synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-12 00:14:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
26b04cc96fd8e383d8459ef8f129cc63e941b52f
coder/examples/kubernetes-multi-service
History
Kyle Carberry 3024e25c09 example: Add Kubernetes multi-service (#1092) 
* example: Add Kubernetes multi-service

* fix: change to CODER_AGENT_TOKEN

* example: use ServiceAccount for cluster authentication (#1096)

Co-authored-by: Ben <ben@coder.com>
2022-05-11 18:27:31 +00:00
..
main.tf
example: Add Kubernetes multi-service (#1092)
2022-05-11 18:27:31 +00:00
README.md
example: Add Kubernetes multi-service (#1092)
2022-05-11 18:27:31 +00:00

README.md

name, description, tags
name description tags
Develop multiple services in Kubernetes Get started with Kubernetes development.
cloud
kubernetes

Authentication

This template has several ways to authenticate to a Kubernetes cluster.

kubeconfig (Coder host)

If the Coder host has a local ~/.kube/config, this can be used to authenticate with Coder. Make sure this is on the same user running the coder service.

ServiceAccount

Create a ServiceAccount and role on your cluster to authenticate your template with Coder.

  1. Run the following command on a device with Kubernetes context:

    CODER_NAMESPACE=default
kubectl apply -n $CODER_NAMESPACE -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: coder
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: coder
rules:
- apiGroups: ["", "apps", "networking.k8s.io"] # "" indicates the core API group
    resources: ["persistentvolumeclaims", "pods", "deployments", "services", "secrets", "pods/exec","pods/log", "events", "networkpolicies", "serviceaccounts"]
    verbs: ["create", "get", "list", "watch", "update", "patch", "delete", "deletecollection"]
- apiGroups: ["metrics.k8s.io", "storage.k8s.io"]
    resources: ["pods", "storageclasses"]
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: coder
subjects:
- kind: ServiceAccount
    name: coder
roleRef:
kind: Role
name: coder
apiGroup: rbac.authorization.k8s.io
EOF

    1. Use the following commands to fetch the values:

      Cluster IP:

      kubectl cluster-info | grep "control plane"

      CA certificate

      kubectl get secrets -n $CODER_NAMESPACE -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='coder')].data['ca\.crt']}{'\n'}"

      Token

      kubectl get secrets -n $CODER_NAMESPACE -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='coder')].data['token']}{'\n'}"

      Namespace

      This should be the same as $CODER_NAMESPACE, set in step 1.