This article walks you through the process of setting up an air-gapped deployment in situations where you need increased security around your Coder deployments.
Coder Enterprise's auto-generated licenses do not support air-gapped deployments.
To set up an air-gapped deployment, you must:
- Pull all Coder deployment resources into your air-gapped environment
- Push the images to your Docker registry,
- Deploy Coder from within your air-gapped environment
Before proceeding, please ensure that you've installed the following dependencies:
Coder Enterprise is deployed through helm, and the platform images are hosted on Coder's Docker Hub repo.
You can pull down the Coder Enterprise helm charts by running the following in a non-air-gapped environment:
helm repo add coder https://helm.coder.com helm pull coder/coder
These commands will add Coder's helm charts and pull the latest stable release into a tarball file whose name uses the following format:
coder-X.Y.Z.tgz (X.Y.Z is the release number).
You can pull the images for the Coder platform from the following Docker Hub locations:
You can pull each of these images from their
coderenvs/<img-name>:<coder-version> registry location using the image's name and Coder version:
docker pull coderenvs/coder-service:1.11.0
Once you've downloaded all of the resources you need to deploy Coder, tag and push the images to your internal Docker registry that's accessible from your air-gapped environment:
docker tag coderenvs/coder-service:1.11.0 my-registry.example.com/coderenvs/coder-service:1.11.0 docker push my-registry.example.com/coderenvs/coder-service:1.11.0
Once all of these resources are in your air-gapped network, you can run the following helm command to deploy the platform to your Kubernetes cluster:
kubectl create namespace coder helm --namespace coder install coder /path/to/coder-X.Y.Z.tgz \ --set cemanager.image=my-registry.example.com/coderenvs/coder-service:1.11.0 \ --set envproxy.image=my-registry.example.com/coderenvs/coder-service:1.11.0 \ --set envbuilder.image=my-registry.example.com/coderenvs/envbuilder:1.11.0 \ --set timescale.image=my-registry.example.com/coderenvs/timescale:1.11.0 \ --set dockerd.image=my-registry.example.com/coderenvs/dockerd:1.11.0 \ --set envmetrics.image=my-registry.example.com/coderenvs/coder-service:1.11.0
Once deployed, you can follow the steps listed in Installation & Setup to get the access URL and the temporary admin password.
You can configure your deployment to use the internal, built-in extension marketplace, allowing your developers to utilize whitelisted IDE extensions within your air-gapped environment. For additional details, see Extensions .
Updated about a month ago
|Work with Environments|