feat: add code server#98
Open
idebeijer wants to merge 5 commits into
Open
Conversation
Signed-off-by: Igor de Beijer <71566757+idebeijer@users.noreply.github.com>
Signed-off-by: Igor de Beijer <71566757+idebeijer@users.noreply.github.com>
Signed-off-by: Igor de Beijer <71566757+idebeijer@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds an optional web-based editor sidecar (code-server) to GameServer pods and wires it through the GameServer API/CRD and distribution artifacts (install manifest + Helm chart).
Changes:
- Introduces
spec.editorin theGameServerAPI and updates generated CRDs/manifests accordingly. - Injects a code-server sidecar (and optional
shareProcessNamespace) into the LinuxGSM StatefulSet when the editor is enabled. - Updates Helm chart values/templates (including
enable→enabled) and adds a metrics NetworkPolicy template; adds a sample GameServer manifest demonstrating the editor.
Reviewed changes
Copilot reviewed 17 out of 19 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/specs/gameserver.go | Injects optional code-server sidecar into the LinuxGSM pod spec based on spec.editor. |
| dist/install.yaml | Updates bundled install manifest CRD schema to include spec.editor. |
| config/samples/games_v1alpha1_gameserver_sf.yaml | Adds a sample GameServer manifest enabling the editor. |
| config/crd/bases/games.idebeijer.github.io_gameservers.yaml | Updates generated CRD schema with spec.editor. |
| charts/chart/values.yaml | Renames chart toggles to enabled and (needs) default blocks for new/expected values. |
| charts/chart/templates/rbac/metrics-reader.yaml | Switches template condition to .Values.metrics.enabled. |
| charts/chart/templates/rbac/metrics-auth-rolebinding.yaml | Switches template condition to .Values.metrics.enabled. |
| charts/chart/templates/rbac/metrics-auth-role.yaml | Switches template condition to .Values.metrics.enabled. |
| charts/chart/templates/rbac/gameserver-viewer-role.yaml | Switches template condition to .Values.rbac.helpers.enabled. |
| charts/chart/templates/rbac/gameserver-editor-role.yaml | Switches template condition to .Values.rbac.helpers.enabled. |
| charts/chart/templates/rbac/gameserver-admin-role.yaml | Switches template condition to .Values.rbac.helpers.enabled. |
| charts/chart/templates/rbac/controller-manager.yaml | Switches template condition to .Values.serviceAccount.enabled. |
| charts/chart/templates/prometheus/controller-manager-metrics-monitor.yaml | Switches template condition to .Values.prometheus.enabled and .Values.certManager.enabled. |
| charts/chart/templates/network-policy/allow-metrics-traffic.yaml | Adds a NetworkPolicy template gated by .Values.networkPolicy.enabled. |
| charts/chart/templates/metrics/controller-manager-metrics-service.yaml | Switches template condition to .Values.metrics.enabled. |
| charts/chart/templates/manager/manager.yaml | Switches metrics args gating to .Values.metrics.enabled. |
| charts/chart/templates/crd/gameservers.games.idebeijer.github.io.yaml | Switches CRD install gating to .Values.crd.enabled and includes spec.editor schema. |
| api/v1alpha1/zz_generated.deepcopy.go | Updates generated deepcopy code for the new EditorSpec. |
| api/v1alpha1/gameserver_types.go | Adds EditorSpec and the spec.editor field to the API type definitions. |
Files not reviewed (1)
- api/v1alpha1/zz_generated.deepcopy.go: Generated file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Igor de Beijer <71566757+idebeijer@users.noreply.github.com>
Comment on lines
+98
to
+100
| if editor.Auth != nil && ((editor.Auth.Enabled != nil && !*editor.Auth.Enabled) || editor.Auth.PasswordSecretRef != nil) { | ||
| return nil | ||
| } |
Comment on lines
+159
to
+163
| sidecar := corev1ac.Container(). | ||
| WithName("editor"). | ||
| WithImage("codercom/code-server:latest"). | ||
| WithImagePullPolicy(v1.PullIfNotPresent). | ||
| WithArgs(args...). |
Comment on lines
+47
to
+60
| auth: | ||
| description: |- | ||
| Auth configures authentication for the editor. If omitted, a Secret with a | ||
| randomly generated password is created automatically (secure default). | ||
| properties: | ||
| disabled: | ||
| default: false | ||
| description: |- | ||
| Disabled turns off authentication entirely. | ||
| When true, any process that can reach the pod — including other pods in the same | ||
| cluster — can access the editor without credentials. Only set this if access is | ||
| restricted by network policies or the cluster is fully trusted. | ||
| type: boolean | ||
| passwordSecretRef: |
Comment on lines
+45
to
+61
| editor: | ||
| description: |- | ||
| Editor defines the configuration for the web-based editor sidecar. | ||
| When enabled, a code-server (VS Code in browser) container is injected into the pod. | ||
| properties: | ||
| enabled: | ||
| default: false | ||
| description: |- | ||
| Enabled indicates whether the code-server (VS Code in browser) sidecar is added to the pod. | ||
| Access it via: kubectl port-forward pod/<name> 8080:8080 | ||
| type: boolean | ||
| password: | ||
| description: |- | ||
| Password sets the access password for the code-server instance. | ||
| If not specified, authentication is disabled (access is secured by kubectl port-forward). | ||
| type: string | ||
| resources: |
Comment on lines
107
to
+117
| ## Cert-manager integration for TLS certificates. | ||
| ## Required for webhook certificates and metrics endpoint certificates. | ||
| ## | ||
| certManager: | ||
| enable: false | ||
| enabled: false | ||
|
|
||
| ## Prometheus ServiceMonitor for metrics scraping. | ||
| ## Requires prometheus-operator to be installed in the cluster. | ||
| ## | ||
| prometheus: | ||
| enable: false | ||
| enabled: false |
Signed-off-by: Igor de Beijer <71566757+idebeijer@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.