resource "cloudflare_record" "coder" {

for_each = local.deployments

zone_id = var.cloudflare_zone_id

name = each.value.subdomain

content = google_compute_address.coder[each.key].address

type = "A"

ttl = 3600

}

coder:

workspaceProxy: ${workspace_proxy}

affinity:

nodeAffinity:

requiredDuringSchedulingIgnoredDuringExecution:

nodeSelectorTerms:

- matchExpressions:

- key: "cloud.google.com/gke-nodepool"

operator: "In"

values: ["${node_pool}"]

podAntiAffinity:

preferredDuringSchedulingIgnoredDuringExecution:

- weight: 1

podAffinityTerm:

topologyKey: "kubernetes.io/hostname"

labelSelector:

matchExpressions:

- key: "app.kubernetes.io/instance"

operator: "In"

values: ["${release_name}"]

env:

%{~ if workspace_proxy ~}

- name: "CODER_ACCESS_URL"

value: "${access_url}"

- name: CODER_PRIMARY_ACCESS_URL

value: "${primary_url}"

- name: CODER_PROXY_SESSION_TOKEN

valueFrom:

secretKeyRef:

key: token

name: "${proxy_token}"

%{~ endif ~}

%{~ if provisionerd ~}

- name: "CODER_URL"

value: "${access_url}"

- name: "CODER_PROVISIONERD_TAGS"

value: "scope=organization"

- name: "CODER_CONFIG_DIR"

value: "/tmp/config"

%{~ endif ~}

%{~ if !workspace_proxy && !provisionerd ~}

- name: "CODER_ACCESS_URL"

value: "${access_url}"

- name: "CODER_PG_CONNECTION_URL"

valueFrom:

secretKeyRef:

name: "${db_secret}"

key: url

- name: "CODER_PROVISIONER_DAEMONS"

value: "0"

- name: CODER_PROVISIONER_DAEMON_PSK

valueFrom:

secretKeyRef:

key: psk

name: "${provisionerd_psk}"

- name: "CODER_PROMETHEUS_COLLECT_AGENT_STATS"

value: "true"

- name: "CODER_PROMETHEUS_COLLECT_DB_METRICS"

value: "true"

- name: "CODER_PPROF_ENABLE"

value: "true"

%{~ endif ~}

- name: "CODER_CACHE_DIRECTORY"

value: "/tmp/coder"

- name: "CODER_TELEMETRY_ENABLE"

value: "false"

- name: "CODER_LOGGING_HUMAN"

value: "/dev/null"

- name: "CODER_LOGGING_STACKDRIVER"

value: "/dev/stderr"

- name: "CODER_PROMETHEUS_ENABLE"

value: "true"

- name: "CODER_VERBOSE"

value: "true"

- name: "CODER_EXPERIMENTS"

value: "${experiments}"

- name: "CODER_DANGEROUS_DISABLE_RATE_LIMITS"

value: "true"

image:

repo: ${image_repo}

tag: ${image_tag}

replicaCount: "${replicas}"

resources:

requests:

cpu: "${cpu_request}"

memory: "${mem_request}"

limits:

cpu: "${cpu_limit}"

memory: "${mem_limit}"

securityContext:

readOnlyRootFilesystem: true

%{~ if !provisionerd ~}

service:

enable: true

sessionAffinity: None

loadBalancerIP: "${ip_address}"

%{~ endif ~}

volumeMounts:

- mountPath: "/tmp"

name: cache

readOnly: false

volumes:

- emptyDir:

sizeLimit: 1024Mi

name: cache

data "http" "coder_healthy" {

url = local.deployments.primary.url

// Wait up to 5 minutes for DNS to propagate

retry {

attempts = 30

min_delay_ms = 10000

}

lifecycle {

postcondition {

condition = self.status_code == 200

error_message = "${self.url} returned an unhealthy status code"

}

}

depends_on = [helm_release.coder_primary, cloudflare_record.coder["primary"]]

}

resource "null_resource" "api_key" {

provisioner "local-exec" {

interpreter = ["/bin/bash", "-c"]

command = <<EOF

}

depends_on = [data.http.coder_healthy]

}

data "local_file" "api_key" {

filename = "${path.module}/.coderv2/api_key"

depends_on = [null_resource.api_key]

}

resource "null_resource" "license" {

provisioner "local-exec" {

interpreter = ["/bin/bash", "-c"]

command = <<EOF

}

}

resource "null_resource" "europe_proxy_token" {

provisioner "local-exec" {

interpreter = ["/bin/bash", "-c"]

command = <<EOF

}

depends_on = [null_resource.license]

}

data "local_file" "europe_proxy_token" {

filename = "${path.module}/.coderv2/europe_proxy_token"

depends_on = [null_resource.europe_proxy_token]

}

resource "null_resource" "asia_proxy_token" {

provisioner "local-exec" {

interpreter = ["/bin/bash", "-c"]

command = <<EOF

}

depends_on = [null_resource.license]

}

data "local_file" "asia_proxy_token" {

filename = "${path.module}/.coderv2/asia_proxy_token"

depends_on = [null_resource.asia_proxy_token]

}

resource "local_file" "kubernetes_template" {

filename = "${path.module}/.coderv2/templates/kubernetes/main.tf"

content = <<EOF

}

resource "kubernetes_config_map" "template" {

provider = kubernetes.primary

metadata {

name = "coder-template"

namespace = kubernetes_namespace.coder_primary.metadata.0.name

}

data = {

"main.tf" = local_file.kubernetes_template.content

}

}

resource "kubernetes_job" "push_template" {

provider = kubernetes.primary

metadata {

name = "${var.name}-push-template"

namespace = kubernetes_namespace.coder_primary.metadata.0.name

labels = {

"app.kubernetes.io/name" = "${var.name}-push-template"

}

}

spec {

completions = 1

template {

metadata {}

spec {

affinity {

node_affinity {

required_during_scheduling_ignored_during_execution {

node_selector_term {

match_expressions {

key = "cloud.google.com/gke-nodepool"

operator = "In"

values = ["${google_container_node_pool.node_pool["primary_misc"].name}"]

}

}

}

}

}

container {

name = "cli"

image = "${var.coder_image_repo}:${var.coder_image_tag}"

command = [

"/opt/coder",

"--verbose",

"--url=${local.deployments.primary.url}",

"--token=${trimspace(data.local_file.api_key.content)}",

"templates",

"push",

"--directory=/home/coder/template",

"--yes",

"kubernetes"

]

volume_mount {

name = "coder-template"

mount_path = "/home/coder/template/main.tf"

sub_path = "main.tf"

}

}

volume {

name = "coder-template"

config_map {

name = kubernetes_config_map.template.metadata.0.name

}

}

restart_policy = "Never"

}

}

}

wait_for_completion = true

}