If you need increased security for your Coder deployments, you can set up an air-gapped deployment.
To do so, you must:
Coder licenses issued as part of the trial program do not support air-gapped deployments.
Before proceeding, please ensure that you've installed the following dependencies:
Coder is deployed through helm, and the platform images are hosted in Coder's Docker Hub repo.
Pull down the Coder helm charts by running the following in a non-air-gapped environment:
helm repo add coder https://helm.coder.com helm pull coder/coder
These commands will add Coder's helm charts and pull the latest stable release into a tarball file whose name uses the following format: coder-X.Y.Z.tgz (X.Y.Z is the Coder release number).
Pull the images for the Coder platform from the following Docker Hub locations:
You can pull each of these images from their
registry location using the image's name and Coder version:
docker pull coderenvs/coder-service:<version>
Tag and push all of the images that you've downloaded in the previous step to
your internal registry; this registry must be accessible from your air-gapped
environment. For example, to push
docker tag coderenvs/coder-service:<version> my-registry.com/coderenvs/coder-service:<version> docker push my-registry.com/coderenvs/coder-service:<version>
Once all of the resources are in your air-gapped network, run the following to deploy Coder to your Kubernetes cluster:
kubectl create namespace coder helm --namespace coder install coder /path/to/coder-X.Y.Z.tgz \ --set cemanager.image=my-registry.com/coderenvs/coder-service:<version> \ --set envproxy.image=my-registry.com/coderenvs/coder-service:<version> \ --set envbuilder.image=my-registry.com/coderenvs/envbuilder:<version> \ --set timescale.image=my-registry.com/coderenvs/timescale:<version> \ --set dashboard.image=my-registry.com/coderenvs/dashboard:<version> \ --set envbox.image=my-registry.com/coderenvs/envbox:<version>
Next, follow the Installation guide beginning with step 6 to get the access URL and the temporary admin password, which allows you to proceed with setting up and configuring Coder.
You can configure your deployment to use the internal, built-in extension marketplace, allowing your developers to utilize whitelisted IDE extensions within your air-gapped environment. For additional details, see Extensions.