►
From YouTube: What can you do with Server Runtime Part 2 - Workception
Description
I wanted to do something a bit new this week. I wanted to take the existing Server Runtime / Remote Dev architecture and see what we can do with it. This is Part 2 of this series in which I create an isolated workspace using Sysbox. The workspace is "rootless" and can run insecure workloads such as docker and kubernetes
0:00 - Introduction
1:39 - Creating a workspace
3:08 - Building a docker container in the workspace
4:32 - Docker compose example
5:01 - Running k8s in the workspace
6:32 - Workception
A
Hi
everyone
welcome
to
another
update
from
the
server
runtime
sag,
so
this
week,
I
continue
the
series.
What
can
you
do
with
server
runtime
part
two
now
everything
I'm
going
to
show
you
today
is
is
both
applicable
to
server
runtime
as
well
as
remote
development,
so
today
I'm
going
to
talk
about
exception.
A
So
what
is
that?
So?
That's
really
about
running
isolated
containers
using
sysbox,
so
I'm
using
sysbox
for
isolation,
but
this
can
be
extended
to
use
any
sort
of
isolation
mechanism
like
Carter
containers,
firecracker
Etc.
So
what
what
this
lets
you
do
is
provides
isolation,
allowing
you
to
run
insecure
workloads
such
as
Dock
and
kubernetes,
within
a
workspace
itself,
so
use
cases
for
this
is
really,
for
example,
you
want
people
to
run
Docker
containers
within
the
workspace,
so
build
Docker
containers
within
workspace.
A
You
want
to
be
able
to
run
services
within
kubernetes
in
the
workspace
to
test
out
how
they
would
feel
in
kubernetes.
So,
for
example,
you
may
want
to
do
this
for
kubernetes
controller
operator
development.
You
may
even
want
to
do
this
to
bootstrap
our
own
development
of
gitlab
agent
for
kubernetes.
In
addition,
it
this
mechanism
really
helps
us
isolate
workspaces.
So
there's
no
relationship
between
the
container
running
the
hosts,
the
host
user
and
the
user
running
the
container.
A
So
you
can
run
the
containers
root,
but
that
doesn't
map
to
any
corresponding
host
user.
So
what
I'm
going
to
show
you
in
the
demo
is
a
workspace
running
kubernetes
which
it
does
using
gitlab
agent
for
kubernetes,
but
that
then
running
another
kubernetes
cluster
within
it
using
k3s
and
then
using
running
another
container
nginx
on
top
of
kubernetes.
A
A
I'm
going
to
select
the
main
branch,
but
this
time
I'm
not
going
to
select
any
IDE
I've
already
put
an
IDE
in
this
in
the
docker
container,
because
Docker
container
is
running
system.
D
and
I
didn't
want
to
I
needed
to
run
the
IDE
as
a
power
system
d
as
well
so
I'm
going
to
go
ahead
and
create
this
workspace,
and
so
the
workspace
at
the
moment
is
not
started.
It
should
soon
become
running.
A
And
it's
starting
up
in
the
meanwhile
I'll
just
show
you
what
lets
this
workspace
actually
use
sysbox.
So,
if
I
go
and
check
my
config
for
the
for
the
agent,
you
can
see
this
use.
This
box
is
set
to
true
and
that
ensures
that
all
the
correct
spot
parameters
like
the
runtime
class
Etc,
gets
set
for
every
workspace
that
gets
created
so
I'm
just
waiting
for
the
workspace
to
come
up.
A
A
And
that
builds
my
application
now
I
can
run
this
application
straight
away
and
and
check
it
out.
But
what
I
want
to
do
is
actually
build
a
dock
container,
so
I'm
going
to
say
Docker
build,
give
it
a
tag,
let's
say
build,
and
that
starts
up
the
docker
demon.
It
actually
starts.
Building
the
container
and,
and
so
just
using
an
Alpine
image
to
build
a
simple
container.
Yeah
I
can
actually
go
ahead
and
actually
run
this
container.
Now
so
I
can
say:
Docker
run
the
boards.
A
And
that's
running
now,
so
I
can
actually
visit
that
URL.
So
I
can
open
that
up,
put
the
port
number
and
you
can
see
the
Hello
World
app
is
running.
So
this
is
this
is
my
workspace,
which
is
running
a
Docker
container,
which
is
running
my
application,
so
so
that's
Docker
I
could
also
if
I
wanted.
I've
got
a
Docker
compose
file
here
as
well
running
my
application
as
well
as
redis,
so
I
can
actually
start
that
up
as
well.
A
So
all
I
need
to
say
is
Docker
compose
up
and
in
my
workspace,
I
now
have
Docker
compose,
which
is
pulling
down.
Redis
I
have
an
application
running
with
redis
installed.
So
that's
that's
really
useful
for
developers
who
use
Docker
compose
for
their
development
process.
A
Start
off
start
installing
kubernetes,
so
kubernetes
now
installed,
I
can
actually
say:
Cube
CDL
get
pods
to
actually
see
whether
the
new
pods
running
in
my
in
my
cluster.
So
this
is
a
kubernetes
cluster
running
in
my
in
my
workspace,
so
I
can
actually
go
ahead
and
run
nginx,
so
I
am
going
to
I've
got
a
bot
definition
here,
which,
which
is
just
a
simple
in
the
next
pod,
so
I
can
actually
do
Cube
CPL
reply
and
run
the
spot.
A
A
A
So
a
workspace
running
in
Docker
running
in
kubernetes
running
in
my
workspace
running
in
kubernetes,
so
I'm
gonna
just
go
ahead
and
run
this
boom
container
that
I
have
and
that
should
download
an
image
with
ttyd
and
Wim,
and
there
you
go
it's
running
now,
so
I
can
go
ahead
and
actually
refresh
this
and
now
you
can
see.
I
have
VI
running
in
my
repository.
A
So
basically
we
I
have
bi
running
in
my
workspace,
which
is
a
vs
code
container
running
kubernetes.
So
that's
an
exception.
Thank
you
for
listening.