A Helm chart for deploying secure, isolated development workspaces in Kubernetes. Each workspace provides VS Code IDE, terminal access, remote browser capabilities, and AI-powered Claude Code integration with remote task management -- all protected by GitHub OAuth2 authentication.
 Dashboard Clean workspace hub with system metrics, service health, and GitHub config |
 VS Code IDE Full-featured browser IDE with extensions and terminal access |
 Remote Browser Full Firefox browser via VNC — test web apps from anywhere |
TTYD terminal interface accessible from browserClaude built in with environment awareness |
- VS Code IDE - Browser-based IDE with extensions support
- Terminal - Full system access via browser (ttyd)
- Remote Browser - Firefox with VNC viewer for testing web apps
- System Monitoring - Real-time CPU, memory, disk usage dashboard
- GitHub Integration - Easy SSH key and git config setup from dashboard
- Claude Code CLI - AI-powered development assistant built-in
- Claude Task API - Launch and manage Claude tasks remotely via REST API
- Claude Tasks Dashboard - Monitor running tasks, view status, one-click attach to interactive sessions
- Remote Task Skill -
/remote-taskClaude Code skill to manage tasks from your local terminal - Interactive Sessions - Attach to any running Claude session to approve permissions, provide input, or observe progress
- GitHub OAuth2 - Secure authentication with configurable user authorization
- GitHub App Auth - Automatic private repo access via GitHub App installation tokens (auto-refreshed every 50 minutes)
- HTTPS Everywhere - Let's Encrypt certificates with automatic renewal
- Isolated Workspaces - Complete isolation between user environments
- Node.js 20 + Yarn - Latest Node.js with Yarn package manager
- Container Builds - Docker-in-Docker with BuildKit support
- Persistent Storage - Dedicated storage that survives restarts
┌─────────────────────────────────────────────────┐
│ Base Infrastructure │
│ • Shared ConfigMaps (kaniko-wrapper, etc.) │
└─────────────────────────────────────────────────┘
│
┌───────────┴───────────┐
│ │
┌───────────▼──────────┐ ┌─────────▼──────────────┐
│ Imran Workspace │ │ Gerard Workspace │
│ • Independent Helm │ │ • Independent Helm │
│ • Own PVC & secrets │ │ • Own PVC & secrets │
│ • Dedicated ingress │ │ • Dedicated ingress │
│ • Claude Task API │ │ • Claude Task API │
└──────────────────────┘ └────────────────────────┘
- Kubernetes cluster (1.19+)
- Helm 3.0+
- nginx ingress controller
- cert-manager for HTTPS
- GitHub OAuth App
# Create namespace
kubectl create namespace coder
# Deploy base infrastructure
make deploy-base
# Deploy a workspace (auto-includes secrets if present)
make deploy-imran- Dashboard:
https://username.yourdomain.com/oauth - VS Code:
https://username.yourdomain.com/oauth/ide - Terminal:
https://username.yourdomain.com/oauth/terminal
Each workspace exposes a REST API for remotely launching and managing Claude Code tasks. Tasks run as interactive tmux sessions that users can attach to for approving permissions and providing input.
See docs/claude-task-api.md for full API documentation.
# Create a task
curl -X POST https://imran.dev.archon.cx/api/claude/tasks \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"prompt": "Analyze the codebase and create a CLAUDE.md"}'
# Check status
curl https://imran.dev.archon.cx/api/claude/tasks \
-H "Authorization: Bearer $TOKEN"When working in this repo with Claude Code, use the /remote-task skill:
/remote-task analyze the codebase and create a CLAUDE.md # Launch task
/remote-task status # List all tasks
/remote-task output <TASK_ID> # View output
/remote-task attach <TASK_ID> # Attach info
/remote-task kill <TASK_ID> # Kill task| Category | Tools |
|---|---|
| Runtime | Node.js 20.19.4, Python 3.12, Go 1.22 |
| Package Managers | Yarn 1.22.22, npm, pip |
| Build Tools | Docker CLI, docker-compose, make, gcc |
| Cloud Tools | kubectl, GitHub CLI |
| AI Assistant | Claude Code CLI |
| Utilities | curl, jq, tmux, vim, nano |
make help # Show all commands
make deploy-imran # Deploy Imran's workspace
make deploy-gerard # Deploy Gerard's workspace
make deploy-all # Deploy everything
make status # Check deployment status
make test-imran # Test workspace setup
make shell-imran # Shell into workspace
make logs-imran # View logs
make rollback-imran # Rollback workspace
make version # Show versions and configSee NEW_USER_PROVISIONING.md for details.
# Automated
./scripts/provision-user.sh john john_doe "John Doe" john@company.com dev.company.com
# Manual
mkdir deployments/john
cp templates/user-values-template.yaml deployments/john/values.yaml
# Edit values, then deploy# deployments/username/values.yaml
namespace: coder
user:
name: username
pvcSize: 50Gi
host: username.dev.yourdomain.com
env:
- name: GIT_USER_NAME
value: "User Name"
- name: GIT_USER_EMAIL
value: "user@domain.com"
image:
repository: registry.digitalocean.com/resourceloop/coder
tag: devlaptop-v1.6.2-browser-stealth
pullPolicy: Always
oauth2:
githubUsers: "user1,user2" # Authorized GitHub usernames
resources:
requests:
cpu: "2"
memory: 3Gi
limits:
cpu: "3"
memory: 5Gi# secrets/username/claude.yaml — Anthropic API key (optional)
claude:
apiKey: "sk-ant-api03-..."
# secrets/username/github-app.yaml — GitHub App credentials (optional)
github:
app:
appId: "1234567"
installationId: "12345678"
privateKey: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----charts/
├── base-infrastructure/ # Shared ConfigMaps
└── workspace/ # Workspace template
├── dashboard.html # Dashboard UI with Claude Tasks section
├── server.py # Python HTTP server (dashboard, APIs, task management)
└── templates/
├── deployment.yaml
├── service.yaml
├── ingress.yaml
├── ingress-oauth2.yaml
├── ingress-claude-api.yaml
├── oauth2-proxy.yaml
├── browser-configmap.yaml
├── claude-configmap.yaml
├── claude-secret.yaml
├── terminal-entry-configmap.yaml
├── github-app-secret.yaml
├── github-app-token-refresh.yaml
├── pvc.yaml
└── serviceaccount.yaml
deployments/
├── imran/values.yaml # User-specific config
└── gerard/values.yaml
secrets/ # Gitignored
├── imran/
│ ├── claude.yaml # Anthropic API key
│ └── github-app.yaml # GitHub App credentials
└── gerard/
.claude/
└── skills/
└── remote-task/SKILL.md # /remote-task skill for managing remote Claude tasks
docs/
├── claude-task-api.md # Full Claude Task API documentation
└── ...
- Claude Task API - REST API for remote Claude task management
- Browser Architecture - Remote browser VNC architecture
- New User Provisioning - Adding new workspace users
# Check pods
kubectl get pods -n coder
# Check logs
make logs-imran
# Test workspace
make test-imran
# Shell access
make shell-imran
# Certificate issues
kubectl get certificate -n coder
# Check Claude task sessions
kubectl exec -n coder <pod> -c ide -- tmux list-sessions- GitHub OAuth2 - Secure authentication with user authorization
- GitHub App tokens - Short-lived installation tokens for private repo access (no long-lived PATs)
- TLS encryption - All traffic encrypted with Let's Encrypt
- Workspace isolation - Users cannot access each other's environments
- Non-root containers - All processes run as uid/gid 1000
- Isolated storage - Dedicated PVC per user
- Interactive permissions - Claude Code runs with standard permission mode; users approve file writes
MIT