# Containerfile
# 基于官方 Python 镜像（可替换版本）
FROM python:3.11-bookworm

# 安装基础工具链
RUN apt-get update && apt-get install -y \
    git \
    curl \
    wget \
    vim \
    openssh-server \
    sudo \
    htop \
    iputils-ping \
    tar \
    && rm -rf /var/lib/apt/lists/*

# 配置 SSH（允许 root 登录 + 密码认证）
RUN mkdir /var/run/sshd \
    && echo "root:password" | chpasswd \
    && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
    && sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config

# 创建开发用户（可选）
RUN useradd -m -s /bin/bash devuser \
    && echo "devuser:password" | chpasswd \
    && usermod -aG sudo devuser \
    && echo "devuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

# 安装常用 Python 工具（可选）
RUN pip install --upgrade pip \
    && pip install \
    pipenv \
    poetry \
    black \
    flake8 \
    mypy \
    pylint \
    pytest \
    ipython \
    jupyterlab \
    debugpy \
    && rm -rf ~/.cache/pip

# 配置工作目录
RUN mkdir -p /workspace
WORKDIR /workspace

# 暴露 SSH 端口
EXPOSE 22

# 启动 SSH 服务（保持容器运行）
CMD ["/usr/sbin/sshd", "-D"]

# Containerfile
# 基于官方 Python 镜像（可替换版本）
FROM python:3.11-bookworm

# 安装基础工具链
RUN apt-get update && apt-get install -y \
    git \
    curl \
    wget \
    vim \
    openssh-server \
    sudo \
    htop \
    iputils-ping \
    tar \
    && rm -rf /var/lib/apt/lists/*

# 配置 SSH（允许 root 登录 + 密码认证）
RUN mkdir /var/run/sshd \
    && echo "root:password" | chpasswd \
    && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
    && sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config

# 创建开发用户（可选）
RUN useradd -m -s /bin/bash devuser \
    && echo "devuser:password" | chpasswd \
    && usermod -aG sudo devuser \
    && echo "devuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

# 安装常用 Python 工具（可选）
RUN pip install --upgrade pip \
    && pip install \
    pipenv \
    poetry \
    black \
    flake8 \
    mypy \
    pylint \
    pytest \
    ipython \
    jupyterlab \
    debugpy \
    && rm -rf ~/.cache/pip

# 配置工作目录
RUN mkdir -p /workspace
WORKDIR /workspace

# 暴露 SSH 端口
EXPOSE 22

# 启动 SSH 服务（保持容器运行）
CMD ["/usr/sbin/sshd", "-D"]

nerdctl build -t python-dev:3.11-bookworm -f Containerfile .

nerdctl build -t python-dev:3.11-bookworm -f Containerfile .

nerdctl tag python-dev:3.11-bookworm crpi-sozjkv641zbs4m9x.cn-shenzhen.personal.cr.aliyuncs.com/pingk-k8s-test/python-dev:3.11-bookworm

nerdctl push crpi-sozjkv641zbs4m9x.cn-shenzhen.personal.cr.aliyuncs.com/pingk-k8s-test/python-dev:3.11-bookworm

nerdctl tag python-dev:3.11-bookworm crpi-sozjkv641zbs4m9x.cn-shenzhen.personal.cr.aliyuncs.com/pingk-k8s-test/python-dev:3.11-bookworm

nerdctl push crpi-sozjkv641zbs4m9x.cn-shenzhen.personal.cr.aliyuncs.com/pingk-k8s-test/python-dev:3.11-bookworm

# python-dev-env.yaml

# 创建名称空间
apiVersion: v1
kind: Namespace
metadata:
  name: dev-env
  labels:
    env: dev

---
# 配置文件
apiVersion: v1
kind: ConfigMap
metadata:
  name: python-config
  namespace: dev-env  # 与 Deployment 同命名空间
data:
  # pip 配置文件内容，指定安装的第三方库的存放路径
  pip.conf: |
    [global]
    target=/workspace/site-packages
    proxy = http://192.168.2.100:20172
  # 告诉 Python 解释器额外搜索该路径下的模块。
  custom_path.pth: |
    /workspace/site-packages  

---
# ssh 公钥
apiVersion: v1
kind: Secret
metadata:
  name: ssh-public-key
  namespace: dev-env
data:
  id_rsa.pub: c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBdXBqM2V0aGV6VjZtVVlUUEdXN3A2SkhQSzdXR0RmY0pGSHMxbyt4WGNXV1ozODk5L1JsN1NhRkkwZ3NqUnRkSVRVOElpNlJncXZ4eTVMSHkvbnk1VnhiWVlpenJjMGh6Q2l4aVZFUHJkTVhCWFNJWFRFTDM3N1hrNFlGeTZ1c3dZSUJJUlB5UVVDazlIVGkwZFJKNnNXSTlwdzRuRDZ2Zmxka1h4RTdSM0ptcEFsS0w1aExmQXJBU1NwRUlaeHV6TzhYM0xCbnhuQ1BaS3NrTUlYQTBZVnlDVTJPa25QV0xjV0h2UVpGSGxCYlRnekFNSWhpZGcvYU5qK0hMUEVlVjB0ZytXbTFsM3c1ditrVDJuWHNqTDZobHRXeFphcy9LV1pGNjA5dk9hOTd3TThkaDBqNG4rdlpLVTIvNm14d3R1b3M1V1pmdzBzRFdxTjl0azVOZlhRPT0gcnNhIDIwNDgtMDUzMTI0

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: python-dev-env
  namespace: dev-env
spec:
  replicas: 1
  selector:
    matchLabels:
      app: python-dev
  template:
    metadata:
      labels:
        app: python-dev
    spec:
      nodeName: k8s-node-01 # 本案例使用 hostPath 持久化存储，需要固定调度到某个节点
      containers:
      - name: python-container
        image: crpi-sozjkv641zbs4m9x.cn-shenzhen.personal.cr.aliyuncs.com/pingk-k8s-test/python-dev:3.11-bookworm  # 镜像地址
        ports:
        - containerPort: 22     # SSH 端口
        env:
        - name: TZ  # 时区变量
          value: "Asia/Shanghai"
        volumeMounts:
        - name: pip-config-volume
          mountPath: /root/.pip/pip.conf
          subPath: pip.conf  # 从 ConfigMap 的 data.pip.conf 提取内容
        - name: pip-config-volume
          mountPath: /usr/local/lib/python3.11/site-packages/custom_path.pth
          subPath: custom_path.pth
        - name: code-storage
          mountPath: /workspace # 持久化存储
        - name: vscode-config
          mountPath: /root/.vscode-server  # VS Code 远程扩展目录
        - name: ssh-public-key
          mountPath: "/root/.ssh"
          readOnly: true
        resources:
          limits:
            cpu: "2"
            memory: "4Gi"
          requests:
            cpu: "1"
            memory: "2Gi"
      volumes:
      - name: pip-config-volume
        configMap:
          name: python-config
      - name: code-storage
        hostPath:
          path: /code-storage   # 宿主机目录
          type:  DirectoryOrCreate  # 表示目录不存在则会自动创建
      - name: vscode-config
        hostPath:
          path: /vscode-config
          type: DirectoryOrCreate
      - name: ssh-public-key
        secret:
          secretName: ssh-public-key
          items:
          - key: id_rsa.pub
            path: authorized_keys
   
---
# Service 暴露 SSH
apiVersion: v1
kind: Service
metadata:
  name: python-dev-service
  namespace: dev-env
spec:
  type: NodePort  # 或 LoadBalancer（云环境）
  ports:
  - port: 22
    targetPort: 22
    nodePort: 30022  # 30000-32767 范围
  selector:
    app: python-dev

# python-dev-env.yaml

# 创建名称空间
apiVersion: v1
kind: Namespace
metadata:
  name: dev-env
  labels:
    env: dev

---
# 配置文件
apiVersion: v1
kind: ConfigMap
metadata:
  name: python-config
  namespace: dev-env  # 与 Deployment 同命名空间
data:
  # pip 配置文件内容，指定安装的第三方库的存放路径
  pip.conf: |
    [global]
    target=/workspace/site-packages
    proxy = http://192.168.2.100:20172
  # 告诉 Python 解释器额外搜索该路径下的模块。
  custom_path.pth: |
    /workspace/site-packages  

---
# ssh 公钥
apiVersion: v1
kind: Secret
metadata:
  name: ssh-public-key
  namespace: dev-env
data:
  id_rsa.pub: c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBdXBqM2V0aGV6VjZtVVlUUEdXN3A2SkhQSzdXR0RmY0pGSHMxbyt4WGNXV1ozODk5L1JsN1NhRkkwZ3NqUnRkSVRVOElpNlJncXZ4eTVMSHkvbnk1VnhiWVlpenJjMGh6Q2l4aVZFUHJkTVhCWFNJWFRFTDM3N1hrNFlGeTZ1c3dZSUJJUlB5UVVDazlIVGkwZFJKNnNXSTlwdzRuRDZ2Zmxka1h4RTdSM0ptcEFsS0w1aExmQXJBU1NwRUlaeHV6TzhYM0xCbnhuQ1BaS3NrTUlYQTBZVnlDVTJPa25QV0xjV0h2UVpGSGxCYlRnekFNSWhpZGcvYU5qK0hMUEVlVjB0ZytXbTFsM3c1ditrVDJuWHNqTDZobHRXeFphcy9LV1pGNjA5dk9hOTd3TThkaDBqNG4rdlpLVTIvNm14d3R1b3M1V1pmdzBzRFdxTjl0azVOZlhRPT0gcnNhIDIwNDgtMDUzMTI0

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: python-dev-env
  namespace: dev-env
spec:
  replicas: 1
  selector:
    matchLabels:
      app: python-dev
  template:
    metadata:
      labels:
        app: python-dev
    spec:
      nodeName: k8s-node-01 # 本案例使用 hostPath 持久化存储，需要固定调度到某个节点
      containers:
      - name: python-container
        image: crpi-sozjkv641zbs4m9x.cn-shenzhen.personal.cr.aliyuncs.com/pingk-k8s-test/python-dev:3.11-bookworm  # 镜像地址
        ports:
        - containerPort: 22     # SSH 端口
        env:
        - name: TZ  # 时区变量
          value: "Asia/Shanghai"
        volumeMounts:
        - name: pip-config-volume
          mountPath: /root/.pip/pip.conf
          subPath: pip.conf  # 从 ConfigMap 的 data.pip.conf 提取内容
        - name: pip-config-volume
          mountPath: /usr/local/lib/python3.11/site-packages/custom_path.pth
          subPath: custom_path.pth
        - name: code-storage
          mountPath: /workspace # 持久化存储
        - name: vscode-config
          mountPath: /root/.vscode-server  # VS Code 远程扩展目录
        - name: ssh-public-key
          mountPath: "/root/.ssh"
          readOnly: true
        resources:
          limits:
            cpu: "2"
            memory: "4Gi"
          requests:
            cpu: "1"
            memory: "2Gi"
      volumes:
      - name: pip-config-volume
        configMap:
          name: python-config
      - name: code-storage
        hostPath:
          path: /code-storage   # 宿主机目录
          type:  DirectoryOrCreate  # 表示目录不存在则会自动创建
      - name: vscode-config
        hostPath:
          path: /vscode-config
          type: DirectoryOrCreate
      - name: ssh-public-key
        secret:
          secretName: ssh-public-key
          items:
          - key: id_rsa.pub
            path: authorized_keys
   
---
# Service 暴露 SSH
apiVersion: v1
kind: Service
metadata:
  name: python-dev-service
  namespace: dev-env
spec:
  type: NodePort  # 或 LoadBalancer（云环境）
  ports:
  - port: 22
    targetPort: 22
    nodePort: 30022  # 30000-32767 范围
  selector:
    app: python-dev

kubectl apply -f python-dev-env.yaml

kubectl apply -f python-dev-env.yaml

Host python-dev
    HostName 192.168.2.151  # 该示例使用 NodePort Service，即可以通过任意一个 k8s节点连接
    User devuser
    Port 30022
    # 禁用 SSH 主机密钥检查，如果 pod 重启会导致主机密钥检查失败报错
    StrictHostKeyChecking no
    UserKnownHostsFile nul   # Windows 的空设备
    IdentityFile C:\xxx  # 私钥

Host python-dev
    HostName 192.168.2.151  # 该示例使用 NodePort Service，即可以通过任意一个 k8s节点连接
    User devuser
    Port 30022
    # 禁用 SSH 主机密钥检查，如果 pod 重启会导致主机密钥检查失败报错
    StrictHostKeyChecking no
    UserKnownHostsFile nul   # Windows 的空设备
    IdentityFile C:\xxx  # 私钥