C
Coder.comā€¢2y ago
Scott

Can the Coder Server be a k8s service?

After the discussion yesterday here, I got to thinking. Is there a way to have the Coder Server be a "pure" k8s service instead of a final endpoint? In other words, a way to allow the API to be authenticated, but then user workflow is simply controlled by the client directly i.e. no user login. Coder would be part of a bigger overall system and calls to it would be trusted. šŸ¤” Basically, I believe the API would just need an API key from the client that can be fairly static to allow the client to control Coder. Only administrators of the bigger system would have direct access to the Coder UI and Coder CLI for the purpose of creating and testing templates. I would guess we are getting into enterprise features. I'm just wondering if it's at all possible.
Scott
2 Replies
kyle
kyleā€¢2y ago
There isn't a way to disable user login at the moment. You could do similarly by hiding the Coder service from users or making it a secret endpoint. This shouldn't be a security loophole since their API key could perform the same actions anyways.
Scott
ScottOPā€¢2y ago
I'm not totally keen on OIDC, but could that make this simpler? Because, I've already got login working over OIDC with Keycloak (something you could advertise too :)).

Did you find this page helpful?