coder
diff --git a/‎README.md
Lines changed: 138 additions & 4 deletions b/‎README.md
Lines changed: 138 additions & 4 deletions
diff --git a/‎coder-admin/coder-core-values-v2.yaml
Lines changed: 171 additions & 0 deletions b/‎coder-admin/coder-core-values-v2.yaml
Lines changed: 171 additions & 0 deletions
@@ -1,7 +1,141 @@
 # aws-workshop-samples
-This project is currently underdevelopment, but meant to aid anyone that needs to quickly spin up Cloud Development Environments for Demos, Labs, Workshops, Hackathons, or simple POC's in AWS using [Coder](https://coder.com/cde).  These templates and basic Coder admin scripts can be used in any Coder deployment, but are focused on using the [Coder AWS Marketplace](https://coder.com/docs/install/cloud/ec2) AWS EC2 single VM deployment.
+This project is designed to help you quickly spin up Cloud Development Environments for Demos, Labs, Workshops, Hackathons, or simple POC's in AWS using [Coder](https://coder.com/cde). These templates and basic Coder admin scripts can be used in any Coder deployment, but are focused on using either the [Coder AWS Marketplace](https://coder.com/docs/install/cloud/ec2) AWS EC2 single VM deployment or an AWS EKS deployment.
 
-1) Follow the steps in the [AWS EC2 Installation Guide](https://coder.com/docs/install/cloud/ec2). Complete the optional step to provide Developers EC2 Workspaces, as the AWS Specific templates provided rely on this capability.  Login using the provided pubic IP, and setup your first Coder user.
-2) After successfully logging in, clone this Github repo locally so that the provided AWS Workshop Admin template can be uploaded.
+## Deployment Options
 
-[Under Development - Detailed Instructions for completing Setup]
+### Option 1: AWS EC2 Single VM Deployment
+
+1) Follow the steps in the [AWS EC2 Installation Guide](https://coder.com/docs/install/cloud/ec2). Complete the optional step to provide Developers EC2 Workspaces, as the AWS Specific templates provided rely on this capability.
+2) Login using the provided public IP, and setup your first Coder user.
+3) After successfully logging in, clone this Github repo locally so that the provided AWS Workshop Admin template can be uploaded.
+
+### Option 2: AWS EKS Deployment
+
+This guide walks you through deploying Coder on AWS EKS for workshops or demonstrations.
+
+#### Prerequisites
+- AWS Account with appropriate permissions
+- Latest versions of the following CLI tools installed:
+  - AWS CLI
+  - eksctl
+  - kubectl
+  - helm
+
+#### Step 1: Create an EKS Cluster
+```bash
+# Create EKS Cluster (customize the cluster name and region as needed)
+eksctl create cluster --name=your-cluster-name --enable-auto-mode --region your-region
+```
+
+#### Step 2: Configure Storage for the Cluster
+```bash
+# Deploy a K8S StorageClass for dynamic EBS volume provisioning
+kubectl apply -f - <<EOF
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: gp3-csi
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+provisioner: ebs.csi.eks.amazonaws.com
+volumeBindingMode: WaitForFirstConsumer
+parameters:
+  type: gp3
+  encrypted: "true"
+allowVolumeExpansion: true
+EOF
+```
+
+#### Step 3: Set Up Coder with PostgreSQL Database
+```bash
+# Create Coder namespace
+kubectl create namespace coder
+
+# Install PostgreSQL using Helm
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm install coder-db bitnami/postgresql \
+    --namespace coder \
+    --set auth.username=coder \
+    --set auth.password=coder \
+    --set auth.database=coder \
+    --set persistence.size=10Gi
+
+# Create database connection secret for Coder
+kubectl create secret generic coder-db-url -n coder \
+  --from-literal=url="postgres://coder:coder@coder-db-postgresql.coder.svc.cluster.local:5432/coder?sslmode=disable"
+```
+
+#### Step 4: Install Coder
+Find the latest stable release from the [Coder Releases Page](https://github.com/coder/coder/releases)
+```bash
+# Add Coder Helm repository
+helm repo add coder-v2 https://helm.coder.com/v2
+
+# Install Coder using the provided values file
+# Make sure the coder-core-values-v2.yaml file is in your current directory
+helm install coder coder-v2/coder \
+    --namespace coder \
+    --values coder-core-values-v2.yaml \
+    --version <Latest Stable Release>
+```
+
+#### Step 5: Update Coder Configuration
+```bash
+# Update the coder-core-values-v2.yaml file with your specific configuration:
+# - Update CODER_ACCESS_URL with your actual domain or load balancer URL
+# - Update CODER_WILDCARD_ACCESS_URL with your wildcard domain
+# - Update CODER_OIDC_ISSUER_URL with your Cognito User Pool URL
+# - Update any other settings as needed
+
+# Apply the updated configuration
+helm upgrade coder coder-v2/coder \
+    --namespace coder \
+    --values coder-core-values-v2.yaml \
+    --version <Latest Stable Release>
+```
+
+#### Step 6: Configure IAM for EC2 Workspace Support
+```bash
+# Create IAM Role & Trust Relationship for EC2 Workspace Support
+# First, make sure you have the ekspodid-trust-policy.json file in your current directory
+aws iam create-role --role-name your-coder-ec2-workspace-role --assume-role-policy-document file://ekspodid-trust-policy.json
+
+# Attach necessary policies to the role
+aws iam attach-role-policy \
+    --role-name your-coder-ec2-workspace-role \
+    --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess
+
+aws iam attach-role-policy \
+    --role-name your-coder-ec2-workspace-role \
+    --policy-arn arn:aws:iam::aws:policy/IAMReadOnlyAccess
+
+# Add IAM Pod Identity association for EC2 Workspace support
+aws eks create-pod-identity-association \
+    --cluster-name your-cluster-name \
+    --namespace coder \
+    --service-account coder \
+    --role-arn arn:aws:iam::your-aws-account-id:role/your-coder-ec2-workspace-role
+```
+
+#### Step 7: Access Your Coder Deployment
+After completing the setup, you can access your Coder deployment using the Load Balancer URL provided by the Kubernetes service. For production use, it's recommended to:
+
+1. Set up a CloudFront distribution in front of the Kubernetes Load Balancer to support HTTPS/SSL connections
+2. Configure a custom domain name pointing to your CloudFront distribution
+3. Update the Coder configuration with your custom domain
+
+## Additional Configuration
+
+### Customizing the Coder Deployment
+The `coder-core-values-v2.yaml` file in the [coder-admin](./coder-admin) directory contains various configuration options for your Coder deployment, including:
+
+- Access URLs and wildcard domains
+- Authentication settings (password, OIDC)
+- Resource limits and requests
+- Service configurations
+- High availability settings
+
+Review and modify this file to match your specific requirements before deploying or upgrading Coder.
+
+### Template Management
+After accessing your Coder Deployment and setting up your Coder Admin account, tryout the [GitOps Demo](https://github.com/greg-the-coder/partner-demo-gitops) to review the different Coder CDE capabilities and test out a basic GitOps template management flow.
@@ -0,0 +1,171 @@
+# The Coder Helm values and defaults can be found here
+# https://github.com/coder/coder/blob/main/helm/coder/values.yaml
+
+coder:
+  # coder.env -- The environment variables to set for Coder. These can be used
+  # to configure all aspects of `coder server`. Please see `coder server --help`
+  # for information about what environment variables can be set.
+  env:
+  - name: CODER_ACCESS_URL
+    value: "https://coder.example.com/"
+  - name: CODER_WILDCARD_ACCESS_URL
+    value: "*.coder.example.com"
+#  - name: CODER_HTTP_ADDRESS
+#    value: "127.0.0.1:80"
+#  - name: CODER_TLS_ADDRESS
+#    value: "0.0.0.0:443"
+  - name: CODER_PG_CONNECTION_URL
+    valueFrom:
+      secretKeyRef:
+        key: url
+        name: coder-db-url
+  - name: CODER_DISABLE_PASSWORD_AUTH
+    value: "false"      
+  - name: CODER_SWAGGER_ENABLE
+    value: "true"
+  - name: CODER_REDIRECT_TO_ACCESS_URL
+    value: "false"
+  - name: CODER_TLS_ENABLE
+    value: "false"
+  
+  # OIDC/SSO configuration
+#  - name: CODER_OIDC_ISSUER_URL
+#    value: https://cognito-idp.us-east-2.amazonaws.com/us-east-2_lsXthgPxX
+#  - name: CODER_OIDC_EMAIL_DOMAIN
+#    value: coder.com,gmail.com
+#  - name: CODER_OIDC_CLIENT_ID
+#    valueFrom:
+#      secretKeyRef:
+#        key: client-id
+#        name: aws-cognito-id
+#  - name: CODER_OIDC_CLIENT_SECRET
+#    valueFrom:
+#      secretKeyRef:
+#        key: client-secret
+#        name: aws-cognito-secret
+#  - name: CODER_OIDC_SCOPES
+#    value: openid,profile,email
+#  - name: CODER_OIDC_SIGN_IN_TEXT
+#    value: AWS Cognito
+#  - name: CODER_OIDC_ICON_URL
+#    value: /icon/aws.png
+
+  # External Authentication - Github
+  #- name: CODER_EXTERNAL_AUTH_0_ID
+  #  value: primary-github
+  #- name: CODER_EXTERNAL_AUTH_0_TYPE
+  #  value: github
+  #- name: CODER_EXTERNAL_AUTH_0_CLIENT_ID
+  #  value: 
+  #- name: CODER_EXTERNAL_AUTH_0_CLIENT_SECRET
+  #  value: 
+  
+  # External Authentication - Jfrog
+  #- name: CODER_EXTERNAL_AUTH_1_ID
+  #  value: jfrog
+  #- name: CODER_EXTERNAL_AUTH_1_TYPE
+  #  value: jfrog
+  #- name: CODER_EXTERNAL_AUTH_1_DISPLAY_NAME
+  #  value: JFrog Artifactory
+  #- name: CODER_EXTERNAL_AUTH_1_DISPLAY_ICON
+  #  value: /icon/jfrog.svg
+  #- name: CODER_EXTERNAL_AUTH_1_CLIENT_ID
+  #  value: 
+  #- name: CODER_EXTERNAL_AUTH_1_CLIENT_SECRET
+  #  value: 
+  #- name: CODER_EXTERNAL_AUTH_1_AUTH_URL
+  #  value: https://coderintegration.jfrog.io/ui/authorization
+  #- name: CODER_EXTERNAL_AUTH_1_TOKEN_URL
+  #  value: 
+  #- name: CODER_EXTERNAL_AUTH_1_SCOPES
+  #  value: applied-permissions/user
+  
+  # Internal Provisioner
+  - name: CODER_PROVISIONER_DAEMONS
+    value: "3"
+  - name: CODER_LOG_FILTER
+    value: "false"
+  - name: CODER_DERP_SERVER_ENABLE
+    value: "true"
+
+  # Telemetery and prometheus metric config
+  #- name: CODER_TELEMETRY_ENABLE
+  #  value: "true"
+  #- name: CODER_PROMETHEUS_ADDRESS
+  #  value: 0.0.0.0:2112
+  #- name: CODER_PROMETHEUS_ENABLE
+  #  value: "true"
+  #- name: CODER_PROMETHEUS_COLLECT_AGENT_STATS
+  #  value: "true"
+
+  # Enable metric scraping
+  #podAnnotations:
+  #  prometheus.io/port: "2112"
+  #  prometheus.io/scrape: "true"
+  
+  # Enable HA for Coderd
+  replicaCount: 1
+
+  resources:
+    limits:
+      cpu: 2000m
+      memory: 4096Mi
+    requests:
+      cpu: 2000m
+      memory: 4096Mi
+ 
+  # Additional pod labels
+  #podLabels:
+  #  app: coder
+
+  # Pod Topology Spread Constraints
+  #topologySpreadConstraints:
+  #- maxSkew: 1
+  #  topologyKey: kubernetes.io/hostname
+  #  whenUnsatisfiable: ScheduleAnyway
+  #  labelSelector:
+  #    matchLabels:
+  #      app: coder
+ 
+  # Service object to expose for Coder
+  service:
+    enable: true
+    type: LoadBalancer
+    sessionAffinity: None
+    externalTrafficPolicy: Local
+    annotations:   
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb
+      service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "Environment=demo,Name=coder-cntrlpln-nlb"
+      service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip   
+      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+  
+  # Service account configuration - cannot be diabled
+  serviceAccount:
+    # Whether or not to grant the coder service account permissions to manage workspaces. 
+    # This includes permission to manage pods and persistent volume claims in the deployment namespace.
+    # It is recommended to keep this on if you are using Kubernetes templates within Coder.
+    workspacePerms: true
+  
+    # Provides the service account permission to manage Kubernetes deployments. 
+    # Depends on workspacePerms.
+    enableDeployments: true
+    
+  # TLS secret name
+  #tls:
+  #  secretNames:
+  #  - gcp-tls
+
+# External Provisioner Daemon 
+#provisionerDaemon:
+#  pskSecretName: "coder-provisioner-psk"
+
+
+# Additional Configurations
+    #- name: CODER_BLOCK_DIRECT
+    #  value: "false"
+    #- name: CODER_DERP_FORCE_WEBSOCKETS
+    #  value: "false"
+    #- name: CODER_DANGEROUS_ALLOW_PATH_APP_SHARING
+    #  value: "true"
+    #- name: CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS
+    #  value: "true"