You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: examples/templates/kubernetes-with-podman/README.md
+4-19Lines changed: 4 additions & 19 deletions
Original file line number
Diff line number
Diff line change
@@ -13,25 +13,6 @@ This template creates [rootless podman](./images) pods with either an Ubuntu or
13
13
14
14
Base images are pushed to [Docker Hub](https://hub.docker.com//codercom)
15
15
16
-
## RBAC
17
-
18
-
The Coder provisioner requires permission to administer pods to use this template. The template
19
-
creates workspaces in a single Kubernetes namespace, using the `workspaces_namespace` parameter set
20
-
while creating the template.
21
-
22
-
Create a role as follows and bind it to the user or service account that runs the coder host.
23
-
24
-
```yaml
25
-
apiVersion: rbac.authorization.k8s.io/v1
26
-
kind: Role
27
-
metadata:
28
-
name: coder
29
-
rules:
30
-
- apiGroups: [""]
31
-
resources: ["pods"]
32
-
verbs: ["*"]
33
-
```
34
-
35
16
## Authentication
36
17
37
18
This template can authenticate using in-cluster authentication, or using a kubeconfig local to the
@@ -79,6 +60,10 @@ roleRef:
79
60
80
61
Then start the Coder host with `serviceAccountName: coder` in the pod spec.
81
62
63
+
### Authenticate against external clusters
64
+
65
+
You may want to deploy workspaces on a cluster outside of the Coder control plane. Refer to the [Coder docs](https://coder.com/docs/v2/latest/platforms/kubernetes/additional-clusters) to learn how to modify your template to authenticate against external clusters.
66
+
82
67
## Namespace
83
68
84
69
The target namespace in which the pod will be deployed is defined via the `coder_workspace`
Copy file name to clipboardExpand all lines: examples/templates/kubernetes/README.md
+4-19Lines changed: 4 additions & 19 deletions
Original file line number
Diff line number
Diff line change
@@ -9,25 +9,6 @@ icon: /icon/k8s.png
9
9
10
10
This template creates a pod running the `codercom/enterprise-base:ubuntu` image.
11
11
12
-
## RBAC
13
-
14
-
The Coder provisioner requires permission to administer pods to use this template. The template
15
-
creates workspaces in a single Kubernetes namespace, using the `workspaces_namespace` parameter set
16
-
while creating the template.
17
-
18
-
Create a role as follows and bind it to the user or service account that runs the coder host.
19
-
20
-
```yaml
21
-
apiVersion: rbac.authorization.k8s.io/v1
22
-
kind: Role
23
-
metadata:
24
-
name: coder
25
-
rules:
26
-
- apiGroups: [""]
27
-
resources: ["pods"]
28
-
verbs: ["*"]
29
-
```
30
-
31
12
## Authentication
32
13
33
14
This template can authenticate using in-cluster authentication, or using a kubeconfig local to the
@@ -75,6 +56,10 @@ roleRef:
75
56
76
57
Then start the Coder host with `serviceAccountName: coder` in the pod spec.
77
58
59
+
### Authenticate against external clusters
60
+
61
+
You may want to deploy workspaces on a cluster outside of the Coder control plane. Refer to the [Coder docs](https://coder.com/docs/v2/latest/platforms/kubernetes/additional-clusters) to learn how to modify your template to authenticate against external clusters.
62
+
78
63
## Namespace
79
64
80
65
The target namespace in which the pod will be deployed is defined via the `coder_workspace`
0 commit comments