Multitenancy with Coder
Hi,
I hope this question isn't as silly as my last one was.
I read in the docs, that to allow for the usage of secrets other Terraform providers would need to access external APIs with, I'd need to start up the Coder pod (in k8s scenario), with the secrets already loaded as environment variables. (Do correct me if I am wrong!)
So far so good. But, what about if I need Coder to be serving workspaces that need a whole slew of secrets?
Let me explain the use case.
Let's say, instead of allowing Coder to create subdomains to access the workspaces, I want to go through Cloudflare to create the subdomains to offer access. However, the developers all have different accounts to Cloudflare for their own sites. I don't believe I'd want to load all these credentials, even as env vars, into the Coder server environment.
Is there another, smarter, way to handle this kind of scenario? I was thinking something along the lines of sidecars. Jobs that could be ran via a secondary Coder servers, but then "closed" after the job is completed. The only open question in my mind would be Terraform state and keeping it available for destruction purposes.
I hope this question isn't as silly as my last one was.
I read in the docs, that to allow for the usage of secrets other Terraform providers would need to access external APIs with, I'd need to start up the Coder pod (in k8s scenario), with the secrets already loaded as environment variables. (Do correct me if I am wrong!)
So far so good. But, what about if I need Coder to be serving workspaces that need a whole slew of secrets?
Let me explain the use case.
Let's say, instead of allowing Coder to create subdomains to access the workspaces, I want to go through Cloudflare to create the subdomains to offer access. However, the developers all have different accounts to Cloudflare for their own sites. I don't believe I'd want to load all these credentials, even as env vars, into the Coder server environment.
Is there another, smarter, way to handle this kind of scenario? I was thinking something along the lines of sidecars. Jobs that could be ran via a secondary Coder servers, but then "closed" after the job is completed. The only open question in my mind would be Terraform state and keeping it available for destruction purposes.
