chore: add workspaceProxy to helm chart (#7398)

deansheather · web-flow · commit 667d9a7557de · 2023-05-05T07:07:49.000+10:00
diff --git a/Makefile b/Makefile
@@ -526,7 +526,7 @@ cli/testdata/.gen-golden: $(wildcard cli/testdata/*.golden) $(wildcard cli/*.tpl
 	go test ./cli -run="Test(CommandHelp|ServerYAML)" -update
 	touch "$@"
 
-helm/tests/testdata/.gen-golden: $(wildcard helm/tests/testdata/*.golden) $(GO_SRC_FILES)
+helm/tests/testdata/.gen-golden: $(wildcard helm/tests/testdata/*.yaml) $(wildcard helm/tests/testdata/*.golden) $(GO_SRC_FILES)
 	go test ./helm/tests -run=TestUpdateGoldenFiles -update
 	touch "$@"
 
diff --git a/helm/.helmignore b/helm/.helmignore
@@ -23,3 +23,5 @@
 .vscode/
 Makefile
 artifacthub-repo.yml
+
+tests
diff --git a/helm/templates/coder.yaml b/helm/templates/coder.yaml
@@ -60,6 +60,13 @@ spec:
         - name: coder
           image: {{ include "coder.image" . | quote }}
           imagePullPolicy: {{ .Values.coder.image.pullPolicy }}
+          command:
+            - /opt/coder
+          args:
+            {{- if .Values.coder.workspaceProxy }}
+            - proxy
+            {{- end }}
+            - server
           resources:
             {{- toYaml .Values.coder.resources | nindent 12 }}
           lifecycle:
diff --git a/helm/tests/chart_test.go b/helm/tests/chart_test.go
@@ -44,6 +44,10 @@ var TestCases = []TestCase{
 		name:          "labels_annotations",
 		expectedError: "",
 	},
+	{
+		name:          "workspace_proxy",
+		expectedError: "",
+	},
 }
 
 type TestCase struct {
diff --git a/helm/tests/testdata/default_values.golden b/helm/tests/testdata/default_values.golden
@@ -134,6 +134,10 @@ spec:
         - name: coder
           image: "ghcr.io/coder/coder:latest"
           imagePullPolicy: IfNotPresent
+          command:
+            - /opt/coder
+          args:
+            - server
           resources:
             {}
           lifecycle:
diff --git a/helm/tests/testdata/labels_annotations.golden b/helm/tests/testdata/labels_annotations.golden
@@ -140,6 +140,10 @@ spec:
         - name: coder
           image: "ghcr.io/coder/coder:latest"
           imagePullPolicy: IfNotPresent
+          command:
+            - /opt/coder
+          args:
+            - server
           resources:
             {}
           lifecycle:
diff --git a/helm/tests/testdata/sa.golden b/helm/tests/testdata/sa.golden
@@ -134,6 +134,10 @@ spec:
         - name: coder
           image: "ghcr.io/coder/coder:latest"
           imagePullPolicy: IfNotPresent
+          command:
+            - /opt/coder
+          args:
+            - server
           resources:
             {}
           lifecycle:
diff --git a/helm/tests/testdata/tls.golden b/helm/tests/testdata/tls.golden
@@ -138,6 +138,10 @@ spec:
         - name: coder
           image: "ghcr.io/coder/coder:latest"
           imagePullPolicy: IfNotPresent
+          command:
+            - /opt/coder
+          args:
+            - server
           resources:
             {}
           lifecycle:
diff --git a/helm/tests/testdata/workspace_proxy.golden b/helm/tests/testdata/workspace_proxy.golden
@@ -0,0 +1,177 @@
+---
+# Source: coder/templates/coder.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "coder"
+  annotations: 
+    {}
+  labels:
+    helm.sh/chart: coder-0.1.0
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: coder
+    app.kubernetes.io/version: "0.1.0"
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: coder/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: coder-workspace-perms
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["*"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["*"]
+---
+# Source: coder/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: "coder"
+subjects:
+  - kind: ServiceAccount
+    name: "coder"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: coder-workspace-perms
+---
+# Source: coder/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: coder
+  labels:
+    helm.sh/chart: coder-0.1.0
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: coder
+    app.kubernetes.io/version: "0.1.0"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    {}
+spec:
+  type: LoadBalancer
+  sessionAffinity: ClientIP
+  ports:
+    - name: "http"
+      port: 80
+      targetPort: "http"
+      protocol: TCP
+  externalTrafficPolicy: "Cluster"
+  selector:
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+---
+# Source: coder/templates/coder.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: coder
+  labels:
+    helm.sh/chart: coder-0.1.0
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: coder
+    app.kubernetes.io/version: "0.1.0"
+    app.kubernetes.io/managed-by: Helm
+  annotations: 
+    {}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: coder
+      app.kubernetes.io/instance: release-name
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: coder-0.1.0
+        app.kubernetes.io/name: coder
+        app.kubernetes.io/instance: release-name
+        app.kubernetes.io/part-of: coder
+        app.kubernetes.io/version: "0.1.0"
+        app.kubernetes.io/managed-by: Helm
+      annotations:
+        {}
+    spec:
+      serviceAccountName: "coder"
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 60
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/instance
+                  operator: In
+                  values:
+                  - coder
+              topologyKey: kubernetes.io/hostname
+            weight: 1
+      containers:
+        - name: coder
+          image: "ghcr.io/coder/coder:latest"
+          imagePullPolicy: IfNotPresent
+          command:
+            - /opt/coder
+          args:
+            - proxy
+            - server
+          resources:
+            {}
+          lifecycle:
+            {}
+          env:
+            - name: CODER_HTTP_ADDRESS
+              value: "0.0.0.0:8080"
+            - name: CODER_PROMETHEUS_ADDRESS
+              value: "0.0.0.0:2112"
+            # Set the default access URL so a `helm apply` works by default.
+            # See: https://github.com/coder/coder/issues/5024
+            - name: CODER_ACCESS_URL
+              value: "http://coder.default.svc.cluster.local"
+            # Used for inter-pod communication with high-availability.
+            - name: KUBE_POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: CODER_DERP_SERVER_RELAY_URL
+              value: "http://$(KUBE_POD_IP):8080"
+            
+            - name: CODER_PRIMARY_ACCESS_URL
+              value: https://dev.coder.com
+            - name: CODER_PROXY_SESSION_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  key: token
+                  name: coder-workspace-proxy-session-token
+          ports:
+            - name: "http"
+              containerPort: 8080
+              protocol: TCP
+          securityContext: 
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: null
+            runAsGroup: 1000
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          readinessProbe:
+            httpGet:
+              path: /api/v2/buildinfo
+              port: "http"
+              scheme: "HTTP"
+          livenessProbe:
+            httpGet:
+              path: /api/v2/buildinfo
+              port: "http"
+              scheme: "HTTP"
+          volumeMounts: []
+      volumes: []
diff --git a/helm/tests/testdata/workspace_proxy.yaml b/helm/tests/testdata/workspace_proxy.yaml
@@ -0,0 +1,14 @@
+coder:
+  workspaceProxy: true
+
+  image:
+    tag: latest
+
+  env:
+    - name: CODER_PRIMARY_ACCESS_URL
+      value: "https://dev.coder.com"
+    - name: CODER_PROXY_SESSION_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: coder-workspace-proxy-session-token
+          key: token
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -1,10 +1,28 @@
 # coder -- Primary configuration for `coder server`.
 coder:
-  # coder.replicaCount -- The number of Kubernetes deployment replicas.
-  # This should only be increased if High Availability is enabled.
+  # coder.replicaCount -- The number of Kubernetes deployment replicas. This
+  # should only be increased if High Availability is enabled.
+  #
   # This is an Enterprise feature. Contact sales@coder.com.
   replicaCount: 1
 
+  # coder.workspaceProxy -- Whether or not this deployment of Coder is a Coder
+  # Workspace Proxy. Workspace Proxies reduce the latency between the user and
+  # their workspace for web connections (workspace apps and web terminal) and
+  # proxied connections from the CLI. Workspace Proxies are optional and only
+  # recommended for geographically sparse teams.
+  #
+  # Make sure you set CODER_PRIMARY_ACCESS_URL and CODER_PROXY_SESSION_TOKEN in
+  # the environment below. You can get a proxy token using the CLI:
+  #   coder proxy create \
+  #     --name "proxy-name" \
+  #     --display-name "Proxy Name" \
+  #     --icon "/emojis/xyz.png"
+  #
+  # This is an Enterprise feature. Contact sales@coder.com
+  # Docs: https://coder.com/docs/v2/latest/admin/workspace-proxies
+  workspaceProxy: false
+
   # coder.image -- The image to use for Coder.
   image:
     # coder.image.repo -- The repository of the image.
