Open callumforrester opened 3 months ago
I recall doing some testing and then asking @DiamondJoseph to take a look - there was something about the chart at odds with how we use k8s
It was something in the service account/ingress/rbac configuration sphere. But their Helm chart defers to a subchart (which is packaged with the chart...) that does all of the actual logic which makes it a nuisance to try and look in artifacthub. https://artifacthub.io/packages/helm/coder-v2/coder
I'm not sure, but I don't think so from reading the thread- seems to be about configuring OIDC for services within kubernetes that are being forwarded to from configured IP addresses that are externally facing. Our external web -> k8s services infrastructure has moved a lot in the last couple of years.
It was one of the standard kubernetes resource definitions that wasn't configurable. I can try and run it up some time next week when I have time and see what Kyverno complains about?
We may also have to roll our own chart anyway to make sure all the plugins etc. we want go in
note: for the editor we might want to scan the uploaded code for vulnerabilities https://codeql.github.com/
I have been experimenting with this, it's not hard to throw up an instance of the coder code server on Kubernetes and include out choice of plugins, issues encountered so far:
why is 'only open source plugins' as an issue not a limitation? are there specific plugins that we miss?
wouldn't the authentication middleware just secure the entire URL? then we would not need to integrated OIDC inside the server
@gilesknap suggested using self deployed nano.
One other option would be https://onedev.io/ , which boasts ldap support. not sure about the plugins.
here is a k8s deployment guide https://docs.onedev.io/installation-guide/deploy-into-k8s
what it does do is helm install onedev onedev/onedev -n onedev --create-namespace
its own namespace
which is problematic from the rbac perspective, @DiamondJoseph
Test deploying coder on a beamline kubernetes cluster, mounting its blueapi scratch area and editing plans. Currently unsure if we can use coder's provided helm chart or if we will have to roll our own.
Acceptance Criteria