@@ -38,6 +38,10 @@ resource "kubernetes_pod" "main" {
3838name = " coder-${ data . coder_workspace . me . owner } -${ data . coder_workspace . me . name } "
3939 }
4040spec {
41+ security_context {
42+ run_as_user = 1000
43+ fs_group = 1000
44+ }
4145container {
4246name = " go"
4347image = " mcr.microsoft.com/vscode/devcontainers/go:1"
@@ -49,6 +53,10 @@ resource "kubernetes_pod" "main" {
4953name = " CODER_TOKEN"
5054value = . go . token
5155 }
56+ volume_mount {
57+ mount_path = " /home/vscode"
58+ name = " home-directory"
59+ }
5260 }
5361container {
5462name = " java"
@@ -61,6 +69,10 @@ resource "kubernetes_pod" "main" {
6169name = " CODER_TOKEN"
6270value = . java . token
6371 }
72+ volume_mount {
73+ mount_path = " /home/vscode"
74+ name = " home-directory"
75+ }
6476 }
6577container {
6678name = " ubuntu"
@@ -73,6 +85,31 @@ resource "kubernetes_pod" "main" {
7385name = " CODER_TOKEN"
7486value = . ubuntu . token
7587 }
88+ volume_mount {
89+ mount_path = " /home/vscode"
90+ name = " home-directory"
91+ }
92+ }
93+ volume {
94+ name = " home-directory"
95+ persistent_volume_claim {
96+ claim_name = . home-directory . metadata . 0 . name
97+ }
98+ }
99+ }
100+ }
101+
102+ resource "kubernetes_persistent_volume_claim" "home-directory" {
103+ metadata {
104+ name = " coder-pvc-${ data . coder_workspace . me . owner } -${ data . coder_workspace . me . name } "
105+ }
106+ spec {
107+ access_modes = " ReadWriteOnce"
108+ resources {
109+ requests =
110+ # TODO: turn these into variables
111+ storage= " 5Gi"
112+ }
76113 }
77114 }
78115}