docs: add offical kubernetes provider runtime_class_name (#5157)

ericpaulsen · web-flow · commit 59af8349c682 · 2022-12-07T23:30:57.000-06:00
* add: offical kubernetes provider runtime_class_name

* fix: typos

* add: coder data source &amp; vars
diff --git a/docs/templates/docker-in-docker.md b/docs/templates/docker-in-docker.md
@@ -6,7 +6,7 @@ The [Sysbox](https://github.com/nestybox/sysbox) container runtime allows unpriv
 
 > Sysbox can also be used to run systemd inside Coder workspaces. See [Systemd in Docker](#systemd-in-docker).
 
-### Use Sysbox in Docker-based templates:
+### Use Sysbox in Docker-based templates
 
 After [installing Sysbox](https://github.com/nestybox/sysbox#installation) on the Coder host, modify your template to use the sysbox-runc runtime:
 
@@ -35,13 +35,29 @@ resource "coder_agent" "main" {
 }
 ```
 
-### Use Sysbox in Kubernetes-based templates:
+### Use Sysbox in Kubernetes-based templates
 
-After [installing Sysbox on Kubernetes](https://github.com/nestybox/sysbox/blob/master/docs/user-guide/install-k8s.md), modify your template to use the sysbox-runc RuntimeClass.
-
-> Currently, the official [Kubernetes Terraform Provider](https://registry.terraform.io/providers/hashicorp/kubernetes/latest) does not support specifying a custom RuntimeClass. [mingfang/k8s](https://registry.terraform.io/providers/mingfang/k8s), a third-party provider, can be used instead.
+After [installing Sysbox on Kubernetes](https://github.com/nestybox/sysbox/blob/master/docs/user-guide/install-k8s.md), modify your template to use the sysbox-runc RuntimeClass. This requires the Kubernetes Terraform provider version 2.16.0 or greater.
 
 ```hcl
+terraform {
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+    }
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+      version = "2.16.0"
+    }
+  }
+}
+
+variable "workspaces_namespace" {
+  default = "coder-namespace"
+}
+
+data "coder_workspace" "me" {}
+
 resource "coder_agent" "main" {
   os   = "linux"
   arch = "amd64"
@@ -56,7 +72,7 @@ resource "coder_agent" "main" {
   EOF
 }
 
-resource "k8s_core_v1_pod" "dev" {
+resource "kubernetes_pod" "dev" {
   count = data.coder_workspace.me.start_count
   metadata {
     name      = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
@@ -66,15 +82,14 @@ resource "k8s_core_v1_pod" "dev" {
     }
   }
 
-
   spec {
   runtime_class_name = "sysbox-runc"
   # Use the Sysbox container runtime (required)
     security_context {
-      run_asuser = 1000
-      fsgroup    = 1000
+      run_as_user = 1000
+      fs_group    = 1000
     }
-    containers {
+    container {
       name = "dev"
       env {
         name  = "CODER_AGENT_TOKEN"
@@ -93,7 +108,7 @@ resource "k8s_core_v1_pod" "dev" {
 
 While less secure, you can attach a [privileged container](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) to your templates. This may come in handy if your nodes cannot run Sysbox.
 
-### Use a privileged sidecar container in Docker-based templates:
+### Use a privileged sidecar container in Docker-based templates
 
 ```hcl
 resource "coder_agent" "main" {
@@ -130,9 +145,27 @@ resource "docker_container" "workspace" {
 }
 ```
 
-### Use a privileged sidecar container in Kubernetes-based templates:
+### Use a privileged sidecar container in Kubernetes-based templates
 
 ```hcl
+terraform {
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+    }
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+      version = "2.16.0"
+    }
+  }
+}
+
+variable "workspaces_namespace" {
+  default = "coder-namespace"
+}
+
+data "coder_workspace" "me" {}
+
 resource "coder_agent" "main" {
   os             = "linux"
   arch           = "amd64"
@@ -179,7 +212,7 @@ resource "kubernetes_pod" "main" {
 
 Additionally, [Sysbox](https://github.com/nestybox/sysbox) can be used to give workspaces full `systemd` capabilities.
 
-### Use systemd in Docker-based templates:
+### Use systemd in Docker-based templates
 
 After [installing Sysbox](https://github.com/nestybox/sysbox#installation) on the Coder host, modify your template to use the sysbox-runc runtime and start systemd:
 
@@ -219,32 +252,37 @@ resource "coder_agent" "main" {
 }
 ```
 
-### Use systemd in Kubernetes-based templates:
-
-After [installing Sysbox on Kubernetes](https://github.com/nestybox/sysbox/blob/master/docs/user-guide/install-k8s.md), modify your template to use the sysbox-runc RuntimeClass.
+### Use systemd in Kubernetes-based templates
 
-> Currently, the official [Kubernetes Terraform Provider](https://registry.terraform.io/providers/hashicorp/kubernetes/latest) does not support specifying a custom RuntimeClass. [mingfang/k8s](https://registry.terraform.io/providers/mingfang/k8s), a third-party provider, can be used instead.
+After [installing Sysbox on Kubernetes](https://github.com/nestybox/sysbox/blob/master/docs/user-guide/install-k8s.md),
+modify your template to use the sysbox-runc RuntimeClass. This requires the Kubernetes Terraform provider version 2.16.0 or greater.
 
 ```hcl
 terraform {
   required_providers {
     coder = {
       source  = "coder/coder"
     }
-    k8s = {
-      source = "mingfang/k8s"
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+      version = "2.16.0"
     }
   }
 }
 
+variable "workspaces_namespace" {
+  default = "coder-namespace"
+}
+
+data "coder_workspace" "me" {}
 
 resource "coder_agent" "main" {
   os   = "linux"
   arch = "amd64"
   dir  = "/home/coder"
 }
 
-resource "k8s_core_v1_pod" "dev" {
+resource "kubernetes_pod" "dev" {
   count = data.coder_workspace.me.start_count
   metadata {
     name      = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
@@ -254,19 +292,18 @@ resource "k8s_core_v1_pod" "dev" {
     }
   }
 
-
   spec {
 
     # Use Sysbox container runtime (required)
     runtime_class_name = "sysbox-runc"
 
     # Run as root in order to start systemd (required)
     security_context {
-      run_asuser = 0
-      fsgroup    = 0
+      run_as_user = 0
+      fs_group    = 0
     }
 
-    containers {
+    container {
       name = "dev"
       env {
         name  = "CODER_AGENT_TOKEN"
