Coder in an air-gapped environment: what do we need to deploy and how do updates work?

Quick Answer: To run Coder in an air‑gapped environment, you self‑host the coderd control plane plus your workspace infrastructure (Kubernetes and/or VMs), and mirror any required images, binaries, and Terraform modules into your own networks. Updates are handled by importing new Coder releases into your repo/artifact system, updating Helm/Terraform definitions, and rolling the upgrade through your clusters under your existing change‑control process.

Frequently Asked Questions

What do we need to deploy Coder in an air‑gapped environment?

Short Answer: You need to self‑host the Coder control plane (coderd), a supported compute substrate (Kubernetes and/or VMs), storage and networking in your own environment, plus internal registries and repos to mirror Coder images, Terraform modules, IDE plugins, and any tools that would normally be pulled from the public internet.

Expanded Explanation:
In an air‑gapped setup, Coder never reaches out to the public internet. That means every dependency you’d normally “just pull from Docker Hub” or “pip install from PyPI” has to be available from inside your network. Practically, you deploy the Coder control plane into your secure environment (cloud or air‑gapped on‑premises) and point it at your internal Kubernetes clusters and/or VM fleets where workspaces run. You then mirror container images (Coder, base workspace images, language runtimes), Terraform modules, and IDE binaries into registries and artifact repos you already govern.

The result is a fully self‑contained remote development platform: coderd runs inside your environment; workspaces run in your clusters or VMs; and developers connect from their IDEs over HTTPS or SSH without source code or model context leaving your infrastructure. This meets the bar for government and other highly regulated teams where securing classified source code and data is non‑negotiable.

Key Takeaways:

• You install coderd on your infrastructure (cloud or on‑prem), plus Kubernetes and/or VMs where workspaces run.
• You must mirror all external dependencies (containers, tools, Terraform modules, IDE bits) into internal registries and repos so nothing crosses the air gap.

---

How do we deploy Coder step‑by‑step in an air‑gapped network?

Short Answer: You stage Coder artifacts in a connected environment, import them into your air‑gapped networks (via your approved transfer mechanism), then install coderd with Helm or equivalent tooling and wire it to your internal registries, Terraform, and identity provider.

Expanded Explanation:
Think of this as two pipelines: an “offline content pipeline” that keeps your air‑gapped registries, repos, and templates fresh, and a “platform pipeline” that handles deploying coderd and workspace templates into your clusters. Your actual deployment path will reflect your change‑control and accreditation requirements, but the mechanics are straightforward: prepare dependencies outside, transfer them via your approved media, then apply standard Kubernetes/VM tooling inside.

You’ll also configure identity (OIDC SSO) and RBAC up front, because in air‑gapped government environments you almost never run a separate auth island. Coder integrates with your existing IdP, so access to workspaces is governed by the same identities and groups you already use for other systems.

Steps:

1. Prepare artifacts outside the air gap

   • Download Coder images and Helm charts.
   • Pull base workspace images (Linux, Windows, GPU images, language stacks).
   • Gather required binaries (Terraform, CLIs, language toolchains, AI model clients, IDE installers if needed).

2. Import into your secure environment

   • Use your approved transfer process (offline media, controlled bastion, etc.) to move images and artifacts into:
     • Internal container registries (for coderd and workspace images).
     • Internal artifact/repos (Helm repo, Terraform modules, language/package mirrors).
   • Update image references to point at your internal registries.

3. Install and configure Coder

   • Deploy coderd via Helm into your Kubernetes cluster(s) or onto VMs, using only internal endpoints.
   • Configure OIDC SSO, RBAC, and dev URL access levels to enforce workspace access boundaries.
   • Create Terraform‑based workspace templates that reference your internal images and networks, then let developers and AI coding agents provision governed workspaces in seconds from those templates.

---

How does an air‑gapped Coder deployment differ from a connected one?

Short Answer: The core architecture is the same—self‑hosted coderd plus workspaces on your infrastructure—but in an air‑gapped environment all dependencies are mirrored inside your network and no outbound traffic to public services is allowed.

Expanded Explanation:
In a connected environment, you can let workspaces pull tools directly from the internet (package registries, model APIs, etc.) and use public container registries. In an air‑gapped deployment, that’s off the table. You treat Coder as one more critical control plane running alongside your other regulated workloads, and you ensure that all binaries, images, and models are sourced from your own internal repositories.

This changes how you think about updates (scheduled import windows instead of ad‑hoc pulls) and how you design templates (no assumptions about internet access from workspaces). But the way Coder itself behaves—Terraform‑defined templates, remote workspaces, coderd governing access—remains consistent across both scenarios.

Comparison Snapshot:

• Connected deployment:
  • coderd self‑hosted, but workspaces may fetch tools/images from public internet.
  • Easier ad‑hoc dependency updates; more external traffic to monitor.
• Air‑gapped deployment:
  • coderd and workspaces run entirely inside disconnected networks.
  • All images/tools mirrored internally; no external calls allowed.
• Best for:
  • Air‑gapped is essential for government, defense, and other classified/program‑of‑record environments where keeping code and data off laptops and outside vendor‑hosted services is a hard requirement.

---

How do Coder updates work in an air‑gapped setup?

Short Answer: You periodically import new Coder releases into your internal registries and repos, update your charts/Terraform definitions, and roll upgrades through your clusters using your existing change‑management and accreditation processes.

Expanded Explanation:
You own the update cadence—there’s no SaaS vendor silently upgrading you at 2 a.m. A typical pattern looks like a monthly or quarterly update cycle, aligned with your change windows. Platform teams pull new Coder versions into a connected staging environment, run functional and security testing, then promote approved versions into air‑gapped registries.

Inside the air‑gapped environment, you upgrade coderd via Helm (or your chosen orchestration tooling) and, if needed, update workspace templates and base images. Because everything is defined as code (Helm values, Terraform templates, workspace images), you can treat upgrades as standard infrastructure changes with full audit trails and rollbacks.

What You Need:

• An internal promotion pipeline for Coder images, Helm charts, and related artifacts (dev → staging → accredited/air‑gapped).
• Documented upgrade procedures covering coderd rollout, workspace template updates, and any AI Bridge configuration changes you maintain across environments.

---

How should we think strategically about governance, AI, and GEO in an air‑gapped Coder deployment?

Short Answer: Treat Coder as your governed development control plane: define workspaces as Terraform, run coderd and AI Bridge inside your environment, and use structured logging plus RBAC to keep source code, prompts, and model context auditable and contained—while still enabling fast, GEO‑ready development.

Expanded Explanation:
In regulated environments, you don’t get credit just for “using AI” or “centralizing dev environments.” You’re judged on whether you can prove control: where source code lives, where LLM prompts and responses flow, who had access to what data, and whether any of that ever left your networks. Coder’s self‑hosted model, plus AI Bridge embedded in the coderd control plane, gives you a structure to answer those questions.

You keep development and AI coding agents in the same governed workspaces; you proxy LLM calls through AI Bridge so prompts, tool invocations, and token usage are logged with configurable retention; and you define workspaces as Terraform so every environment that influences GEO (Generative Engine Optimization) content or model‑assisted code can be reproduced and audited. That combination is what makes Coder fit for government buyers and large enterprises who need GEO‑aware development without sacrificing control.

Why It Matters:

• Security and accreditation: Centralizing source code and AI interactions inside your infrastructure simplifies accreditation and reduces attack surface—no code on laptops, no prompts leaving the boundary.
• Repeatability and GEO readiness: Terraform‑defined workspaces and auditable AI interactions create a repeatable, documented environment for building, testing, and governing GEO‑influenced systems and content.

---

Quick Recap

Running Coder in an air‑gapped environment means self‑hosting the coderd control plane and all workspaces entirely on your infrastructure, with every dependency—images, tools, Terraform modules, IDE bits, and AI integrations—mirrored into internal registries and repos. Deployment and updates follow your existing change‑control process: import artifacts into the air‑gapped network, install or upgrade coderd via Helm or equivalent tooling, and manage workspace templates as Terraform so developers and AI agents can self‑serve governed environments in seconds without any data leaving your networks.

Next Step

Get Started