/v1alpha2
-kind: ClusterPodTemplate
+kind: ClusterContainerTemplate
 metadata:
   name: my-kode-cluster-template
 spec:
@@ -125,7 +126,7 @@ spec:
 
 ### Features
 
-* [x] PodTemplate - Deploying `code-server`, `webtop`, and `jupyter` directly into kubernetes accessing them through your browser.
+* [x] ContainerTemplate - Deploying `code-server`, `webtop`, and `jupyter` directly into kubernetes accessing them through your browser.
 * [ ] TofuTemplate - Deploying anything you can imagine in using Tofu.
 * [ ] Authentication - Enforce `Basic auth`, `OIDC`, `JWT`, or `x509` authentication.
 * [ ] Authorization - Make sure only you have access to your stuff!
@@ -140,11 +141,11 @@ spec:
 
 You want to set up a VSCode-like development environment using Code-server for your team. This setup allows developers to access their development environment from any browser.
 
-**1. Create a PodTemplate for code-server:**
+**1. Create a ContainerTemplate for code-server:**
 
 ```yaml
 apiVersion: v1alpha2
-kind: PodTemplate
+kind: ContainerTemplate
 metadata:
   name: code-server-template
 spec:
@@ -165,7 +166,7 @@ spec:
   credentials:
     username: devuser
   templateRef:
-    kind: PodTemplate
+    kind: ContainerTemplate
     name: code-server-template
   workspace: my-project # Overrides the template workspace
 ```

Taskfile.yaml

@@ -9,6 +9,7 @@ includes:
   build: ./.tasks/build.yaml
   dev: ./.tasks/dev.yaml
   samples: ./.tasks/samples.yaml
+  sysbox: ./.tasks/sysbox.yaml
 
 vars:
   ENVTEST_K8S_VERSION: 1.30.0
@@ -30,7 +31,6 @@ vars:
   GOLANGCI_LINT_CMD: '{{.LOCALBIN}}/golangci-lint-{{.GOLANGCI_LINT_VERSION}}'
   HELMIFY_CMD: '{{.LOCALBIN}}/helmify-{{.HELMIFY_VERSION}}'
 
-  TEST_VERBOSITY: -v
   ENV: development
   LOG_LEVEL: debug
 
@@ -42,20 +42,15 @@ vars:
   IMG: '{{.IMG | default "emiljacero/kode-operator:v0.0.0-latest"}}'
 
   CONCAT_DIRECTORY: '{{.ROOT_DIR}}/'
-  CONCAT_INCLUDE_COMMON: 'v1alpha2/common_types.go,common/*,status/*'
-  CONCAT_INCLUDE_KODE: 'v1alpha2/kode_types.go,controllers/kode/reconciler.go,controllers/kode/utils.go,controllers/kode/finalizer.go,controllers/kode/config.go'
-  CONCAT_INCLUDE_ENTRYPOINT: 'v1alpha2/entrypoint_types.go,controllers/entrypoint/reconciler.go,controllers/entrypoint/utils.go,controllers/entrypoint/finalizer.go,controllers/entrypoint/config.go,controllers/entrypoint/ensure_routes.go'
+  CONCAT_INCLUDE_COMMON: 'v1alpha2/common_types.go,common/*,constants/*,cleanup/*,test/integration/*'
+  CONCAT_INCLUDE_KODE: 'v1alpha2/kode_types.go,controllers/kode/reconciler.go,controllers/kode/utils.go,controllers/kode/states.go,controllers/kode/config.go'
+  CONCAT_INCLUDE_ENTRYPOINT: 'v1alpha2/entrypoint_types.go,controllers/entrypoint/reconciler.go,controllers/entrypoint/utils.go,controllers/entrypoint/states.go,controllers/entrypoint/config.go,controllers/entrypoint/ensure_routes.go'
 
-  CONCAT_EXCLUDE_PATTERNS: 'zz_generated.deepcopy.go'
+  CONCAT_EXCLUDE_PATTERNS: '*_test.go,zz_generated.deepcopy.go'
   CONCAT_INCLUDE_PATTERNS: '{{.CONCAT_INCLUDE_COMMON}},{{.CONCAT_INCLUDE_KODE}},{{.CONCAT_INCLUDE_ENTRYPOINT}}'
 
 tasks:
   default:
-    cmds:
-      - task: list
-
-  list:
-    desc: Display all available tasks
     cmds:
       - task --list
 

api/v1alpha2/common_types.go

@@ -72,7 +72,7 @@ type BaseSharedStatus struct {
 
 // Template represents a unified structure for different types of Kode templates
 type Template struct {
-	// Kind specifies the type of template (e.g., "PodTemplate", "ClusterPodTemplate", "TofuTemplate", "ClusterTofuTemplate")
+	// Kind specifies the type of template (e.g., "ContainerTemplate", "ClusterContainerTemplate", "TofuTemplate", "ClusterTofuTemplate")
 	Kind Kind `json:"kind" yaml:"kind"`
 
 	// Name is the name of the template resource
@@ -84,13 +84,24 @@ type Template struct {
 	// Port is the port to expose the kode instance
 	Port Port `json:"port" yaml:"port"`
 
-	// PodTemplateSpec is a reference to a PodTemplate or ClusterPodTemplate
-	PodTemplateSpec *PodTemplateSharedSpec `json:"container,omitempty" yaml:"container,omitempty"`
+	// ContainerTemplateSpec is a reference to a ContainerTemplate or ClusterContainerTemplate
+	ContainerTemplateSpec *ContainerTemplateSharedSpec `json:"container,omitempty" yaml:"container,omitempty"`
 
 	// TofuTemplateSpec is a reference to a TofuTemplate or ClusterTofuTemplate
 	TofuTemplateSpec *TofuSharedSpec `json:"tofu,omitempty" yaml:"tofu,omitempty"`
 }
 
+type TemplateKind string
+
+const (
+	TemplateKindContainerTemplate        TemplateKind = "ContainerTemplate"
+	TemplateKindClusterContainerTemplate TemplateKind = "ClusterContainerTemplate"
+	TemplateKindVirtualTemplate          TemplateKind = "VirtualTemplate"
+	TemplateKindClusterVirtualTemplate   TemplateKind = "ClusterVirtualTemplate"
+	TemplateKindTofuTemplate             TemplateKind = "TofuTemplate"
+	TemplateKindClusterTofuTemplate      TemplateKind = "ClusterTofuTemplate"
+)
+
 // Port for the service. Used by EnvoyProxy to expose the container. Defaults to '8000'.
 // +kubebuilder:validation:Minimum=1
 // +kubebuilder:default=8000