From 0d9ddaae50796950e3d9681220488885b3272f8b Mon Sep 17 00:00:00 2001 From: greg-the-coder Date: Mon, 25 Aug 2025 20:00:44 +0000 Subject: [PATCH 1/4] Added usage of ENVBUILDER_GIT_SSH_PRIVATE_KEY_BASE64 to support ssh git auth and fixed container security context which will always need to be privileged on majority of K8S deployments --- registry/coder/templates/kubernetes-devcontainer/main.tf | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/registry/coder/templates/kubernetes-devcontainer/main.tf b/registry/coder/templates/kubernetes-devcontainer/main.tf index 8fc79fa25..a05f8e8c0 100644 --- a/registry/coder/templates/kubernetes-devcontainer/main.tf +++ b/registry/coder/templates/kubernetes-devcontainer/main.tf @@ -161,6 +161,8 @@ locals { # ENVBUILDER_GIT_URL and ENVBUILDER_CACHE_REPO will be overridden by the provider # if the cache repo is enabled. "ENVBUILDER_GIT_URL" : var.cache_repo == "" ? local.repo_url : "", + # Used for when SSH is an available authentication mechanism for git providers + "ENVBUILDER_GIT_SSH_PRIVATE_KEY_BASE64" : base64encode(try(data.coder_workspace_owner.me.ssh_private_key, "")), # Use the docker gateway if the access URL is 127.0.0.1 "ENVBUILDER_INIT_SCRIPT" : replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal"), "ENVBUILDER_FALLBACK_IMAGE" : data.coder_parameter.fallback_image.value, @@ -263,8 +265,9 @@ resource "kubernetes_deployment" "main" { name = "dev" image = var.cache_repo == "" ? local.devcontainer_builder_image : envbuilder_cached_image.cached.0.image image_pull_policy = "Always" - security_context {} - + security_context { + privileged = true + } # Set the environment using cached_image.cached.0.env if the cache repo is enabled. # Otherwise, use the local.envbuilder_env. # You could alternatively write the environment variables to a ConfigMap or Secret From 4766367f21928819e216c03042c0207e14b13e21 Mon Sep 17 00:00:00 2001 From: greg-the-coder Date: Mon, 25 Aug 2025 20:21:27 +0000 Subject: [PATCH 2/4] Commented out CPU & RAM Usage metadata due to issues when used on AWS Linux Nodes --- .../templates/kubernetes-devcontainer/main.tf | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/registry/coder/templates/kubernetes-devcontainer/main.tf b/registry/coder/templates/kubernetes-devcontainer/main.tf index a05f8e8c0..bb4a34972 100644 --- a/registry/coder/templates/kubernetes-devcontainer/main.tf +++ b/registry/coder/templates/kubernetes-devcontainer/main.tf @@ -355,21 +355,22 @@ resource "coder_agent" "main" { # if you don't want to display any information. # For basic resources, you can use the `coder stat` command. # If you need more control, you can write your own script. - metadata { - display_name = "CPU Usage" - key = "0_cpu_usage" - script = "coder stat cpu" - interval = 10 - timeout = 1 - } - - metadata { - display_name = "RAM Usage" - key = "1_ram_usage" - script = "coder stat mem" - interval = 10 - timeout = 1 - } + # Note: May not work on AWS Linux Nodes + # metadata { + # display_name = "CPU Usage" + # key = "0_cpu_usage" + # script = "coder stat cpu" + # interval = 10 + # timeout = 1 + # } + # Note: May not work on AWS Linux Nodes + # metadata { + # display_name = "RAM Usage" + # key = "1_ram_usage" + # script = "coder stat mem" + # interval = 10 + # timeout = 1 + # } metadata { display_name = "Workspaces Disk" From 13033de03340580be03cde13386fe439b799d6f0 Mon Sep 17 00:00:00 2001 From: greg-the-coder Date: Mon, 25 Aug 2025 20:30:43 +0000 Subject: [PATCH 3/4] Changed default namespace to coder, to match install doco and fixed cpu parameter icon reference --- registry/coder/templates/kubernetes-devcontainer/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/registry/coder/templates/kubernetes-devcontainer/main.tf b/registry/coder/templates/kubernetes-devcontainer/main.tf index bb4a34972..f75b3e62f 100644 --- a/registry/coder/templates/kubernetes-devcontainer/main.tf +++ b/registry/coder/templates/kubernetes-devcontainer/main.tf @@ -40,7 +40,7 @@ variable "use_kubeconfig" { variable "namespace" { type = string - default = "default" + default = "coder" description = "The Kubernetes namespace to create workspaces in (must exist prior to creating workspaces). If the Coder host is itself running as a Pod on the same Kubernetes cluster as you are deploying workspaces to, set this to the same namespace." } @@ -62,7 +62,7 @@ data "coder_parameter" "cpu" { display_name = "CPU" description = "CPU limit (cores)." default = "2" - icon = "/emojis/1f5a5.png" + icon = "/icon/memory.svg" mutable = true validation { min = 1 From 6e2f7ca961846049976ed6a7e0b90ba02515bba3 Mon Sep 17 00:00:00 2001 From: Atif Ali Date: Mon, 1 Sep 2025 09:45:28 +0500 Subject: [PATCH 4/4] Update comment with link for AWS Linux Nodes issue --- registry/coder/templates/kubernetes-devcontainer/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/registry/coder/templates/kubernetes-devcontainer/main.tf b/registry/coder/templates/kubernetes-devcontainer/main.tf index f75b3e62f..5258ede7b 100644 --- a/registry/coder/templates/kubernetes-devcontainer/main.tf +++ b/registry/coder/templates/kubernetes-devcontainer/main.tf @@ -355,7 +355,7 @@ resource "coder_agent" "main" { # if you don't want to display any information. # For basic resources, you can use the `coder stat` command. # If you need more control, you can write your own script. - # Note: May not work on AWS Linux Nodes + # Note: May not work on AWS Linux Nodes See: https://github.com/coder/clistat/issues/17 # metadata { # display_name = "CPU Usage" # key = "0_cpu_usage"