coder · spikecurtis · Aug 10, 2023 · Aug 7, 2023 · Aug 7, 2023 · Aug 8, 2023
diff --git a/.prettierignore b/.prettierignore
@@ -67,7 +67,7 @@ scaletest/terraform/secrets.tfvars
 # .prettierignore.include:
 # Helm templates contain variables that are invalid YAML and can't be formatted
 # by Prettier.
-helm/templates/*.yaml
+helm/**/templates/*.yaml
 
 # Terraform state files used in tests, these are automatically generated.
 # Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json

diff --git a/.prettierignore.include b/.prettierignore.include
@@ -1,6 +1,6 @@
 # Helm templates contain variables that are invalid YAML and can't be formatted
 # by Prettier.
-helm/templates/*.yaml
+helm/**/templates/*.yaml
 
 # Terraform state files used in tests, these are automatically generated.
 # Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json

diff --git a/Makefile b/Makefile
@@ -553,7 +553,7 @@ coderd/apidoc/swagger.json: $(shell find ./scripts/apidocgen $(FIND_EXCLUSIONS)
 	./scripts/apidocgen/generate.sh
 	pnpm run format:write:only ./docs/api ./docs/manifest.json ./coderd/apidoc/swagger.json
 
-update-golden-files: cli/testdata/.gen-golden helm/tests/testdata/.gen-golden scripts/ci-report/testdata/.gen-golden enterprise/cli/testdata/.gen-golden
+update-golden-files: cli/testdata/.gen-golden helm/coder/tests/testdata/.gen-golden helm/provisioner/tests/testdata/.gen-golden scripts/ci-report/testdata/.gen-golden enterprise/cli/testdata/.gen-golden
 .PHONY: update-golden-files
 
 cli/testdata/.gen-golden: $(wildcard cli/testdata/*.golden) $(wildcard cli/*.tpl) $(GO_SRC_FILES) $(wildcard cli/*_test.go)
@@ -564,8 +564,12 @@ enterprise/cli/testdata/.gen-golden: $(wildcard enterprise/cli/testdata/*.golden
 	go test ./enterprise/cli -run="TestEnterpriseCommandHelp" -update
 	touch "$@"
 
-helm/tests/testdata/.gen-golden: $(wildcard helm/tests/testdata/*.yaml) $(wildcard helm/tests/testdata/*.golden) $(GO_SRC_FILES) $(wildcard helm/tests/*_test.go)
-	go test ./helm/tests -run=TestUpdateGoldenFiles -update
+helm/coder/tests/testdata/.gen-golden: $(wildcard helm/coder/tests/testdata/*.yaml) $(wildcard helm/coder/tests/testdata/*.golden) $(GO_SRC_FILES) $(wildcard helm/coder/tests/*_test.go)
+	go test ./helm/coder/tests -run=TestUpdateGoldenFiles -update
+	touch "$@"
+
+helm/provisioner/tests/testdata/.gen-golden: $(wildcard helm/provisioner/tests/testdata/*.yaml) $(wildcard helm/provisioner/tests/testdata/*.golden) $(GO_SRC_FILES) $(wildcard helm/provisioner/tests/*_test.go)
+	go test ./helm/provisioner/tests -run=TestUpdateGoldenFiles -update
 	touch "$@"
 
 scripts/ci-report/testdata/.gen-golden: $(wildcard scripts/ci-report/testdata/*) $(wildcard scripts/ci-report/*.go)

diff --git a/docs/admin/configure.md b/docs/admin/configure.md
@@ -42,7 +42,7 @@ If you are providing TLS certificates directly to the Coder server, either
 
 1. Use a single certificate and key for both the root and wildcard domains.
 2. Configure multiple certificates and keys via
-   [`coder.tls.secretNames`](https://github.com/coder/coder/blob/main/helm/values.yaml) in the Helm Chart, or
+   [`coder.tls.secretNames`](https://github.com/coder/coder/blob/main/helm/coder/values.yaml) in the Helm Chart, or
    [`--tls-cert-file`](../cli/server.md#--tls-cert-file) and [`--tls-key-file`](../cli/server.md#--tls-key-file) command
    line options (these both take a comma separated list of files; list certificates and their respective keys in the
    same order).

diff --git a/docs/admin/scale.md b/docs/admin/scale.md
@@ -42,7 +42,7 @@ Users accessing workspaces via SSH will consume fewer resources, as SSH connecti
 
 Workspace builds are CPU-intensive, as it relies on Terraform. Various [Terraform providers](https://registry.terraform.io/browse/providers) have different resource requirements.
 When tested with our [kubernetes](https://github.com/coder/coder/tree/main/examples/templates/kubernetes) template, `coderd` will consume roughly 0.25 cores per concurrent workspace build.
-For effective provisioning, our helm chart prefers to schedule [one coderd replica per-node](https://github.com/coder/coder/blob/main/helm/values.yaml#L188-L202).
+For effective provisioning, our helm chart prefers to schedule [one coderd replica per-node](https://github.com/coder/coder/blob/main/helm/coder/values.yaml#L188-L202).
 
 We recommend:
 

diff --git a/docs/install/kubernetes.md b/docs/install/kubernetes.md
@@ -105,7 +105,7 @@ to log in and manage templates.
    > You can view our
    > [Helm README](https://github.com/coder/coder/blob/main/helm#readme) for
    > details on the values that are available, or you can view the
-   > [values.yaml](https://github.com/coder/coder/blob/main/helm/values.yaml)
+   > [values.yaml](https://github.com/coder/coder/blob/main/helm/coder/values.yaml)
    > file directly.
 
 1. Run the following command to install the chart in your cluster.

diff --git a/helm/Makefile b/helm/Makefile
@@ -13,6 +13,13 @@ all: lint
 lint: lint/helm
 .PHONY: lint
 
-lint/helm:
-	helm lint --strict --set coder.image.tag=v0.0.1 .
+lint/helm: lint/helm/coder lint/helm/provisioner
 .PHONY: lint/helm
+
+lint/helm/coder:
+	helm lint --strict --set coder.image.tag=v0.0.1 coder/
+.PHONY: lint/helm/coder
+
+lint/helm/provisioner:
+	helm lint --strict --set coder.image.tag=v0.0.1 provisioner/
+.PHONY: lint/helm/provisioner
diff --git a/helm/.helmignore → helm/coder/.helmignore b/helm/.helmignore → helm/coder/.helmignore
diff --git a/helm/coder/Chart.lock b/helm/coder/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: libcoder
+  repository: file://../libcoder
+  version: 0.1.0
+digest: sha256:5c9a99109258073b590a9f98268490ef387fde24c0c7c7ade9c1a8c7ef5e6e10
+generated: "2023-08-08T07:27:19.677972411Z"
diff --git a/helm/Chart.yaml → helm/coder/Chart.yaml b/helm/Chart.yaml → helm/coder/Chart.yaml
@@ -21,9 +21,14 @@ keywords:
   - coder
   - terraform
 sources:
-  - https://github.com/coder/coder/tree/main/helm
+  - https://github.com/coder/coder/tree/main/helm/coder
 icon: https://helm.coder.com/coder_logo_black.png
 maintainers:
   - name: Coder Technologies, Inc.
     email: support@coder.com
     url: https://coder.com/contact
+
+dependencies:
+  - name: libcoder
+    version: 0.1.0
+    repository: file://../libcoder
diff --git a/helm/README.md → helm/coder/README.md b/helm/README.md → helm/coder/README.md
diff --git a/helm/coder/charts/libcoder-0.1.0.tgz b/helm/coder/charts/libcoder-0.1.0.tgz
diff --git a/helm/templates/NOTES.txt → helm/coder/templates/NOTES.txt b/helm/templates/NOTES.txt → helm/coder/templates/NOTES.txt
diff --git a/helm/coder/templates/_coder.tpl b/helm/coder/templates/_coder.tpl
@@ -0,0 +1,102 @@
+{{/*
+Service account to merge into the libcoder template
+*/}}
+{{- define "coder.serviceaccount" -}}
+{{- end -}}
+
+{{/*
+Deployment to merge into the libcoder template
+*/}}
+{{- define "coder.deployment" -}}
+spec:
+  template:
+    spec:
+      containers:
+      -
+{{ include "libcoder.containerspec" (list . "coder.containerspec") | indent 8}}
+
+{{- end -}}
+
+{{/*
+ContainerSpec for the Coder container of the Coder deployment
+*/}}
+{{- define "coder.containerspec" -}}
+args:
+{{- if .Values.coder.commandArgs }}
+  {{- toYaml .Values.coder.commandArgs | nindent 12 }}
+{{- else }}
+  {{- if .Values.coder.workspaceProxy }}
+- wsproxy
+  {{- end }}
+- server
+{{- end }}
+env:
+- name: CODER_HTTP_ADDRESS
+  value: "0.0.0.0:8080"
+- name: CODER_PROMETHEUS_ADDRESS
+  value: "0.0.0.0:2112"
+{{- if .Values.provisionerDaemon.pskSecretName }}
+- name: CODER_PROVISIONER_DAEMON_PSK
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.provisionerDaemon.pskSecretName | quote }}
+      key: psk
+{{- end }}
+  # Set the default access URL so a `helm apply` works by default.
+  # See: https://github.com/coder/coder/issues/5024
+{{- $hasAccessURL := false }}
+{{- range .Values.coder.env }}
+{{- if eq .name "CODER_ACCESS_URL" }}
+{{- $hasAccessURL = true }}
+{{- end }}
+{{- end }}
+{{- if not $hasAccessURL }}
+- name: CODER_ACCESS_URL
+  value: {{ include "coder.defaultAccessURL" . | quote }}
+{{- end }}
+# Used for inter-pod communication with high-availability.
+- name: KUBE_POD_IP
+  valueFrom:
+    fieldRef:
+      fieldPath: status.podIP
+- name: CODER_DERP_SERVER_RELAY_URL
+  value: "http://$(KUBE_POD_IP):8080"
+{{- include "coder.tlsEnv" . }}
+{{- with .Values.coder.env }}
+{{ toYaml . }}
+{{- end }}
+ports:
+- name: "http"
+  containerPort: 8080
+  protocol: TCP
+  {{- if eq (include "coder.tlsEnabled" .) "true" }}
+- name: "https"
+  containerPort: 8443
+  protocol: TCP
+  {{- end }}
+  {{- range .Values.coder.env }}
+  {{- if eq .name "CODER_PROMETHEUS_ENABLE" }}
+  {{/*
+    This sadly has to be nested to avoid evaluating the second part
+    of the condition too early and potentially getting type errors if
+    the value is not a string (like a `valueFrom`). We do not support
+    `valueFrom` for this env var specifically.
+    */}}
+  {{- if eq .value "true" }}
+- name: "prometheus-http"
+  containerPort: 2112
+  protocol: TCP
+  {{- end }}
+  {{- end }}
+  {{- end }}
+readinessProbe:
+  httpGet:
+    path: /healthz
+    port: "http"
+    scheme: "HTTP"
+livenessProbe:
+  httpGet:
+    path: /healthz
+    port: "http"
+    scheme: "HTTP"
+{{- end }}
diff --git a/helm/coder/templates/coder.yaml b/helm/coder/templates/coder.yaml
@@ -0,0 +1,5 @@
+---
+{{ include "libcoder.serviceaccount" (list . "coder.serviceaccount") }}
+
+---
+{{ include "libcoder.deployment" (list . "coder.deployment") }}
diff --git a/helm/templates/extra-templates.yaml → helm/coder/templates/extra-templates.yaml b/helm/templates/extra-templates.yaml → helm/coder/templates/extra-templates.yaml
diff --git a/helm/templates/ingress.yaml → helm/coder/templates/ingress.yaml b/helm/templates/ingress.yaml → helm/coder/templates/ingress.yaml
diff --git a/helm/coder/templates/rbac.yaml b/helm/coder/templates/rbac.yaml
@@ -0,0 +1 @@
+{{ include "libcoder.rbac.tpl" . }}
diff --git a/helm/templates/service.yaml → helm/coder/templates/service.yaml b/helm/templates/service.yaml → helm/coder/templates/service.yaml
diff --git a/helm/tests/chart_test.go → helm/coder/tests/chart_test.go b/helm/tests/chart_test.go → helm/coder/tests/chart_test.go
@@ -20,10 +20,10 @@ import (
 // All values and golden files are located in the `testdata` directory.
 // To update golden files, run `go test . -update`.
 
-// UpdateGoldenFiles is a flag that can be set to update golden files.
-var UpdateGoldenFiles = flag.Bool("update", false, "Update golden files")
+// updateGoldenFiles is a flag that can be set to update golden files.
+var updateGoldenFiles = flag.Bool("update", false, "Update golden files")
 
-var TestCases = []TestCase{
+var testCases = []testCase{
 	{
 		name:          "default_values",
 		expectedError: "",
@@ -56,24 +56,28 @@ var TestCases = []TestCase{
 		name:          "command_args",
 		expectedError: "",
 	},
+	{
+		name:          "provisionerd_psk",
+		expectedError: "",
+	},
 }
 
-type TestCase struct {
+type testCase struct {
 	name          string // Name of the test case. This is used to control which values and golden file are used.
 	expectedError string // Expected error from running `helm template`.
 }
 
-func (tc TestCase) valuesFilePath() string {
+func (tc testCase) valuesFilePath() string {
 	return filepath.Join("./testdata", tc.name+".yaml")
 }
 
-func (tc TestCase) goldenFilePath() string {
+func (tc testCase) goldenFilePath() string {
 	return filepath.Join("./testdata", tc.name+".golden")
 }
 
 func TestRenderChart(t *testing.T) {
 	t.Parallel()
-	if *UpdateGoldenFiles {
+	if *updateGoldenFiles {
 		t.Skip("Golden files are being updated. Skipping test.")
 	}
 	if testutil.InCI() {
@@ -85,7 +89,7 @@ func TestRenderChart(t *testing.T) {
 
 	// Ensure that Helm is available in $PATH
 	helmPath := lookupHelm(t)
-	for _, tc := range TestCases {
+	for _, tc := range testCases {
 		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
@@ -121,12 +125,12 @@ func TestRenderChart(t *testing.T) {
 
 func TestUpdateGoldenFiles(t *testing.T) {
 	t.Parallel()
-	if !*UpdateGoldenFiles {
+	if !*updateGoldenFiles {
 		t.Skip("Run with -update to update golden files")
 	}
 
 	helmPath := lookupHelm(t)
-	for _, tc := range TestCases {
+	for _, tc := range testCases {
 		if tc.expectedError != "" {
 			t.Logf("skipping test case %q with render error", tc.name)
 			continue