From d045c7d10334e061ee6440ef42734d80fe17f1bc Mon Sep 17 00:00:00 2001 From: deansheather Date: Thu, 30 Jun 2022 07:15:55 +0000 Subject: [PATCH 1/7] feat: add basic helm chart --- helm/.helmignore | 23 ++++++++++ helm/Chart.yaml | 29 ++++++++++++ helm/templates/NOTES.txt | 16 +++++++ helm/templates/_helpers.tpl | 33 ++++++++++++++ helm/templates/deployment.yaml | 50 +++++++++++++++++++++ helm/templates/ingress.yaml | 32 ++++++++++++++ helm/templates/service.yaml | 19 ++++++++ helm/values.yaml | 81 ++++++++++++++++++++++++++++++++++ 8 files changed, 283 insertions(+) create mode 100644 helm/.helmignore create mode 100644 helm/Chart.yaml create mode 100644 helm/templates/NOTES.txt create mode 100644 helm/templates/_helpers.tpl create mode 100644 helm/templates/deployment.yaml create mode 100644 helm/templates/ingress.yaml create mode 100644 helm/templates/service.yaml create mode 100644 helm/values.yaml diff --git a/helm/.helmignore b/helm/.helmignore new file mode 100644 index 0000000000000..0e8a0eb36f4ca --- /dev/null +++ b/helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000000000..f66f0caee65d8 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: coder +description: Remote development environments on your infrastructure. +home: https://github.com/coder/coder + +# version and appVersion are injected at release. +type: application +version: "0.1.0" +appVersion: "0.1.0" + +# Coder has a hard requirement on Kubernetes 1.19, as this version +# introduced the networking.k8s.io/v1 API for the Ingress and +# NetworkPolicy resources. +# +# Additionally, the NOTES.txt file emits a warning if the cluster +# version is outside our soft requirement, in accordance with our +# official support policy. +kubeVersion: ">= 1.19.0-0" + +keywords: + - coder + - terraform +sources: + - https://github.com/coder/coder/tree/main/helm +icon: https://helm.coder.com/coder_logo_black.png +maintainers: + - name: Coder Technologies, Inc. + email: support@coder.com + url: https://coder.com/contact diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt new file mode 100644 index 0000000000000..c6108e984e1ed --- /dev/null +++ b/helm/templates/NOTES.txt @@ -0,0 +1,16 @@ +{{- if not (semverCompare ">= 1.21.0-0" .Capabilities.KubeVersion.Version) -}} +============================== KUBERNETES SUPPORT ============================== + +NOTICE: Coder follows the Kubernetes upstream version support policy, and the +latest stable release version of Coder supports the previous two minor releases +as well as the current release of Kubernetes at time of publication. + +Your Kubernetes version is: {{ .Capabilities.KubeVersion }} + +Coder {{ .Chart.AppVersion }} requires Kubernetes >= 1.21 + +Coder cannot provide any guarantees of compatibility nor technical support for +this version of Kubernetes. + +============================== KUBERNETES SUPPORT ============================== +{{- end -}} diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl new file mode 100644 index 0000000000000..807439ce627c1 --- /dev/null +++ b/helm/templates/_helpers.tpl @@ -0,0 +1,33 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "coder.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "coder.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "coder.labels" -}} +helm.sh/chart: {{ include "coder.chart" . }} +{{ include "coder.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "coder.selectorLabels" -}} +app.kubernetes.io/name: {{ include "coder.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml new file mode 100644 index 0000000000000..837bc98196153 --- /dev/null +++ b/helm/templates/deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: coder + labels: + {{- include "coder.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.coder.replicaCount }} + selector: + matchLabels: + {{- include "coder.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "coder.selectorLabels" . | nindent 8 }} + spec: + restartPolicy: Always + terminationGracePeriodSeconds: 300 + containers: + - name: coder + image: "{{ .Values.coder.image.repo }}:{{ .Values.coder.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.coder.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: CODER_ADDRESS + value: "0.0.0.0:80" + {{- if .Values.coder.tls.secretName }} + - name: CODER_TLS_ENABLE + value: "true" + - name: CODER_TLS_CERT_FILE + value: /etc/ssl/certs/coder/tls.crt + - name: CODER_TLS_KEY_FILE + value: /etc/ssl/certs/coder/tls.key + {{- end }} + {{- with .Values.coder.env -}} + {{ toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 80 + protocol: TCP + readinessProbe: + httpGet: + path: / + port: http + livenessProbe: + httpGet: + path: / + port: http diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml new file mode 100644 index 0000000000000..1842bc08228c8 --- /dev/null +++ b/helm/templates/ingress.yaml @@ -0,0 +1,32 @@ +{{- if .Values.coder.ingress.enable }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: coder + labels: + {{- include "coder.labels" . | nindent 4 }} +spec: + {{- if .Values.coder.ingress.className }} + {{/* If this is set to an empty string it fails validation on K8s */}} + ingressClassName: {{ .Values.coder.ingress.className | quote }} + {{- end }} + rules: + - host: {{ .Values.coder.ingress.host | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: coder + port: + name: http + + {{- if .Values.coder.ingress.tls.enable }} + tls: + - hosts: + - {{ .Values.coder.ingress.host | quote }} + secretName: {{ .Values.coder.ingress.tls.secretName | quote}} + {{- end }} +{{- end }} diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml new file mode 100644 index 0000000000000..f769d6740948a --- /dev/null +++ b/helm/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: coder + labels: + {{- include "coder.labels" . | nindent 4 }} +spec: + type: {{ .Values.coder.service.type }} + ports: + - name: http + port: 80 + targetPort: http + protocol: TCP + - name: https + port: 443 + targetPort: https + protocol: TCP + selector: + {{- include "coder.selectorLabels" . | nindent 4 }} diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 0000000000000..00bc9db8dd36c --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,81 @@ +# coder -- Primary configuration for `coder server`. +coder: + # coder.replicaCount -- The number of Kubernetes deployment replicas. + replicaCount: 1 + + # coder.image -- The image to use for Coder. + image: + # coder.image.repo -- The repository of the image. + repo: "ghcr.io/coder/coder" + # coder.image.tag -- The tag of the image, defaults to the same version as + # the chart. + tag: "{{.Release.Version}}" + # coder.image.pullPolicy -- The pull policy to use for the image. See: + # https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + pullPolicy: IfNotPresent + + # coder.service -- The Service object to expose for Coder. + service: + # coder.service.type -- The type of service to expose. See: + # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: LoadBalancer + # coder.service.externalTrafficPolicy -- The external traffic policy to use. + # On AWS EKS you may need to change this to "Cluster". See: + # https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + externalTrafficPolicy: Local + # coder.service.loadBalancerIP -- The IP address of the LoadBalancer. If not + # specified, a new IP will be generated each time the load balancer is + # recreated. It is recommended to manually create a static IP address in + # your cloud and specify it here in production to avoid accidental IP + # address changes. + loadBalancerIP: "" + + # coder.ingress -- The Ingress object to expose for Coder. + ingress: + # coder.ingress.enable -- Whether to enable the Ingress. + enable: false + # coder.ingress.className -- The name of the Ingress class to use. + className: "" + # coder.ingress.host -- The hostname to match on. + host: "coder.example.com" + # coder.ingress.tls -- The TLS configuration to use for the Ingress. + tls: + # coder.ingress.tls.enable -- Whether to enable TLS on the Ingress. + enable: false + # coder.ingress.tls.secretName -- The name of the TLS secret to use. + secretName: "" + + # coder.tls -- The TLS configuration for Coder. + tls: + # coder.tls.secretName -- The name of the secret containing the TLS + # certificate. The secret should exist in the same namespace as the Helm + # deployment and should be of type "kubernetes.io/tls". The secret will be + # automatically mounted into the pod if specified, and the correct + # "CODER_TLS_*" environment variables will be set for you. + secretName: "" + + # coder.resources -- The resources to request for Coder. These are optional + # and are not set by default. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # coder.env -- The environment variables to set for Coder. These can be used + # to configure all aspects of `coder server`. Please see `coder server --help` + # for information about what environment variables can be set. + # + # Note: The following environment variables are set by default and cannot be + # overridden: + # - CODER_ADDRESS: set to 0.0.0.0:80 and cannot be changed. + # - CODER_TLS_ENABLE: set if tls.secretName is not empty. + # - CODER_TLS_CERT_FILE: set if tls.secretName is not empty. + # - CODER_TLS_KEY_FILE: set if tls.secretName is not empty. + env: + - name: CODER_ACCESS_URL + value: "https://coder.example.com" + - name: CODER_PG_CONNECTION_URL + value: "postgres://coder:password@postgres:5432/coder?sslmode=disable" From a0b722c1eb1deb738c609009748a67b7a4f68262 Mon Sep 17 00:00:00 2001 From: deansheather Date: Thu, 30 Jun 2022 08:01:47 +0000 Subject: [PATCH 2/7] feat: add Helm build script --- .github/workflows/release.yaml | 7 +++ helm/Chart.yaml | 10 ++-- scripts/helm.sh | 87 ++++++++++++++++++++++++++++++++++ 3 files changed, 98 insertions(+), 6 deletions(-) create mode 100755 scripts/helm.sh diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5ae04d665b08c..c767cc908032e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -275,12 +275,19 @@ jobs: - name: ls artifacts run: ls artifacts + - name: Publish Helm + run: | + set -euxo pipefail + ./scripts/helm.sh --push + mv ./dist/*.tgz ./artifacts/ + - name: Publish Release run: | ./scripts/publish_release.sh \ ${{ (github.event.inputs.dry_run || github.event.inputs.snapshot) && '--dry-run' }} \ ./artifacts/*.zip \ ./artifacts/*.tar.gz \ + ./artifacts/*.tgz \ ./artifacts/*.apk \ ./artifacts/*.deb \ ./artifacts/*.rpm diff --git a/helm/Chart.yaml b/helm/Chart.yaml index f66f0caee65d8..dd16df2a01bc0 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -8,13 +8,11 @@ type: application version: "0.1.0" appVersion: "0.1.0" -# Coder has a hard requirement on Kubernetes 1.19, as this version -# introduced the networking.k8s.io/v1 API for the Ingress and -# NetworkPolicy resources. +# Coder has a hard requirement on Kubernetes 1.19, as this version introduced +# the networking.k8s.io/v1 API for the Ingress and NetworkPolicy resources. # -# Additionally, the NOTES.txt file emits a warning if the cluster -# version is outside our soft requirement, in accordance with our -# official support policy. +# Additionally, the NOTES.txt file emits a warning if the cluster version is +# outside our soft requirement, in accordance with our official support policy. kubeVersion: ">= 1.19.0-0" keywords: diff --git a/scripts/helm.sh b/scripts/helm.sh new file mode 100755 index 0000000000000..5978a5f373937 --- /dev/null +++ b/scripts/helm.sh @@ -0,0 +1,87 @@ +#!/usr/bin/env bash + +# This script creates a Helm package for the given version. It will output a +# .tgz file at the specified path, and may optionally push it to the Coder OSS +# repo. +# +# ./helm.sh [--version 1.2.3] [--output path/to/coder.tgz] [--push] +# +# If no version is specified, defaults to the version from ./version.sh. +# +# If no output path is specified, defaults to +# "$repo_root/dist/coder_helm_$version.tgz". +# +# If the --push parameter is specified, the resulting artifact will be published +# to the Coder OSS repo. This requires `gsutil` to be installed and configured. + +set -euo pipefail +# shellcheck source=scripts/lib.sh +source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" + +version="" +output_path="" +push=0 + +args="$(getopt -o "" -l version:,output:,push -- "$@")" +eval set -- "$args" +while true; do + case "$1" in + --version) + version="$2" + shift 2 + ;; + --output) + output_path="$(realpath "$2")" + shift 2 + ;; + --push) + push="1" + shift + ;; + --) + shift + break + ;; + *) + error "Unrecognized option: $1" + ;; + esac +done + +# Remove the "v" prefix. +version="${version#v}" +if [[ "$version" == "" ]]; then + version="$(execrelative ./version.sh)" +fi + +if [[ "$output_path" == "" ]]; then + cdroot + mkdir -p dist + output_path="$(realpath "dist/coder_helm_$version.tgz")" +fi + +# Check dependencies +dependencies helm + +# Make a destination temporary directory, as you cannot fully control the output +# path of `helm package` except for the directory name :/ +cdroot +temp_dir="$(mktemp -d)" + +cdroot +cd ./helm +log "--- Packaging helm chart for version $version ($output_path)" +helm package \ + --version "$version" \ + --app-version "$version" \ + --destination "$temp_dir" \ + . 1>&2 + +log "Moving helm chart to $output_path" +cp "$temp_dir"/*.tgz "$output_path" +rm -rf "$temp_dir" + +if [[ "$push" == 1 ]]; then + log "--- Publishing helm chart..." + # TODO: figure out how/where we want to publish the helm chart +fi From fba27bc4569dc1a35555af5566076e24353b9096 Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Fri, 22 Jul 2022 15:24:34 +0000 Subject: [PATCH 3/7] progress --- Dockerfile | 5 ++ helm/Chart.yaml | 3 +- helm/templates/_helpers.tpl | 16 +++--- helm/templates/deployment.yaml | 26 +++++++--- helm/templates/service.yaml | 14 ++++-- helm/values.yaml | 91 ++++++++++++++++++---------------- 6 files changed, 92 insertions(+), 63 deletions(-) diff --git a/Dockerfile b/Dockerfile index 489c7266485ca..3b3223de6cbaa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,4 +14,9 @@ LABEL \ # The coder binary is injected by scripts/build_docker.sh. ADD coder /opt/coder +# Create coder group and user. +RUN addgroup -g 1000 coder && + adduser -D -g "" -h /home/coder -G coder -u 1000 coder +USER coder:coder + ENTRYPOINT [ "/opt/coder", "server" ] diff --git a/helm/Chart.yaml b/helm/Chart.yaml index dd16df2a01bc0..55db37752f1d4 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -3,7 +3,8 @@ name: coder description: Remote development environments on your infrastructure. home: https://github.com/coder/coder -# version and appVersion are injected at release. +# version and appVersion are injected at release and will always be shown as +# 0.1.0 in the repository. type: application version: "0.1.0" appVersion: "0.1.0" diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 807439ce627c1..e723c6f1e9197 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -12,6 +12,14 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} +{{/* +Selector labels +*/}} +{{- define "coder.selectorLabels" -}} +app.kubernetes.io/name: {{ include "coder.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + {{/* Common labels */}} @@ -23,11 +31,3 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} - -{{/* -Selector labels -*/}} -{{- define "coder.selectorLabels" -}} -app.kubernetes.io/name: {{ include "coder.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index 837bc98196153..7738dd0597038 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -5,7 +5,10 @@ metadata: labels: {{- include "coder.labels" . | nindent 4 }} spec: - replicas: {{ .Values.coder.replicaCount }} + # NOTE: this is currently not used as coder v2 does not support high + # availability yet. + # replicas: {{ .Values.coder.replicaCount }} + replicas: 1 selector: matchLabels: {{- include "coder.selectorLabels" . | nindent 6 }} @@ -15,36 +18,45 @@ spec: {{- include "coder.selectorLabels" . | nindent 8 }} spec: restartPolicy: Always - terminationGracePeriodSeconds: 300 + terminationGracePeriodSeconds: 60 containers: - name: coder - image: "{{ .Values.coder.image.repo }}:{{ .Values.coder.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.coder.image.repo }}:{{ .Values.coder.image.tag | default (printf "v%v" .Chart.AppVersion) }}" imagePullPolicy: {{ .Values.coder.image.pullPolicy }} resources: {{- toYaml .Values.resources | nindent 12 }} env: - - name: CODER_ADDRESS - value: "0.0.0.0:80" {{- if .Values.coder.tls.secretName }} + - name: CODER_ADDRESS + value: "0.0.0.0:443" - name: CODER_TLS_ENABLE value: "true" - name: CODER_TLS_CERT_FILE value: /etc/ssl/certs/coder/tls.crt - name: CODER_TLS_KEY_FILE value: /etc/ssl/certs/coder/tls.key + {{- else }} + - name: CODER_ADDRESS + value: "0.0.0.0:80" {{- end }} {{- with .Values.coder.env -}} {{ toYaml . | nindent 12 }} {{- end }} ports: + {{- if .Values.coder.tls.secretName }} + - name: https + containerPort: 443 + protocol: TCP + {{- else }} - name: http containerPort: 80 protocol: TCP + {{- end }} readinessProbe: httpGet: - path: / + path: /api/v2/buildinfo port: http livenessProbe: httpGet: - path: / + path: /api/v2/buildinfo port: http diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml index f769d6740948a..84c47d9107da9 100644 --- a/helm/templates/service.yaml +++ b/helm/templates/service.yaml @@ -1,3 +1,5 @@ +{{- if .Values.coder.service.enable }} +--- apiVersion: v1 kind: Service metadata: @@ -7,13 +9,17 @@ metadata: spec: type: {{ .Values.coder.service.type }} ports: - - name: http - port: 80 - targetPort: http - protocol: TCP + {{- if .Values.coder.tls.secretName }} - name: https port: 443 targetPort: https protocol: TCP + {{- else }} + - name: http + port: 80 + targetPort: http + protocol: TCP + {{- end }} selector: {{- include "coder.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml index 00bc9db8dd36c..b83cceac77e15 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,28 +1,68 @@ # coder -- Primary configuration for `coder server`. coder: - # coder.replicaCount -- The number of Kubernetes deployment replicas. - replicaCount: 1 + # NOTE: this is currently not used as coder v2 does not support high + # availability yet. + # # coder.replicaCount -- The number of Kubernetes deployment replicas. + # replicaCount: 1 # coder.image -- The image to use for Coder. image: # coder.image.repo -- The repository of the image. repo: "ghcr.io/coder/coder" - # coder.image.tag -- The tag of the image, defaults to the same version as - # the chart. - tag: "{{.Release.Version}}" + # coder.image.tag -- The tag of the image, defaults to {{.Chart.AppVersion}} + # if not set. + tag: "" # coder.image.pullPolicy -- The pull policy to use for the image. See: # https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy pullPolicy: IfNotPresent + # coder.env -- The environment variables to set for Coder. These can be used + # to configure all aspects of `coder server`. Please see `coder server --help` + # for information about what environment variables can be set. + # + # Note: The following environment variables are set by default and cannot be + # overridden: + # - CODER_ADDRESS: set to 0.0.0.0:80 and cannot be changed. + # - CODER_TLS_ENABLE: set if tls.secretName is not empty. + # - CODER_TLS_CERT_FILE: set if tls.secretName is not empty. + # - CODER_TLS_KEY_FILE: set if tls.secretName is not empty. + env: + - name: CODER_ACCESS_URL + value: "https://coder.example.com" + #- name: CODER_PG_CONNECTION_URL + # value: "postgres://coder:password@postgres:5432/coder?sslmode=disable" + + # coder.tls -- The TLS configuration for Coder. + tls: + # coder.tls.secretName -- The name of the secret containing the TLS + # certificate. The secret should exist in the same namespace as the Helm + # deployment and should be of type "kubernetes.io/tls". The secret will be + # automatically mounted into the pod if specified, and the correct + # "CODER_TLS_*" environment variables will be set for you. + secretName: "" + + # coder.resources -- The resources to request for Coder. These are optional + # and are not set by default. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # coder.service -- The Service object to expose for Coder. service: + # coder.service.enable -- Whether to create the Service object. + enable: true # coder.service.type -- The type of service to expose. See: # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: LoadBalancer # coder.service.externalTrafficPolicy -- The external traffic policy to use. - # On AWS EKS you may need to change this to "Cluster". See: + # You may need to change this to "Local" to preserve the source IP address + # in some situations. # https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - externalTrafficPolicy: Local + externalTrafficPolicy: Cluster # coder.service.loadBalancerIP -- The IP address of the LoadBalancer. If not # specified, a new IP will be generated each time the load balancer is # recreated. It is recommended to manually create a static IP address in @@ -32,7 +72,7 @@ coder: # coder.ingress -- The Ingress object to expose for Coder. ingress: - # coder.ingress.enable -- Whether to enable the Ingress. + # coder.ingress.enable -- Whether to create the Ingress object. enable: false # coder.ingress.className -- The name of the Ingress class to use. className: "" @@ -44,38 +84,3 @@ coder: enable: false # coder.ingress.tls.secretName -- The name of the TLS secret to use. secretName: "" - - # coder.tls -- The TLS configuration for Coder. - tls: - # coder.tls.secretName -- The name of the secret containing the TLS - # certificate. The secret should exist in the same namespace as the Helm - # deployment and should be of type "kubernetes.io/tls". The secret will be - # automatically mounted into the pod if specified, and the correct - # "CODER_TLS_*" environment variables will be set for you. - secretName: "" - - # coder.resources -- The resources to request for Coder. These are optional - # and are not set by default. - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - # coder.env -- The environment variables to set for Coder. These can be used - # to configure all aspects of `coder server`. Please see `coder server --help` - # for information about what environment variables can be set. - # - # Note: The following environment variables are set by default and cannot be - # overridden: - # - CODER_ADDRESS: set to 0.0.0.0:80 and cannot be changed. - # - CODER_TLS_ENABLE: set if tls.secretName is not empty. - # - CODER_TLS_CERT_FILE: set if tls.secretName is not empty. - # - CODER_TLS_KEY_FILE: set if tls.secretName is not empty. - env: - - name: CODER_ACCESS_URL - value: "https://coder.example.com" - - name: CODER_PG_CONNECTION_URL - value: "postgres://coder:password@postgres:5432/coder?sslmode=disable" From 1a6d67c36b093078a754b7050755be1b9977047b Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Fri, 22 Jul 2022 15:46:59 +0000 Subject: [PATCH 4/7] remove helm soft version requirement --- helm/Chart.yaml | 5 +---- helm/templates/NOTES.txt | 16 ---------------- 2 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 helm/templates/NOTES.txt diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 55db37752f1d4..166aa7cea6077 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -10,10 +10,7 @@ version: "0.1.0" appVersion: "0.1.0" # Coder has a hard requirement on Kubernetes 1.19, as this version introduced -# the networking.k8s.io/v1 API for the Ingress and NetworkPolicy resources. -# -# Additionally, the NOTES.txt file emits a warning if the cluster version is -# outside our soft requirement, in accordance with our official support policy. +# the networking.k8s.io/v1 API. kubeVersion: ">= 1.19.0-0" keywords: diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt deleted file mode 100644 index c6108e984e1ed..0000000000000 --- a/helm/templates/NOTES.txt +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not (semverCompare ">= 1.21.0-0" .Capabilities.KubeVersion.Version) -}} -============================== KUBERNETES SUPPORT ============================== - -NOTICE: Coder follows the Kubernetes upstream version support policy, and the -latest stable release version of Coder supports the previous two minor releases -as well as the current release of Kubernetes at time of publication. - -Your Kubernetes version is: {{ .Capabilities.KubeVersion }} - -Coder {{ .Chart.AppVersion }} requires Kubernetes >= 1.21 - -Coder cannot provide any guarantees of compatibility nor technical support for -this version of Kubernetes. - -============================== KUBERNETES SUPPORT ============================== -{{- end -}} From f5f6afc290928086c4276c7020e148ade3d080da Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Fri, 22 Jul 2022 16:55:21 +0000 Subject: [PATCH 5/7] change coderd ports to be above 1024 in helm --- Dockerfile | 2 +- helm/templates/deployment.yaml | 8 ++++---- scripts/version.sh | 5 +++++ 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3b3223de6cbaa..cce691ca0cc62 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ LABEL \ ADD coder /opt/coder # Create coder group and user. -RUN addgroup -g 1000 coder && +RUN addgroup -g 1000 coder && \ adduser -D -g "" -h /home/coder -G coder -u 1000 coder USER coder:coder diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index 7738dd0597038..cc4a66839e3ad 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -28,7 +28,7 @@ spec: env: {{- if .Values.coder.tls.secretName }} - name: CODER_ADDRESS - value: "0.0.0.0:443" + value: "0.0.0.0:8443" - name: CODER_TLS_ENABLE value: "true" - name: CODER_TLS_CERT_FILE @@ -37,7 +37,7 @@ spec: value: /etc/ssl/certs/coder/tls.key {{- else }} - name: CODER_ADDRESS - value: "0.0.0.0:80" + value: "0.0.0.0:8080" {{- end }} {{- with .Values.coder.env -}} {{ toYaml . | nindent 12 }} @@ -45,11 +45,11 @@ spec: ports: {{- if .Values.coder.tls.secretName }} - name: https - containerPort: 443 + containerPort: 8443 protocol: TCP {{- else }} - name: http - containerPort: 80 + containerPort: 8080 protocol: TCP {{- end }} readinessProbe: diff --git a/scripts/version.sh b/scripts/version.sh index 220da35328a27..628fdef3e4ba0 100755 --- a/scripts/version.sh +++ b/scripts/version.sh @@ -15,6 +15,11 @@ set -euo pipefail source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" cdroot +if [[ "${CODER_FORCE_VERSION:-}" != "" ]]; then + echo "$CODER_FORCE_VERSION" + exit 0 +fi + last_tag="$(git describe --tags --abbrev=0)" version="$last_tag" From 5339819da2c8ca82c4fb5d8fecf0895739fc43e0 Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Fri, 22 Jul 2022 21:15:34 +0000 Subject: [PATCH 6/7] Change coder user in dockerfile to be system user --- Dockerfile | 2 +- helm/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index cce691ca0cc62..6dcdcc21205bf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ ADD coder /opt/coder # Create coder group and user. RUN addgroup -g 1000 coder && \ - adduser -D -g "" -h /home/coder -G coder -u 1000 coder + adduser -D -g "" -h /home/coder -G coder -u 1000 -S -s /bin/sh coder USER coder:coder ENTRYPOINT [ "/opt/coder", "server" ] diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 166aa7cea6077..2b73b7c6d641c 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: coder -description: Remote development environments on your infrastructure. +description: Remote development environments on your infrastructure home: https://github.com/coder/coder # version and appVersion are injected at release and will always be shown as From 761e12473567616289c54e1668135c678250e46c Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Tue, 26 Jul 2022 15:52:28 +0000 Subject: [PATCH 7/7] Remove ingress object from helm chart --- helm/templates/ingress.yaml | 32 -------------------------------- helm/values.yaml | 15 --------------- 2 files changed, 47 deletions(-) delete mode 100644 helm/templates/ingress.yaml diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml deleted file mode 100644 index 1842bc08228c8..0000000000000 --- a/helm/templates/ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.coder.ingress.enable }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: coder - labels: - {{- include "coder.labels" . | nindent 4 }} -spec: - {{- if .Values.coder.ingress.className }} - {{/* If this is set to an empty string it fails validation on K8s */}} - ingressClassName: {{ .Values.coder.ingress.className | quote }} - {{- end }} - rules: - - host: {{ .Values.coder.ingress.host | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: coder - port: - name: http - - {{- if .Values.coder.ingress.tls.enable }} - tls: - - hosts: - - {{ .Values.coder.ingress.host | quote }} - secretName: {{ .Values.coder.ingress.tls.secretName | quote}} - {{- end }} -{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml index b83cceac77e15..2090296dc467d 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -69,18 +69,3 @@ coder: # your cloud and specify it here in production to avoid accidental IP # address changes. loadBalancerIP: "" - - # coder.ingress -- The Ingress object to expose for Coder. - ingress: - # coder.ingress.enable -- Whether to create the Ingress object. - enable: false - # coder.ingress.className -- The name of the Ingress class to use. - className: "" - # coder.ingress.host -- The hostname to match on. - host: "coder.example.com" - # coder.ingress.tls -- The TLS configuration to use for the Ingress. - tls: - # coder.ingress.tls.enable -- Whether to enable TLS on the Ingress. - enable: false - # coder.ingress.tls.secretName -- The name of the TLS secret to use. - secretName: ""