From 797c08dffd877d24208f8148d22cb229ad24f29e Mon Sep 17 00:00:00 2001 From: Eric Date: Thu, 7 Sep 2023 20:06:48 +0000 Subject: [PATCH 1/3] feat: add envFrom value to Helm chart --- helm/coder/templates/_coder.tpl | 4 ++++ helm/coder/values.yaml | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/helm/coder/templates/_coder.tpl b/helm/coder/templates/_coder.tpl index 98a89ff5d419a..3381fba4368e3 100644 --- a/helm/coder/templates/_coder.tpl +++ b/helm/coder/templates/_coder.tpl @@ -30,6 +30,10 @@ args: {{- end }} - server {{- end }} +envFrom: +{{- with .Values.coder.envFrom }} +{{ toYaml . }} +{{- end }} env: - name: CODER_HTTP_ADDRESS value: "0.0.0.0:8080" diff --git a/helm/coder/values.yaml b/helm/coder/values.yaml index 2b85b54e67127..b6cbf5e176218 100644 --- a/helm/coder/values.yaml +++ b/helm/coder/values.yaml @@ -21,6 +21,10 @@ coder: # - name: "CODER_ACCESS_URL" # value: "https://coder.example.com" + envFrom: + - secretRef: + name: "" + # coder.image -- The image to use for Coder. image: # coder.image.repo -- The repository of the image. @@ -29,13 +33,13 @@ coder: # if not set. If you're using the chart directly from git, the default # app version will not work and you'll need to set this value. The helm # chart helpfully fails quickly in this case. - tag: "" + tag: "v2.1.5" # coder.image.pullPolicy -- The pull policy to use for the image. See: # https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy pullPolicy: IfNotPresent # coder.image.pullSecrets -- The secrets used for pulling the Coder image from # a private registry. - pullSecrets: [] + pullSecrets: # - name: "pull-secret" # coder.initContainers -- Init containers for the deployment. See: From 65b78ef84bf1f83ece7e2e726d3b5b6cbd426708 Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 13 Sep 2023 15:31:45 +0000 Subject: [PATCH 2/3] add envUseClusterAccessURL --- helm/coder/templates/_coder.tpl | 4 +++- helm/coder/values.yaml | 15 +++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/helm/coder/templates/_coder.tpl b/helm/coder/templates/_coder.tpl index 3381fba4368e3..d0846ecf739b7 100644 --- a/helm/coder/templates/_coder.tpl +++ b/helm/coder/templates/_coder.tpl @@ -30,10 +30,12 @@ args: {{- end }} - server {{- end }} +{{- if .Values.coder.envFrom }} envFrom: {{- with .Values.coder.envFrom }} {{ toYaml . }} {{- end }} +{{- end }} env: - name: CODER_HTTP_ADDRESS value: "0.0.0.0:8080" @@ -54,7 +56,7 @@ env: {{- $hasAccessURL = true }} {{- end }} {{- end }} -{{- if not $hasAccessURL }} +{{- if and (not $hasAccessURL) .Values.coder.envUseClusterAccessURL }} - name: CODER_ACCESS_URL value: {{ include "coder.defaultAccessURL" . | quote }} {{- end }} diff --git a/helm/coder/values.yaml b/helm/coder/values.yaml index b6cbf5e176218..e004fca5b9425 100644 --- a/helm/coder/values.yaml +++ b/helm/coder/values.yaml @@ -16,14 +16,21 @@ coder: # - CODER_DERP_SERVER_RELAY_URL # # We will additionally set CODER_ACCESS_URL if unset to the cluster service - # URL. + # URL, unless coder.envUseClusterAccessURL is set to false. env: [] # - name: "CODER_ACCESS_URL" # value: "https://coder.example.com" - envFrom: - - secretRef: - name: "" + # coder.envFrom -- Secrets to use for Coder's environment variables. If you want + # one environment variable read from a secret, then use coder.env valueFrom. See + # the K8s docs here: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data + # If setting CODER_ACCESS_URL in coder.envFrom, then you must set coder.envUseClusterAccessURL + # to false. + envFrom: [] + + # coder.envUseClusterAccessURL -- Set this to false if defining CODER_ACCESS_URL + # in coder.envFrom + envUseClusterAccessURL: true # coder.image -- The image to use for Coder. image: From 1ab8d780f593fce748d7212d942d82e169d797de Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Thu, 14 Sep 2023 06:35:17 +0000 Subject: [PATCH 3/3] add tests --- helm/coder/tests/chart_test.go | 16 ++ .../tests/testdata/auto_access_url_1.golden | 192 +++++++++++++++++ .../tests/testdata/auto_access_url_1.yaml | 11 + .../tests/testdata/auto_access_url_2.golden | 192 +++++++++++++++++ .../tests/testdata/auto_access_url_2.yaml | 9 + .../tests/testdata/auto_access_url_3.golden | 190 ++++++++++++++++ .../tests/testdata/auto_access_url_3.yaml | 9 + helm/coder/tests/testdata/env_from.golden | 202 ++++++++++++++++++ helm/coder/tests/testdata/env_from.yaml | 18 ++ helm/coder/values.yaml | 25 ++- 10 files changed, 855 insertions(+), 9 deletions(-) create mode 100644 helm/coder/tests/testdata/auto_access_url_1.golden create mode 100644 helm/coder/tests/testdata/auto_access_url_1.yaml create mode 100644 helm/coder/tests/testdata/auto_access_url_2.golden create mode 100644 helm/coder/tests/testdata/auto_access_url_2.yaml create mode 100644 helm/coder/tests/testdata/auto_access_url_3.golden create mode 100644 helm/coder/tests/testdata/auto_access_url_3.yaml create mode 100644 helm/coder/tests/testdata/env_from.golden create mode 100644 helm/coder/tests/testdata/env_from.yaml diff --git a/helm/coder/tests/chart_test.go b/helm/coder/tests/chart_test.go index 8fe4dac61508e..e383f154117f2 100644 --- a/helm/coder/tests/chart_test.go +++ b/helm/coder/tests/chart_test.go @@ -60,6 +60,22 @@ var testCases = []testCase{ name: "provisionerd_psk", expectedError: "", }, + { + name: "auto_access_url_1", + expectedError: "", + }, + { + name: "auto_access_url_2", + expectedError: "", + }, + { + name: "auto_access_url_3", + expectedError: "", + }, + { + name: "env_from", + expectedError: "", + }, } type testCase struct { diff --git a/helm/coder/tests/testdata/auto_access_url_1.golden b/helm/coder/tests/testdata/auto_access_url_1.golden new file mode 100644 index 0000000000000..318fce2098240 --- /dev/null +++ b/helm/coder/tests/testdata/auto_access_url_1.golden @@ -0,0 +1,192 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: ClientIP + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + - name: SOME_ENV + value: some value + - name: CODER_ACCESS_URL + value: https://dev.coder.com + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 + volumes: [] diff --git a/helm/coder/tests/testdata/auto_access_url_1.yaml b/helm/coder/tests/testdata/auto_access_url_1.yaml new file mode 100644 index 0000000000000..68700538df2b8 --- /dev/null +++ b/helm/coder/tests/testdata/auto_access_url_1.yaml @@ -0,0 +1,11 @@ +coder: + image: + tag: latest + + env: + - name: "SOME_ENV" + value: "some value" + - name: "CODER_ACCESS_URL" + value: "https://dev.coder.com" + + envUseClusterAccessURL: true # default diff --git a/helm/coder/tests/testdata/auto_access_url_2.golden b/helm/coder/tests/testdata/auto_access_url_2.golden new file mode 100644 index 0000000000000..b4234b5925b6f --- /dev/null +++ b/helm/coder/tests/testdata/auto_access_url_2.golden @@ -0,0 +1,192 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: ClientIP + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: http://coder.default.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + - name: SOME_ENV + value: some value + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 + volumes: [] diff --git a/helm/coder/tests/testdata/auto_access_url_2.yaml b/helm/coder/tests/testdata/auto_access_url_2.yaml new file mode 100644 index 0000000000000..2253c161ed8e1 --- /dev/null +++ b/helm/coder/tests/testdata/auto_access_url_2.yaml @@ -0,0 +1,9 @@ +coder: + image: + tag: latest + + env: + - name: "SOME_ENV" + value: "some value" + + envUseClusterAccessURL: true # default diff --git a/helm/coder/tests/testdata/auto_access_url_3.golden b/helm/coder/tests/testdata/auto_access_url_3.golden new file mode 100644 index 0000000000000..bbc192d7c46b7 --- /dev/null +++ b/helm/coder/tests/testdata/auto_access_url_3.golden @@ -0,0 +1,190 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: ClientIP + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + - name: SOME_ENV + value: some value + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 + volumes: [] diff --git a/helm/coder/tests/testdata/auto_access_url_3.yaml b/helm/coder/tests/testdata/auto_access_url_3.yaml new file mode 100644 index 0000000000000..528697cccf4d6 --- /dev/null +++ b/helm/coder/tests/testdata/auto_access_url_3.yaml @@ -0,0 +1,9 @@ +coder: + image: + tag: latest + + env: + - name: "SOME_ENV" + value: "some value" + + envUseClusterAccessURL: false diff --git a/helm/coder/tests/testdata/env_from.golden b/helm/coder/tests/testdata/env_from.golden new file mode 100644 index 0000000000000..2a4950f6ec588 --- /dev/null +++ b/helm/coder/tests/testdata/env_from.golden @@ -0,0 +1,202 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: ClientIP + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: http://coder.default.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + - name: COOL_ENV + valueFrom: + configMapKeyRef: + key: value + name: cool-env + - name: COOL_ENV2 + value: cool value + envFrom: + - configMapRef: + name: cool-configmap + - secretRef: + name: cool-secret + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 + volumes: [] diff --git a/helm/coder/tests/testdata/env_from.yaml b/helm/coder/tests/testdata/env_from.yaml new file mode 100644 index 0000000000000..0e1b7956e4722 --- /dev/null +++ b/helm/coder/tests/testdata/env_from.yaml @@ -0,0 +1,18 @@ +coder: + image: + tag: latest + + env: + - name: "COOL_ENV" + valueFrom: + configMapKeyRef: + name: "cool-env" + key: "value" + - name: "COOL_ENV2" + value: "cool value" + + envFrom: + - configMapRef: + name: "cool-configmap" + - secretRef: + name: "cool-secret" diff --git a/helm/coder/values.yaml b/helm/coder/values.yaml index e004fca5b9425..daa900e5805a8 100644 --- a/helm/coder/values.yaml +++ b/helm/coder/values.yaml @@ -21,15 +21,22 @@ coder: # - name: "CODER_ACCESS_URL" # value: "https://coder.example.com" - # coder.envFrom -- Secrets to use for Coder's environment variables. If you want - # one environment variable read from a secret, then use coder.env valueFrom. See - # the K8s docs here: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data - # If setting CODER_ACCESS_URL in coder.envFrom, then you must set coder.envUseClusterAccessURL - # to false. + # coder.envFrom -- Secrets or ConfigMaps to use for Coder's environment + # variables. If you want one environment variable read from a secret, then use + # coder.env valueFrom. See the K8s docs for valueFrom here: + # https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data + # + # If setting CODER_ACCESS_URL in coder.envFrom, then you must set + # coder.envUseClusterAccessURL to false. envFrom: [] + # - configMapRef: + # name: coder-config + # - secretRef: + # name: coder-config - # coder.envUseClusterAccessURL -- Set this to false if defining CODER_ACCESS_URL - # in coder.envFrom + # coder.envUseClusterAccessURL -- Determines whether the CODER_ACCESS_URL env + # is added to coder.env if it's not already set there. Set this to false if + # defining CODER_ACCESS_URL in coder.envFrom to avoid conflicts. envUseClusterAccessURL: true # coder.image -- The image to use for Coder. @@ -40,13 +47,13 @@ coder: # if not set. If you're using the chart directly from git, the default # app version will not work and you'll need to set this value. The helm # chart helpfully fails quickly in this case. - tag: "v2.1.5" + tag: "" # coder.image.pullPolicy -- The pull policy to use for the image. See: # https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy pullPolicy: IfNotPresent # coder.image.pullSecrets -- The secrets used for pulling the Coder image from # a private registry. - pullSecrets: + pullSecrets: [] # - name: "pull-secret" # coder.initContainers -- Init containers for the deployment. See: