{{/*

Deprecation notices:

*/}}

{{- if .Values.provisionerDaemon.pskSecretName }}

* Provisioner Daemon PSKs are no longer recommended for use with external

provisioners. Consider migrating to scoped provisioner keys instead. For more

information, see: https://coder.com/docs/admin/provisioners#authentication

{{- end }}

Enjoy Coder! Please create an issue at https://github.com/coder/coder if you run

into any problems! :)

{{- if and (empty .Values.provisionerDaemon.pskSecretName) (empty .Values.provisionerDaemon.keySecretName) }}

{{ fail "Either provisionerDaemon.pskSecretName or provisionerDaemon.keySecretName must be specified." }}

{{- end }}

{{- if .Values.provisionerDaemon.pskSecretName }}

{{- end }}

{{- if and .Values.provisionerDaemon.keySecretName .Values.provisionerDaemon.keySecretKey }}

- name: CODER_PROVISIONER_DAEMON_KEY

valueFrom:

secretKeyRef:

name: {{ .Values.provisionerDaemon.keySecretName | quote }}

key: {{ .Values.provisionerDaemon.keySecretKey | quote }}

{{- end }}

{

name: "provisionerd_key",

expectedError: "",

},

{

name: "provisionerd_psk_and_key",

expectedError: "",

},

{

name: "provisionerd_no_psk_or_key",

expectedError: `Either provisionerDaemon.pskSecretName or provisionerDaemon.keySecretName must be specified.`,

},

---

# Source: coder-provisioner/templates/coder.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

annotations: {}

labels:

app.kubernetes.io/instance: release-name

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/name: coder-provisioner

app.kubernetes.io/part-of: coder-provisioner

app.kubernetes.io/version: 0.1.0

helm.sh/chart: coder-provisioner-0.1.0

name: coder-provisioner

---

# Source: coder-provisioner/templates/rbac.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: Role

metadata:

name: coder-provisioner-workspace-perms

rules:

- apiGroups: [""]

resources: ["pods"]

verbs:

- create

- delete

- deletecollection

- get

- list

- patch

- update

- watch

- apiGroups: [""]

resources: ["persistentvolumeclaims"]

verbs:

- create

- delete

- deletecollection

- get

- list

- patch

- update

- watch

- apiGroups:

- apps

resources:

- deployments

verbs:

- create

- delete

- deletecollection

- get

- list

- patch

- update

- watch

---

# Source: coder-provisioner/templates/rbac.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

name: "coder-provisioner"

subjects:

- kind: ServiceAccount

name: "coder-provisioner"

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

name: coder-provisioner-workspace-perms

---

# Source: coder-provisioner/templates/coder.yaml

apiVersion: apps/v1

kind: Deployment

metadata:

annotations: {}

labels:

app.kubernetes.io/instance: release-name

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/name: coder-provisioner

app.kubernetes.io/part-of: coder-provisioner

app.kubernetes.io/version: 0.1.0

helm.sh/chart: coder-provisioner-0.1.0

name: coder-provisioner

spec:

replicas: 1

selector:

matchLabels:

app.kubernetes.io/instance: release-name

app.kubernetes.io/name: coder-provisioner

template:

metadata:

annotations: {}

labels:

app.kubernetes.io/instance: release-name

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/name: coder-provisioner

app.kubernetes.io/part-of: coder-provisioner

app.kubernetes.io/version: 0.1.0

helm.sh/chart: coder-provisioner-0.1.0

spec:

containers:

- args:

- provisionerd

- start

command:

- /opt/coder

env:

- name: CODER_PROMETHEUS_ADDRESS

value: 0.0.0.0:2112

- name: CODER_PROVISIONER_DAEMON_KEY

valueFrom:

secretKeyRef:

key: provisionerd-key

name: coder-provisionerd-key

- name: CODER_PROVISIONERD_TAGS

value: clusterType=k8s,location=auh

- name: CODER_URL

value: http://coder.default.svc.cluster.local

image: ghcr.io/coder/coder:latest

imagePullPolicy: IfNotPresent

lifecycle: {}

name: coder

ports: null

resources: {}

securityContext:

allowPrivilegeEscalation: false

readOnlyRootFilesystem: null

runAsGroup: 1000

runAsNonRoot: true

runAsUser: 1000

seccompProfile:

type: RuntimeDefault

volumeMounts: []

restartPolicy: Always

serviceAccountName: coder-provisioner

terminationGracePeriodSeconds: 600

volumes: []

coder:

image:

tag: latest

provisionerDaemon:

pskSecretName: ""

keySecretName: "coder-provisionerd-key"

keySecretKey: "provisionerd-key"

tags:

location: auh

clusterType: k8s

coder:

image:

tag: latest

provisionerDaemon:

pskSecretName: ""

keySecretName: ""

tags:

location: auh

clusterType: k8s

---

# Source: coder-provisioner/templates/coder.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

annotations: {}

labels:

app.kubernetes.io/instance: release-name

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/name: coder-provisioner

app.kubernetes.io/part-of: coder-provisioner

app.kubernetes.io/version: 0.1.0

helm.sh/chart: coder-provisioner-0.1.0

name: coder-provisioner

---

# Source: coder-provisioner/templates/rbac.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: Role

metadata:

name: coder-provisioner-workspace-perms

rules:

- apiGroups: [""]

resources: ["pods"]

verbs:

- create

- delete

- deletecollection

- get

- list

- patch

- update

- watch

- apiGroups: [""]

resources: ["persistentvolumeclaims"]

verbs:

- create

- delete

- deletecollection

- get

- list

- patch

- update

- watch

- apiGroups:

- apps

resources:

- deployments

verbs:

- create

- delete

- deletecollection

- get

- list

- patch

- update

- watch

---

# Source: coder-provisioner/templates/rbac.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

name: "coder-provisioner"

subjects:

- kind: ServiceAccount

name: "coder-provisioner"

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

name: coder-provisioner-workspace-perms

---

# Source: coder-provisioner/templates/coder.yaml

apiVersion: apps/v1

kind: Deployment

metadata:

annotations: {}

labels:

app.kubernetes.io/instance: release-name

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/name: coder-provisioner

app.kubernetes.io/part-of: coder-provisioner

app.kubernetes.io/version: 0.1.0

helm.sh/chart: coder-provisioner-0.1.0

name: coder-provisioner

spec:

replicas: 1

selector:

matchLabels:

app.kubernetes.io/instance: release-name

app.kubernetes.io/name: coder-provisioner

template:

metadata:

annotations: {}

labels:

app.kubernetes.io/instance: release-name

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/name: coder-provisioner

app.kubernetes.io/part-of: coder-provisioner

app.kubernetes.io/version: 0.1.0

helm.sh/chart: coder-provisioner-0.1.0

spec:

containers:

- args:

- provisionerd

- start

command:

- /opt/coder

env:

- name: CODER_PROMETHEUS_ADDRESS

value: 0.0.0.0:2112

- name: CODER_PROVISIONER_DAEMON_PSK

valueFrom:

secretKeyRef:

key: psk

name: coder-provisionerd-psk

- name: CODER_PROVISIONER_DAEMON_KEY

valueFrom:

secretKeyRef:

key: provisionerd-key

name: coder-provisionerd-key

- name: CODER_PROVISIONERD_TAGS

value: clusterType=k8s,location=auh

- name: CODER_URL

value: http://coder.default.svc.cluster.local

image: ghcr.io/coder/coder:latest

imagePullPolicy: IfNotPresent

lifecycle: {}

name: coder

ports: null

resources: {}

securityContext:

allowPrivilegeEscalation: false

readOnlyRootFilesystem: null

runAsGroup: 1000

runAsNonRoot: true

runAsUser: 1000

seccompProfile:

type: RuntimeDefault

volumeMounts: []

restartPolicy: Always

serviceAccountName: coder-provisioner

terminationGracePeriodSeconds: 600

volumes: []

coder:

image:

tag: latest

provisionerDaemon:

pskSecretName: "coder-provisionerd-psk"

keySecretName: "coder-provisionerd-key"

keySecretKey: "provisionerd-key"

tags:

location: auh

clusterType: k8s

# Pre-Shared Key (PSK) to use to authenticate with Coder. The secret must be

# in the same namespace as the Helm deployment, and contain an item called

# "psk" which contains the pre-shared key.

# NOTE: We no longer recommend using PSKs. Please consider using provisioner

# keys instead. They have a number of benefits, including the ability to

# rotate them easily.

# provisionerDaemon.keySecretName -- The name of the Kubernetes

# secret that contains a provisioner key to use to authenticate with Coder.

# See: https://coder.com/docs/admin/provisioners#authentication

keySecretName: ""

# provisionerDaemon.keySecretKey -- The key of the Kubernetes

# secret specified in provisionerDaemon.keySecretName that contains

# the provisioner key. Defaults to "key".

keySecretKey: "key"

# provisionerDaemon.tags -- Tags to filter provisioner jobs by.

# See: https://coder.com/docs/admin/provisioners#provisioner-tags