Skip to content

[pull] main from coder:main #276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Aug 25, 2025
Merged

[pull] main from coder:main #276

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7977fa8
chore: bump coder/claude-code/coder from 2.0.7 to 2.1.0 in /dogfood/c…
dependabot[bot] Aug 25, 2025
3fadf1a
chore: bump coder/vscode-web/coder from 1.3.1 to 1.4.1 in /dogfood/co…
dependabot[bot] Aug 25, 2025
236844e
chore: bump coder/cursor/coder from 1.3.0 to 1.3.1 in /dogfood/coder …
dependabot[bot] Aug 25, 2025
5145cd0
chore(scaletest): add tls to infrastructure (#19412)
ethanndickson Aug 25, 2025
6132cd5
refactor(scaletest): use vpc for networking infrastructure (#19464)
ethanndickson Aug 25, 2025
fe8ca2a
chore(scaletest): add deployment name to all metrics (#19479)
ethanndickson Aug 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .editorconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ trim_trailing_whitespace = true
insert_final_newline = true
indent_style = tab

[*.{yaml,yml,tf,tfvars,nix}]
[*.{yaml,yml,tf,tftpl,tfvars,nix}]
indent_style = space
indent_size = 2

Expand Down
6 changes: 3 additions & 3 deletions dogfood/coder/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,7 +395,7 @@ module "code-server" {
module "vscode-web" {
count = contains(jsondecode(data.coder_parameter.ide_choices.value), "vscode-web") ? data.coder_workspace.me.start_count : 0
source = "dev.registry.coder.com/coder/vscode-web/coder"
version = "1.3.1"
version = "1.4.1"
agent_id = coder_agent.dev.id
folder = local.repo_dir
extensions = ["github.copilot"]
Expand Down Expand Up @@ -432,7 +432,7 @@ module "coder-login" {
module "cursor" {
count = contains(jsondecode(data.coder_parameter.ide_choices.value), "cursor") ? data.coder_workspace.me.start_count : 0
source = "dev.registry.coder.com/coder/cursor/coder"
version = "1.3.0"
version = "1.3.1"
agent_id = coder_agent.dev.id
folder = local.repo_dir
}
Expand Down Expand Up @@ -473,7 +473,7 @@ module "devcontainers-cli" {
module "claude-code" {
count = local.has_ai_prompt ? data.coder_workspace.me.start_count : 0
source = "dev.registry.coder.com/coder/claude-code/coder"
version = "2.0.7"
version = "2.1.0"
agent_id = coder_agent.dev.id
folder = local.repo_dir
install_claude_code = true
Expand Down
11 changes: 10 additions & 1 deletion scaletest/terraform/action/cf_dns.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,17 @@ data "cloudflare_zone" "domain" {
resource "cloudflare_record" "coder" {
for_each = local.deployments
zone_id = data.cloudflare_zone.domain.zone_id
name = each.value.subdomain
name = "${each.value.subdomain}.${var.cloudflare_domain}"
content = google_compute_address.coder[each.key].address
type = "A"
ttl = 3600
}

resource "cloudflare_record" "coder_wildcard" {
for_each = local.deployments
zone_id = data.cloudflare_zone.domain.id
name = each.value.wildcard_subdomain
content = cloudflare_record.coder[each.key].name
type = "CNAME"
ttl = 3600
}
9 changes: 9 additions & 0 deletions scaletest/terraform/action/coder_helm_values.tftpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ coder:
%{~ if workspace_proxy ~}
- name: "CODER_ACCESS_URL"
value: "${access_url}"
- name: "CODER_WILDCARD_ACCESS_URL"
value: "${wildcard_access_url}"
- name: CODER_PRIMARY_ACCESS_URL
value: "${primary_url}"
- name: CODER_PROXY_SESSION_TOKEN
Expand All @@ -45,6 +47,8 @@ coder:
%{~ if !workspace_proxy && !provisionerd ~}
- name: "CODER_ACCESS_URL"
value: "${access_url}"
- name: "CODER_WILDCARD_ACCESS_URL"
value: "${wildcard_access_url}"
- name: "CODER_PG_CONNECTION_URL"
valueFrom:
secretKeyRef:
Expand Down Expand Up @@ -109,3 +113,8 @@ coder:
- emptyDir:
sizeLimit: 1024Mi
name: cache
%{~ if !provisionerd ~}
tls:
secretNames:
- "${tls_secret_name}"
%{~ endif ~}
51 changes: 31 additions & 20 deletions scaletest/terraform/action/gcp_clusters.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,25 +6,31 @@ data "google_compute_default_service_account" "default" {
locals {
deployments = {
primary = {
subdomain = "${var.name}-scaletest"
url = "http://${var.name}-scaletest.${var.cloudflare_domain}"
region = "us-east1"
zone = "us-east1-c"
subnet = "scaletest"
subdomain = "primary.${var.name}"
wildcard_subdomain = "*.primary.${var.name}"
url = "https://primary.${var.name}.${var.cloudflare_domain}"
wildcard_access_url = "*.primary.${var.name}.${var.cloudflare_domain}"
region = "us-east1"
zone = "us-east1-c"
subnet = "scaletest"
}
europe = {
subdomain = "${var.name}-europe-scaletest"
url = "http://${var.name}-europe-scaletest.${var.cloudflare_domain}"
region = "europe-west1"
zone = "europe-west1-b"
subnet = "scaletest"
subdomain = "europe.${var.name}"
wildcard_subdomain = "*.europe.${var.name}"
url = "https://europe.${var.name}.${var.cloudflare_domain}"
wildcard_access_url = "*.europe.${var.name}.${var.cloudflare_domain}"
region = "europe-west1"
zone = "europe-west1-b"
subnet = "scaletest"
}
asia = {
subdomain = "${var.name}-asia-scaletest"
url = "http://${var.name}-asia-scaletest.${var.cloudflare_domain}"
region = "asia-southeast1"
zone = "asia-southeast1-a"
subnet = "scaletest"
subdomain = "asia.${var.name}"
wildcard_subdomain = "*.asia.${var.name}"
url = "https://asia.${var.name}.${var.cloudflare_domain}"
wildcard_access_url = "*.asia.${var.name}.${var.cloudflare_domain}"
region = "asia-southeast1"
zone = "asia-southeast1-a"
subnet = "scaletest"
}
}
node_pools = {
Expand Down Expand Up @@ -72,12 +78,13 @@ resource "google_container_cluster" "cluster" {
name = "${var.name}-${each.key}"
location = each.value.zone
project = var.project_id
network = local.vpc_name
subnetwork = local.subnet_name
network = google_compute_network.network.name
subnetwork = google_compute_subnetwork.subnetwork[each.key].name
networking_mode = "VPC_NATIVE"
default_max_pods_per_node = 256
ip_allocation_policy { # Required with networking_mode=VPC_NATIVE

cluster_secondary_range_name = local.secondary_ip_range_k8s_pods
services_secondary_range_name = local.secondary_ip_range_k8s_services
}
release_channel {
# Setting release channel as STABLE can cause unexpected cluster upgrades.
Expand All @@ -102,7 +109,6 @@ resource "google_container_cluster" "cluster" {
workload_pool = "${data.google_project.project.project_id}.svc.id.goog"
}


lifecycle {
ignore_changes = [
maintenance_policy,
Expand Down Expand Up @@ -146,6 +152,11 @@ resource "google_container_node_pool" "node_pool" {
}
}
lifecycle {
ignore_changes = [management[0].auto_repair, management[0].auto_upgrade, timeouts]
ignore_changes = [
management[0].auto_repair,
management[0].auto_upgrade,
timeouts,
node_config[0].resource_labels
]
}
}
2 changes: 1 addition & 1 deletion scaletest/terraform/action/gcp_db.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ resource "google_sql_database_instance" "db" {

ip_configuration {
ipv4_enabled = false
private_network = local.vpc_id
private_network = google_compute_network.network.id
}

insights_config {
Expand Down
141 changes: 133 additions & 8 deletions scaletest/terraform/action/gcp_vpc.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,91 @@
locals {
vpc_name = "scaletest"
vpc_id = "projects/${var.project_id}/global/networks/${local.vpc_name}"
subnet_name = "scaletest"
# Generate a /14 for each deployment.
cidr_networks = cidrsubnets(
"172.16.0.0/12",
2,
2,
2,
)

networks = {
alpha = local.cidr_networks[0]
bravo = local.cidr_networks[1]
charlie = local.cidr_networks[2]
}

# Generate a bunch of /18s within the subnet we're using from the above map.
cidr_subnetworks = cidrsubnets(
local.networks[var.name],
4, # PSA
4, # primary subnetwork
4, # primary k8s pod network
4, # primary k8s services network
4, # europe subnetwork
4, # europe k8s pod network
4, # europe k8s services network
4, # asia subnetwork
4, # asia k8s pod network
4, # asia k8s services network
)

psa_range_address = split("/", local.cidr_subnetworks[0])[0]
psa_range_prefix_length = tonumber(split("/", local.cidr_subnetworks[0])[1])

subnetworks = {
primary = local.cidr_subnetworks[1]
europe = local.cidr_subnetworks[4]
asia = local.cidr_subnetworks[7]
}
cluster_ranges = {
primary = {
pods = local.cidr_subnetworks[2]
services = local.cidr_subnetworks[3]
}
europe = {
pods = local.cidr_subnetworks[5]
services = local.cidr_subnetworks[6]
}
asia = {
pods = local.cidr_subnetworks[8]
services = local.cidr_subnetworks[9]
}
}

secondary_ip_range_k8s_pods = "k8s-pods"
secondary_ip_range_k8s_services = "k8s-services"
}

# Create a VPC for the deployment
resource "google_compute_network" "network" {
project = var.project_id
name = "${var.name}-scaletest"
description = "scaletest network for ${var.name}"
auto_create_subnetworks = false
}

# Create a subnetwork with a unique range for each region
resource "google_compute_subnetwork" "subnetwork" {
for_each = local.subnetworks
name = "${var.name}-${each.key}"
# Use the deployment region
region = local.deployments[each.key].region
network = google_compute_network.network.id
project = var.project_id
ip_cidr_range = each.value
private_ip_google_access = true

secondary_ip_range {
range_name = local.secondary_ip_range_k8s_pods
ip_cidr_range = local.cluster_ranges[each.key].pods
}

secondary_ip_range {
range_name = local.secondary_ip_range_k8s_services
ip_cidr_range = local.cluster_ranges[each.key].services
}
}

# Create a public IP for each region
resource "google_compute_address" "coder" {
for_each = local.deployments
project = var.project_id
Expand All @@ -13,17 +95,60 @@ resource "google_compute_address" "coder" {
network_tier = "PREMIUM"
}

resource "google_compute_global_address" "sql_peering" {
# Reserve an internal range for Google-managed services (PSA), used for Cloud
# SQL
resource "google_compute_global_address" "psa_peering" {
project = var.project_id
name = "${var.name}-sql-peering"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
network = local.vpc_name
address = local.psa_range_address
prefix_length = local.psa_range_prefix_length
network = google_compute_network.network.self_link
}

resource "google_service_networking_connection" "private_vpc_connection" {
network = local.vpc_id
network = google_compute_network.network.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.sql_peering.name]
reserved_peering_ranges = [google_compute_global_address.psa_peering.name]
}

# Join the new network to the observability network so we can talk to the
# Prometheus instance
data "google_compute_network" "observability" {
project = var.project_id
name = var.observability_cluster_vpc
}

resource "google_compute_network_peering" "scaletest_to_observability" {
name = "peer-${google_compute_network.network.name}-to-${data.google_compute_network.observability.name}"
network = google_compute_network.network.self_link
peer_network = data.google_compute_network.observability.self_link
import_custom_routes = true
export_custom_routes = true
}

resource "google_compute_network_peering" "observability_to_scaletest" {
name = "peer-${data.google_compute_network.observability.name}-to-${google_compute_network.network.name}"
network = data.google_compute_network.observability.self_link
peer_network = google_compute_network.network.self_link
import_custom_routes = true
export_custom_routes = true
}

# Allow traffic from the scaletest network into the observability network so we
# can connect to Prometheus
resource "google_compute_firewall" "observability_allow_from_scaletest" {
project = var.project_id
name = "allow-from-scaletest-${var.name}"
network = data.google_compute_network.observability.self_link
direction = "INGRESS"
source_ranges = [local.networks[var.name]]
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["0-65535"]
}
}
Loading
Loading