This guide provides comprehensive instructions for configuring and deploying Coder templates to support workspace VMs in GCP.
- Coder server deployed and accessible
- GCP project for workspace VMs (can be separate from Coder server project)
- Appropriate GCP permissions configured
- Coder CLI installed
The setup consists of two main components:
- Coder Server: Runs the control plane and executes Terraform templates
- Workspace VMs: Individual development environments created from templates
-
Coder Server Service Account: Used by Coder to create resources
- Example:
coder-admin@coderd.iam.gserviceaccount.com
- Example:
-
Workspace VM Service Account: Used by individual workspace VMs
- Default compute service account:
PROJECT_NUMBER-compute@developer.gserviceaccount.com
- Default compute service account:
Grant the following roles on the workspace project:
gcloud projects add-iam-policy-binding WORKSPACE_PROJECT_ID \
--member="serviceAccount:CODER_SERVER_SERVICE_ACCOUNT" \
--role="roles/compute.admin"
gcloud projects add-iam-policy-binding WORKSPACE_PROJECT_ID \
--member="serviceAccount:CODER_SERVER_SERVICE_ACCOUNT" \
--role="roles/iam.serviceAccountUser"Grant the following roles on the workspace project:
gcloud projects add-iam-policy-binding WORKSPACE_PROJECT_ID \
--member="serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com" \
--role="roles/compute.admin"
gcloud projects add-iam-policy-binding WORKSPACE_PROJECT_ID \
--member="serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com" \
--role="roles/iam.serviceAccountUser"gcloud config set project WORKSPACE_PROJECT_ID
gcloud services enable compute.googleapis.comUpdate the provider configuration in main.tf:
provider "google" {
zone = var.zone
project = "your-workspace-project-id"
}Ensure the service account email matches your workspace project:
locals {
default_service_account_email = "PROJECT_NUMBER-compute@developer.gserviceaccount.com"
}Ensure all resources reference the correct project:
resource "google_compute_disk" "pd" {
project = "your-workspace-project-id"
# ... other configuration
}Copy and update the terraform variables file:
cd templates/bootcamp
cp terraform.tfvars.example terraform.tfvarsUpdate terraform.tfvars with your values:
project = "your-workspace-project-id"
region = "us-central1"
zone = "us-central1-a"
machine_type = "e2-medium"
pd_size = 10
github_repo = "https://github.com/your-org/your-repo"
github_branch = "main"
github_app_id = "primary-github"
container_image = "your-org/your-image:latest"
jupyterlab = "true"
codeserver = "true"
streamlit = "true"curl -fsSL https://coder.com/install.sh | shOr using Homebrew:
brew install coder/coder/codercoder login https://your-coder-instance-urlNavigate to the template directory and push:
cd templates/bootcamp
coder templates push bootcamp --directory . --url https://your-coder-instance-urlVisit your Coder instance dashboard to confirm the template is available and can create workspaces successfully.
If you encounter 403: Required 'compute.disks.create' permission errors:
- Verify the Coder server service account has
roles/compute.adminon the workspace project - Check that the workspace VM service account has necessary permissions
- Ensure all project references in the template are correct
- Wait 1-2 minutes for IAM changes to propagate
- Verify Coder CLI authentication
- Check template syntax with
terraform validate - Ensure all required variables are defined in
terraform.tfvars