From dd59fcbcd54ce778bcb7888fb512d7c15628b5d3 Mon Sep 17 00:00:00 2001 From: Spike Curtis Date: Mon, 7 Aug 2023 11:08:20 +0000 Subject: [PATCH 1/6] Refactor helm to extract common templates to libcoder Signed-off-by: Spike Curtis --- Makefile | 6 +- helm/{ => coder}/.helmignore | 0 helm/{ => coder}/Chart.yaml | 5 + helm/{ => coder}/README.md | 0 helm/coder/charts/libcoder-0.1.0.tgz | Bin 0 -> 2958 bytes helm/{ => coder}/templates/NOTES.txt | 0 helm/coder/templates/coder.yaml | 90 +++++++ .../templates/extra-templates.yaml | 0 helm/{ => coder}/templates/ingress.yaml | 0 helm/coder/templates/rbac.yaml | 1 + helm/{ => coder}/templates/service.yaml | 0 helm/{ => coder}/tests/chart_test.go | 0 .../{ => coder}/tests/testdata/command.golden | 141 ++++++----- helm/{ => coder}/tests/testdata/command.yaml | 0 .../tests/testdata/command_args.golden | 143 ++++++------ .../tests/testdata/command_args.yaml | 0 .../tests/testdata/default_values.golden | 141 ++++++----- .../tests/testdata/default_values.yaml | 0 .../tests/testdata/labels_annotations.golden | 147 ++++++------ .../tests/testdata/labels_annotations.yaml | 0 .../tests/testdata/missing_values.yaml | 0 helm/{ => coder}/tests/testdata/sa.golden | 140 ++++++----- helm/{ => coder}/tests/testdata/sa.yaml | 0 helm/coder/tests/testdata/tls.golden | 210 +++++++++++++++++ helm/{ => coder}/tests/testdata/tls.yaml | 0 .../tests/testdata/workspace_proxy.golden | 197 ++++++++++++++++ .../tests/testdata/workspace_proxy.yaml | 0 helm/{ => coder}/values.yaml | 0 helm/libcoder/Chart.yaml | 19 ++ helm/libcoder/templates/_coder.yaml | 85 +++++++ helm/{ => libcoder}/templates/_helpers.tpl | 0 .../templates/_rbac.yaml} | 2 + helm/libcoder/templates/_util.yaml | 13 ++ helm/templates/coder.yaml | 143 ------------ helm/tests/testdata/tls.golden | 220 ------------------ helm/tests/testdata/workspace_proxy.golden | 206 ---------------- scripts/helm.sh | 4 +- 37 files changed, 963 insertions(+), 950 deletions(-) rename helm/{ => coder}/.helmignore (100%) rename helm/{ => coder}/Chart.yaml (91%) rename helm/{ => coder}/README.md (100%) create mode 100644 helm/coder/charts/libcoder-0.1.0.tgz rename helm/{ => coder}/templates/NOTES.txt (100%) create mode 100644 helm/coder/templates/coder.yaml rename helm/{ => coder}/templates/extra-templates.yaml (100%) rename helm/{ => coder}/templates/ingress.yaml (100%) create mode 100644 helm/coder/templates/rbac.yaml rename helm/{ => coder}/templates/service.yaml (100%) rename helm/{ => coder}/tests/chart_test.go (100%) rename helm/{ => coder}/tests/testdata/command.golden (61%) rename helm/{ => coder}/tests/testdata/command.yaml (100%) rename helm/{ => coder}/tests/testdata/command_args.golden (61%) rename helm/{ => coder}/tests/testdata/command_args.yaml (100%) rename helm/{ => coder}/tests/testdata/default_values.golden (61%) rename helm/{ => coder}/tests/testdata/default_values.yaml (100%) rename helm/{ => coder}/tests/testdata/labels_annotations.golden (64%) rename helm/{ => coder}/tests/testdata/labels_annotations.yaml (100%) rename helm/{ => coder}/tests/testdata/missing_values.yaml (100%) rename helm/{ => coder}/tests/testdata/sa.golden (62%) rename helm/{ => coder}/tests/testdata/sa.yaml (100%) create mode 100644 helm/coder/tests/testdata/tls.golden rename helm/{ => coder}/tests/testdata/tls.yaml (100%) create mode 100644 helm/coder/tests/testdata/workspace_proxy.golden rename helm/{ => coder}/tests/testdata/workspace_proxy.yaml (100%) rename helm/{ => coder}/values.yaml (100%) create mode 100644 helm/libcoder/Chart.yaml create mode 100644 helm/libcoder/templates/_coder.yaml rename helm/{ => libcoder}/templates/_helpers.tpl (100%) rename helm/{templates/rbac.yaml => libcoder/templates/_rbac.yaml} (95%) create mode 100644 helm/libcoder/templates/_util.yaml delete mode 100644 helm/templates/coder.yaml delete mode 100644 helm/tests/testdata/tls.golden delete mode 100644 helm/tests/testdata/workspace_proxy.golden diff --git a/Makefile b/Makefile index c9089a9d4e452..f82d79a47313a 100644 --- a/Makefile +++ b/Makefile @@ -553,7 +553,7 @@ coderd/apidoc/swagger.json: $(shell find ./scripts/apidocgen $(FIND_EXCLUSIONS) ./scripts/apidocgen/generate.sh pnpm run format:write:only ./docs/api ./docs/manifest.json ./coderd/apidoc/swagger.json -update-golden-files: cli/testdata/.gen-golden helm/tests/testdata/.gen-golden scripts/ci-report/testdata/.gen-golden enterprise/cli/testdata/.gen-golden +update-golden-files: cli/testdata/.gen-golden helm/coder/tests/testdata/.gen-golden scripts/ci-report/testdata/.gen-golden enterprise/cli/testdata/.gen-golden .PHONY: update-golden-files cli/testdata/.gen-golden: $(wildcard cli/testdata/*.golden) $(wildcard cli/*.tpl) $(GO_SRC_FILES) $(wildcard cli/*_test.go) @@ -564,8 +564,8 @@ enterprise/cli/testdata/.gen-golden: $(wildcard enterprise/cli/testdata/*.golden go test ./enterprise/cli -run="TestEnterpriseCommandHelp" -update touch "$@" -helm/tests/testdata/.gen-golden: $(wildcard helm/tests/testdata/*.yaml) $(wildcard helm/tests/testdata/*.golden) $(GO_SRC_FILES) $(wildcard helm/tests/*_test.go) - go test ./helm/tests -run=TestUpdateGoldenFiles -update +helm/coder/tests/testdata/.gen-golden: $(wildcard helm/coder/tests/testdata/*.yaml) $(wildcard helm/coder/tests/testdata/*.golden) $(GO_SRC_FILES) $(wildcard helm/coder/tests/*_test.go) + go test ./helm/coder/tests -run=TestUpdateGoldenFiles -update touch "$@" scripts/ci-report/testdata/.gen-golden: $(wildcard scripts/ci-report/testdata/*) $(wildcard scripts/ci-report/*.go) diff --git a/helm/.helmignore b/helm/coder/.helmignore similarity index 100% rename from helm/.helmignore rename to helm/coder/.helmignore diff --git a/helm/Chart.yaml b/helm/coder/Chart.yaml similarity index 91% rename from helm/Chart.yaml rename to helm/coder/Chart.yaml index a68aa330d8d49..5909abdcf3198 100644 --- a/helm/Chart.yaml +++ b/helm/coder/Chart.yaml @@ -27,3 +27,8 @@ maintainers: - name: Coder Technologies, Inc. email: support@coder.com url: https://coder.com/contact + +dependencies: + - name: libcoder + version: 0.1.0 + repository: file://../libcoder diff --git a/helm/README.md b/helm/coder/README.md similarity index 100% rename from helm/README.md rename to helm/coder/README.md diff --git a/helm/coder/charts/libcoder-0.1.0.tgz b/helm/coder/charts/libcoder-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a44288944dfbb8df5a5a01785cdcabfec5b9a94d GIT binary patch literal 2958 zcmV;93vu)xiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PGrTZyPryjH zcex?CvUQIC`+<*LtyU}9NerjOnFSh|J2RXYXE;N0HlQL#**+W-siP@L__K!|old87 zu(xOb?Q}Zze>=M`_MdIp;H7*m3MS@)zYn`cXyFFrh zoDU)@lD6|J`~M&zEY*aiC{;IT0Vag;E~q@qgw+4CFa{?8NQoim7P>$>P6ZbuhUz(- zq%;Zua>-}Qm6&ZRQcb819Dd=}fu3gWPs4FAnV0Q*EB`Mr%Kfh~$vDxd+8>=#A1)N! zvH$mXI`#d(zrDZzwErJt+}yMv#vw})!onA#7&9)W38p&I84sa#dmB^(1<5kio@@t~ zERDNxR6+*{Y7!Goy5&Z8yAXhr0di&L0nC~#r96)jLbsy(96|)2A!TWdsfIncy)EId zm>xs)JK;I1sEShnIWR5Wk%TWNgK6ykBxx!%F;Pu*;pV19oLiv+R3&(O8>kGa5k_Lh z86}R!JhK0EDDqUhH5GECT1cmbglIZGt*E6@F$K5W=YBKIfUC2!H6Lh6qq{>!JpPT>sW$BCty#I4~44DX?C)gA`3X(1VdqpM) zOQ4c^36*QcqXgv$L)ai$W=KZM^T}pOs#v>u@tJ%X(pe^|CKkJU>_)E1Y(F@O%k5ik zwPNco?El$5bsz?diX0U zLBq-B%ag~w&Kxx=OO7Cp;MX3i?ljiCroP2m4LV;m*Y`dI{~wR0`frRpL#d3h9%PNx z_22f+_TE9g{@Xp+d8+>&W8B=dw}RvA%w#V;MjP8e4DD~*--&{)b}dZ!0~JXytcDPh za}AN}BbxJd8Q2Wu*#xCzv5AOU<|&1PUHg+I=lO8Rt|4rN)zIXEczY{2lt{Ga#c^j? z^^F`L3UY-p45l-VU07Vow}qK8o=KMKA%s7u)(<9DR{3|oeQtoyw%Q{UA^c|u;m7cc zWhu{}E;0wfKg@umGkAS=0llLm=)Haizn%4u;r#gY`0(Pae;&cf1)Q8i4}R(&_kKNj z{R$3$>Aik+3>JBrl=ZsN<+&`n%m*k_)TkmR+GQrIWe#Uso7fkTSgJHhsZW7@@_C+y2QiZTrJ2*PmFeP56&w5`-Ksl$*k4&ghILy{|POK>*yyR$}gV%9RNPer~i5v*fz z&eD+u{{?yCcXZ4oQq89@lp=vwOh@73Ii`_$iJ5@g+wPLjhK3GN~>t#pB)|dKVF=ke>{HO`|0#J0B7#5 zhiw4t9Ub+L&(AB6oyh*zeYv-{+k|m=+`stv^T{0bn;VcM9U-i-`1(1l&2$OfAMe(+ zi3UT93%9q=Z*II!+o)+WBL-ORi-P> zw8XE9Ekh_prQmJrBmW12Z+Z3(6~@dTLS`v7s|k6B<#T zD{ZolpoA}z&=t8(7-kEwrCY{&wbPCYMy4iy* z5ME(h1yhnNKPZ-Mvzfn|Gv0#7R;?eoJm^uo!P0J=2cI!nxO9OE@Bh3{eD_|O*j~&X zqS%Jbqj;%h=MB;0E`;}sLZQ7(A@Nztr(N&~?=c*A1*?k)Cb(N~&j${r0&&W&NT#T6li6gu&>qI;8DQ6O6 zQ>mIog=8a^5)LfQa_zNIoOm50CWdYq+*D{Fz;R^3ojgX22>w7w5o6E-Bqm~l6?A)+ zzeLQ;oTF7ry1um@*(o;<(1P_3AGX%*&B3`QQY)vQ^{w>^$oqdse_9}4-!cUq5E2q0 zUCm9XMyZ~|ddu-pMc!EVH+hym#3CUq1xhlVON5aWc{YOv!%yTeF2-0utFg#=3xhB@a` zh%u8$t?2gHsEh^blR!l>@OOYJaz4pa;5S_iL|eJE$c!Fl4?UJg0hDYwJt~*+k)XX5 z94#)rm@r%sXdHQfwo_AC=#J6{s`X?e08+01OwB#nZ%ij1(^(0-7X#Dxb8VFO}DHH4Pn%qKFU$B`D19;2Hw`1blGgf&}e zE-^@*eyj4j!9?e2h9?R_6U@?42$2({a`A32k}_U=iTtv2uOv+5Z9v)ZIG=qw+HA(2 zSMF1T|F1ln`u}o3=tI5)z2p7Y&i3w3t^dFG;$ZKo|Nj`H@%qm?KzTjd7^`d7lvhGt z+7kN>%EX>UTdmgI#j2%Aay=H3{nzHF=<=oOnif~CeZg_r6S7vhLMt;%1TyFDUcCh* zW3S9H!W<66&^?5hUA@EmFcY!z^AnTtRaj4xWSOdoT(VqZ ze@97u!um>&{fVXK0RI3l1XMow4^r*Dy73u;eY5mc#HHZa$DyHJ7-)rv0YGI>uHK1H zIsb1wn)1JW)A4xuzw_cnJ^$}__MYzlA7z*w+ujNQ8ea6k72_P-PkkleUGKNkvIJ7L z&meN0<*ufbsB*4NL2au}O)f1A5Gl#jRoxQN*RDm3FN#rLMpS40I&&`)gnvb#U?WDQ zeWAN~7utX*gbkN_HWv%4#>Y&>$!E>5*ZmQOOe$UJPOZ&&F<+%fY=f?BjBT(q#%qXR zd(+a`tll%)l5n%KM#k@;vU4{T-y+;_2CMLA$Ui;0dKypTY1GI60ssL2|Hkw1_5eBn E0MSRV0RR91 literal 0 HcmV?d00001 diff --git a/helm/templates/NOTES.txt b/helm/coder/templates/NOTES.txt similarity index 100% rename from helm/templates/NOTES.txt rename to helm/coder/templates/NOTES.txt diff --git a/helm/coder/templates/coder.yaml b/helm/coder/templates/coder.yaml new file mode 100644 index 0000000000000..d2036adce0155 --- /dev/null +++ b/helm/coder/templates/coder.yaml @@ -0,0 +1,90 @@ +--- +{{- include "libcoder.serviceaccount" (list . "coder.serviceaccount") -}} +{{- define "coder.serviceaccount" -}} +{{- end }} + +--- +{{ include "libcoder.deployment" (list . "coder.deployment") -}} +{{- define "coder.deployment" -}} +spec: + template: + spec: + containers: + - +{{ include "libcoder.containerspec" (list . "coder.containerspec") | indent 8}} + +{{- end }} + +{{- define "coder.containerspec" -}} +args: +{{- if .Values.coder.commandArgs }} + {{- toYaml .Values.coder.commandArgs | nindent 12 }} +{{- else }} + {{- if .Values.coder.workspaceProxy }} +- wsproxy + {{- end }} +- server +{{- end }} +env: +- name: CODER_HTTP_ADDRESS + value: "0.0.0.0:8080" +- name: CODER_PROMETHEUS_ADDRESS + value: "0.0.0.0:2112" + # Set the default access URL so a `helm apply` works by default. + # See: https://github.com/coder/coder/issues/5024 +{{- $hasAccessURL := false }} +{{- range .Values.coder.env }} +{{- if eq .name "CODER_ACCESS_URL" }} +{{- $hasAccessURL = true }} +{{- end }} +{{- end }} +{{- if not $hasAccessURL }} +- name: CODER_ACCESS_URL + value: {{ include "coder.defaultAccessURL" . | quote }} +{{- end }} +# Used for inter-pod communication with high-availability. +- name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +- name: CODER_DERP_SERVER_RELAY_URL + value: "http://$(KUBE_POD_IP):8080" +{{- include "coder.tlsEnv" . }} +{{- with .Values.coder.env }} +{{ toYaml . }} +{{- end }} +ports: +- name: "http" + containerPort: 8080 + protocol: TCP + {{- if eq (include "coder.tlsEnabled" .) "true" }} +- name: "https" + containerPort: 8443 + protocol: TCP + {{- end }} + {{- range .Values.coder.env }} + {{- if eq .name "CODER_PROMETHEUS_ENABLE" }} + {{/* + This sadly has to be nested to avoid evaluating the second part + of the condition too early and potentially getting type errors if + the value is not a string (like a `valueFrom`). We do not support + `valueFrom` for this env var specifically. + */}} + {{- if eq .value "true" }} +- name: "prometheus-http" + containerPort: 2112 + protocol: TCP + {{- end }} + {{- end }} + {{- end }} +readinessProbe: + httpGet: + path: /healthz + port: "http" + scheme: "HTTP" +livenessProbe: + httpGet: + path: /healthz + port: "http" + scheme: "HTTP" +{{- end }} diff --git a/helm/templates/extra-templates.yaml b/helm/coder/templates/extra-templates.yaml similarity index 100% rename from helm/templates/extra-templates.yaml rename to helm/coder/templates/extra-templates.yaml diff --git a/helm/templates/ingress.yaml b/helm/coder/templates/ingress.yaml similarity index 100% rename from helm/templates/ingress.yaml rename to helm/coder/templates/ingress.yaml diff --git a/helm/coder/templates/rbac.yaml b/helm/coder/templates/rbac.yaml new file mode 100644 index 0000000000000..07fb36d876824 --- /dev/null +++ b/helm/coder/templates/rbac.yaml @@ -0,0 +1 @@ +{{ include "libcoder.rbac.tpl" . }} diff --git a/helm/templates/service.yaml b/helm/coder/templates/service.yaml similarity index 100% rename from helm/templates/service.yaml rename to helm/coder/templates/service.yaml diff --git a/helm/tests/chart_test.go b/helm/coder/tests/chart_test.go similarity index 100% rename from helm/tests/chart_test.go rename to helm/coder/tests/chart_test.go diff --git a/helm/tests/testdata/command.golden b/helm/coder/tests/testdata/command.golden similarity index 61% rename from helm/tests/testdata/command.golden rename to helm/coder/tests/testdata/command.golden index 616971e98d458..852ee36330ed2 100644 --- a/helm/tests/testdata/command.golden +++ b/helm/coder/tests/testdata/command.golden @@ -3,16 +3,15 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: "coder" - annotations: - {} + annotations: {} labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -100,37 +99,32 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: coder + annotations: {} labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm - annotations: - {} + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder template: metadata: + annotations: {} labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm - annotations: - {} + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 spec: - serviceAccountName: "coder" - restartPolicy: Always - terminationGracePeriodSeconds: 60 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -144,55 +138,52 @@ spec: topologyKey: kubernetes.io/hostname weight: 1 containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/colin - args: - - server - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "http://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: [] + - args: + - server + command: + - /opt/colin + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: http://coder.default.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 volumes: [] diff --git a/helm/tests/testdata/command.yaml b/helm/coder/tests/testdata/command.yaml similarity index 100% rename from helm/tests/testdata/command.yaml rename to helm/coder/tests/testdata/command.yaml diff --git a/helm/tests/testdata/command_args.golden b/helm/coder/tests/testdata/command_args.golden similarity index 61% rename from helm/tests/testdata/command_args.golden rename to helm/coder/tests/testdata/command_args.golden index 92e87fd58097c..98bce5214c48e 100644 --- a/helm/tests/testdata/command_args.golden +++ b/helm/coder/tests/testdata/command_args.golden @@ -3,16 +3,15 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: "coder" - annotations: - {} + annotations: {} labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -100,37 +99,32 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: coder + annotations: {} labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm - annotations: - {} + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder template: metadata: + annotations: {} labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm - annotations: - {} + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 spec: - serviceAccountName: "coder" - restartPolicy: Always - terminationGracePeriodSeconds: 60 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -144,56 +138,53 @@ spec: topologyKey: kubernetes.io/hostname weight: 1 containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/coder - args: - - arg1 - - arg2 - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "http://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: [] + - args: + - arg1 + - arg2 + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: http://coder.default.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 volumes: [] diff --git a/helm/tests/testdata/command_args.yaml b/helm/coder/tests/testdata/command_args.yaml similarity index 100% rename from helm/tests/testdata/command_args.yaml rename to helm/coder/tests/testdata/command_args.yaml diff --git a/helm/tests/testdata/default_values.golden b/helm/coder/tests/testdata/default_values.golden similarity index 61% rename from helm/tests/testdata/default_values.golden rename to helm/coder/tests/testdata/default_values.golden index cb1988e1ab3e9..36d9fa171b63e 100644 --- a/helm/tests/testdata/default_values.golden +++ b/helm/coder/tests/testdata/default_values.golden @@ -3,16 +3,15 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: "coder" - annotations: - {} + annotations: {} labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -100,37 +99,32 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: coder + annotations: {} labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm - annotations: - {} + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder template: metadata: + annotations: {} labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm - annotations: - {} + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 spec: - serviceAccountName: "coder" - restartPolicy: Always - terminationGracePeriodSeconds: 60 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -144,55 +138,52 @@ spec: topologyKey: kubernetes.io/hostname weight: 1 containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/coder - args: - - server - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "http://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: [] + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: http://coder.default.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 volumes: [] diff --git a/helm/tests/testdata/default_values.yaml b/helm/coder/tests/testdata/default_values.yaml similarity index 100% rename from helm/tests/testdata/default_values.yaml rename to helm/coder/tests/testdata/default_values.yaml diff --git a/helm/tests/testdata/labels_annotations.golden b/helm/coder/tests/testdata/labels_annotations.golden similarity index 64% rename from helm/tests/testdata/labels_annotations.golden rename to helm/coder/tests/testdata/labels_annotations.golden index e6f85d0dfa476..b0edb4346f191 100644 --- a/helm/tests/testdata/labels_annotations.golden +++ b/helm/coder/tests/testdata/labels_annotations.golden @@ -3,16 +3,15 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: "coder" - annotations: - {} + annotations: {} labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -100,43 +99,40 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: coder + annotations: + com.coder/annotation/baz: qux + com.coder/annotation/foo: bar labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 com.coder/label/baz: qux com.coder/label/foo: bar - annotations: - com.coder/annotation/baz: qux - com.coder/annotation/foo: bar + helm.sh/chart: coder-0.1.0 + name: coder spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder template: metadata: + annotations: + com.coder/podAnnotation/baz: qux + com.coder/podAnnotation/foo: bar labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 com.coder/podLabel/baz: qux com.coder/podLabel/foo: bar - annotations: - com.coder/podAnnotation/baz: qux - com.coder/podAnnotation/foo: bar + helm.sh/chart: coder-0.1.0 spec: - serviceAccountName: "coder" - restartPolicy: Always - terminationGracePeriodSeconds: 60 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -150,55 +146,52 @@ spec: topologyKey: kubernetes.io/hostname weight: 1 containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/coder - args: - - server - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "http://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: [] + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: http://coder.default.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 volumes: [] diff --git a/helm/tests/testdata/labels_annotations.yaml b/helm/coder/tests/testdata/labels_annotations.yaml similarity index 100% rename from helm/tests/testdata/labels_annotations.yaml rename to helm/coder/tests/testdata/labels_annotations.yaml diff --git a/helm/tests/testdata/missing_values.yaml b/helm/coder/tests/testdata/missing_values.yaml similarity index 100% rename from helm/tests/testdata/missing_values.yaml rename to helm/coder/tests/testdata/missing_values.yaml diff --git a/helm/tests/testdata/sa.golden b/helm/coder/tests/testdata/sa.golden similarity index 62% rename from helm/tests/testdata/sa.golden rename to helm/coder/tests/testdata/sa.golden index 5e94a67818c62..bb2b269a1ceb3 100644 --- a/helm/tests/testdata/sa.golden +++ b/helm/coder/tests/testdata/sa.golden @@ -3,16 +3,16 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: "coder-service-account" - annotations: + annotations: eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/coder-service-account labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder-service-account --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -100,37 +100,32 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: coder + annotations: {} labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm - annotations: - {} + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder template: metadata: + annotations: {} labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm - annotations: - {} + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 spec: - serviceAccountName: "coder-service-account" - restartPolicy: Always - terminationGracePeriodSeconds: 60 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -144,55 +139,52 @@ spec: topologyKey: kubernetes.io/hostname weight: 1 containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/coder - args: - - server - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "http://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: [] + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: http://coder.default.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder-service-account + terminationGracePeriodSeconds: 60 volumes: [] diff --git a/helm/tests/testdata/sa.yaml b/helm/coder/tests/testdata/sa.yaml similarity index 100% rename from helm/tests/testdata/sa.yaml rename to helm/coder/tests/testdata/sa.yaml diff --git a/helm/coder/tests/testdata/tls.golden b/helm/coder/tests/testdata/tls.golden new file mode 100644 index 0000000000000..75f0794a7945d --- /dev/null +++ b/helm/coder/tests/testdata/tls.golden @@ -0,0 +1,210 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: ClientIP + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + - name: "https" + port: 443 + targetPort: "https" + protocol: TCP + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: https://coder.default.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + - name: CODER_TLS_ENABLE + value: "true" + - name: CODER_TLS_ADDRESS + value: 0.0.0.0:8443 + - name: CODER_TLS_CERT_FILE + value: /etc/ssl/certs/coder/coder-tls/tls.crt + - name: CODER_TLS_KEY_FILE + value: /etc/ssl/certs/coder/coder-tls/tls.key + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/ssl/certs/coder/coder-tls + name: tls-coder-tls + readOnly: true + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 + volumes: + - name: tls-coder-tls + secret: + secretName: coder-tls diff --git a/helm/tests/testdata/tls.yaml b/helm/coder/tests/testdata/tls.yaml similarity index 100% rename from helm/tests/testdata/tls.yaml rename to helm/coder/tests/testdata/tls.yaml diff --git a/helm/coder/tests/testdata/workspace_proxy.golden b/helm/coder/tests/testdata/workspace_proxy.golden new file mode 100644 index 0000000000000..6d03e49ff794e --- /dev/null +++ b/helm/coder/tests/testdata/workspace_proxy.golden @@ -0,0 +1,197 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: ClientIP + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - wsproxy + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: http://coder.default.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + - name: CODER_PRIMARY_ACCESS_URL + value: https://dev.coder.com + - name: CODER_PROXY_SESSION_TOKEN + valueFrom: + secretKeyRef: + key: token + name: coder-workspace-proxy-session-token + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 + volumes: [] diff --git a/helm/tests/testdata/workspace_proxy.yaml b/helm/coder/tests/testdata/workspace_proxy.yaml similarity index 100% rename from helm/tests/testdata/workspace_proxy.yaml rename to helm/coder/tests/testdata/workspace_proxy.yaml diff --git a/helm/values.yaml b/helm/coder/values.yaml similarity index 100% rename from helm/values.yaml rename to helm/coder/values.yaml diff --git a/helm/libcoder/Chart.yaml b/helm/libcoder/Chart.yaml new file mode 100644 index 0000000000000..6a9e07412613a --- /dev/null +++ b/helm/libcoder/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: libcoder +description: Coder library chart +home: https://github.com/coder/coder + +# version and appVersion are injected at release and will always be shown as +# 0.1.0 in the repository. +# +# If you're installing the Helm chart directly from git it will have this +# version, which means the auto-generated image URI will be invalid. You can set +# "coder.image.tag" to the desired tag manually. +type: library +version: "0.1.0" +appVersion: "0.1.0" + +maintainers: + - name: Coder Technologies, Inc. + email: support@coder.com + url: https://coder.com/contact diff --git a/helm/libcoder/templates/_coder.yaml b/helm/libcoder/templates/_coder.yaml new file mode 100644 index 0000000000000..8ed96042cf7bb --- /dev/null +++ b/helm/libcoder/templates/_coder.yaml @@ -0,0 +1,85 @@ +{{- define "libcoder.deployment.tpl" -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: coder + labels: + {{- include "coder.labels" . | nindent 4 }} + {{- with .Values.coder.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: {{ toYaml .Values.coder.annotations | nindent 4}} +spec: + replicas: {{ .Values.coder.replicaCount }} + selector: + matchLabels: + {{- include "coder.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "coder.labels" . | nindent 8 }} + {{- with .Values.coder.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{- toYaml .Values.coder.podAnnotations | nindent 8 }} + spec: + serviceAccountName: {{ .Values.coder.serviceAccount.name | quote }} + restartPolicy: Always + {{- with .Values.coder.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: 60 + {{- with .Values.coder.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.coder.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.coder.nodeSelector }} + nodeSelector: + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.coder.initContainers }} + initContainers: + {{ toYaml . | nindent 8 }} + {{- end }} + containers: [] + {{- include "coder.volumes" . | nindent 6 }} +{{- end -}} +{{- define "libcoder.deployment" -}} +{{- include "libcoder.util.merge" (append . "libcoder.deployment.tpl") -}} +{{- end -}} + +{{- define "libcoder.containerspec.tpl" -}} +name: coder +image: {{ include "coder.image" . | quote }} +imagePullPolicy: {{ .Values.coder.image.pullPolicy }} +command: + {{- toYaml .Values.coder.command | nindent 2 }} +resources: + {{- toYaml .Values.coder.resources | nindent 2 }} +lifecycle: + {{- toYaml .Values.coder.lifecycle | nindent 2 }} +securityContext: {{ toYaml .Values.coder.securityContext | nindent 2 }} +{{ include "coder.volumeMounts" . }} +{{- end -}} +{{- define "libcoder.containerspec" -}} +{{- include "libcoder.util.merge" (append . "libcoder.containerspec.tpl") -}} +{{- end -}} + +{{- define "libcoder.serviceaccount.tpl" -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.coder.serviceAccount.name | quote }} + annotations: {{ toYaml .Values.coder.serviceAccount.annotations | nindent 4 }} + labels: + {{- include "coder.labels" . | nindent 4 }} +{{- end -}} +{{- define "libcoder.serviceaccount" -}} +{{- include "libcoder.util.merge" (append . "libcoder.serviceaccount.tpl") -}} +{{- end -}} diff --git a/helm/templates/_helpers.tpl b/helm/libcoder/templates/_helpers.tpl similarity index 100% rename from helm/templates/_helpers.tpl rename to helm/libcoder/templates/_helpers.tpl diff --git a/helm/templates/rbac.yaml b/helm/libcoder/templates/_rbac.yaml similarity index 95% rename from helm/templates/rbac.yaml rename to helm/libcoder/templates/_rbac.yaml index 3105e1a604b63..b315317a6c29e 100644 --- a/helm/templates/rbac.yaml +++ b/helm/libcoder/templates/_rbac.yaml @@ -1,3 +1,4 @@ +{{- define "libcoder.rbac.tpl" -}} {{- if .Values.coder.serviceAccount.workspacePerms }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -55,3 +56,4 @@ roleRef: kind: Role name: coder-workspace-perms {{- end }} +{{- end -}} diff --git a/helm/libcoder/templates/_util.yaml b/helm/libcoder/templates/_util.yaml new file mode 100644 index 0000000000000..ebdc13e3631ec --- /dev/null +++ b/helm/libcoder/templates/_util.yaml @@ -0,0 +1,13 @@ +{{- /* + libcoder.util.merge will merge two YAML templates and output the result. + This takes an array of three values: + - the top context + - the template name of the overrides (destination) + - the template name of the base (source) +*/}} +{{- define "libcoder.util.merge" -}} +{{- $top := first . -}} +{{- $overrides := fromYaml (include (index . 1) $top) | default (dict ) -}} +{{- $tpl := fromYaml (include (index . 2) $top) | default (dict ) -}} +{{- toYaml (merge $overrides $tpl) -}} +{{- end -}} diff --git a/helm/templates/coder.yaml b/helm/templates/coder.yaml deleted file mode 100644 index 09b284e676bc8..0000000000000 --- a/helm/templates/coder.yaml +++ /dev/null @@ -1,143 +0,0 @@ -{{- include "coder.verifyDeprecated" . -}} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.coder.serviceAccount.name | quote }} - annotations: {{ toYaml .Values.coder.serviceAccount.annotations | nindent 4 }} - labels: - {{- include "coder.labels" . | nindent 4 }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: coder - labels: - {{- include "coder.labels" . | nindent 4 }} - {{- with .Values.coder.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: {{ toYaml .Values.coder.annotations | nindent 4}} -spec: - replicas: {{ .Values.coder.replicaCount }} - selector: - matchLabels: - {{- include "coder.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "coder.labels" . | nindent 8 }} - {{- with .Values.coder.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - annotations: - {{- toYaml .Values.coder.podAnnotations | nindent 8 }} - spec: - serviceAccountName: {{ .Values.coder.serviceAccount.name | quote }} - restartPolicy: Always - {{- with .Values.coder.image.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 60 - {{- with .Values.coder.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.coder.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.coder.nodeSelector }} - nodeSelector: - {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.coder.initContainers }} - initContainers: - {{ toYaml . | nindent 8 }} - {{- end }} - containers: - - name: coder - image: {{ include "coder.image" . | quote }} - imagePullPolicy: {{ .Values.coder.image.pullPolicy }} - command: - {{- toYaml .Values.coder.command | nindent 12 }} - args: - {{- if .Values.coder.commandArgs }} - {{- toYaml .Values.coder.commandArgs | nindent 12 }} - {{- else }} - {{- if .Values.coder.workspaceProxy }} - - wsproxy - {{- end }} - - server - {{- end }} - resources: - {{- toYaml .Values.coder.resources | nindent 12 }} - lifecycle: - {{- toYaml .Values.coder.lifecycle | nindent 12 }} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - {{- $hasAccessURL := false }} - {{- range .Values.coder.env }} - {{- if eq .name "CODER_ACCESS_URL" }} - {{- $hasAccessURL = true }} - {{- end }} - {{- end }} - {{- if not $hasAccessURL }} - - name: CODER_ACCESS_URL - value: {{ include "coder.defaultAccessURL" . | quote }} - {{- end }} - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - {{- include "coder.tlsEnv" . | nindent 12 }} - {{- with .Values.coder.env -}} - {{ toYaml . | nindent 12 }} - {{- end }} - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - {{- if eq (include "coder.tlsEnabled" .) "true" }} - - name: "https" - containerPort: 8443 - protocol: TCP - {{- end }} - {{- range .Values.coder.env }} - {{- if eq .name "CODER_PROMETHEUS_ENABLE" }} - {{/* - This sadly has to be nested to avoid evaluating the second part - of the condition too early and potentially getting type errors if - the value is not a string (like a `valueFrom`). We do not support - `valueFrom` for this env var specifically. - */}} - {{- if eq .value "true" }} - - name: "prometheus-http" - containerPort: 2112 - protocol: TCP - {{- end }} - {{- end }} - {{- end }} - securityContext: {{ toYaml .Values.coder.securityContext | nindent 12 }} - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - {{- include "coder.volumeMounts" . | nindent 10 }} - - {{- include "coder.volumes" . | nindent 6 }} diff --git a/helm/tests/testdata/tls.golden b/helm/tests/testdata/tls.golden deleted file mode 100644 index 8ef85d138f722..0000000000000 --- a/helm/tests/testdata/tls.golden +++ /dev/null @@ -1,220 +0,0 @@ ---- -# Source: coder/templates/coder.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder" - annotations: - {} - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-workspace-perms -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "coder" -subjects: - - kind: ServiceAccount - name: "coder" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-workspace-perms ---- -# Source: coder/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - type: LoadBalancer - sessionAffinity: ClientIP - ports: - - name: "http" - port: 80 - targetPort: "http" - protocol: TCP - - name: "https" - port: 443 - targetPort: "https" - protocol: TCP - externalTrafficPolicy: "Cluster" - selector: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name ---- -# Source: coder/templates/coder.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} - spec: - serviceAccountName: "coder" - restartPolicy: Always - terminationGracePeriodSeconds: 60 - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - coder - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/coder - args: - - server - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "https://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - - name: CODER_TLS_ENABLE - value: "true" - - name: CODER_TLS_ADDRESS - value: "0.0.0.0:8443" - - name: CODER_TLS_CERT_FILE - value: "/etc/ssl/certs/coder/coder-tls/tls.crt" - - name: CODER_TLS_KEY_FILE - value: "/etc/ssl/certs/coder/coder-tls/tls.key" - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - - name: "https" - containerPort: 8443 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: - - name: "tls-coder-tls" - mountPath: "/etc/ssl/certs/coder/coder-tls" - readOnly: true - - volumes: - - name: "tls-coder-tls" - secret: - secretName: "coder-tls" diff --git a/helm/tests/testdata/workspace_proxy.golden b/helm/tests/testdata/workspace_proxy.golden deleted file mode 100644 index 88e0213be559d..0000000000000 --- a/helm/tests/testdata/workspace_proxy.golden +++ /dev/null @@ -1,206 +0,0 @@ ---- -# Source: coder/templates/coder.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder" - annotations: - {} - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-workspace-perms -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "coder" -subjects: - - kind: ServiceAccount - name: "coder" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-workspace-perms ---- -# Source: coder/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - type: LoadBalancer - sessionAffinity: ClientIP - ports: - - name: "http" - port: 80 - targetPort: "http" - protocol: TCP - externalTrafficPolicy: "Cluster" - selector: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name ---- -# Source: coder/templates/coder.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} - spec: - serviceAccountName: "coder" - restartPolicy: Always - terminationGracePeriodSeconds: 60 - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - coder - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/coder - args: - - wsproxy - - server - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "http://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - - name: CODER_PRIMARY_ACCESS_URL - value: https://dev.coder.com - - name: CODER_PROXY_SESSION_TOKEN - valueFrom: - secretKeyRef: - key: token - name: coder-workspace-proxy-session-token - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: [] - volumes: [] diff --git a/scripts/helm.sh b/scripts/helm.sh index 33b556f0100a1..67edad0e149fc 100755 --- a/scripts/helm.sh +++ b/scripts/helm.sh @@ -69,7 +69,9 @@ cdroot temp_dir="$(mktemp -d)" cdroot -cd ./helm +cd ./helm/coder +log "--- Updating dependencies" +helm dependency update . log "--- Packaging helm chart for version $version ($output_path)" helm package \ --version "$version" \ From 175e776f24569ece4488db9c1e78ce34a3bb6c23 Mon Sep 17 00:00:00 2001 From: Spike Curtis Date: Mon, 7 Aug 2023 11:45:38 +0000 Subject: [PATCH 2/6] Remove comment from libcoder Chart.yaml Signed-off-by: Spike Curtis --- helm/libcoder/Chart.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/helm/libcoder/Chart.yaml b/helm/libcoder/Chart.yaml index 6a9e07412613a..90c881af5d62d 100644 --- a/helm/libcoder/Chart.yaml +++ b/helm/libcoder/Chart.yaml @@ -3,12 +3,6 @@ name: libcoder description: Coder library chart home: https://github.com/coder/coder -# version and appVersion are injected at release and will always be shown as -# 0.1.0 in the repository. -# -# If you're installing the Helm chart directly from git it will have this -# version, which means the auto-generated image URI will be invalid. You can set -# "coder.image.tag" to the desired tag manually. type: library version: "0.1.0" appVersion: "0.1.0" From c8bbf1808c5274bc3398ca84167956f98d339524 Mon Sep 17 00:00:00 2001 From: Spike Curtis Date: Tue, 8 Aug 2023 07:08:23 +0000 Subject: [PATCH 3/6] Add provisioner helm chart --- Makefile | 6 +- helm/coder/Chart.lock | 6 + helm/coder/Chart.yaml | 2 +- helm/coder/charts/libcoder-0.1.0.tgz | Bin 2958 -> 2999 bytes helm/coder/templates/coder.yaml | 7 + helm/coder/tests/chart_test.go | 4 + .../tests/testdata/provisionerd_psk.golden | 194 +++++++++++++++++ .../tests/testdata/provisionerd_psk.yaml | 5 + helm/coder/tests/testdata/sa.golden | 4 +- helm/coder/values.yaml | 10 + helm/libcoder/templates/_coder.yaml | 2 +- helm/libcoder/templates/_helpers.tpl | 20 +- helm/libcoder/templates/_rbac.yaml | 4 +- helm/provisioner/Chart.lock | 6 + helm/provisioner/Chart.yaml | 34 +++ helm/provisioner/charts/libcoder-0.1.0.tgz | Bin 0 -> 2994 bytes helm/provisioner/templates/coder.yaml | 77 +++++++ helm/provisioner/templates/rbac.yaml | 1 + helm/provisioner/tests/chart_test.go | 172 +++++++++++++++ .../provisioner/tests/testdata/command.golden | 135 ++++++++++++ helm/provisioner/tests/testdata/command.yaml | 5 + .../tests/testdata/command_args.golden | 135 ++++++++++++ .../tests/testdata/command_args.yaml | 6 + .../tests/testdata/default_values.golden | 135 ++++++++++++ .../tests/testdata/default_values.yaml | 3 + .../tests/testdata/labels_annotations.golden | 143 ++++++++++++ .../tests/testdata/labels_annotations.yaml | 15 ++ .../tests/testdata/missing_values.yaml | 0 .../tests/testdata/provisionerd_psk.golden | 137 ++++++++++++ .../tests/testdata/provisionerd_psk.yaml | 8 + helm/provisioner/tests/testdata/sa.golden | 136 ++++++++++++ helm/provisioner/tests/testdata/sa.yaml | 8 + helm/provisioner/values.yaml | 203 ++++++++++++++++++ 33 files changed, 1610 insertions(+), 13 deletions(-) create mode 100644 helm/coder/Chart.lock create mode 100644 helm/coder/tests/testdata/provisionerd_psk.golden create mode 100644 helm/coder/tests/testdata/provisionerd_psk.yaml create mode 100644 helm/provisioner/Chart.lock create mode 100644 helm/provisioner/Chart.yaml create mode 100644 helm/provisioner/charts/libcoder-0.1.0.tgz create mode 100644 helm/provisioner/templates/coder.yaml create mode 100644 helm/provisioner/templates/rbac.yaml create mode 100644 helm/provisioner/tests/chart_test.go create mode 100644 helm/provisioner/tests/testdata/command.golden create mode 100644 helm/provisioner/tests/testdata/command.yaml create mode 100644 helm/provisioner/tests/testdata/command_args.golden create mode 100644 helm/provisioner/tests/testdata/command_args.yaml create mode 100644 helm/provisioner/tests/testdata/default_values.golden create mode 100644 helm/provisioner/tests/testdata/default_values.yaml create mode 100644 helm/provisioner/tests/testdata/labels_annotations.golden create mode 100644 helm/provisioner/tests/testdata/labels_annotations.yaml create mode 100644 helm/provisioner/tests/testdata/missing_values.yaml create mode 100644 helm/provisioner/tests/testdata/provisionerd_psk.golden create mode 100644 helm/provisioner/tests/testdata/provisionerd_psk.yaml create mode 100644 helm/provisioner/tests/testdata/sa.golden create mode 100644 helm/provisioner/tests/testdata/sa.yaml create mode 100644 helm/provisioner/values.yaml diff --git a/Makefile b/Makefile index f82d79a47313a..8bb681c9d4020 100644 --- a/Makefile +++ b/Makefile @@ -553,7 +553,7 @@ coderd/apidoc/swagger.json: $(shell find ./scripts/apidocgen $(FIND_EXCLUSIONS) ./scripts/apidocgen/generate.sh pnpm run format:write:only ./docs/api ./docs/manifest.json ./coderd/apidoc/swagger.json -update-golden-files: cli/testdata/.gen-golden helm/coder/tests/testdata/.gen-golden scripts/ci-report/testdata/.gen-golden enterprise/cli/testdata/.gen-golden +update-golden-files: cli/testdata/.gen-golden helm/coder/tests/testdata/.gen-golden helm/provisioner/tests/testdata/.gen-golden scripts/ci-report/testdata/.gen-golden enterprise/cli/testdata/.gen-golden .PHONY: update-golden-files cli/testdata/.gen-golden: $(wildcard cli/testdata/*.golden) $(wildcard cli/*.tpl) $(GO_SRC_FILES) $(wildcard cli/*_test.go) @@ -568,6 +568,10 @@ helm/coder/tests/testdata/.gen-golden: $(wildcard helm/coder/tests/testdata/*.ya go test ./helm/coder/tests -run=TestUpdateGoldenFiles -update touch "$@" +helm/provisioner/tests/testdata/.gen-golden: $(wildcard helm/provisioner/tests/testdata/*.yaml) $(wildcard helm/provisioner/tests/testdata/*.golden) $(GO_SRC_FILES) $(wildcard helm/provisioner/tests/*_test.go) + go test ./helm/provisioner/tests -run=TestUpdateGoldenFiles -update + touch "$@" + scripts/ci-report/testdata/.gen-golden: $(wildcard scripts/ci-report/testdata/*) $(wildcard scripts/ci-report/*.go) go test ./scripts/ci-report -run=TestOutputMatchesGoldenFile -update touch "$@" diff --git a/helm/coder/Chart.lock b/helm/coder/Chart.lock new file mode 100644 index 0000000000000..9692722e192f1 --- /dev/null +++ b/helm/coder/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: libcoder + repository: file://../libcoder + version: 0.1.0 +digest: sha256:5c9a99109258073b590a9f98268490ef387fde24c0c7c7ade9c1a8c7ef5e6e10 +generated: "2023-08-08T07:27:19.677972411Z" diff --git a/helm/coder/Chart.yaml b/helm/coder/Chart.yaml index 5909abdcf3198..99f6b710474c3 100644 --- a/helm/coder/Chart.yaml +++ b/helm/coder/Chart.yaml @@ -21,7 +21,7 @@ keywords: - coder - terraform sources: - - https://github.com/coder/coder/tree/main/helm + - https://github.com/coder/coder/tree/main/helm/coder icon: https://helm.coder.com/coder_logo_black.png maintainers: - name: Coder Technologies, Inc. diff --git a/helm/coder/charts/libcoder-0.1.0.tgz b/helm/coder/charts/libcoder-0.1.0.tgz index a44288944dfbb8df5a5a01785cdcabfec5b9a94d..b799de7d008196ae4c4a948df1db26d2c5cd4cf5 100644 GIT binary patch delta 2970 zcmV;L3uW|<7q=IXJAXQRZ`(NX{ac@6enJ;{{A$@r+@vtDzgznxB}{YFG3j#nkqAOtX%~d9SS055Nen4COpO-Oq5DxuiYL~ zHOYoS$m6#4EAzh>6PhSO6BM%NwE$y6Sr25Erd+6h7#NM?0VG6|vkP5eI7v9;V~X+_ zoF!r40c3)e%YPM^?T{ymgvzt{xm$Z`mfD}1V{f`B+xJ%fUtkpRuP{y-Q7GFVtWqB? z72Fg5&-V`wYVrSk?{M!i{=dbzyK6y&Bbp%ixi16}ri{;GOjMv!=0j^f_o|74q^WFA z_q=PGL_IhupuHFsiHIV-B9QOyfF>c!A_U(O*YiFE^MAPqz{n7p)X)H$lNzXf?Lz>c zAfZWwiGnT|ObdTQ)dYgy3CmChRh%5if+_x%#B4PgOd|V}BnekU=Q?Rv&k+|^r~p+7 z&gY&?G1S5cOc@P{rLlHO*O(yX(Rs}ZYb?<~v#^IARhxKCwCZd38}0J~a+0}~%rlB94Y41F z+90oTmtCZ}2xJ@>KEcO~D=gU*s1u2L%^3}6J?OI=GLzm~J<*tqF-SAUE-@6SD*7_7 zUYBor>%IBKqQ5WbPoaouV)XG+kPu&^pgg+7kbftU?7?AYJ(FZKq6t;Aib34WSMaoA zEyWoMXStI9a`NFTJ2@11+g_cg*wCP{rg6^IyJfSki!Zf3D6UQ_iv& zo03OPvgMxF><@kcR8TLVGDTSsqZp$P+aygj$zb&^vr~}D*KS_ClrP1w+@I`rV-I~M zdViYs9`nLVT!e2CYI*1`#eW&67DQu(JdQ~cX)~?NMGmH--hGWKQ1VQKDAytvP<3=h zM;OjRhHKFas5-jDFcVbGw5#E*TD{HH0PA#?m1`a9H=QGmS8d`+3!XIl1(P5sGb zcjB^ps&5u1H;{~bI(daVDx#kjj`?|P@Vsotm51WgtLJ~GdyzY}=7 z?OH;p)^U|&K{BQwuzf^*k}gu1hP;@f5H!-cPl+rE;qbsb()cnPjp!}-Ex($CY=63L z?|R1qiE_MH?lh~ekpo0RCNYBHtmN1xz?FO(n3C~S&_s>E|3S8X&{?s{zkPPQ0DLla z9SITq|M$WF;D5F(#YxlVV9)zMJ>cX5UR_*4|KtSvuinCM7lTu{JUu@>zPcD(25@!- zXP3~2p9ZJ>U(a5>gyUcOuU?*lL4RH)WxYbQJ6alCXG0VTDwF}`?R#o;XhfokR3r)A zW;Z~FM55JLqXBsw^CTB}1-q=m<^)+B$VuB6s);*i!JzpVvRoTCN|6$wT6}bm^k#b- z<(|+lx}(iBi}s>c%o0jv*RLpPnMzC&GRCMioGohDojq14IYI#^JiJC>i+@LWGdNqN zZFdZAl>+LR+QyHK2VX_T;QKrF{gPC^X{8q1H;f2n;J@V=#FFoi(CUy_Q~m z#u7vnv4zjFUVpS(Ge9GDmH_W;4!?UD)5(2ERDQ}-J zKf-n`Hmf=ecEHyn8kAOkb8vBTI{0vPe)-|_RsW~+QxB}4^&D&iV1NJQWN>e}C42g&nXM;m?ODDw`&botVJmFPB&AZh=U2k+50M?!({Q(bsUjjG%W96CK&mqEtYx zakkj9S|{0k;eTQKgPX;Oh5ejBaqhKAxa5t>jbf(akPCrhiL8m9D&ndTazr+aBbtnb z-uZ4Qi$WqIm~g3#70qRXJ~+Q`rHmJywEcQtOp6@L(5I5yx`9xX-ye;_1?5hxA< zV?Ms_s`%@1LP`q zDxm{hK+J{hCXi5}kk4SNWqGI~Z*RGCw4o0Xj|oj6B&o^-!dUPuEulg46IhI^3Fgpp z!ZQ}Z5Pv~pN(50DSw0DD1zWb>u^Jd!j0K8;6A%U{Ro=F-a6yI9ot)99ds;#bw6zuB zEs0ZxLC9k(Rqh+c)B|hjK4aj&f4^%Kwf+8m5bW;wOE+4^g27G2eZb#+dbch%glx8qv+URB8*HAm7WW_2#7LrDV}OQl%KGy&H^at zXm(O8<1#^e*E?BWdU@}#<*jz)A(|dkWubeDG^kd}jQ~_uiwoA zjSn!1P)Hz7BsC!_zbe$TdHXl;-bgaWUPEI=7!p?w(1&e^XsEz91WTVtiJAn82Wof^2YG{&7O}L={Hh)<>xPD=~rupUSfHVBkE7keDRq)VCH4~o5 zn7w0f0ZHjgy&daAmhan-BFbxcc;}})l5T#AV(4y9TM(Mt2lpdFhP59dXADCvjhh~$ za!-uP{4pgeoVe#KjY^6)?!_h?YDG$giL!^rkP#YxKb|*n3fm7YKM!;tyHtgBG=E8& z%9_Xp%LVp#l+-2uFZAi3Xrd3o5Ad~s%!dEMP&uz|{3OAAzw|}K1!p+Gk*1v+XpM*- zKqYFwHdgy2->|96g#_Urfmo$m9;{r_7G9c^u0G&g*^qpNEM_EFt% zc-#N&yeJf;sm6Jxbg{21FM%>+N`IG~rZ!XL+Q0x2g3N4fDiB?TmuK+2WOIk@>a1I5 z;fnAyuV^^R(nezZE<- zZLFewv`v!;Zy|ua9YbTMde3MIr=7|gDZ7Wt{{2*3BW>Fntiqor|M+>;;}duskE1^R Q6954J|D;O6d09l%~)c^nh delta 2928 zcmV-$3y<`-7mgQ@JAWE$ZyPryjH zcex?CvUQIC`+<*LtyU}9NerjOnFSh|J2RXYXE;N0HlQL#**+W-siP@L__K!|old87 zu(xOb?Q}Zze>=M`_MdIY-9Y#@o80yQoZj75T77;BxWZo55V zdYlg;Dw4MIEBpT-AuQE|r6^T5XaOdK@h+%5%Y@YbvM>fG07!`;=N7s^I!*-_BZlfZ zoTM}g0CLG^%YT)aZ7Nbts16){;nsnkX6{eJaWI*e?RzW#FEGmeuQACu(Wu%Vol+kz z6x^}@_jfw={lCAxzyGxVA7k9yv>?VIOA*4t7or$5E~W{lI?@>rp>=y3R09RcGS!}J z2bV03yKq!O2MKBt6HU71Ms~XpfRh1oW#$3Qnk=O}kAD$Dx1#$TLIj^7WoeA5hCR5w zE#a@29z*my;W?_Pic=B7lPTcH9}C3t%qs0^tQ zMqIJu6>_9nNT-E_XgWTvsHIUc1^t56SKl2SdEm=zoj?!Ch z#{X>c;a5yWjOTtc&48=3vo#-RNu#?%QJi}!CZC)C`eo^i2E6}sc?_8do+sE8JPML6 z|9eFy2uq-ndI^n`m7**z(G$Gy%RH7ZMvAdcYI9)GItG}gSPzQtM%I$t!`_dW#wACIQ`Z;U)c zsf@86WR2DJ-}cV--a)Aik+3>JBrlz;WQ(dD@;y37YCQ`D#;Cfa2tt7Q&nTbtMykyxrU zNvThPedI_KI*m0NP$Y>+3z3(w%PVY-ktdNFx2>U?xbqf_nhz(76?3B$8IigrhIdGB zlislKgkISlZKhea7mZ>TP%3AEijo$oBqSvxj9Y{0yoUXWWQmevlyD^IC4Wj+Qo`H* z$ue#G!*OdSpxIL!_^I(YtjP$%aMOKXkSesT)H12VkT4G6JCQ?@D{V_~HuSr*Ms#A< zGOJHTzAh20V{y*Xkp=$+dE$3;%p_9Hr!bTvfmcjN;o>=_k$H)kfZN;dlFx>X&t>r1 zD1yP{he^07>*fm8U!0x;rhjC>FnWI~nE3`91 z!WAx@SUYwqP zJbvB#>GU`NXYQ_tZ2;^Y9rcgT&nu9f$o|)Txwp65gmHM>zxep`$$uR6n;VcM9U-i- z`1(1l&2$OfAMe(+i3UT93%9q=Z*II!+o)+WBL-ORi-P>w8XE9Ekh_prQmJrBmW12Z+Z3(6~@ zdTLS`v7s|k6B<#TD}QaWj-Z4ulh75pP8enju%%nZfu1s@y>Nv!ztE1QvxJ(f)`F!% z+e0=JuH>72w27h$JeO;#F>;QvMW(E$c(!URQPMJBD{Q$E_r82B6vXq4u_25!Y;a6# zEcx!$CUgqW#=6;qEf8K|TLn{+EI%lgZL^ubnls*l$5yQ$xqm$9QMcyia`hUYgim%pIcGhRvgRsb%L4(c>?=JUo|DwrvuRTz4u(^%kh^*KRRm5dm z!V|gYzF_G{nt#M}#du7KjA1O4wpO%_dUL)kKPgwWDJ@x+tvJ7Vntyn_UxX^_$o3Xo zjF|$7BfKu_L_6^*XA)ymshUNFWFwXm4lK=b?X^*ycpW1qhHe?$RA?Z;ab&@rJVuNN z{y<0(W6%O5CSrmWbbFS+M9j>bqg6_}zO^3NDK`($f`9c7AGX%*&B3`QQY)vQ^{w>^ z$oqdse_9}4-!cUq5E2q0UCm9XMyZ~|ddu-pMc!EVH+hym#3CUq1xhlVON5aWc{YOv z!%yTeF2-0utFg#=3$ zTD#f44VyjrXH!av6oxtHQ;0E>NUiAh*r<#J>XSf4GVphRDsn!_RNyyV3`ASGw8)Ge zW)D4F+3GUx7Iy#*v=ugo#R9DfeO&^?5hUA@EmFcY!z^AnTtRaj4xWSOdoT(VqZe@97u!um>&{fVXK0RI3l1XMow4^r*Dy73u;eSfp` zRm7#>*vFxvT^MMEhyg%lPp;mHPdWc@Jeu;qebe!H`M>kxMLqxTclMs{{~u+T9oyat z02*HOz!l>h+)sTa;9c*x)3O9ow$C7Po#n2kl&Es9O+js|PE9T?3=k>F)K%RQ(buj; zj4z5&Uq)1C{W^0m5`=$6pkO0LrD=VkyLlJdfGC6wmwPrB3#-P*OvTA(&9K+~5r#}E zUFlA(&3G|irATapu565Lur$VNh+uou(%7utGuo1Hv$96U@1U}CHx=I^+;9e~@Mp+B aJ-T`tPvdFS$NvHV0RR8S^YHcnIsgF9^Q=bz diff --git a/helm/coder/templates/coder.yaml b/helm/coder/templates/coder.yaml index d2036adce0155..a4993ee0f9787 100644 --- a/helm/coder/templates/coder.yaml +++ b/helm/coder/templates/coder.yaml @@ -30,6 +30,13 @@ env: value: "0.0.0.0:8080" - name: CODER_PROMETHEUS_ADDRESS value: "0.0.0.0:2112" +{{- if .Values.provisionerDaemon.pskSecretName }} +- name: CODER_PROVISIONER_DAEMON_PSK + valueFrom: + secretKeyRef: + name: {{ .Values.provisionerDaemon.pskSecretName | quote }} + key: psk +{{- end }} # Set the default access URL so a `helm apply` works by default. # See: https://github.com/coder/coder/issues/5024 {{- $hasAccessURL := false }} diff --git a/helm/coder/tests/chart_test.go b/helm/coder/tests/chart_test.go index 7442be08fc2e3..90f0c43416c9b 100644 --- a/helm/coder/tests/chart_test.go +++ b/helm/coder/tests/chart_test.go @@ -56,6 +56,10 @@ var TestCases = []TestCase{ name: "command_args", expectedError: "", }, + { + name: "provisionerd_psk", + expectedError: "", + }, } type TestCase struct { diff --git a/helm/coder/tests/testdata/provisionerd_psk.golden b/helm/coder/tests/testdata/provisionerd_psk.golden new file mode 100644 index 0000000000000..f8cfe550eefff --- /dev/null +++ b/helm/coder/tests/testdata/provisionerd_psk.golden @@ -0,0 +1,194 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: ClientIP + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_PROVISIONER_DAEMON_PSK + valueFrom: + secretKeyRef: + key: psk + name: coder-provisionerd-psk + - name: CODER_ACCESS_URL + value: http://coder.default.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 + volumes: [] diff --git a/helm/coder/tests/testdata/provisionerd_psk.yaml b/helm/coder/tests/testdata/provisionerd_psk.yaml new file mode 100644 index 0000000000000..915b7aeb66f0f --- /dev/null +++ b/helm/coder/tests/testdata/provisionerd_psk.yaml @@ -0,0 +1,5 @@ +coder: + image: + tag: latest +provisionerDaemon: + pskSecretName: "coder-provisionerd-psk" diff --git a/helm/coder/tests/testdata/sa.golden b/helm/coder/tests/testdata/sa.golden index bb2b269a1ceb3..940b761dd3f79 100644 --- a/helm/coder/tests/testdata/sa.golden +++ b/helm/coder/tests/testdata/sa.golden @@ -18,7 +18,7 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: coder-workspace-perms + name: coder-service-account-workspace-perms rules: - apiGroups: [""] resources: ["pods"] @@ -67,7 +67,7 @@ subjects: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: coder-workspace-perms + name: coder-service-account-workspace-perms --- # Source: coder/templates/service.yaml apiVersion: v1 diff --git a/helm/coder/values.yaml b/helm/coder/values.yaml index 43d317507d609..f6b43e4ee4dd0 100644 --- a/helm/coder/values.yaml +++ b/helm/coder/values.yaml @@ -280,6 +280,16 @@ coder: # coder.commandArgs -- Set arguments for the entrypoint command of the Coder pod. commandArgs: [] +# provisionerDaemon -- Configuration for external provisioner daemons. +# +# This is an Enterprise feature. Contact sales@coder.com. +provisionerDaemon: + # provisionerDaemon.pskSecretName -- The name of the Kubernetes secret that contains the + # Pre-Shared Key (PSK) to use to authenticate external provisioner daemons with Coder. The + # secret must be in the same namespace as the Helm deployment, and contain an item called "psk" + # which contains the pre-shared key. + pskSecretName: "" + # extraTemplates -- Array of extra objects to deploy with the release. Strings # are evaluated as a template and can use template expansions and functions. All # other objects are used as yaml. diff --git a/helm/libcoder/templates/_coder.yaml b/helm/libcoder/templates/_coder.yaml index 8ed96042cf7bb..77cdbb2a3dfe5 100644 --- a/helm/libcoder/templates/_coder.yaml +++ b/helm/libcoder/templates/_coder.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: coder + name: {{ include "coder.name" .}} labels: {{- include "coder.labels" . | nindent 4 }} {{- with .Values.coder.labels }} diff --git a/helm/libcoder/templates/_helpers.tpl b/helm/libcoder/templates/_helpers.tpl index d884b28402000..9a6c5dfcfb82d 100644 --- a/helm/libcoder/templates/_helpers.tpl +++ b/helm/libcoder/templates/_helpers.tpl @@ -49,11 +49,15 @@ Coder Docker image URI Coder TLS enabled. */}} {{- define "coder.tlsEnabled" -}} -{{- if .Values.coder.tls.secretNames -}} -true -{{- else -}} -false -{{- end -}} + {{- if hasKey .Values.coder "tls" -}} + {{- if .Values.coder.tls.secretNames -}} + true + {{- else -}} + false + {{- end -}} + {{- else -}} + false + {{- end -}} {{- end }} {{/* @@ -88,11 +92,13 @@ http Coder volume definitions. */}} {{- define "coder.volumeList" }} -{{ range $secretName := .Values.coder.tls.secretNames -}} +{{- if hasKey .Values.coder "tls" -}} +{{- range $secretName := .Values.coder.tls.secretNames }} - name: "tls-{{ $secretName }}" secret: secretName: {{ $secretName | quote }} {{ end -}} +{{- end }} {{ range $secret := .Values.coder.certs.secrets -}} - name: "ca-cert-{{ $secret.name }}" secret: @@ -119,11 +125,13 @@ volumes: [] Coder volume mounts. */}} {{- define "coder.volumeMountList" }} +{{- if hasKey .Values.coder "tls" }} {{ range $secretName := .Values.coder.tls.secretNames -}} - name: "tls-{{ $secretName }}" mountPath: "/etc/ssl/certs/coder/{{ $secretName }}" readOnly: true {{ end -}} +{{- end }} {{ range $secret := .Values.coder.certs.secrets -}} - name: "ca-cert-{{ $secret.name }}" mountPath: "/etc/ssl/certs/{{ $secret.name }}.crt" diff --git a/helm/libcoder/templates/_rbac.yaml b/helm/libcoder/templates/_rbac.yaml index b315317a6c29e..c60357ad2a796 100644 --- a/helm/libcoder/templates/_rbac.yaml +++ b/helm/libcoder/templates/_rbac.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: coder-workspace-perms + name: {{ .Values.coder.serviceAccount.name }}-workspace-perms rules: - apiGroups: [""] resources: ["pods"] @@ -54,6 +54,6 @@ subjects: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: coder-workspace-perms + name: {{ .Values.coder.serviceAccount.name }}-workspace-perms {{- end }} {{- end -}} diff --git a/helm/provisioner/Chart.lock b/helm/provisioner/Chart.lock new file mode 100644 index 0000000000000..b51a533086d42 --- /dev/null +++ b/helm/provisioner/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: libcoder + repository: file://../libcoder + version: 0.1.0 +digest: sha256:5c9a99109258073b590a9f98268490ef387fde24c0c7c7ade9c1a8c7ef5e6e10 +generated: "2023-08-07T12:43:45.49343898Z" diff --git a/helm/provisioner/Chart.yaml b/helm/provisioner/Chart.yaml new file mode 100644 index 0000000000000..e27e85ec12bd4 --- /dev/null +++ b/helm/provisioner/Chart.yaml @@ -0,0 +1,34 @@ +apiVersion: v2 +name: coder-provisioner +description: "External provisioner daemon for Coder. This is an Enterprise feature; contact sales@coder.com." +home: https://github.com/coder/coder + +# version and appVersion are injected at release and will always be shown as +# 0.1.0 in the repository. +# +# If you're installing the Helm chart directly from git it will have this +# version, which means the auto-generated image URI will be invalid. You can set +# "coder.image.tag" to the desired tag manually. +type: application +version: "0.1.0" +appVersion: "0.1.0" + +# Coder has a hard requirement on Kubernetes 1.19, as this version introduced +# the networking.k8s.io/v1 API. +kubeVersion: ">= 1.19.0-0" + +keywords: + - coder + - terraform +sources: + - https://github.com/coder/coder/tree/main/helm/provisioner +icon: https://helm.coder.com/coder_logo_black.png +maintainers: + - name: Coder Technologies, Inc. + email: support@coder.com + url: https://coder.com/contact + +dependencies: + - name: libcoder + version: 0.1.0 + repository: file://../libcoder diff --git a/helm/provisioner/charts/libcoder-0.1.0.tgz b/helm/provisioner/charts/libcoder-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..638d50f976a7eb18335f26a15c12769a83e9f412 GIT binary patch literal 2994 zcmV;j3r+MNiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH$@Z`(NX{ac@6enJ;{{A$^GG%XA)aM>i=EjHU0PP&Vt-79En zZ1X~iDoMHVrT*>*KJ>6GJ8m1adwXGlMy6(l^BxW<&W2RPD7z;UB6Tz)34d_cqu1;8 zjt&p)-(IiR{M$Qt^7z5t;o;HY;r`*1gC`Gqdk5w<^zNLKmXRw>#OBGDNNnG=Slx0qS0d5Wy!%SsG)i z;SemQga63%1ft&w&rwBnoC3&!Y4L_6d^H(NWA~G!snEpaI%Qce5EoXc0o4i4=Yh(Q z8et@6oKfOvEF$|?Cn8U^TT>xNs)ck~NQkDB^O{;(6;t4xw#(M>2-|>G7+CQtgyxsEi_Aem{GS$&_=7d_HnCyoui$CLT3T?F-f|WH z)#Tl;n2H!Ld@xnO_1S98J6h7{?nD&3p_<7T=D&PdTG4>Ff3D6UQ^E5D+mc5?vg4oE z)Q7MHDyf%Hxn?{{P>wN#ZIWe%WVE`kTf=CTA7PHOijJ}234XGxumGpB9~B2bk0UdXO!bw^b)Fx zu8`)E>6vjgyw3ySHw5%Dv9T zLMdq9?|f$Q*l5qupt52M0$;VMy46^Vn)(`Rwdj1=T;F?Z{68_;`o9VC45cz=xsx^4 z_kVl)k9)ml|95b7c;Ekhi*a+)-3`vJGgGJZ1Z@@rF|yD0d?yNayN!fU@8fF8g5+F7 z_{Fm`u*j>VY<7sQqGi!lK17+KMinv9y`@KoRwR}xO;YNM-2gcfg-&Cw1{6sm z(n91F?D86$6XZ#xCS7Z&HtxIyqxNmca&O!!MMk9Vh|w+5+wwLlJmI)J9c`ys9xocj zETPn@eoaZsR1%VsF~*(YY*E90@3BJ3F-kZU^a`bG9^v)i`6_MuZE&X&(8Sa>erVnJ zYBGi}+;Q)hqzdg(YFWNvL>PzgjmRO%mA1_`8~NyL5S^N}%<40dZ%G8}Se&zTY{7p) zp7@B4nMA7j3`SBU@QmpwT;8#?GA}U`FrW8Vyf$onDwEfCkqo9kOv7bach;!>^85lY zB}0z!%FLs=I&&aS_vHp{1QViu#n~c@5b7c%YE9gz*)wxxw(1h?>4mC+gUL=$!Jsq4~T+|?Yk^R?ydU$xyhH-K>xP1Tf z^9AZRHy}wmMtI2L>qqdgG79v6yxnLf4UH@=%;%48ZoE#rsA*Rz-lZtD@^>mXHw)zF z^R6LCrLJtz#`UjfZ~k&jU*W9Ibj_Jo_*D_Bgi=%rUJuS!`ICn{wt%k(=U?PmwjgPp zsbC=>%+x~qDet11HBn{6=IlsKX+(Lhv?+Ij623}8*GD^HnCn71_! zUE94Wi%U)V0*^++V-4FJ(*{faL~RFp1!!w8@4;3Jzw8VOW+Yj?r7e&0DjzVr(IpqJ zyG!IMwnyy;D^CbLc*SH90|hF){d4K;V6|H(_I&6TQS2eoXSj8X$84O#Ht=f8^DCk! zeF!(pZK1sdBJs@)$89_yZwDj6n;Kn20IX&~2A;g_xN+N2`={Yj-QM zQ*Iuh16%Lj?QYqP>xCv#E2p2W-K`qP+kZxXS|H!KGX*^m5)vWZX#$}drFsNg9mhi* zd3($6qb+@iMM78#lw>-W2xBSotbzu^PvkHzCs;tMiO6{jLj;8xkwjzc_$06uZMlBO zX<+Cu7AQtuKp3FX#j%Zpi)xJS6pTLHGZGr0t*r>JNs@7ls7Rbtg>P6>51gfsIfwAw zyIrfO?RW2@Xm=-Ey3w*0j6T-f2g2QlH+%E2-IISdO`=F)lyg3V7&D2~if;F%%2=Q| z2~;FQe~+mm=aWnYKImc~+RCLxX7o^f!m>IGpk$-jX}OHg1l`@>bb0CJ+Tq$;-YK^NFjbTPks;s8gR(6%k~nIfH!W#=fN6|U0r4W~3DLz>p_wg?f1}{F zB4g~g9IQx7;?e_#unjSz8bV93@`;S-Nu))jC+MaOzP&;U;h}AzR~V#8ztJM=S%%LQ zgeIA#;}9YzNUfcxd95v7Xd%eB;^Z#!#S}*#n1C$q`tr@LxA^B0rE8FS5LYcT;vC~<&LbWtWt|vmW zf7>h`T|ITDrp4vzKyduhE7keDQ}WQs3=@IOxw~WU0Lj=hQ;y9hD-7L75!E$3ybUuE zD?dL)IrO)u9iaC1!T*SnW8()EoFg^T_~|if|HPRp9y6lp#6Ra*Tv7b!Uu?pmQKZtC zYPV^moUr8k@w|ysxbx8J^FaTxOI=t`lVq7{h+MK&}mo;=xK zs{fDo@9Y1!7$(}frfF{ZcE@zr9NeS+DB#WUZ|7yBplmlTa&4M@(|Ji$IoGD`w7r=o zR~80{lw{_5Q;Fz1ydr}aEt}tL*Ju4Y3tuD%{}q9P?HHBz?cmOBXhWh9wq0e}S#CdC zKU*qxJ`W9h{U2e(q|&uBoQD-J=B*ToJ;o}JkG5GF<26LEw_|DS)bAN> Date: Tue, 8 Aug 2023 12:37:18 +0000 Subject: [PATCH 4/6] Fix prettier, linting, docs Signed-off-by: Spike Curtis --- .prettierignore | 2 +- .prettierignore.include | 2 +- docs/admin/configure.md | 2 +- docs/admin/scale.md | 2 +- docs/install/kubernetes.md | 2 +- helm/Makefile | 11 ++- helm/coder/templates/_coder.tpl | 102 ++++++++++++++++++++++++++ helm/coder/templates/coder.yaml | 96 +----------------------- helm/provisioner/templates/_coder.tpl | 85 +++++++++++++++++++++ helm/provisioner/templates/coder.yaml | 76 +------------------ helm/provisioner/values.yaml | 3 +- site/.eslintignore | 2 +- site/.prettierignore | 2 +- 13 files changed, 209 insertions(+), 178 deletions(-) create mode 100644 helm/coder/templates/_coder.tpl create mode 100644 helm/provisioner/templates/_coder.tpl diff --git a/.prettierignore b/.prettierignore index 9296d15d8802e..d68357703d7ce 100644 --- a/.prettierignore +++ b/.prettierignore @@ -67,7 +67,7 @@ scaletest/terraform/secrets.tfvars # .prettierignore.include: # Helm templates contain variables that are invalid YAML and can't be formatted # by Prettier. -helm/templates/*.yaml +helm/**/templates/*.yaml # Terraform state files used in tests, these are automatically generated. # Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json diff --git a/.prettierignore.include b/.prettierignore.include index 1f60eda9c54a7..975c00ca21b84 100644 --- a/.prettierignore.include +++ b/.prettierignore.include @@ -1,6 +1,6 @@ # Helm templates contain variables that are invalid YAML and can't be formatted # by Prettier. -helm/templates/*.yaml +helm/**/templates/*.yaml # Terraform state files used in tests, these are automatically generated. # Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json diff --git a/docs/admin/configure.md b/docs/admin/configure.md index e74d447c0b4e1..e3059c5469dc9 100644 --- a/docs/admin/configure.md +++ b/docs/admin/configure.md @@ -42,7 +42,7 @@ If you are providing TLS certificates directly to the Coder server, either 1. Use a single certificate and key for both the root and wildcard domains. 2. Configure multiple certificates and keys via - [`coder.tls.secretNames`](https://github.com/coder/coder/blob/main/helm/values.yaml) in the Helm Chart, or + [`coder.tls.secretNames`](https://github.com/coder/coder/blob/main/helm/coder/values.yaml) in the Helm Chart, or [`--tls-cert-file`](../cli/server.md#--tls-cert-file) and [`--tls-key-file`](../cli/server.md#--tls-key-file) command line options (these both take a comma separated list of files; list certificates and their respective keys in the same order). diff --git a/docs/admin/scale.md b/docs/admin/scale.md index 999a30aeae44a..04ef1889d946e 100644 --- a/docs/admin/scale.md +++ b/docs/admin/scale.md @@ -42,7 +42,7 @@ Users accessing workspaces via SSH will consume fewer resources, as SSH connecti Workspace builds are CPU-intensive, as it relies on Terraform. Various [Terraform providers](https://registry.terraform.io/browse/providers) have different resource requirements. When tested with our [kubernetes](https://github.com/coder/coder/tree/main/examples/templates/kubernetes) template, `coderd` will consume roughly 0.25 cores per concurrent workspace build. -For effective provisioning, our helm chart prefers to schedule [one coderd replica per-node](https://github.com/coder/coder/blob/main/helm/values.yaml#L110-L121). +For effective provisioning, our helm chart prefers to schedule [one coderd replica per-node](https://github.com/coder/coder/blob/main/helm/coder/values.yaml#L110-L121). We recommend: diff --git a/docs/install/kubernetes.md b/docs/install/kubernetes.md index 191ef1aba0338..944730ad770fe 100644 --- a/docs/install/kubernetes.md +++ b/docs/install/kubernetes.md @@ -109,7 +109,7 @@ to log in and manage templates. > You can view our > [Helm README](https://github.com/coder/coder/blob/main/helm#readme) for > details on the values that are available, or you can view the - > [values.yaml](https://github.com/coder/coder/blob/main/helm/values.yaml) + > [values.yaml](https://github.com/coder/coder/blob/main/helm/coder/values.yaml) > file directly. If you are deploying Coder on AWS EKS and service is set to `LoadBalancer`, AWS will default to the Classic load balancer. The load balancer external IP will be stuck in a pending status unless sessionAffinity is set to None. diff --git a/helm/Makefile b/helm/Makefile index a3f689b1637af..4010cf42d64fb 100644 --- a/helm/Makefile +++ b/helm/Makefile @@ -13,6 +13,13 @@ all: lint lint: lint/helm .PHONY: lint -lint/helm: - helm lint --strict --set coder.image.tag=v0.0.1 . +lint/helm: lint/helm/coder lint/helm/provisioner .PHONY: lint/helm + +lint/helm/coder: + helm lint --strict --set coder.image.tag=v0.0.1 coder/ +.PHONY: lint/helm/coder + +lint/helm/provisioner: + helm lint --strict --set coder.image.tag=v0.0.1 provisioner/ +.PHONY: lint/helm/provisioner diff --git a/helm/coder/templates/_coder.tpl b/helm/coder/templates/_coder.tpl new file mode 100644 index 0000000000000..98a89ff5d419a --- /dev/null +++ b/helm/coder/templates/_coder.tpl @@ -0,0 +1,102 @@ +{{/* +Service account to merge into the libcoder template +*/}} +{{- define "coder.serviceaccount" -}} +{{- end -}} + +{{/* +Deployment to merge into the libcoder template +*/}} +{{- define "coder.deployment" -}} +spec: + template: + spec: + containers: + - +{{ include "libcoder.containerspec" (list . "coder.containerspec") | indent 8}} + +{{- end -}} + +{{/* +ContainerSpec for the Coder container of the Coder deployment +*/}} +{{- define "coder.containerspec" -}} +args: +{{- if .Values.coder.commandArgs }} + {{- toYaml .Values.coder.commandArgs | nindent 12 }} +{{- else }} + {{- if .Values.coder.workspaceProxy }} +- wsproxy + {{- end }} +- server +{{- end }} +env: +- name: CODER_HTTP_ADDRESS + value: "0.0.0.0:8080" +- name: CODER_PROMETHEUS_ADDRESS + value: "0.0.0.0:2112" +{{- if .Values.provisionerDaemon.pskSecretName }} +- name: CODER_PROVISIONER_DAEMON_PSK + valueFrom: + secretKeyRef: + name: {{ .Values.provisionerDaemon.pskSecretName | quote }} + key: psk +{{- end }} + # Set the default access URL so a `helm apply` works by default. + # See: https://github.com/coder/coder/issues/5024 +{{- $hasAccessURL := false }} +{{- range .Values.coder.env }} +{{- if eq .name "CODER_ACCESS_URL" }} +{{- $hasAccessURL = true }} +{{- end }} +{{- end }} +{{- if not $hasAccessURL }} +- name: CODER_ACCESS_URL + value: {{ include "coder.defaultAccessURL" . | quote }} +{{- end }} +# Used for inter-pod communication with high-availability. +- name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +- name: CODER_DERP_SERVER_RELAY_URL + value: "http://$(KUBE_POD_IP):8080" +{{- include "coder.tlsEnv" . }} +{{- with .Values.coder.env }} +{{ toYaml . }} +{{- end }} +ports: +- name: "http" + containerPort: 8080 + protocol: TCP + {{- if eq (include "coder.tlsEnabled" .) "true" }} +- name: "https" + containerPort: 8443 + protocol: TCP + {{- end }} + {{- range .Values.coder.env }} + {{- if eq .name "CODER_PROMETHEUS_ENABLE" }} + {{/* + This sadly has to be nested to avoid evaluating the second part + of the condition too early and potentially getting type errors if + the value is not a string (like a `valueFrom`). We do not support + `valueFrom` for this env var specifically. + */}} + {{- if eq .value "true" }} +- name: "prometheus-http" + containerPort: 2112 + protocol: TCP + {{- end }} + {{- end }} + {{- end }} +readinessProbe: + httpGet: + path: /healthz + port: "http" + scheme: "HTTP" +livenessProbe: + httpGet: + path: /healthz + port: "http" + scheme: "HTTP" +{{- end }} diff --git a/helm/coder/templates/coder.yaml b/helm/coder/templates/coder.yaml index a4993ee0f9787..65eaac00ac001 100644 --- a/helm/coder/templates/coder.yaml +++ b/helm/coder/templates/coder.yaml @@ -1,97 +1,5 @@ --- -{{- include "libcoder.serviceaccount" (list . "coder.serviceaccount") -}} -{{- define "coder.serviceaccount" -}} -{{- end }} +{{ include "libcoder.serviceaccount" (list . "coder.serviceaccount") }} --- -{{ include "libcoder.deployment" (list . "coder.deployment") -}} -{{- define "coder.deployment" -}} -spec: - template: - spec: - containers: - - -{{ include "libcoder.containerspec" (list . "coder.containerspec") | indent 8}} - -{{- end }} - -{{- define "coder.containerspec" -}} -args: -{{- if .Values.coder.commandArgs }} - {{- toYaml .Values.coder.commandArgs | nindent 12 }} -{{- else }} - {{- if .Values.coder.workspaceProxy }} -- wsproxy - {{- end }} -- server -{{- end }} -env: -- name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" -- name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" -{{- if .Values.provisionerDaemon.pskSecretName }} -- name: CODER_PROVISIONER_DAEMON_PSK - valueFrom: - secretKeyRef: - name: {{ .Values.provisionerDaemon.pskSecretName | quote }} - key: psk -{{- end }} - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 -{{- $hasAccessURL := false }} -{{- range .Values.coder.env }} -{{- if eq .name "CODER_ACCESS_URL" }} -{{- $hasAccessURL = true }} -{{- end }} -{{- end }} -{{- if not $hasAccessURL }} -- name: CODER_ACCESS_URL - value: {{ include "coder.defaultAccessURL" . | quote }} -{{- end }} -# Used for inter-pod communication with high-availability. -- name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP -- name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" -{{- include "coder.tlsEnv" . }} -{{- with .Values.coder.env }} -{{ toYaml . }} -{{- end }} -ports: -- name: "http" - containerPort: 8080 - protocol: TCP - {{- if eq (include "coder.tlsEnabled" .) "true" }} -- name: "https" - containerPort: 8443 - protocol: TCP - {{- end }} - {{- range .Values.coder.env }} - {{- if eq .name "CODER_PROMETHEUS_ENABLE" }} - {{/* - This sadly has to be nested to avoid evaluating the second part - of the condition too early and potentially getting type errors if - the value is not a string (like a `valueFrom`). We do not support - `valueFrom` for this env var specifically. - */}} - {{- if eq .value "true" }} -- name: "prometheus-http" - containerPort: 2112 - protocol: TCP - {{- end }} - {{- end }} - {{- end }} -readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" -livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" -{{- end }} +{{ include "libcoder.deployment" (list . "coder.deployment") }} diff --git a/helm/provisioner/templates/_coder.tpl b/helm/provisioner/templates/_coder.tpl new file mode 100644 index 0000000000000..856f18bd33d6e --- /dev/null +++ b/helm/provisioner/templates/_coder.tpl @@ -0,0 +1,85 @@ +{{/* +Service account to merge into the libcoder template +*/}} +{{- define "coder.serviceaccount" -}} +{{- end }} + +{{/* +Deployment to merge into the libcoder template +*/}} +{{- define "coder.deployment" -}} +spec: + template: + spec: + containers: + - +{{ include "libcoder.containerspec" (list . "coder.containerspec") | indent 8}} + +{{- end }} + +{{/* +ContainerSpec for the Coder container of the Coder deployment +*/}} +{{- define "coder.containerspec" -}} +args: +{{- if .Values.coder.commandArgs }} + {{- toYaml .Values.coder.commandArgs | nindent 12 }} +{{- else }} +- provisionerd +- start +{{- end }} +env: +- name: CODER_PROMETHEUS_ADDRESS + value: "0.0.0.0:2112" +- name: CODER_PROVISIONER_DAEMON_PSK + valueFrom: + secretKeyRef: + name: {{ .Values.provisionerDaemon.pskSecretName | quote }} + key: psk +{{- if include "provisioner.tags" . }} +- name: CODER_PROVISIONERD_TAGS + value: {{ include "provisioner.tags" . }} +{{- end }} + # Set the default access URL so a `helm apply` works by default. + # See: https://github.com/coder/coder/issues/5024 +{{- $hasAccessURL := false }} +{{- range .Values.coder.env }} +{{- if eq .name "CODER_URL" }} +{{- $hasAccessURL = true }} +{{- end }} +{{- end }} +{{- if not $hasAccessURL }} +- name: CODER_URL + value: {{ include "coder.defaultAccessURL" . | quote }} +{{- end }} +{{- with .Values.coder.env }} +{{ toYaml . }} +{{- end }} +ports: + {{- range .Values.coder.env }} + {{- if eq .name "CODER_PROMETHEUS_ENABLE" }} + {{/* + This sadly has to be nested to avoid evaluating the second part + of the condition too early and potentially getting type errors if + the value is not a string (like a `valueFrom`). We do not support + `valueFrom` for this env var specifically. + */}} + {{- if eq .value "true" }} +- name: "prometheus-http" + containerPort: 2112 + protocol: TCP + {{- end }} + {{- end }} + {{- end }} +{{- end }} + +{{/* +Convert provisioner tags to the environment variable format +*/}} +{{- define "provisioner.tags" -}} + {{- $keys := keys .Values.provisionerDaemon.tags | sortAlpha -}} + {{- range $i, $key := $keys -}} + {{- $val := get $.Values.provisionerDaemon.tags $key -}} + {{- if ne $i 0 -}},{{- end -}}{{ $key }}={{ $val }} + {{- end -}} +{{- end -}} diff --git a/helm/provisioner/templates/coder.yaml b/helm/provisioner/templates/coder.yaml index 0e9146c95bf10..65eaac00ac001 100644 --- a/helm/provisioner/templates/coder.yaml +++ b/helm/provisioner/templates/coder.yaml @@ -1,77 +1,5 @@ --- -{{- include "libcoder.serviceaccount" (list . "coder.serviceaccount") -}} -{{- define "coder.serviceaccount" -}} -{{- end }} +{{ include "libcoder.serviceaccount" (list . "coder.serviceaccount") }} --- -{{ include "libcoder.deployment" (list . "coder.deployment") -}} -{{- define "coder.deployment" -}} -spec: - template: - spec: - containers: - - -{{ include "libcoder.containerspec" (list . "coder.containerspec") | indent 8}} - -{{- end }} - -{{- define "coder.containerspec" -}} -args: -{{- if .Values.coder.commandArgs }} - {{- toYaml .Values.coder.commandArgs | nindent 12 }} -{{- else }} -- provisionerd -- start -{{- end }} -env: -- name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" -- name: CODER_PROVISIONER_DAEMON_PSK - valueFrom: - secretKeyRef: - name: {{ .Values.provisionerDaemon.pskSecretName | quote }} - key: psk -{{- if include "provisioner.tags" . }} -- name: CODER_PROVISIONERD_TAGS - value: {{ include "provisioner.tags" . }} -{{- end }} - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 -{{- $hasAccessURL := false }} -{{- range .Values.coder.env }} -{{- if eq .name "CODER_URL" }} -{{- $hasAccessURL = true }} -{{- end }} -{{- end }} -{{- if not $hasAccessURL }} -- name: CODER_URL - value: {{ include "coder.defaultAccessURL" . | quote }} -{{- end }} -{{- with .Values.coder.env }} -{{ toYaml . }} -{{- end }} -ports: - {{- range .Values.coder.env }} - {{- if eq .name "CODER_PROMETHEUS_ENABLE" }} - {{/* - This sadly has to be nested to avoid evaluating the second part - of the condition too early and potentially getting type errors if - the value is not a string (like a `valueFrom`). We do not support - `valueFrom` for this env var specifically. - */}} - {{- if eq .value "true" }} -- name: "prometheus-http" - containerPort: 2112 - protocol: TCP - {{- end }} - {{- end }} - {{- end }} -{{- end }} - -{{- define "provisioner.tags" -}} - {{- $keys := keys .Values.provisionerDaemon.tags | sortAlpha -}} - {{- range $i, $key := $keys -}} - {{- $val := get $.Values.provisionerDaemon.tags $key -}} - {{- if ne $i 0 -}},{{- end -}}{{ $key }}={{ $val }} - {{- end -}} -{{- end -}} +{{ include "libcoder.deployment" (list . "coder.deployment") }} diff --git a/helm/provisioner/values.yaml b/helm/provisioner/values.yaml index 4d8855690a6ce..08fb37a8bdd70 100644 --- a/helm/provisioner/values.yaml +++ b/helm/provisioner/values.yaml @@ -154,7 +154,8 @@ coder: # key: "ca-bundle.crt" # coder.affinity -- Allows specifying an affinity rule for the deployment. - affinity: {} + affinity: + {} # podAntiAffinity: # preferredDuringSchedulingIgnoredDuringExecution: # - podAffinityTerm: diff --git a/site/.eslintignore b/site/.eslintignore index 46023d091348a..9bed2be372b11 100644 --- a/site/.eslintignore +++ b/site/.eslintignore @@ -67,7 +67,7 @@ stats/ # .prettierignore.include: # Helm templates contain variables that are invalid YAML and can't be formatted # by Prettier. -../helm/templates/*.yaml +../helm/**/templates/*.yaml # Terraform state files used in tests, these are automatically generated. # Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json diff --git a/site/.prettierignore b/site/.prettierignore index 46023d091348a..9bed2be372b11 100644 --- a/site/.prettierignore +++ b/site/.prettierignore @@ -67,7 +67,7 @@ stats/ # .prettierignore.include: # Helm templates contain variables that are invalid YAML and can't be formatted # by Prettier. -../helm/templates/*.yaml +../helm/**/templates/*.yaml # Terraform state files used in tests, these are automatically generated. # Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json From f1d76ff3531a971622263e45ec8e85fb3722058f Mon Sep 17 00:00:00 2001 From: Spike Curtis Date: Thu, 10 Aug 2023 04:37:27 +0000 Subject: [PATCH 5/6] Log at INFO when provisionerd connects to coderd Signed-off-by: Spike Curtis --- provisionerd/provisionerd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provisionerd/provisionerd.go b/provisionerd/provisionerd.go index d7e50f96bfab1..78ea5f5c29ad2 100644 --- a/provisionerd/provisionerd.go +++ b/provisionerd/provisionerd.go @@ -204,7 +204,7 @@ func (p *Server) connect(ctx context.Context) { p.clientValue.Store(ptr.Ref(client)) p.mutex.Unlock() - p.opts.Logger.Debug(context.Background(), "connected") + p.opts.Logger.Info(ctx, "provisionerd successfully connected to coderd") break } select { From a91c2a122c144c80451cc4400072bb315b81c507 Mon Sep 17 00:00:00 2001 From: Spike Curtis Date: Thu, 10 Aug 2023 04:45:26 +0000 Subject: [PATCH 6/6] remove unnecessary exports in helm tests Signed-off-by: Spike Curtis --- helm/coder/tests/chart_test.go | 20 ++++++++++---------- helm/provisioner/tests/chart_test.go | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/helm/coder/tests/chart_test.go b/helm/coder/tests/chart_test.go index 90f0c43416c9b..451e4407f9abe 100644 --- a/helm/coder/tests/chart_test.go +++ b/helm/coder/tests/chart_test.go @@ -20,10 +20,10 @@ import ( // All values and golden files are located in the `testdata` directory. // To update golden files, run `go test . -update`. -// UpdateGoldenFiles is a flag that can be set to update golden files. -var UpdateGoldenFiles = flag.Bool("update", false, "Update golden files") +// updateGoldenFiles is a flag that can be set to update golden files. +var updateGoldenFiles = flag.Bool("update", false, "Update golden files") -var TestCases = []TestCase{ +var testCases = []testCase{ { name: "default_values", expectedError: "", @@ -62,22 +62,22 @@ var TestCases = []TestCase{ }, } -type TestCase struct { +type testCase struct { name string // Name of the test case. This is used to control which values and golden file are used. expectedError string // Expected error from running `helm template`. } -func (tc TestCase) valuesFilePath() string { +func (tc testCase) valuesFilePath() string { return filepath.Join("./testdata", tc.name+".yaml") } -func (tc TestCase) goldenFilePath() string { +func (tc testCase) goldenFilePath() string { return filepath.Join("./testdata", tc.name+".golden") } func TestRenderChart(t *testing.T) { t.Parallel() - if *UpdateGoldenFiles { + if *updateGoldenFiles { t.Skip("Golden files are being updated. Skipping test.") } if testutil.InCI() { @@ -89,7 +89,7 @@ func TestRenderChart(t *testing.T) { // Ensure that Helm is available in $PATH helmPath := lookupHelm(t) - for _, tc := range TestCases { + for _, tc := range testCases { tc := tc t.Run(tc.name, func(t *testing.T) { t.Parallel() @@ -125,12 +125,12 @@ func TestRenderChart(t *testing.T) { func TestUpdateGoldenFiles(t *testing.T) { t.Parallel() - if !*UpdateGoldenFiles { + if !*updateGoldenFiles { t.Skip("Run with -update to update golden files") } helmPath := lookupHelm(t) - for _, tc := range TestCases { + for _, tc := range testCases { if tc.expectedError != "" { t.Logf("skipping test case %q with render error", tc.name) continue diff --git a/helm/provisioner/tests/chart_test.go b/helm/provisioner/tests/chart_test.go index 6723970066648..95d516b3b04bf 100644 --- a/helm/provisioner/tests/chart_test.go +++ b/helm/provisioner/tests/chart_test.go @@ -20,10 +20,10 @@ import ( // All values and golden files are located in the `testdata` directory. // To update golden files, run `go test . -update`. -// UpdateGoldenFiles is a flag that can be set to update golden files. -var UpdateGoldenFiles = flag.Bool("update", false, "Update golden files") +// updateGoldenFiles is a flag that can be set to update golden files. +var updateGoldenFiles = flag.Bool("update", false, "Update golden files") -var TestCases = []TestCase{ +var testCases = []testCase{ { name: "default_values", expectedError: "", @@ -54,22 +54,22 @@ var TestCases = []TestCase{ }, } -type TestCase struct { +type testCase struct { name string // Name of the test case. This is used to control which values and golden file are used. expectedError string // Expected error from running `helm template`. } -func (tc TestCase) valuesFilePath() string { +func (tc testCase) valuesFilePath() string { return filepath.Join("./testdata", tc.name+".yaml") } -func (tc TestCase) goldenFilePath() string { +func (tc testCase) goldenFilePath() string { return filepath.Join("./testdata", tc.name+".golden") } func TestRenderChart(t *testing.T) { t.Parallel() - if *UpdateGoldenFiles { + if *updateGoldenFiles { t.Skip("Golden files are being updated. Skipping test.") } if testutil.InCI() { @@ -81,7 +81,7 @@ func TestRenderChart(t *testing.T) { // Ensure that Helm is available in $PATH helmPath := lookupHelm(t) - for _, tc := range TestCases { + for _, tc := range testCases { tc := tc t.Run(tc.name, func(t *testing.T) { t.Parallel() @@ -117,12 +117,12 @@ func TestRenderChart(t *testing.T) { func TestUpdateGoldenFiles(t *testing.T) { t.Parallel() - if !*UpdateGoldenFiles { + if !*updateGoldenFiles { t.Skip("Run with -update to update golden files") } helmPath := lookupHelm(t) - for _, tc := range TestCases { + for _, tc := range testCases { if tc.expectedError != "" { t.Logf("skipping test case %q with render error", tc.name) continue