Patrick.Sy/website-and-documentation
1
0
Fork 0
forked from DevFW-CICD/website-and-documentation
Code Pull requests Activity
website-and-documentation/content/en/docs/edp/deployment/infrastructure/stacks/coder.md

10 KiB
Raw Blame History

title linkTitle weight description
Coder Coder 20 Cloud Development Environments for secure, scalable remote development

Overview

Coder is an enterprise cloud development environment (CDE) platform that provisions secure, consistent remote development workspaces. As part of the Edge Developer Platform, Coder enables developers to work in standardized, on-demand environments defined as code, moving development workloads from local machines to centrally managed infrastructure.

The Coder stack deploys a self-hosted Coder instance with PostgreSQL database backend, integrated authentication, and edge connectivity capabilities.

Key Features

  • Infrastructure as Code Workspaces: Development environments defined using Terraform templates
  • IDE Agnostic: Supports browser-based IDEs, VS Code, JetBrains IDEs, and other development tools
  • Secure Remote Access: Workspaces run in controlled cloud or on-premises infrastructure
  • On-Demand Provisioning: Developers create ephemeral or persistent workspaces as needed
  • AI Agent Support: Secure execution environment for AI coding assistants
  • Template-Based Deployment: Reusable workspace templates ensure consistency across teams

Repository

Code: Coder Stack Templates

Documentation:

Getting Started

Prerequisites

  • Kubernetes cluster with ArgoCD installed (provided by core stack)
  • CloudNativePG operator (provided by core stack)
  • Ingress controller configured (provided by otc stack)
  • cert-manager for TLS certificate management (provided by otc stack)
  • Domain name configured via DOMAIN_GITEA environment variable

Quick Start

The Coder stack is deployed as part of the EDP installation process:

  1. Trigger Deploy Pipeline
  • Go to Infra Deploy Pipeline
  • Click on Run workflow
  • Enter a name in "Select environment directory to deploy". This must be DNS Compatible. (if you enter test-me then the domain will be coder.test-me.t09.de)
  • Execute workflow
  1. ArgoCD Synchronization ArgoCD automatically deploys:
    • PostgreSQL database cluster (CloudNativePG)
    • Coder application (Helm chart v2.28.3)
    • Ingress configuration with TLS
    • Database credentials and edge connectivity secrets

Verification

Verify the Coder deployment:

# Check ArgoCD application status
kubectl get application coder -n argocd

# Verify Coder pods are running
kubectl get pods -n coder

# Check PostgreSQL cluster status
kubectl get cluster coder-db -n coder

# Verify ingress configuration
kubectl get ingress -n coder

Access the Coder web interface at https://coder.{DOMAIN_GITEA}.

Architecture

Component Architecture

The Coder stack consists of:

Coder Control Plane:

  • Web application for workspace management
  • API server for workspace provisioning
  • Terraform executor for infrastructure operations

PostgreSQL Database:

  • Single-instance CloudNativePG cluster
  • Stores workspace metadata, templates, and user data
  • Managed database user with coder-db-user secret
  • 10Gi persistent storage on csi-disk storage class

Networking:

  • ClusterIP service for internal communication
  • Nginx ingress with TLS termination
  • cert-manager integration for automatic certificate management

Configuration

Environment Variables

The Coder application is configured through environment variables in values.yaml:

Access Configuration:

  • CODER_ACCESS_URL: Public URL where Coder is accessible (https://coder.{DOMAIN_GITEA})

Database Configuration:

  • CODER_PG_CONNECTION_URL: PostgreSQL connection string (from coder-db-user secret)

Authentication:

  • CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER_ENABLE: GitHub OAuth integration (disabled by default)

Edge Connectivity:

  • EDGE_CONNECT_ENDPOINT: Edge connection endpoint (from edge-credential secret)
  • EDGE_CONNECT_USERNAME: Edge authentication username
  • EDGE_CONNECT_PASSWORD: Edge authentication password

Helm Chart Configuration

Key Helm values configured in stacks/coder/coder/values.yaml:

coder:
  env:
    - name: CODER_ACCESS_URL
      value: "https://coder.{DOMAIN_GITEA}"
    - name: CODER_PG_CONNECTION_URL
      valueFrom:
        secretKeyRef:
          name: coder-db-user
          key: uri

  service:
    type: ClusterIP

  ingress:
    enable: true
    className: nginx
    host: "coder.{DOMAIN_GITEA}"
    annotations:
      cert-manager.io/cluster-issuer: main
    tls:
      enable: true
      secretName: coder-tls-secret

Important: Do not override CODER_HTTP_ADDRESS, CODER_TLS_ENABLE, CODER_TLS_CERT_FILE, or CODER_TLS_KEY_FILE as these are managed by the Helm chart.

PostgreSQL Database Configuration

Defined in stacks/coder/coder/manifests/postgres.yaml:

Cluster Specification:

  • 1 instance (single-node cluster)
  • Primary update strategy: unsupervised
  • Resource requests/limits: 1 CPU, 1Gi memory
  • Storage: 10Gi using csi-disk storage class

Managed Roles:

  • User: coder
  • Permissions: createdb, login
  • Password stored in coder-db-user secret

ArgoCD Application Configuration

Registry Application (template/registry/coder.yaml):

  • Name: coder-reg
  • Manages the Coder stack directory
  • Automated sync with prune and self-heal enabled

Stack Application (template/stacks/coder/coder.yaml):

  • Name: coder
  • Deploys Coder Helm chart v2.28.3 from https://helm.coder.com/v2
  • Automated self-healing enabled
  • Creates namespace automatically
  • References values from stacks-instances repository

Usage Examples

Creating a Workspace Template

After deployment, create workspace templates using Terraform:

  1. Access Coder Dashboard

    open https://coder.${DOMAIN_GITEA}

  2. Create Template Repository Create a Git repository with a Terraform template:

    # main.tf
terraform {
  required_providers {
    coder = {
      source  = "coder/coder"
      version = "~> 0.12"
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "~> 2.23"
    }
  }
}

resource "coder_agent" "main" {
  os   = "linux"
  arch = "amd64"
}

resource "kubernetes_pod" "main" {
  metadata {
    name      = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
    namespace = "coder-workspaces"
  }
  spec {
    container {
      name  = "dev"
      image = "codercom/enterprise-base:ubuntu"
      command = ["sh", "-c", coder_agent.main.init_script]
    }
  }
}

  3. Push Template to Coder

    coder templates push kubernetes-dev

Provisioning a Development Workspace

# Create a new workspace from template
coder create my-workspace --template kubernetes-dev

# Connect via SSH
coder ssh my-workspace

# Open in VS Code
coder open my-workspace --ide vscode

# Stop workspace when not in use
coder stop my-workspace

# Delete workspace
coder delete my-workspace

Integrating with Platform Services

Access EDP platform services from Coder workspaces:

# Connect to platform PostgreSQL
psql "postgresql://myuser@postgres.core.svc.cluster.local:5432/mydb"

# Access Forgejo
git clone https://forgejo.${DOMAIN_GITEA}/myorg/myrepo.git

# Query platform metrics
curl https://grafana.${DOMAIN}/api/datasources

Integration Points

  • Core Stack: Depends on ArgoCD for deployment orchestration and CloudNativePG operator for database management
  • OTC Stack: Requires ingress-nginx controller and cert-manager for external access and TLS
  • Forgejo Stack: Workspace templates can integrate with platform Git repositories
  • Observability Stack: Workspace metrics can be collected by platform observability tools
  • Dex (SSO): Can be configured for centralized authentication (requires additional configuration)

Troubleshooting

Coder Pods Not Starting

Problem: Coder pods remain in Pending or CrashLoopBackOff state

Solution:

  1. Check PostgreSQL cluster status:

    kubectl get cluster coder-db -n coder
kubectl describe cluster coder-db -n coder

  2. Verify database credentials secret:

    kubectl get secret coder-db-user -n coder
kubectl get secret coder-db-user -n coder -o jsonpath='{.data.uri}' | base64 -d

  3. Check Coder logs:

    kubectl logs -n coder -l app=coder

Cannot Access Coder UI

Problem: Coder web interface is not accessible at configured URL

Solution:

  1. Verify ingress configuration:

    kubectl get ingress -n coder
kubectl describe ingress -n coder

  2. Check TLS certificate status:

    kubectl get certificate -n coder
kubectl describe certificate coder-tls-secret -n coder

  3. Verify DNS resolution:

    nslookup coder.${DOMAIN_GITEA}

Database Connection Errors

Problem: Coder cannot connect to PostgreSQL database

Solution:

  1. Verify PostgreSQL cluster health:

    kubectl get pods -n coder -l cnpg.io/cluster=coder-db
kubectl logs -n coder -l cnpg.io/cluster=coder-db

  2. Check database and user creation:

    kubectl get database coder -n coder
kubectl exec -it coder-db-1 -n coder -- psql -U postgres -c "\l"
kubectl exec -it coder-db-1 -n coder -- psql -U postgres -c "\du"

  3. Test connection string:

    kubectl exec -it coder-db-1 -n coder -- psql "$(kubectl get secret coder-db-user -n coder -o jsonpath='{.data.uri}' | base64 -d)"

Workspace Provisioning Fails

Problem: Workspaces fail to provision from templates

Solution:

  1. Check Coder provisioner logs:

    kubectl logs -n coder -l app=coder --tail=100

  2. Verify Kubernetes permissions for workspace creation:

    kubectl auth can-i create pods --as=system:serviceaccount:coder:coder -n coder-workspaces

  3. Review template Terraform configuration for errors

Additional Resources