-
Notifications
You must be signed in to change notification settings - Fork 937
feat(examples/templates): add GCP VM devcontainer template #11246
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
23 commits
Select commit
Hold shift + click to select a range
f6d24e1
feat(examples/templates): add GCP VM devcontainer template
matifali a49df65
use zone in provider only
matifali 0d37ff9
move code-server to module
matifali 7c3f646
Update README.md
matifali 2352c34
`make fmt`
matifali 471ba69
rename directory
matifali dfd0326
Merge branch 'main' into gcp-devcontainer-vm
matifali ee57662
Update README.md
matifali cd4e2dc
Update README.md
matifali eff8265
Update README.md
matifali 3cc7cc0
Add files via upload
matifali aa17ced
Add files via upload
matifali e93e7db
Add files via upload
matifali ddc8411
Update README.md
matifali aa08751
remove aws template link
matifali 4955165
test GFM
matifali 152f46a
Update README.md
matifali f214001
polish up
matifali 526385d
Merge branch 'main' into gcp-devcontainer-vm
matifali 1314f2e
set hotsname to workspace name
matifali ee96c0e
add to starter templates
matifali 76a0505
`make gen`
matifali b9fb206
`make update-golden-files`
matifali File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
--- | ||
display_name: Google Compute Engine (Devcontainer) | ||
description: Provision a Devcontainer on Google Compute Engine instances as Coder workspaces | ||
icon: ../../../site/static/icon/gcp.png | ||
maintainer_github: coder | ||
verified: true | ||
tags: [vm, linux, gcp, devcontainer] | ||
--- | ||
|
||
# Remote Development in a Devcontainer on Google Compute Engine | ||
|
||
 | ||
|
||
## Prerequisites | ||
|
||
### Authentication | ||
|
||
This template assumes that coderd is run in an environment that is authenticated | ||
with Google Cloud. For example, run `gcloud auth application-default login` to | ||
import credentials on the system and user running coderd. For other ways to | ||
authenticate [consult the Terraform | ||
docs](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/getting_started#adding-credentials). | ||
|
||
Coder requires a Google Cloud Service Account to provision workspaces. To create | ||
a service account: | ||
|
||
1. Navigate to the [CGP | ||
console](https://console.cloud.google.com/projectselector/iam-admin/serviceaccounts/create), | ||
and select your Cloud project (if you have more than one project associated | ||
with your account) | ||
|
||
1. Provide a service account name (this name is used to generate the service | ||
account ID) | ||
|
||
1. Click **Create and continue**, and choose the following IAM roles to grant to | ||
the service account: | ||
|
||
- Compute Admin | ||
- Service Account User | ||
|
||
Click **Continue**. | ||
|
||
1. Click on the created key, and navigate to the **Keys** tab. | ||
|
||
1. Click **Add key** > **Create new key**. | ||
|
||
1. Generate a **JSON private key**, which will be what you provide to Coder | ||
during the setup process. | ||
|
||
## Architecture | ||
|
||
This template provisions the following resources: | ||
|
||
- GCP VM (persistent) | ||
- GCP Disk (persistent, mounted to root) | ||
|
||
Coder persists the root volume. The full filesystem is preserved when the workspace restarts. | ||
|
||
> **Note** | ||
> This template is designed to be a starting point! Edit the Terraform to extend the template to support your use case. | ||
|
||
## code-server | ||
|
||
`code-server` is installed via the [`code-server`](https://registry.coder.com/modules/code-server) registry module. Please check [Coder Registry](https://registry.coder.com) for a list of all modules and templates. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,207 @@ | ||
terraform { | ||
required_providers { | ||
coder = { | ||
source = "coder/coder" | ||
} | ||
google = { | ||
source = "hashicorp/google" | ||
} | ||
} | ||
} | ||
|
||
provider "coder" { | ||
} | ||
|
||
variable "project_id" { | ||
description = "Which Google Compute Project should your workspace live in?" | ||
} | ||
|
||
data "coder_parameter" "zone" { | ||
name = "zone" | ||
display_name = "Zone" | ||
description = "Which zone should your workspace live in?" | ||
type = "string" | ||
icon = "/emojis/1f30e.png" | ||
default = "us-central1-a" | ||
mutable = false | ||
option { | ||
name = "North America (Northeast)" | ||
value = "northamerica-northeast1-a" | ||
icon = "/emojis/1f1fa-1f1f8.png" | ||
} | ||
option { | ||
name = "North America (Central)" | ||
value = "us-central1-a" | ||
icon = "/emojis/1f1fa-1f1f8.png" | ||
} | ||
option { | ||
name = "North America (West)" | ||
value = "us-west2-c" | ||
icon = "/emojis/1f1fa-1f1f8.png" | ||
} | ||
option { | ||
name = "Europe (West)" | ||
value = "europe-west4-b" | ||
icon = "/emojis/1f1ea-1f1fa.png" | ||
} | ||
option { | ||
name = "South America (East)" | ||
value = "southamerica-east1-a" | ||
icon = "/emojis/1f1e7-1f1f7.png" | ||
} | ||
} | ||
|
||
provider "google" { | ||
zone = data.coder_parameter.zone.value | ||
project = var.project_id | ||
} | ||
|
||
data "google_compute_default_service_account" "default" { | ||
} | ||
|
||
data "coder_workspace" "me" { | ||
} | ||
|
||
resource "google_compute_disk" "root" { | ||
name = "coder-${data.coder_workspace.me.id}-root" | ||
type = "pd-ssd" | ||
image = "debian-cloud/debian-12" | ||
matifali marked this conversation as resolved.
Show resolved
Hide resolved
|
||
lifecycle { | ||
ignore_changes = [name, image] | ||
} | ||
} | ||
|
||
data "coder_parameter" "repo_url" { | ||
name = "repo_url" | ||
display_name = "Repository URL" | ||
default = "https://github.com/coder/envbuilder-starter-devcontainer" | ||
description = "Repository URL" | ||
mutable = true | ||
} | ||
|
||
resource "coder_agent" "dev" { | ||
count = data.coder_workspace.me.start_count | ||
arch = "amd64" | ||
auth = "token" | ||
os = "linux" | ||
dir = "/workspaces/${trimsuffix(basename(data.coder_parameter.repo_url.value), ".git")}" | ||
connection_timeout = 0 | ||
|
||
metadata { | ||
key = "cpu" | ||
display_name = "CPU Usage" | ||
interval = 5 | ||
timeout = 5 | ||
script = "coder stat cpu" | ||
} | ||
metadata { | ||
key = "memory" | ||
display_name = "Memory Usage" | ||
interval = 5 | ||
timeout = 5 | ||
script = "coder stat mem" | ||
} | ||
metadata { | ||
key = "disk" | ||
display_name = "Disk Usage" | ||
interval = 5 | ||
timeout = 5 | ||
script = "coder stat disk" | ||
} | ||
} | ||
|
||
module "code-server" { | ||
count = data.coder_workspace.me.start_count | ||
source = "https://registry.coder.com/modules/code-server" | ||
agent_id = coder_agent.dev[0].id | ||
} | ||
|
||
resource "google_compute_instance" "vm" { | ||
name = "coder-${lower(data.coder_workspace.me.owner)}-${lower(data.coder_workspace.me.name)}-root" | ||
machine_type = "e2-medium" | ||
# data.coder_workspace.me.owner == "default" is a workaround to suppress error in the terraform plan phase while creating a new workspace. | ||
desired_status = (data.coder_workspace.me.owner == "default" || data.coder_workspace.me.start_count == 1) ? "RUNNING" : "TERMINATED" | ||
|
||
network_interface { | ||
network = "default" | ||
access_config { | ||
// Ephemeral public IP | ||
} | ||
} | ||
|
||
boot_disk { | ||
auto_delete = false | ||
source = google_compute_disk.root.name | ||
} | ||
|
||
service_account { | ||
email = data.google_compute_default_service_account.default.email | ||
scopes = ["cloud-platform"] | ||
} | ||
|
||
metadata = { | ||
# The startup script runs as root with no $HOME environment set up, so instead of directly | ||
# running the agent init script, create a user (with a homedir, default shell and sudo | ||
# permissions) and execute the init script as that user. | ||
startup-script = <<-META | ||
#!/usr/bin/env sh | ||
set -eux | ||
|
||
# If user does not exist, create it and set up passwordless sudo | ||
if ! id -u "${local.linux_user}" >/dev/null 2>&1; then | ||
useradd -m -s /bin/bash "${local.linux_user}" | ||
echo "${local.linux_user} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/coder-user | ||
fi | ||
|
||
# Check for Docker, install if not present | ||
if ! command -v docker &> /dev/null | ||
then | ||
echo "Docker not found, installing..." | ||
curl -fsSL https://get.docker.com -o get-docker.sh && sudo sh get-docker.sh 2>&1 >/dev/null | ||
sudo usermod -aG docker ${local.linux_user} | ||
newgrp docker | ||
else | ||
echo "Docker is already installed." | ||
fi | ||
# Start envbuilder | ||
docker run --rm \ | ||
-h ${lower(data.coder_workspace.me.name)} \ | ||
-v /home/${local.linux_user}/envbuilder:/workspaces \ | ||
-e CODER_AGENT_TOKEN="${try(coder_agent.dev[0].token, "")}" \ | ||
-e CODER_AGENT_URL="${data.coder_workspace.me.access_url}" \ | ||
-e GIT_URL="${data.coder_parameter.repo_url.value}" \ | ||
-e INIT_SCRIPT="echo ${base64encode(try(coder_agent.dev[0].init_script, ""))} | base64 -d | sh" \ | ||
-e FALLBACK_IMAGE="codercom/enterprise-base:ubuntu" \ | ||
ghcr.io/coder/envbuilder | ||
META | ||
} | ||
} | ||
|
||
locals { | ||
# Ensure Coder username is a valid Linux username | ||
linux_user = lower(substr(data.coder_workspace.me.owner, 0, 32)) | ||
} | ||
|
||
resource "coder_metadata" "workspace_info" { | ||
count = data.coder_workspace.me.start_count | ||
resource_id = google_compute_instance.vm.id | ||
|
||
item { | ||
key = "type" | ||
value = google_compute_instance.vm.machine_type | ||
} | ||
|
||
item { | ||
key = "zone" | ||
value = data.coder_parameter.zone.value | ||
} | ||
} | ||
|
||
resource "coder_metadata" "home_info" { | ||
resource_id = google_compute_disk.root.id | ||
|
||
item { | ||
key = "size" | ||
value = "${google_compute_disk.root.size} GiB" | ||
} | ||
} |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.