Workspace templates
As of Coder version 1.19, only workspace templates version 0.2 is supported. To update your workspace, you must update your templates to version 0.2.
Workspace templates allows you to define and create new workspaces using workspace templates.
Workspace templates are written in YAML and have a .yaml
or .yml
extension.
For assistance with creating your Coder YAML file, you can use the
template intellisense feature.
Coder looks for your workspace template at the following path:
<repository-root>/.coder/<template-name>.yaml
Workspace template sample
The following is a sample workspace template that makes use of all available fields. Depending on your use case, you may not need all of the options available.
Note that the fields are case-sensitive.
For detailed information on the fields available, see the subsequent sections of this article.
version: 0.2
workspace:
# Type indicates the provider type to use when building the workspace.
# It corresponds to the `kubernetes` section under `specs`.
type: kubernetes
specs:
kubernetes:
image:
value: index.docker.io/ubuntu:18.04
container-based-vm:
value: true
cpu:
value: 4
memory:
value: 16
disk:
value: 128
gpu-count:
value: 1
labels:
value:
com.coder.custom.hello: "hello"
com.coder.custom.world: "world"
annotations:
value:
- key: annotation-key
value: annotation-value
run-as-user:
value: 1000
run-as-group:
value: 1000
seccomp-profile-type:
value: Localhost
seccomp-profile-localhost-profile:
value: profiles/custom-profile.json
configure:
start:
value:
- name: "install curl"
command: |
apt update
apt install -y curl
- name: "Create organization directory"
command: "mkdir -p /home/coder/go/src/github.com/my-org"
# Be careful with keyscans like this!
- name: "Add GitHub to known hosts"
command:
"sudo ssh-keyscan -H github.com >> /home/coder/.ssh/known_hosts"
- name: "Clone Git Project"
command: "git clone [email protected]:my-org/my-project.git"
continue-on-error: true
directory: /home/coder/go/src/github.com/my-org
- name: "install Go binary"
command: "go install"
directory: /home/coder/go/src/github.com/my-org/my-project
shell: "bash"
continue-on-error: true
env:
GOPATH: /home/coder/go
dev-urls:
value:
- name: MyWebsite
port: 3000
scheme: http
access: private
- name: PublicPort
port: 443
scheme: https
access: public
- name: OrgWebsite
port: 3001
scheme: http
access: org
- name: AuthedSite
port: 8081
scheme: https
access: authed
Workspace template fields
version
The version number of the config file being used. The currently supported
version is 0.2
.
workspace
Required. The section containing all configuration information related to the workspace.
workspace.type
Required. Determines the type of workspace to be created. Currently, the
only accepted value is kubernetes
.
workspace.specs
Required. This section contains configuration information specific to the
workspace.type
.
workspace.specs.kubernetes
This section contains all the properties related to a kubernetes
workspace.
workspace.specs.kubernetes.image.value
Required. The image to use for the workspace. The image should include the
registry and (optionally) the tag, e.g., docker.io/ubuntu:18.04
. If you omit
the tag, Coder uses the default value of latest
.
You must have imported the image into Coder, otherwise, the workspace will fail to build.
workspace.specs.kubernetes.labels.value
The Kubernetes labels to be added to the workspace pod.
labels:
value:
com.coder.custom.hello: hello
com.coder.custom.world: world
labels
is disabled by default and must be enabled by a site admin.
workspace.specs.kubernetes.annotations.value
The Kubernetes annotations to be added to the workspace pod.
annotations:
value:
- key: annotation-key
value: annotation-value
workspace.specs.kubernetes.gpu-count.value
The number of GPUs to allocate to the workspace.
workspace.specs.kubernetes.container-based-vm.value
Determines whether the workspace should be created as a
container-based virtual machine (CVM). Default is false
.
workspace.specs.kubernetes.cpu.value
Required. The number of cores to allocate to the workspace.
workspace.specs.kubernetes.env
The environment variables to set in the workspaces.
workspace.specs.kubernetes.memory.value
Required. The amount of memory (in GB) to allocate to the workspace.
workspace.specs.kubernetes.disk.value
Required. The amount of disk space (in GB) to allocate to the workspace.
workspace.specs.kubernetes.privileged
Whether the workspace should be run as privileged (running as privileged disables most container security isolation).
workspace.specs.kubernetes.resource-requests
The custom resources that can be requested.
workspace.specs.kubernetes.resource-limits
The limits to apply to the custom resources requested.
workspace.specs.kubernetes.runtime-class-name
The name of a Kubernetes RuntimeClass to associate with the workspaces.
workspace.specs.kubernetes.tolerations.value
Adds Kubernetes tolerations to the workspace pod.
tolerations:
value:
- key: example1
operator: Exists
value: value-1
effect: NoSchedule
tolerationSeconds: 200
- key: example-3
operator: Equal
value: value-2
effect: PreferNoSchedule
tolerationSeconds: 400
- key: example-3
value: value-3
effect: NoExecute
tolerations
is disabled by default and must be enabled by a site admin.
workspace.specs.kubernetes.node-selector.value
Adds Kubernetes NodeSelectors to the workspace pod. The value is a sequence of key/value pairs.
For example, the following snippet would add two nodeSelectors
for Kubernetes:
accelerator:nvidia
and disktype:ssd
.
node-selector:
value:
- key: accelerator
value: nvidia
- key: disktype
value: ssd
node-selector
is disabled by default and must be enabled by a site admin.
workspace.specs.kubernetes.run-as-user.value
Sets the runAsUser
attribute on the workspace's PodSecurityContext, which
controls the UID used within containers. The value must be a numeric UID.
If not specified, this defaults to the UID specified in the image metadata, as specified in the Kubernetes documentation.
workspace.specs.kubernetes.run-as-group.value
Sets the runAsGroup
attribute on the workspace's PodSecurityContext, which
controls the GID used within the workspace container. The value must be a
numeric GID.
If not specified, this defaults to a GID specified by the container runtime, as specified in the Kubernetes documentation.
workspace.specs.kubernetes.seccomp-profile-type.value
Applies a seccomp profile
to the workspace pod. The value is a string, corresponding to the type
subfield of the PodSecurityContext seccompProfile
attribute.
For example, the following snippet would explicitly disable seccomp protection:
seccomp-profile-type:
value: Unconfined
seccomp-profile-type
is disabled by default and must be enabled by a site
admin.
workspace.specs.kubernetes.seccomp-profile-localhost-profile.value
Applies a custom seccomp profile
to the workspace pod. The value is a string, corresponding to the
localhostProfile
subfield of the PodSecurityContext seccompProfile
attribute.
Per the Kubernetes
documentation,
this attribute is only valid if used in combination with the Localhost
seccomp
profile type. Its value must correspond to the path of a valid JSON profile that
is already configured on the Kubernetes worker nodes.
The following snippet demonstrates setting a custom profile:
seccomp-profile-type:
value: Localhost
seccomp-profile-localhost-profile:
value: profiles/my-custom-profile.json
seccomp-profile-localhost-profile
is disabled by default and must be enabled
by a site admin.
workspace.configure
This section lists the commands that run within the workspace after Coder builds the workspace. See Configure for more information.
workspace.configure.start.value
The list of commands to run when Coder starts a workspace.
workspace.configure.start.value[*].command
Required. Runs the provided command within the workspace (Coder supports the use of both single-line and multi-line commands).
-
Single-line command:
- name: Install curl command: apt install -y curl
-
Multi-line command:
- name: Update and install curl command: | apt update apt install -y curl
workspace.configure.start.value[*].name
The name of the command being run.
workspace.configure.start.value[*].shell
The shell Coder should use to run the command.
start:
value:
- name: First step
shell: /bin/bash
workspace.configure.start.value[*].directory
The working directory from which Coder should run the command.
start:
value:
- name: First step
directory: /home/coder
workspace.configure.start.value[*].continue-on-error
Any step that returns a non-zero exit code will fail. By default, a failure prevents the subsequent steps from executing. If you would like to change this behavior, this field (which accepts a Boolean value) will allow a step to fail and not halt subsequent steps.
workspace.configure.start.value[*].env
The map of environment variables to set for the command.
start:
value:
- name: First step
env:
HOME: /home/coder
GOPATH: /home/coder/go
workspace.dev-urls.value
This list allows you to provision dev URLs using the workspaces as code configuration file. The dev URLs will be provisioned in addition to any dev URLs you create.
dev-urls:
value:
- name: PublicPort
port: 443
scheme: https
access: public
- name: PrivatePort
port: 8000
scheme: https
access: private
workspace.dev-urls.value[*].name
The name of the dev URL to be created.
workspace.dev-urls.value[*].port
The workspace port that the dev URL exposes.
workspace.dev-urls.value[*].scheme
The URL scheme (protocol) to use (i.e., http
or https
).
workspace.dev-urls.value[*].access
The permission level of the dev URL:
- private: Can only be accessed by the owner of the workspace
- org: Can be accessed by all members of the organization to which the workspace belongs
- authed: Can be accessed by all users on the Coder deployment
- public: Can be accessed by anyone on the internet