UserSpace¶
The UserSpace enables users to deploy and manage containers running on the rc_cube. Standalone containers and docker-compose stacks are supported.
Note
Familiarity with Docker containers is required.
If available and enabled, the UserSpace can be accessed in the Web GUI in the menu under UserSpace. This page shows the running apps and containers with their current state and health, in case a health-check is available. Each container lists the published ports. If their protocol is http or https, these containers can be accessed directly in the Web GUI.
Configuration¶
Note
The UserSpace is not enabled by default and can only be enabled/disabled or reset via a locally connected screen for security reasons.
Please connect a monitor, keyboard, and mouse to the rc_cube and then boot the rc_cube.
Enable UserSpace¶
The UserSpace can be enabled in two steps:
- Navigate to the pane UserSpace configuration and click enable UserSpace.
- If the UserSpace is enabled for the first time, a user for the portainer UI needs to be created: Click on the portainer pane, and register a user account for the administrator. It is required to complete this step within five minutes after clicking enable UserSpace.
Disable UserSpace¶
The UserSpace can also be disabled. To disable the UserSpace, navigate to the pane UserSpace configuration and click disable UserSpace. Disabling will stop all running containers and the portainer UI, but not delete existing container images and their configurations. The UserSpace can be enabled again at any time.
Reset UserSpace¶
The UserSpace can also be reset. To reset the UserSpace, navigate to the pane UserSpace configuration click Reset UserSpace and answer the security question. Resetting will delete all containers, volumes, and the portainer configuration, including secrets and users.
Network access to UserSpace applications¶
To access containers via network, the container ports need to be published to host ports.
UserSpace information including running apps and their published ports can be queried via REST-API userspace endpoint or viewed in the Web GUI in the menu under UserSpace.
All ports that are published to the host are listed with their protocol (UDP or TCP). To explicitly specify a protocol (e.g. http or https) for app ports use container labels:
com.roboception.app.http
: all exposed TCP ports use httpcom.roboception.app.https.port=1234,5678
: comma separated list with https ports
Examples¶
Two examples can be found under App Templates inside the UserSpace pane:
- hello_rc_cube: Single container exposing a web page with some information about itself. See also https://github.com/roboception/hello_rc_cube.
- rc_cube_monitoring: Compose stack with Prometheus and Grafana to monitor the rc_cube. See also https://github.com/roboception/rc_cube_monitoring.
Clicking Deploy the container/stack under Actions will pull the Docker images and start the app. The running app containers can then be seen under Containers. The web page address is a combination of the rc_cube’s IP address and the port listed under Published Ports.
Interfaces¶
Docker containers managed in the UserSpace can use the public interfaces of the rc_cube. In particular, Docker containers can access synchronized image sets via gRPC and can call the REST-API interface. The rc_cube (the host) can be accessed under the Docker bridge IP (in default Docker bridge network 172.17.0.1).
Restrictions¶
Some restrictions for containers apply:
- Containers cannot be privileged.
- No access to the host network (a Docker bridge network is used instead).
- Only paths inside cloned git repositories with a docker-compose stack can be mounted, all other host paths cannot be mounted.
- Host devices cannot be accessed. This includes e.g. USB and GPU devices.
- Well known and internally used ports on the host cannot be bound. This includes ports below 1024, ports from 4200 to 4299 and the ports 2342, 2343, 2344, 2345, 3956, 4840, 5353, 6379, 7000, 7001, 7002, 7003, 9100, 9118, 9256, 9445, 9446, 11311, 50010, 50051, 50052, 50053 and 50054.