Skip to main content
Version: 6.x (Latest)

Access Local Commands In A Dev Container

Proxy commands are commands that are available within a dev container whose execution output is redirected to the local computer. They can be very useful for:

  • Remote IDE's that want to access local git
  • Making local credentials helper (AWS, docker, GCLOUD etc) available in the container
  • Exposing devspace, kubectl and other kubernetes tools into the container
  • Keeping the development container footprint small
Careless definitions of proxy commands pose a security risk

Allowing proxy commands such as bash, sh etc. essentially allows you to remotely execute commands on a developer's machine. While this is sometimes wanted, it also enables everybody that can access the development container to execute proxy commands on the developers machine if DevSpace is currently running.

For example:

deployments:
  app-backend:
    helm:
      values:
        containers:
        - image: john/devbackend

dev:
  my-dev:
    imageSelector: john/devbackend
    terminal: {}
    proxyCommands:
    - gitCredentials: true
    - command: devspace
    - command: kubectl

This allows you to use the commands git, devspace and kubectl in the terminal that is forwarded by DevSpace.

info

DevSpace also tries it best to rewrite paths that are returned from the command as well as provided through an argument, so calling for example git rev-parse --show-toplevel within the container should print a rewritten path

How does it work?

In order for this to work, DevSpace will start a custom SSH server locally that accepts connections to execute the defined proxyCommands. This SSH server is then reverse port-forwarded into the container and can be accessed there through the DevSpace helper binary.

Config Reference

proxyCommands required object[]

ProxyCommands allow you to proxy certain local commands to the container

gitCredentials required boolean false

GitCredentials configures a git credentials helper inside the container that proxies local git credentials

command required string

Command is the name of the command that should be available in the remote container. DevSpace will create a small script for that inside the container that redirect command execution to the local computer.

localCommand required string

LocalCommand can be used to run a different command than specified via the command option. By default, this will be assumed to be the same as command.

skipContainerEnv required boolean false

SkipContainerEnv will not forward the container environment variables to the local command

env required <env_name>:string

Env are extra environment variables to set for the command