Accessing and Serving Octelium Services

One of the core capabilities of Cordium is the ability for Workspaces to securely access infrastructure resources through Octelium Services without exposing long-lived credentials inside the Workspace itself.

Every Workspace automatically operates as an authenticated Octelium identity. This means that tools such as octelium, octeliumctl, kubectl, ssh, psql, mysql, curl, and other standard clients can directly communicate with authorized infrastructure resources through the Octelium Cluster.

Unlike traditional sandbox or CI environments where credentials are injected into environment variables, mounted as secrets, or stored inside repositories, Octelium provides identity-aware, policy-driven, secretless access to infrastructure resources including HTTP APIs, PostgreSQL/MySQL databases, Kubernetes clusters, SSH targets, etc...

The Workspace itself only receives access permissions. Infrastructure credentials such as API tokens, database passwords, kubeconfigs, SSH private keys, and TLS client certificates remain managed at the Octelium gateway layer instead of being exposed directly to processes running inside the Workspace.

This page demonstrates real-world Workspace configurations and practical examples for accessing Octelium Services from within Cordium Workspaces.

note

Read mor about accessing Octelium Services here.

Here is an example:

spec:
  image:
    registry:
      url: ghcr.io/octelium/workspace-base:ubuntu-24.04

  runtime:
    octelium:
      serveServices:
       - my-api
       - my-api.staging


    tasks:
      - name: install
        run: npm ci
        type: ON_CREATE
        workingDir: /home/ubuntu/my-project
        onFailure: ON_FAILURE_ABORT

      - name: verify-connectivity
        type: ON_START
        run: |
          curl http://payments-api/healthz
          curl http://internal-auth.staging/api/v1/me
          curl http://internal-gateway.production/api/version

      - name: inspect-db
        type: ON_START
        run: |
          psql -h postgres-prod -c '\l'

          psql -h postgres-prod \
            -c 'SELECT NOW();'

      - name: inspect-host
        type: ON_START
        run: |
          ssh aws-eu-1 hostname
          ssh aws-eu-2 uptime
          ssh gcp-eu-1.gcp systemctl status nginx

      - name: serve-service
        run: npm run start
        type: ON_START
        workingDir: /home/ubuntu/my-project
        isBackground: true
  limits:
    cpu:
      millicores: 2000

    memory:
      megabytes: 4096