checkpoint

f0ssel · f0ssel · commit 61792edbda13 · 2024-11-14T17:25:09.000Z
diff --git a/scaletest/terraform/infra/gcp_cluster.tf b/scaletest/terraform/infra/gcp_cluster.tf
@@ -1,5 +1,6 @@
 data "google_compute_default_service_account" "default" {
   project = var.project_id
+  depends_on = [ google_project_service.api["compute.googleapis.com"] ]
 }
 
 locals {
diff --git a/scaletest/terraform/infra/main.tf b/scaletest/terraform/infra/main.tf
@@ -11,7 +11,7 @@ terraform {
     }
   }
 
-  required_version = "~> 1.5.0"
+  required_version = "~> 1.9.0"
 }
 
 provider "google" {
diff --git a/scaletest/terraform/k8s/cert-manager.tf b/scaletest/terraform/k8s/cert-manager.tf
@@ -36,32 +36,54 @@ EOF
   ]
 }
 
-resource "kubernetes_manifest" "cloudflare-cluster-issuer" {
-  manifest = {
-    apiVersion = "cert-manager.io/v1"
-    kind       = "ClusterIssuer"
-    metadata = {
-      name = "cloudflare-issuer"
-    }
-    spec = {
-      acme = {
-        email = var.cloudflare_email
-        privateKeySecretRef = {
-          name = local.cloudflare_issuer_private_key_secret_name
-        }
-        solvers = [
-          {
-            dns01 = {
-              cloudflare = {
-                apiTokenSecretRef = {
-                  name = kubernetes_secret.cloudflare-api-key.metadata.0.name
-                  key  = "api-token"
-                }
-              }
-            }
-          }
-        ]
-      }
-    }
-  }
+# resource "kubernetes_manifest" "cloudflare-cluster-issuer" {
+#   manifest = {
+#     apiVersion = "cert-manager.io/v1"
+#     kind       = "ClusterIssuer"
+#     metadata = {
+#       name = "cloudflare-issuer"
+#     }
+#     spec = {
+#       acme = {
+#         email = var.cloudflare_email
+#         privateKeySecretRef = {
+#           name = local.cloudflare_issuer_private_key_secret_name
+#         }
+#         solvers = [
+#           {
+#             dns01 = {
+#               cloudflare = {
+#                 apiTokenSecretRef = {
+#                   name = kubernetes_secret.cloudflare-api-key.metadata.0.name
+#                   key  = "api-token"
+#                 }
+#               }
+#             }
+#           }
+#         ]
+#       }
+#     }
+#   }
+# }
+
+resource "kubectl_manifest" "cloudflare-cluster-issuer" {
+  depends_on = [ helm_release.cert-manager ]
+    yaml_body = <<YAML
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-issuer
+spec:
+  acme:
+    email: ${var.cloudflare_email}
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: ${local.cloudflare_issuer_private_key_secret_name}
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: ${kubernetes_secret.cloudflare-api-key.metadata.0.name}
+              key: api-token
+YAML
 }
diff --git a/scaletest/terraform/k8s/coder.tf b/scaletest/terraform/k8s/coder.tf
@@ -10,6 +10,7 @@ locals {
   coder_release_name        = var.name
   provisionerd_helm_chart   = "coder-provisioner"
   provisionerd_release_name = "${var.name}-provisionerd"
+  dnsNames = regex("https?://([^/]+)", local.coder_url)
 }
 
 resource "kubernetes_namespace" "coder_namespace" {
@@ -61,31 +62,49 @@ data "kubernetes_secret" "coder_oidc" {
   }
 }
 
-resource "kubernetes_manifest" "coder_certificate" {
-  manifest = {
-    apiVersion = "cert-manager.io/v1"
-    kind       = "Certificate"
-    metadata = {
-      name      = "${var.name}"
-      namespace = kubernetes_namespace.coder_namespace.metadata.0.name
-    }
-    spec = {
-      secretName = "${var.name}-tls"
-      dnsNames   = regex("https?://([^/]+)", local.coder_url)
-      issuerRef = {
-        name = kubernetes_manifest.cloudflare-cluster-issuer.manifest.metadata.name
-        kind = "ClusterIssuer"
-      }
-    }
-  }
+# resource "kubernetes_manifest" "coder_certificate" {
+#   manifest = {
+#     apiVersion = "cert-manager.io/v1"
+#     kind       = "Certificate"
+#     metadata = {
+#       name      = "${var.name}"
+#       namespace = kubernetes_namespace.coder_namespace.metadata.0.name
+#     }
+#     spec = {
+#       secretName = "${var.name}-tls"
+#       dnsNames   = regex("https?://([^/]+)", local.coder_url)
+#       issuerRef = {
+#         name = "cloudflare-issuer"
+#         kind = "ClusterIssuer"
+#       }
+#     }
+#   }
+# }
+
+resource "kubectl_manifest" "coder_certificate" {
+  depends_on = [ helm_release.cert-manager ]
+  yaml_body = <<YAML
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ${var.name}
+  namespace: ${kubernetes_namespace.coder_namespace.metadata.0.name}
+spec:
+  secretName: ${var.name}-tls
+  dnsNames:
+    - ${local.dnsNames.0}
+  issuerRef:
+    name: cloudflare-issuer
+    kind: ClusterIssuer
+YAML
 }
 
 data "kubernetes_secret" "coder_tls" {
   metadata {
     namespace = kubernetes_namespace.coder_namespace.metadata.0.name
     name      = "${var.name}-tls"
   }
-  depends_on = [kubernetes_manifest.coder_certificate]
+  depends_on = [kubectl_manifest.coder_certificate]
 }
 
 resource "helm_release" "coder-chart" {
@@ -153,29 +172,29 @@ coder:
           key: psk
           name: "${kubernetes_secret.provisionerd_psk.metadata.0.name}"
     # Enable OIDC
-    - name: "CODER_OIDC_ISSUER_URL"
-      valueFrom:
-        secretKeyRef:
-          key: issuer-url
-          name: "${data.kubernetes_secret.coder_oidc.metadata.0.name}"
-    - name: "CODER_OIDC_EMAIL_DOMAIN"
-      valueFrom:
-        secretKeyRef:
-          key: email-domain
-          name: "${data.kubernetes_secret.coder_oidc.metadata.0.name}"
-    - name: "CODER_OIDC_CLIENT_ID"
-      valueFrom:
-        secretKeyRef:
-          key: client-id
-          name: "${data.kubernetes_secret.coder_oidc.metadata.0.name}"
-    - name: "CODER_OIDC_CLIENT_SECRET"
-      valueFrom:
-        secretKeyRef:
-          key: client-secret
-          name: "${data.kubernetes_secret.coder_oidc.metadata.0.name}"
+    # - name: "CODER_OIDC_ISSUER_URL"
+    #   valueFrom:
+    #     secretKeyRef:
+    #       key: issuer-url
+    #       name: "${data.kubernetes_secret.coder_oidc.metadata.0.name}"
+    # - name: "CODER_OIDC_EMAIL_DOMAIN"
+    #   valueFrom:
+    #     secretKeyRef:
+    #       key: email-domain
+    #       name: "${data.kubernetes_secret.coder_oidc.metadata.0.name}"
+    # - name: "CODER_OIDC_CLIENT_ID"
+    #   valueFrom:
+    #     secretKeyRef:
+    #       key: client-id
+    #       name: "${data.kubernetes_secret.coder_oidc.metadata.0.name}"
+    # - name: "CODER_OIDC_CLIENT_SECRET"
+    #   valueFrom:
+    #     secretKeyRef:
+    #       key: client-secret
+    #       name: "${data.kubernetes_secret.coder_oidc.metadata.0.name}"
     # Send OTEL traces to the cluster-local collector to sample 10%
     - name: "OTEL_EXPORTER_OTLP_ENDPOINT"
-      value: "http://${kubernetes_manifest.otel-collector.manifest.metadata.name}-collector.${kubernetes_namespace.coder_namespace.metadata.0.name}.svc.cluster.local:4317"
+      value: "http://otel-collector.${kubernetes_namespace.coder_namespace.metadata.0.name}.svc.cluster.local:4317"
     - name: "OTEL_TRACES_SAMPLER"
       value: parentbased_traceidratio
     - name: "OTEL_TRACES_SAMPLER_ARG"
@@ -240,6 +259,8 @@ coder:
       value: "${local.coder_url}"
     - name: "CODER_VERBOSE"
       value: "true"
+    - name: "CODER_CONFIG_DIR"
+      value: "/tmp/config"
     - name: "CODER_CACHE_DIRECTORY"
       value: "/tmp/coder"
     - name: "CODER_TELEMETRY_ENABLE"
@@ -251,7 +272,7 @@ coder:
     - name: "CODER_PROMETHEUS_ENABLE"
       value: "true"
     - name: "CODER_PROVISIONERD_TAGS"
-      value = "socpe=organization"
+      value: "scope=organization"
   image:
     repo: ${var.provisionerd_image_repo}
     tag: ${var.provisionerd_image_tag}
diff --git a/scaletest/terraform/k8s/main.tf b/scaletest/terraform/k8s/main.tf
@@ -5,6 +5,11 @@ terraform {
       version = "~> 2.20"
     }
 
+    kubectl = {
+      source  = "alekc/kubectl"
+      version = ">= 2.0.0"
+    }
+
     helm = {
       source  = "hashicorp/helm"
       version = "~> 2.9"
@@ -21,13 +26,17 @@ terraform {
     }
   }
 
-  required_version = "~> 1.5.0"
+  required_version = "~> 1.9.0"
 }
 
 provider "kubernetes" {
   config_path = var.kubernetes_kubeconfig_path
 }
 
+provider "kubectl" {
+  config_path = var.kubernetes_kubeconfig_path
+}
+
 provider "helm" {
   kubernetes {
     config_path = var.kubernetes_kubeconfig_path
diff --git a/scaletest/terraform/k8s/otel.tf b/scaletest/terraform/k8s/otel.tf
diff --git a/scaletest/terraform/k8s/prometheus.tf b/scaletest/terraform/k8s/prometheus.tf

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`data "google_compute_default_service_account" "default" {`
`2`	`2`	`project = var.project_id`
	`3`	`+ depends_on = [ google_project_service.api["compute.googleapis.com"] ]`
`3`	`4`	`}`
`4`	`5`
`5`	`6`	`locals {`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ terraform {`
`11`	`11`	`}`
`12`	`12`	`}`
`13`	`13`
`14`		`- required_version = "~> 1.5.0"`
	`14`	`+ required_version = "~> 1.9.0"`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`provider "google" {`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,11 @@ terraform {`
`5`	`5`	`version = "~> 2.20"`
`6`	`6`	`}`
`7`	`7`
	`8`	`+ kubectl = {`
	`9`	`+ source = "alekc/kubectl"`
	`10`	`+ version = ">= 2.0.0"`
	`11`	`+ }`
	`12`	`+`
`8`	`13`	`helm = {`
`9`	`14`	`source = "hashicorp/helm"`
`10`	`15`	`version = "~> 2.9"`
`@@ -21,13 +26,17 @@ terraform {`
`21`	`26`	`}`
`22`	`27`	`}`
`23`	`28`
`24`		`- required_version = "~> 1.5.0"`
	`29`	`+ required_version = "~> 1.9.0"`
`25`	`30`	`}`
`26`	`31`
`27`	`32`	`provider "kubernetes" {`
`28`	`33`	`config_path = var.kubernetes_kubeconfig_path`
`29`	`34`	`}`
`30`	`35`
	`36`	`+provider "kubectl" {`
	`37`	`+ config_path = var.kubernetes_kubeconfig_path`
	`38`	`+}`
	`39`	`+`
`31`	`40`	`provider "helm" {`
`32`	`41`	`kubernetes {`
`33`	`42`	`config_path = var.kubernetes_kubeconfig_path`