@@ -9,7 +9,14 @@ a site manager must enable CVMs. To do so:
991 . Go to ** Manage > Admin > Infrastructure** .
10101 . Toggle the ** Enable Container-Based Virtual Machines** option to ** Enable** .
1111
12- ## Cached CVMs
12+ This section also describes the customization features that Coder offers for
13+ CVMs:
14+
15+ ![ CVM Settings] ( ../../../assets/admin/cvm-settings.png )
16+
17+ These settings will apply to workspaces ** after** they have been rebuilt.
18+
19+ ## Caching
1320
1421> Cached CVMs are currently an ** alpha** feature.
1522
@@ -18,7 +25,7 @@ To improve the startup time for CVM-based workspaces, you can enable caching.
1825Cached CVMs require the ` shiftfs ` kernel to be present on the node. Some
1926distributions (such as Ubuntu) include ` shiftfs ` . If you're unsure if ` shiftfs `
2027is present on your nodes, you can check by running ` modinfo shiftfs ` . If no
21- output is returned, then you do not have ` shiftfs ` installed.
28+ output is returned, you do not have ` shiftfs ` installed.
2229
2330If you don't want to install ` shiftfs ` yourself, you can have Coder install the
2431module automatically for you. ** It is important that you do not have secure boot
@@ -27,4 +34,78 @@ install `shiftfs` on your behalf.**
2734
2835> GPUs are not supported with cached CVMs at this time.
2936
30- ![ Cached CVMs] ( ../../../assets/admin/cached-cvms.png )
37+ ## Self-contained workspace builds
38+
39+ > Self-contained workspace builds are currently an ** alpha** feature.
40+
41+ By default, Coder initializes workspaces by running commands inside the
42+ container. Workspaces, however, control the initialization sequence instead when
43+ you enable [ self-contained workspace builds] . This enables cluster operations
44+ that restrict command execution inside containers using the Kubernetes API, such
45+ as the ` kubectl exec ` command.
46+
47+ [ self-contained workspace builds ] : ../self-contained-builds.md
48+
49+ ## Workspace process logging
50+
51+ > Workspace process logging is currently an ** alpha** feature.
52+
53+ [ Workspace process logging] enables auditing of commands executed inside the
54+ workspace container.
55+
56+ [ workspace process logging ] : ../process-logging.md
57+
58+ ## TUN device
59+
60+ > TUN devices currently an ** alpha** feature.
61+
62+ Coder allows the creation of custom network interfaces using the Linux TUN
63+ device. When using the ** Enable TUN device** setting, Coder workspaces will have
64+ a ` /dev/net/tun ` device mounted into the workspace at build time. VPN usage
65+ often requires a TUN device.
66+
67+ Users may need root (or ` sudo ` ) access within their workspace to use the TUN
68+ device and start a VPN client.
69+
70+ > At this time, Coder does not support TUN devices for non-Kubernetes workspace
71+ > types, such as EC2 or Docker.
72+ >
73+ > If you're working with EC2 workspaces, we recommend enabling privileged mode
74+ > in the workspace provider settings, which will allow users to create their own
75+ > TUN device.
76+
77+ We've tested this feature using the [ Tailscale] ( https://tailscale.com/ ) VPN
78+ within Coder. Remember that you may have to change your VPN settings to keep any
79+ persistent files (such as configuration/identity) files in your home volume, as
80+ any data outside the home volume is cleared when the workspace is rebuilt.
81+
82+ ## FUSE device
83+
84+ > FUSE devices are currently an ** alpha** feature.
85+
86+ Coder allows the creation of custom filesystems using the Linux FUSE userspace
87+ filesystem device. By enabling the ** Enable FUSE device** setting, Coder
88+ workspaces will have a ` /dev/fuse ` device mounted into the workspace at build
89+ time. These devices are often used to mount specialized filesystems, such as
90+ Google Cloud Storage buckets, to your workspace.
91+
92+ Users may need root (or ` sudo ` ) access within their workspace to use the FUSE
93+ device and start a FUSE filesystem.
94+
95+ > At this time, Coder does not support FUSE devices for non-Kubernetes workspace
96+ > types, such as EC2 or Docker.
97+ >
98+ > If you're working with EC2 workspaces, we recommend enabling privileged mode
99+ > in the workspace provider settings, which will allow users to create their own
100+ > FUSE device.
101+
102+ For example, you can mount a directory from a remote SSH server using ` sshfs ` :
103+
104+ ``` console
105+ mkdir /tmp/mnt
106+ sshfs user@host:/ /tmp/mnt
107+ ```
108+
109+ Then, in a second terminal, run ` ls /tmp/mnt ` to list the files from the remote
110+ host. You should also be able to see a ` fuse.sshfs ` entry in the output from the
111+ ` mount ` command.
0 commit comments