synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-12 00:14:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2ee6acb2ad0bffc968d8528e665d2705edd48ec4
coder/examples/templates/kubernetes-multi-service
History
Mathias Fredriksson 544bf01fbb chore: Update coder/coder provider in example templates (#3581) 
Additionally, a convenience script was added to
`examples/update_template_versions.sh` to keep the templates up-to-date.

Fixes #2966
2022-08-19 17:18:11 +03:00
..
main.tf
chore: Update coder/coder provider in example templates (#3581)
2022-08-19 17:18:11 +03:00
README.md
K8s template uses an authenticated environment (#2104)
2022-06-06 14:39:23 -07:00

README.md

name, description, tags
name description tags
Develop multiple services in Kubernetes Get started with Kubernetes development.
cloud
kubernetes

Getting started

RBAC

The Coder provisioner requires permission to administer pods to use this template. The template creates workspaces in a single Kubernetes namespace, using the workspaces_namespace parameter set while creating the template.

Create a role as follows and bind it to the user or service account that runs the coder host.

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: coder
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["*"]

Authentication

This template can authenticate using in-cluster authentication, or using a kubeconfig local to the Coder host. For additional authentication options, consult the Kubernetes provider documentation.

kubeconfig on Coder host

If the Coder host has a local ~/.kube/config, you can use this to authenticate with Coder. Make sure this is done with same user that's running the coder service.

To use this authentication, set the parameter use_kubeconfig to true.

In-cluster authentication

If the Coder host runs in a Pod on the same Kubernetes cluster as you are creating workspaces in, you can use in-cluster authentication.

To use this authentication, set the parameter use_kubeconfig to false.

The Terraform provisioner will automatically use the service account associated with the pod to authenticate to Kubernetes. Be sure to bind a role with appropriate permission to the service account. For example, assuming the Coder host runs in the same namespace as you intend to create workspaces:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: coder

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: coder
subjects:
  - kind: ServiceAccount
    name: coder
roleRef:
  kind: Role
  name: coder
  apiGroup: rbac.authorization.k8s.io

Then start the Coder host with serviceAccountName: coder in the pod spec.