Add GCP VM devcontainer templates

coder · matifali · Dec 17, 2023 · Sep 24, 2023 · Sep 24, 2023 · Sep 26, 2023
commit 039028be0d73745770595fee57a9783018dd8451
diff --git a/examples/examples.gen.json b/examples/examples.gen.json
@@ -12,7 +12,7 @@
       "aws",
       "persistent-vm"
     ],
-    "markdown": "\n# Remote Development on AWS EC2 VMs (Linux)\n\nProvision AWS EC2 VMs as [Coder workspaces](https://coder.com/docs/coder-v2/latest) with this example template.\n\n\u003c!-- TODO: Add screenshot --\u003e\n\n## Prerequisites\n\n### Authentication\n\nBy default, this template authenticates to AWS with using the provider's default [authentication methods](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration).\n\nThe simplest way (without making changes to the template) is via environment variables (e.g. `AWS_ACCESS_KEY_ID`) or a [credentials file](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-format). If you are running Coder on a VM, this file must be in `/home/coder/aws/credentials`.\n\nTo use another [authentication method](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication), edit the template.\n\n## Required permissions / policy\n\nThe following sample policy allows Coder to create EC2 instances and modify\ninstances provisioned by Coder:\n\n```json\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"VisualEditor0\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"ec2:GetDefaultCreditSpecification\",\n        \"ec2:DescribeIamInstanceProfileAssociations\",\n        \"ec2:DescribeTags\",\n        \"ec2:DescribeInstances\",\n        \"ec2:DescribeInstanceTypes\",\n        \"ec2:CreateTags\",\n        \"ec2:RunInstances\",\n        \"ec2:DescribeInstanceCreditSpecifications\",\n        \"ec2:DescribeImages\",\n        \"ec2:ModifyDefaultCreditSpecification\",\n        \"ec2:DescribeVolumes\"\n      ],\n      \"Resource\": \"*\"\n    },\n    {\n      \"Sid\": \"CoderResources\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"ec2:DescribeInstanceAttribute\",\n        \"ec2:UnmonitorInstances\",\n        \"ec2:TerminateInstances\",\n        \"ec2:StartInstances\",\n        \"ec2:StopInstances\",\n        \"ec2:DeleteTags\",\n        \"ec2:MonitorInstances\",\n        \"ec2:CreateTags\",\n        \"ec2:RunInstances\",\n        \"ec2:ModifyInstanceAttribute\",\n        \"ec2:ModifyInstanceCreditSpecification\"\n      ],\n      \"Resource\": \"arn:aws:ec2:*:*:instance/*\",\n      \"Condition\": {\n        \"StringEquals\": {\n          \"aws:ResourceTag/Coder_Provisioned\": \"true\"\n        }\n      }\n    }\n  ]\n}\n```\n\n## Architecture\n\nThis template provisions the following resources:\n\n- AWS Instance\n\nCoder uses `aws_ec2_instance_state` to start and stop the VM. This example template is fully persistent, meaning the full filesystem is preserved when the workspace restarts. See this [community example](https://github.com/bpmct/coder-templates/tree/main/aws-linux-ephemeral) of an ephemeral AWS instance.\n\n\u003e **Note**\n\u003e This template is designed to be a starting point! Edit the Terraform to extend the template to support your use case.\n\n## code-server\n\n`code-server` is installed via the `startup_script` argument in the `coder_agent`\nresource block. The `coder_app` resource is defined to access `code-server` through\nthe dashboard UI over `localhost:13337`.\n"
+    "markdown": "\n# Remote Development on AWS EC2 VMs (Linux)\n\nProvision AWS EC2 VMs as [Coder workspaces](https://coder.com/docs/coder-v2/latest) with this example template.\n\n\u003c!-- TODO: Add screenshot --\u003e\n\n## Prerequisites\n\n### Authentication\n\nBy default, this template authenticates to AWS using the provider's default [authentication methods](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration).\n\nThe simplest way (without making changes to the template) is via environment variables (e.g. `AWS_ACCESS_KEY_ID`) or a [credentials file](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-format). If you are running Coder on a VM, this file must be in `/home/coder/aws/credentials`.\n\nTo use another [authentication method](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication), edit the template.\n\n## Required permissions / policy\n\nThe following sample policy allows Coder to create EC2 instances and modify\ninstances provisioned by Coder:\n\n```json\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"VisualEditor0\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"ec2:GetDefaultCreditSpecification\",\n        \"ec2:DescribeIamInstanceProfileAssociations\",\n        \"ec2:DescribeTags\",\n        \"ec2:DescribeInstances\",\n        \"ec2:DescribeInstanceTypes\",\n        \"ec2:CreateTags\",\n        \"ec2:RunInstances\",\n        \"ec2:DescribeInstanceCreditSpecifications\",\n        \"ec2:DescribeImages\",\n        \"ec2:ModifyDefaultCreditSpecification\",\n        \"ec2:DescribeVolumes\"\n      ],\n      \"Resource\": \"*\"\n    },\n    {\n      \"Sid\": \"CoderResources\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"ec2:DescribeInstanceAttribute\",\n        \"ec2:UnmonitorInstances\",\n        \"ec2:TerminateInstances\",\n        \"ec2:StartInstances\",\n        \"ec2:StopInstances\",\n        \"ec2:DeleteTags\",\n        \"ec2:MonitorInstances\",\n        \"ec2:CreateTags\",\n        \"ec2:RunInstances\",\n        \"ec2:ModifyInstanceAttribute\",\n        \"ec2:ModifyInstanceCreditSpecification\"\n      ],\n      \"Resource\": \"arn:aws:ec2:*:*:instance/*\",\n      \"Condition\": {\n        \"StringEquals\": {\n          \"aws:ResourceTag/Coder_Provisioned\": \"true\"\n        }\n      }\n    }\n  ]\n}\n```\n\n## Architecture\n\nThis template provisions the following resources:\n\n- AWS Instance\n\nCoder uses `aws_ec2_instance_state` to start and stop the VM. This example template is fully persistent, meaning the full filesystem is preserved when the workspace restarts. See this [community example](https://github.com/bpmct/coder-templates/tree/main/aws-linux-ephemeral) of an ephemeral AWS instance.\n\n\u003e **Note**\n\u003e This template is designed to be a starting point! Edit the Terraform to extend the template to support your use case.\n\n## code-server\n\n`code-server` is installed via the `startup_script` argument in the `coder_agent`\nresource block. The `coder_app` resource is defined to access `code-server` through\nthe dashboard UI over `localhost:13337`.\n"
   },
   {
     "id": "aws-windows",
@@ -76,7 +76,7 @@
       "linux",
       "gcp"
     ],
-    "markdown": "\n# Remote Development on Google Compute Engine (Linux)\n\n## Prerequisites\n\n### Authentication\n\nThis template assumes that coderd is run in an environment that is authenticated\nwith Google Cloud. For example, run `gcloud auth application-default login` to\nimport credentials on the system and user running coderd. For other ways to\nauthenticate [consult the Terraform\ndocs](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/getting_started#adding-credentials).\n\nCoder requires a Google Cloud Service Account to provision workspaces. To create\na service account:\n\n1. Navigate to the [CGP\n   console](https://console.cloud.google.com/projectselector/iam-admin/serviceaccounts/create),\n   and select your Cloud project (if you have more than one project associated\n   with your account)\n\n1. Provide a service account name (this name is used to generate the service\n   account ID)\n\n1. Click **Create and continue**, and choose the following IAM roles to grant to\n   the service account:\n\n   - Compute Admin\n   - Service Account User\n\n   Click **Continue**.\n\n1. Click on the created key, and navigate to the **Keys** tab.\n\n1. Click **Add key** \u003e **Create new key**.\n\n1. Generate a **JSON private key**, which will be what you provide to Coder\n   during the setup process.\n\n## Architecture\n\nThis template provisions the following resources:\n\n- GCP VM (ephemeral)\n- GCP Disk (persistent, mounted to root)\n\nCoder persists the root volume. The full filesystem is preserved when the workspace restarts. See this [community example](https://github.com/bpmct/coder-templates/tree/main/aws-linux-ephemeral) of an ephemeral AWS instance.\n\n\u003e **Note**\n\u003e This template is designed to be a starting point! Edit the Terraform to extend the template to support your use case.\n\n## code-server\n\n`code-server` is installed via the `startup_script` argument in the `coder_agent`\nresource block. The `coder_app` resource is defined to access `code-server` through\nthe dashboard UI over `localhost:13337`.\n"
+    "markdown": "\n# Remote Development on Google Compute Engine (Linux)\n\n## Prerequisites\n\n### Authentication\n\nThis template assumes that coderd is run in an environment that is authenticated\nwith Google Cloud. For example, run `gcloud auth application-default login` to\nimport credentials on the system and user running coderd. For other ways to\nauthenticate [consult the Terraform\ndocs](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/getting_started#adding-credentials).\n\nCoder requires a Google Cloud Service Account to provision workspaces. To create\na service account:\n\n1. Navigate to the [CGP\n   console](https://console.cloud.google.com/projectselector/iam-admin/serviceaccounts/create),\n   and select your Cloud project (if you have more than one project associated\n   with your account)\n\n1. Provide a service account name (this name is used to generate the service\n   account ID)\n\n1. Click **Create and continue**, and choose the following IAM roles to grant to\n   the service account:\n\n   - Compute Admin\n   - Service Account User\n\n   Click **Continue**.\n\n1. Click on the created key, and navigate to the **Keys** tab.\n\n1. Click **Add key** \u003e **Create new key**.\n\n1. Generate a **JSON private key**, which will be what you provide to Coder\n   during the setup process.\n\n## Architecture\n\nThis template provisions the following resources:\n\n- GCP VM (persistent)\n- GCP Disk (persistent, mounted to root)\n\nCoder persists the root volume. The full filesystem is preserved when the workspace restarts. See this [community example](https://github.com/bpmct/coder-templates/tree/main/aws-linux-ephemeral) of an ephemeral AWS instance.\n\n\u003e **Note**\n\u003e This template is designed to be a starting point! Edit the Terraform to extend the template to support your use case.\n\n## code-server\n\n`code-server` is installed via the `startup_script` argument in the `coder_agent`\nresource block. The `coder_app` resource is defined to access `code-server` through\nthe dashboard UI over `localhost:13337`.\n"
   },
   {
     "id": "gcp-vm-container",

diff --git a/examples/templates/aws-linux/main.tf b/examples/templates/aws-linux/main.tf
@@ -212,7 +212,7 @@ resource "coder_app" "code-server" {
 
 locals {
   linux_user = "coder"
-  user_data = <<-EOT
+  user_data  = <<-EOT
   Content-Type: multipart/mixed; boundary="//"
   MIME-Version: 1.0
 

diff --git a/examples/templates/gcp-linux/main.tf b/examples/templates/gcp-linux/main.tf
@@ -66,7 +66,7 @@ resource "google_compute_disk" "root" {
   name  = "coder-${data.coder_workspace.me.id}-root"
   type  = "pd-ssd"
   zone  = data.coder_parameter.zone.value
-  image = "debian-cloud/debian-11"
+  image = "debian-cloud/debian-12"
   lifecycle {
     ignore_changes = [name, image]
   }
@@ -91,33 +91,21 @@ resource "coder_agent" "main" {
     display_name = "CPU Usage"
     interval     = 5
     timeout      = 5
-    script       = <<-EOT
-      #!/bin/bash
-      set -e
-      coder stat cpu
-    EOT
+    script       = "coder stat cpu"
   }
   metadata {
     key          = "memory"
     display_name = "Memory Usage"
     interval     = 5
     timeout      = 5
-    script       = <<-EOT
-      #!/bin/bash
-      set -e
-      coder stat mem
-    EOT
+    script       = "coder stat mem"
   }
   metadata {
     key          = "disk"
     display_name = "Disk Usage"
     interval     = 600 # every 10 minutes
     timeout      = 30  # df can take a while on large filesystems
-    script       = <<-EOT
-      #!/bin/bash
-      set -e
-      coder stat disk
-    EOT
+    script       = "coder stat disk"
   }
 }
 
@@ -185,11 +173,11 @@ locals {
 
 resource "coder_metadata" "workspace_info" {
   count       = data.coder_workspace.me.start_count
-  resource_id = google_compute_instance.dev[0].id
+  resource_id = google_compute_instance.dev.id
 
   item {
     key   = "type"
-    value = google_compute_instance.dev[0].machine_type
+    value = google_compute_instance.dev.machine_type
   }
 }
 

diff --git a/examples/templates/gcp-vm-devcontainer/README.md b/examples/templates/gcp-vm-devcontainer/README.md
@@ -0,0 +1,64 @@
+---
+display_name: Google Compute Engine Devcontainer (Linux)
+description: Provision a Devcontainer on Google Compute Engine instances as Coder workspaces
+icon: ../../../site/static/icon/gcp.png
+maintainer_github: coder
+verified: true
+tags: [vm, linux, gcp, devcontainer]
+---
+
+# Remote Development in a Devcontainer on Google Compute Engine
+
+## Prerequisites
+
+### Authentication
+
+This template assumes that coderd is run in an environment that is authenticated
+with Google Cloud. For example, run `gcloud auth application-default login` to
+import credentials on the system and user running coderd. For other ways to
+authenticate [consult the Terraform
+docs](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/getting_started#adding-credentials).
+
+Coder requires a Google Cloud Service Account to provision workspaces. To create
+a service account:
+
+1. Navigate to the [CGP
+   console](https://console.cloud.google.com/projectselector/iam-admin/serviceaccounts/create),
+   and select your Cloud project (if you have more than one project associated
+   with your account)
+
+1. Provide a service account name (this name is used to generate the service
+   account ID)
+
+1. Click **Create and continue**, and choose the following IAM roles to grant to
+   the service account:
+
+   - Compute Admin
+   - Service Account User
+
+   Click **Continue**.
+
+1. Click on the created key, and navigate to the **Keys** tab.
+
+1. Click **Add key** > **Create new key**.
+
+1. Generate a **JSON private key**, which will be what you provide to Coder
+   during the setup process.
+
+## Architecture
+
+This template provisions the following resources:
+
+- GCP VM (persistent)
+- GCP Disk (persistent, mounted to root)
+
+Coder persists the root volume. The full filesystem is preserved when the workspace restarts. See this [community example](https://github.com/bpmct/coder-templates/tree/main/aws-linux-ephemeral) of an ephemeral AWS instance.
+
+> **Note**
+> This template is designed to be a starting point! Edit the Terraform to extend the template to support your use case.
+
+## code-server
+
+`code-server` is installed via the `startup_script` argument in the `coder_agent`
+resource block. The `coder_app` resource is defined to access `code-server` through
+the dashboard UI over `localhost:13337`.