From 18d3a242e606a5ae52f26fb0784b6e798cfe14c8 Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Sat, 27 Aug 2022 04:01:23 +0000 Subject: [PATCH 1/2] fix: mount TLS secret in helm chart --- helm/templates/coder.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/helm/templates/coder.yaml b/helm/templates/coder.yaml index d89709775f0b4..67bcbaa1e3cfe 100644 --- a/helm/templates/coder.yaml +++ b/helm/templates/coder.yaml @@ -68,3 +68,16 @@ spec: httpGet: path: /api/v2/buildinfo port: http + {{- if .Values.coder.tls.secretName }} + volumeMounts: + - name: tls + mountPath: /etc/ssl/certs/coder + readOnly: true + {{- end }} + + {{- if .Values.coder.tls.secretName }} + volumes: + - name: tls + secret: + secretName: {{ .Values.coder.tls.secretName | quote }} + {{- end }} From c4497356e502f145e3fede0df35ba443c7411440 Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Sat, 27 Aug 2022 14:55:56 +0000 Subject: [PATCH 2/2] fixup! fix: mount TLS secret in helm chart --- helm/templates/_helpers.tpl | 40 +++++++++++++++++++++++++++++++++++++ helm/templates/coder.yaml | 23 ++++++++------------- helm/templates/service.yaml | 13 +++--------- 3 files changed, 51 insertions(+), 25 deletions(-) diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index e723c6f1e9197..40efe6c884453 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -31,3 +31,43 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} + +{{/* +Coder listen port (must be > 1024) +*/}} +{{- define "coder.port" }} +{{- if .Values.coder.tls.secretName -}} +8443 +{{- else -}} +8080 +{{- end -}} +{{- end }} + +{{/* +Coder service port +*/}} +{{- define "coder.servicePort" }} +{{- if .Values.coder.tls.secretName -}} +443 +{{- else -}} +80 +{{- end -}} +{{- end }} + +{{/* +Port name +*/}} +{{- define "coder.portName" }} +{{- if .Values.coder.tls.secretName -}} +https +{{- else -}} +http +{{- end -}} +{{- end }} + +{{/* +Scheme +*/}} +{{- define "coder.scheme" }} +{{- include "coder.portName" . | upper -}} +{{- end }} diff --git a/helm/templates/coder.yaml b/helm/templates/coder.yaml index 67bcbaa1e3cfe..fad16ea349377 100644 --- a/helm/templates/coder.yaml +++ b/helm/templates/coder.yaml @@ -34,40 +34,33 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} env: - {{- if .Values.coder.tls.secretName }} - name: CODER_ADDRESS - value: "0.0.0.0:8443" + value: "0.0.0.0:{{ include "coder.port" . }}" + {{- if .Values.coder.tls.secretName }} - name: CODER_TLS_ENABLE value: "true" - name: CODER_TLS_CERT_FILE value: /etc/ssl/certs/coder/tls.crt - name: CODER_TLS_KEY_FILE value: /etc/ssl/certs/coder/tls.key - {{- else }} - - name: CODER_ADDRESS - value: "0.0.0.0:8080" {{- end }} {{- with .Values.coder.env -}} {{ toYaml . | nindent 12 }} {{- end }} ports: - {{- if .Values.coder.tls.secretName }} - - name: https - containerPort: 8443 - protocol: TCP - {{- else }} - - name: http - containerPort: 8080 + - name: {{ include "coder.portName" . | quote }} + containerPort: {{ include "coder.port" . }} protocol: TCP - {{- end }} readinessProbe: httpGet: path: /api/v2/buildinfo - port: http + port: {{ include "coder.portName" . | quote }} + scheme: {{ include "coder.scheme" . | quote }} livenessProbe: httpGet: path: /api/v2/buildinfo - port: http + port: {{ include "coder.portName" . | quote }} + scheme: {{ include "coder.scheme" . | quote }} {{- if .Values.coder.tls.secretName }} volumeMounts: - name: tls diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml index 84c47d9107da9..92ca3610974a5 100644 --- a/helm/templates/service.yaml +++ b/helm/templates/service.yaml @@ -9,17 +9,10 @@ metadata: spec: type: {{ .Values.coder.service.type }} ports: - {{- if .Values.coder.tls.secretName }} - - name: https - port: 443 - targetPort: https + - name: {{ include "coder.portName" . | quote }} + port: {{ include "coder.servicePort" . }} + targetPort: {{ include "coder.portName" . | quote }} protocol: TCP - {{- else }} - - name: http - port: 80 - targetPort: http - protocol: TCP - {{- end }} selector: {{- include "coder.selectorLabels" . | nindent 4 }} {{- end }}