Can the Coder Server be a k8s service?
After the discussion yesterday here, I got to thinking. Is there a way to have the Coder Server be a "pure" k8s service instead of a final endpoint? In other words, a way to allow the API to be authenticated, but then user workflow is simply controlled by the client directly i.e. no user login. Coder would be part of a bigger overall system and calls to it would be trusted.
š¤
Basically, I believe the API would just need an API key from the client that can be fairly static to allow the client to control Coder.
Only administrators of the bigger system would have direct access to the Coder UI and Coder CLI for the purpose of creating and testing templates. I would guess we are getting into enterprise features. I'm just wondering if it's at all possible.
Scott
Scott
2 Replies
There isn't a way to disable user login at the moment.
You could do similarly by hiding the Coder service from users or making it a secret endpoint. This shouldn't be a security loophole since their API key could perform the same actions anyways.
I'm not totally keen on OIDC, but could that make this simpler? Because, I've already got login working over OIDC with Keycloak (something you could advertise too :)).