Skip to content

Commit a2d6b0e

Browse files
johnstcnjohnstcn
committed
rebuild docker image with certs
1 parent 089b244 commit a2d6b0e

File tree

3 files changed

+49
-9
lines changed

3 files changed

+49
-9
lines changed

scaletest/terraform/coder.tf

Lines changed: 39 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,15 @@
11
data "google_client_config" "default" {}
22

33
locals {
4-
coder_helm_repo = "https://helm.coder.com/v2"
5-
coder_helm_chart = "coder"
6-
coder_release_name = "coder-${var.name}"
7-
coder_namespace = "coder-${var.name}"
8-
coder_admin_email = "admin@coder.com"
9-
coder_admin_user = "coder"
4+
coder_helm_repo = "https://helm.coder.com/v2"
5+
coder_helm_chart = "coder"
6+
coder_release_name = "coder-${var.name}"
7+
coder_namespace = "coder-${var.name}"
8+
coder_admin_email = "admin@coder.com"
9+
coder_admin_user = "coder"
10+
coder_address = "${google_compute_address.coder.address}"
11+
coder_url = "https://${google_compute_address.coder.address}"
12+
rebuilt_workspace_image = "gcr.io/coder-dev-1/v2-loadtest/${var.name}/workspace:latest"
1013
}
1114

1215
provider "kubernetes" {
@@ -167,7 +170,7 @@ coder:
167170
readOnlyRootFilesystem: true
168171
service:
169172
enable: true
170-
loadBalancerIP: "${google_compute_address.coder.address}"
173+
loadBalancerIP: "${local.coder_address}"
171174
tls:
172175
secretNames:
173176
- "${kubernetes_secret.coder-tls.metadata.0.name}"
@@ -200,7 +203,34 @@ EOF
200203

201204
resource "local_file" "url" {
202205
filename = "${path.module}/coder_url"
203-
content = "https://${google_compute_address.coder.address}"
206+
content = "${local.coder_url}"
207+
}
208+
209+
# Because we use a self-signed certificate, we need to also rebuild the base image.
210+
resource "local_file" "workspace_dockerfile" {
211+
filename = "${path.module}/.coderv2/dockerfile/workspace/Dockerfile"
212+
content = <<EOF
213+
FROM ${var.workspace_image}
214+
USER root
215+
RUN openssl s_client -connect ${local.coder_address}:443 -servername ${local.coder_url} </dev/null 2>/dev/null |\
216+
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | tee /usr/local/share/ca-certificates/coder.crt && \
217+
update-ca-certificates
218+
USER coder
219+
EOF
220+
}
221+
222+
resource "docker_image" "workspace" {
223+
name = local.rebuilt_workspace_image
224+
build {
225+
context = dirname(abspath(local_file.workspace_dockerfile.filename))
226+
}
227+
}
228+
229+
resource "null_resource" "push_workspace_image" {
230+
depends_on = [ docker_image.workspace ]
231+
provisioner "local-exec" {
232+
command = "docker push ${local.rebuilt_workspace_image}"
233+
}
204234
}
205235

206236
resource "local_file" "kubernetes_template" {
@@ -251,7 +281,7 @@ resource "local_file" "kubernetes_template" {
251281
}
252282
container {
253283
name = "dev"
254-
image = "gcr.io/coder-dev-1/coder-cian/minimal:ubuntu"
284+
image = "${local.rebuilt_workspace_image}"
255285
image_pull_policy = "Always"
256286
command = ["sh", "-c", coder_agent.main.init_script]
257287
security_context {

scaletest/terraform/main.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,11 @@ terraform {
2424
source = "hashicorp/tls"
2525
version = "~> 4.0"
2626
}
27+
28+
docker = {
29+
source = "kreuzwerker/docker"
30+
version = "~> 3.0"
31+
}
2732
}
2833

2934
required_version = "~> 1.4.0"

scaletest/terraform/vars.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -117,3 +117,8 @@ variable "coder_image_tag" {
117117
description = "Tag to use for Coder image."
118118
default = "latest"
119119
}
120+
121+
variable "workspace_image" {
122+
description = "Image and tag to use for workspaces."
123+
default = "docker.io/codercom/enterprise-minimal:ubuntu"
124+
}

0 commit comments

Comments
 (0)