Spiked_Grape
CCoder.com
•Created by Spiked_Grape on 9/15/2024 in #help
"workspace_owner_oidc_access_token"
I found a couple issues mentioning "workspace_owner_oidc_access_token" but not much in the docs. Is that still working? I am trying to setup some templates with azure resources in aks etc. and there is no external auth for azure except the azure devops one. Is is possible to do similiar things with an OIDC token.
also from the example below are there anymore examples of using the extra property? I am wondering if I can use something like to get specific OIDC fields from the user or something.
https://coder.com/docs/reference/cli/external-auth_access-token
- Obtain an extra property of an access token for additional metadata.:
$ coder external-auth access-token slack --extra "authed_user.id"
23 replies
CCoder.com
•Created by Spiked_Grape on 8/13/2024 in #help
template ci/cd pipeline enforcement
I was wondering if there is a way to disable the template editor in the ui or making it read only even for owners(although that wouldn't fix them having cli/api access)
I am basically looking for a way that can enforce template changes through merge request using ci coder service account with gitlab pipelines.
28 replies
CCoder.com
•Created by Spiked_Grape on 8/11/2024 in #help
custom login log question
First off, I do have an enterprise license so I have access to the features. Is there anywhere to save a custom logo for coder login screen in a certain directory(I tried the same directory as the coder binaries but that didn't work ~/.cache/coder/site/bin/ )on the container running coder or use some environment variable. I have only seen the option to use a URL that seems to rendered client side. Is it possible to make the coder container not the client browser resolve that logo?
I have issue with limitations and permissions for example creating an azure blob using a url to access the image. I did do that but do to privatelink requirements and some DNS limitations I only see the logo if I am accessing Coder within the same vnet. I would prefer to not stand up a web server just to host the logo.
18 replies
CCoder.com
•Created by Spiked_Grape on 8/2/2024 in #help
aks questions - enterprise version
Has anyone used azure blob storage with code-server workspaces, three use cases
1. as an alternative to the default which is disk
2. as a shared read only for large files like the trivy dB in an air gapped environment
3. As shared read/write storage for large data manipulation tasks.
Coder is deployed in aks. I also have question about using deployment versus pods as I have seen templates for both. Does one have benefits over the other?
Also, are there any tricks to get envbox working in AKS?
If I use azure app registration as the oidc login or the external auth can I use that somehow to authenticate for the blob storage?
I do have workload identity enabled on the cluster but I am currently only using it for SOPS kubernetes secrets decryption.
I also plan to setup coder external provisioned. How can auto start and stop those so that I can scale the node pool to zero at night etc. ? Can I create a node pool with azure user assigned managed identity or do I have to use a service principal for the external provisioners?
Also if the external provisioners are in different clusters in different vnets in different subscriptions divided by different business units, do I have to use a multi cluster mesh with istio or is vnet peering sufficient.
8 replies