Skip to content
/ kube-coder Public

helm chart for a isolated dev coding environment pod in kubernetes

License

MIT license
128 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

imran31415/kube-coder

BranchesTags

Repository files navigation

Kube-Coder

License: MIT Helm Kubernetes CI

A Helm chart for deploying secure, isolated development workspaces in Kubernetes. Each workspace provides VS Code IDE, terminal access, and remote browser capabilities, protected by GitHub OAuth2 authentication.

Dashboard
Dashboard
Clean workspace hub with system metrics, service health, and GitHub config 		Remote Browser
VS Code IDE
Full-featured browser IDE with extensions and terminal access 		VS Code IDE
Remote Browser
Full Firefox browser via VNC — test web apps from anywhere 		TTYD with claude TTYD terminal interface accessible from browser
Claude built in with environment awareness

Features

Core Development Environment

  • VS Code IDE - Browser-based IDE with extensions support
  • Terminal - Full system access via browser
  • Remote Browser - Firefox with VNC viewer for testing web apps
  • System Monitoring - Real-time CPU, memory, disk usage dashboard
  • GitHub Integration - Easy SSH key and git config setup from dashboard

Security & Authentication

  • GitHub OAuth2 - Secure authentication with configurable user authorization
  • HTTPS Everywhere - Let's Encrypt certificates with automatic renewal
  • Isolated Workspaces - Complete isolation between user environments

Development Stack

  • Node.js 20 + Yarn - Latest Node.js with Yarn package manager
  • Container Builds - Docker-in-Docker with BuildKit support
  • Claude Code CLI - AI-powered development assistant built-in
  • Persistent Storage - Dedicated storage that survives restarts

Architecture

┌─────────────────────────────────────────────────┐
│             Base Infrastructure                  │
│  • Shared ConfigMaps (kaniko-wrapper, etc.)     │
└─────────────────────────────────────────────────┘
                        │
            ┌───────────┴───────────┐
            │                       │
┌───────────▼──────────┐  ┌─────────▼──────────────┐
│   Imran Workspace    │  │   Gerard Workspace     │
│  • Independent Helm  │  │  • Independent Helm    │
│  • Own PVC & secrets │  │  • Own PVC & secrets   │
│  • Dedicated ingress │  │  • Dedicated ingress   │
└──────────────────────┘  └────────────────────────┘

Quick Start

Prerequisites

  • Kubernetes cluster (1.19+)
  • Helm 3.0+
  • nginx ingress controller
  • cert-manager for HTTPS
  • GitHub OAuth App

Deploy

# Create namespace
kubectl create namespace coder

# Deploy base infrastructure
make deploy-base

# Deploy a workspace
make deploy-imran

Access (OAuth2)

  • Dashboard: https://username.yourdomain.com/oauth
  • VS Code: https://username.yourdomain.com/oauth/ide
  • Terminal: https://username.yourdomain.com/oauth/terminal

Pre-installed Stack

Category Tools
Runtime Node.js 20.19.4, Python 3.12, Go 1.22
Package Managers Yarn 1.22.22, npm, pip
Build Tools Docker CLI, docker-compose, make, gcc
Cloud Tools kubectl, GitHub CLI
AI Assistant Claude Code CLI
Utilities curl, jq, tmux, vim, nano

Commands

make help             # Show all commands
make deploy-imran     # Deploy Imran's workspace
make deploy-gerard    # Deploy Gerard's workspace
make deploy-all       # Deploy everything
make status           # Check deployment status
make test-imran       # Test workspace setup
make shell-imran      # Shell into workspace
make logs-imran       # View logs
make rollback-imran   # Rollback workspace
make version          # Show versions and config

Adding New Users

See NEW_USER_PROVISIONING.md for details.

# Automated
./scripts/provision-user.sh john john_doe "John Doe" john@company.com dev.company.com

# Manual
mkdir deployments/john
cp templates/user-values-template.yaml deployments/john/values.yaml
# Edit values, then deploy

Configuration Reference

Workspace Values

# deployments/username/values.yaml
namespace: coder

user:
  name: username
  pvcSize: 50Gi
  host: username.dev.yourdomain.com
  env:
    - name: GIT_USER_NAME
      value: "User Name"
    - name: GIT_USER_EMAIL
      value: "user@domain.com"

image:
  repository: registry.digitalocean.com/resourceloop/coder
  tag: devlaptop-v1.6.2-browser-stealth
  pullPolicy: Always

oauth2:
  githubUsers: "user1,user2"  # Authorized GitHub usernames

resources:
  requests:
    cpu: "2"
    memory: 3Gi
  limits:
    cpu: "3"
    memory: 5Gi

Project Structure

charts/
├── base-infrastructure/    # Shared ConfigMaps
└── workspace/              # Workspace template
    └── templates/
        ├── deployment.yaml
        ├── service.yaml
        ├── ingress.yaml
        ├── ingress-oauth2.yaml
        ├── oauth2-proxy.yaml
        ├── browser-configmap.yaml
        ├── pvc.yaml
        └── serviceaccount.yaml

deployments/
├── imran/values.yaml       # User-specific config
└── gerard/values.yaml

Troubleshooting

# Check pods
kubectl get pods -n coder

# Check logs
make logs-imran

# Test workspace
make test-imran

# Shell access
make shell-imran

# Certificate issues
kubectl get certificate -n coder

Security Features

  • GitHub OAuth2 - Secure authentication with user authorization
  • TLS encryption - All traffic encrypted with Let's Encrypt
  • Workspace isolation - Users cannot access each other's environments
  • Non-root containers - All processes run as uid/gid 1000
  • Isolated storage - Dedicated PVC per user

License

MIT

About

helm chart for a isolated dev coding environment pod in kubernetes

Resources

Readme

License

MIT license
Activity

Stars

128 stars

Watchers

0 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages