feat(helm): add support for nodePort specification in LoadBalancer services helm chart (coder#16032)

MRColorR · web-flow · commit d8fbbcbd3637 · 2025-01-20T13:14:14.000Z
## Short description: This pull request introduces support for optionally specify `nodePort` values when using `LoadBalancer` service type in the Coder Helm chart. This enhancement addresses a limitation where `httpNodePort` and `httpsNodePort` values were previously ignored for `LoadBalancer` services. This PR should expand the service customization options without disrupting existing configurations. ## Why this is Useful In some enterprise environments, applications may be required to use specific ports for compliance with organizational policies or cloud infrastructure requirements. For instance: - Reserved port blocks are allocated for specific applications for security and clarity. - Ensuring predictable port assignments helps in debugging and management scenarios. Since LoadBalancer in Kubernetes operates on top of nodePort, this feature is useful for enabling enterprises to adhere to such policies if they whish. ## What Was Changed - Updated helm/coder/templates/service.yaml: - Allowed nodePort specification for both NodePort and LoadBalancer service types. - Updated helm/coder/templates/values.yaml: - Updated inline comments to reflect the changes for nodeport values use cases. ### Regarding backward compatibility: If nodePort is not specified, Kubernetes dynamically assigns a port, maintaining the current behavior. ### Testing Performed - Validated through Helm dry-run: nodePort values are rendered correctly in the resulting Kubernetes YAML. - Deployed the updated chart in an enterprise Kubernetes cluster. - Tested coder environment with LoadBalancer service and specified nodePort values for both HTTP and HTTPS. ## Additional Notes - This PR expands the nodeport functionality introduced in PR coder#8993 to the Loadbalancer service. - If merged, an update to the documentation to include examples of LoadBalancer with nodePort values may be useful. - I've read the contributing guidelines and code of conduct. This is my first PR for the Coder project, and I hope it meets the community standards. Any advice, feedback, or help is greatly appreciated!
diff --git a/helm/coder/templates/service.yaml b/helm/coder/templates/service.yaml
@@ -16,17 +16,17 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      {{ if eq .Values.coder.service.type "NodePort" }}
+      {{- if or (eq .Values.coder.service.type "NodePort") (eq .Values.coder.service.type "LoadBalancer") }}
       nodePort: {{ .Values.coder.service.httpNodePort }}
-      {{ end }}
+      {{- end }}
     {{- if eq (include "coder.tlsEnabled" .) "true" }}
     - name: "https"
       port: 443
       targetPort: "https"
       protocol: TCP
-      {{ if eq .Values.coder.service.type "NodePort" }}
+      {{- if or (eq .Values.coder.service.type "NodePort") (eq .Values.coder.service.type "LoadBalancer") }}
       nodePort: {{ .Values.coder.service.httpsNodePort }}
-      {{ end }}
+      {{- end }}
     {{- end }}
   {{- if eq "LoadBalancer" .Values.coder.service.type }}
   {{- with .Values.coder.service.loadBalancerIP }}
diff --git a/helm/coder/tests/chart_test.go b/helm/coder/tests/chart_test.go
@@ -100,6 +100,14 @@ var testCases = []testCase{
 		name:          "svc_loadbalancer_class",
 		expectedError: "",
 	},
+	{
+		name:          "svc_nodeport",
+		expectedError: "",
+	},
+	{
+		name:          "svc_loadbalancer",
+		expectedError: "",
+	},
 }
 
 type testCase struct {
diff --git a/helm/coder/tests/testdata/auto_access_url_1.golden b/helm/coder/tests/testdata/auto_access_url_1.golden
@@ -90,7 +90,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/auto_access_url_2.golden b/helm/coder/tests/testdata/auto_access_url_2.golden
@@ -90,7 +90,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/auto_access_url_3.golden b/helm/coder/tests/testdata/auto_access_url_3.golden
@@ -90,7 +90,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/command.golden b/helm/coder/tests/testdata/command.golden
@@ -90,7 +90,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/command_args.golden b/helm/coder/tests/testdata/command_args.golden
@@ -90,7 +90,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/default_values.golden b/helm/coder/tests/testdata/default_values.golden
@@ -90,7 +90,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/env_from.golden b/helm/coder/tests/testdata/env_from.golden
@@ -90,7 +90,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/extra_templates.golden b/helm/coder/tests/testdata/extra_templates.golden
@@ -99,7 +99,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/labels_annotations.golden b/helm/coder/tests/testdata/labels_annotations.golden
@@ -90,7 +90,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/prometheus.golden b/helm/coder/tests/testdata/prometheus.golden
@@ -90,9 +90,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
       nodePort: 
-      
   selector:
     app.kubernetes.io/name: coder
     app.kubernetes.io/instance: release-name
diff --git a/helm/coder/tests/testdata/provisionerd_psk.golden b/helm/coder/tests/testdata/provisionerd_psk.golden
@@ -90,7 +90,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/sa.golden b/helm/coder/tests/testdata/sa.golden
@@ -91,7 +91,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/sa_disabled.golden b/helm/coder/tests/testdata/sa_disabled.golden
@@ -76,7 +76,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/sa_extra_rules.golden b/helm/coder/tests/testdata/sa_extra_rules.golden
@@ -104,7 +104,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   selector:
     app.kubernetes.io/name: coder
diff --git a/helm/coder/tests/testdata/svc_loadbalancer.golden b/helm/coder/tests/testdata/svc_loadbalancer.golden
@@ -0,0 +1,190 @@
+---
+# Source: coder/templates/coder.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations: {}
+  labels:
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/part-of: coder
+    app.kubernetes.io/version: 0.1.0
+    helm.sh/chart: coder-0.1.0
+  name: coder
+---
+# Source: coder/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: coder-workspace-perms
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+    - create
+    - delete
+    - deletecollection
+    - get
+    - list
+    - patch
+    - update
+    - watch
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs:
+    - create
+    - delete
+    - deletecollection
+    - get
+    - list
+    - patch
+    - update
+    - watch
+  - apiGroups:
+    - apps
+    resources:
+    - deployments
+    verbs:
+    - create
+    - delete
+    - deletecollection
+    - get
+    - list
+    - patch
+    - update
+    - watch
+---
+# Source: coder/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: "coder"
+subjects:
+  - kind: ServiceAccount
+    name: "coder"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: coder-workspace-perms
+---
+# Source: coder/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: coder
+  labels:
+    helm.sh/chart: coder-0.1.0
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: coder
+    app.kubernetes.io/version: "0.1.0"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    {}
+spec:
+  type: LoadBalancer
+  sessionAffinity: None
+  ports:
+    - name: "http"
+      port: 80
+      targetPort: "http"
+      protocol: TCP
+      nodePort: 30080
+  externalTrafficPolicy: "Cluster"
+  selector:
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/instance: release-name
+---
+# Source: coder/templates/coder.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations: {}
+  labels:
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: coder
+    app.kubernetes.io/part-of: coder
+    app.kubernetes.io/version: 0.1.0
+    helm.sh/chart: coder-0.1.0
+  name: coder
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: release-name
+      app.kubernetes.io/name: coder
+  template:
+    metadata:
+      annotations: {}
+      labels:
+        app.kubernetes.io/instance: release-name
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: coder
+        app.kubernetes.io/part-of: coder
+        app.kubernetes.io/version: 0.1.0
+        helm.sh/chart: coder-0.1.0
+    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/instance
+                  operator: In
+                  values:
+                  - coder
+              topologyKey: kubernetes.io/hostname
+            weight: 1
+      containers:
+      - args:
+        - server
+        command:
+        - /opt/coder
+        env:
+        - name: CODER_HTTP_ADDRESS
+          value: 0.0.0.0:8080
+        - name: CODER_PROMETHEUS_ADDRESS
+          value: 0.0.0.0:2112
+        - name: CODER_ACCESS_URL
+          value: http://coder.default.svc.cluster.local
+        - name: KUBE_POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: CODER_DERP_SERVER_RELAY_URL
+          value: http://$(KUBE_POD_IP):8080
+        image: ghcr.io/coder/coder:latest
+        imagePullPolicy: IfNotPresent
+        lifecycle: {}
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: http
+            scheme: HTTP
+        name: coder
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: http
+            scheme: HTTP
+        resources: {}
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: null
+          runAsGroup: 1000
+          runAsNonRoot: true
+          runAsUser: 1000
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts: []
+      restartPolicy: Always
+      serviceAccountName: coder
+      terminationGracePeriodSeconds: 60
+      volumes: []
diff --git a/helm/coder/tests/testdata/svc_loadbalancer.yaml b/helm/coder/tests/testdata/svc_loadbalancer.yaml
@@ -0,0 +1,8 @@
+coder:
+  image:
+    tag: latest
+
+  service:
+    type: LoadBalancer
+    httpNodePort: 30080
+    httpsNodePort: 30043
diff --git a/helm/coder/tests/testdata/svc_loadbalancer_class.golden b/helm/coder/tests/testdata/svc_loadbalancer_class.golden
@@ -90,7 +90,7 @@ spec:
       port: 80
       targetPort: "http"
       protocol: TCP
-      
+      nodePort: 
   externalTrafficPolicy: "Cluster"
   loadBalancerClass: "test"
   selector:
diff --git a/helm/coder/tests/testdata/svc_nodeport.golden b/helm/coder/tests/testdata/svc_nodeport.golden
diff --git a/helm/coder/tests/testdata/svc_nodeport.yaml b/helm/coder/tests/testdata/svc_nodeport.yaml
diff --git a/helm/coder/tests/testdata/tls.golden b/helm/coder/tests/testdata/tls.golden
diff --git a/helm/coder/tests/testdata/topology.golden b/helm/coder/tests/testdata/topology.golden
diff --git a/helm/coder/tests/testdata/workspace_proxy.golden b/helm/coder/tests/testdata/workspace_proxy.golden
diff --git a/helm/coder/values.yaml b/helm/coder/values.yaml
