diff --git a/Makefile b/Makefile index 62c2a612e0..d9ffa1f770 100644 --- a/Makefile +++ b/Makefile @@ -526,7 +526,7 @@ cli/testdata/.gen-golden: $(wildcard cli/testdata/*.golden) $(wildcard cli/*.tpl go test ./cli -run="Test(CommandHelp|ServerYAML)" -update touch "$@" -helm/tests/testdata/.gen-golden: $(wildcard helm/tests/testdata/*.golden) $(GO_SRC_FILES) +helm/tests/testdata/.gen-golden: $(wildcard helm/tests/testdata/*.yaml) $(wildcard helm/tests/testdata/*.golden) $(GO_SRC_FILES) go test ./helm/tests -run=TestUpdateGoldenFiles -update touch "$@" diff --git a/helm/.helmignore b/helm/.helmignore index 32bbea708e..957f15e7ce 100644 --- a/helm/.helmignore +++ b/helm/.helmignore @@ -23,3 +23,5 @@ .vscode/ Makefile artifacthub-repo.yml + +tests diff --git a/helm/templates/coder.yaml b/helm/templates/coder.yaml index c7edc9a9c1..082cd891e1 100644 --- a/helm/templates/coder.yaml +++ b/helm/templates/coder.yaml @@ -60,6 +60,13 @@ spec: - name: coder image: {{ include "coder.image" . | quote }} imagePullPolicy: {{ .Values.coder.image.pullPolicy }} + command: + - /opt/coder + args: + {{- if .Values.coder.workspaceProxy }} + - proxy + {{- end }} + - server resources: {{- toYaml .Values.coder.resources | nindent 12 }} lifecycle: diff --git a/helm/tests/chart_test.go b/helm/tests/chart_test.go index ff8acc217d..a36804a18a 100644 --- a/helm/tests/chart_test.go +++ b/helm/tests/chart_test.go @@ -44,6 +44,10 @@ var TestCases = []TestCase{ name: "labels_annotations", expectedError: "", }, + { + name: "workspace_proxy", + expectedError: "", + }, } type TestCase struct { diff --git a/helm/tests/testdata/default_values.golden b/helm/tests/testdata/default_values.golden index 1c859bc609..624ce02b58 100644 --- a/helm/tests/testdata/default_values.golden +++ b/helm/tests/testdata/default_values.golden @@ -134,6 +134,10 @@ spec: - name: coder image: "ghcr.io/coder/coder:latest" imagePullPolicy: IfNotPresent + command: + - /opt/coder + args: + - server resources: {} lifecycle: diff --git a/helm/tests/testdata/labels_annotations.golden b/helm/tests/testdata/labels_annotations.golden index 761b27af2f..6715a0f916 100644 --- a/helm/tests/testdata/labels_annotations.golden +++ b/helm/tests/testdata/labels_annotations.golden @@ -140,6 +140,10 @@ spec: - name: coder image: "ghcr.io/coder/coder:latest" imagePullPolicy: IfNotPresent + command: + - /opt/coder + args: + - server resources: {} lifecycle: diff --git a/helm/tests/testdata/sa.golden b/helm/tests/testdata/sa.golden index 250d3e1e50..5760a9a909 100644 --- a/helm/tests/testdata/sa.golden +++ b/helm/tests/testdata/sa.golden @@ -134,6 +134,10 @@ spec: - name: coder image: "ghcr.io/coder/coder:latest" imagePullPolicy: IfNotPresent + command: + - /opt/coder + args: + - server resources: {} lifecycle: diff --git a/helm/tests/testdata/tls.golden b/helm/tests/testdata/tls.golden index 4d98456364..7e6b58ef89 100644 --- a/helm/tests/testdata/tls.golden +++ b/helm/tests/testdata/tls.golden @@ -138,6 +138,10 @@ spec: - name: coder image: "ghcr.io/coder/coder:latest" imagePullPolicy: IfNotPresent + command: + - /opt/coder + args: + - server resources: {} lifecycle: diff --git a/helm/tests/testdata/workspace_proxy.golden b/helm/tests/testdata/workspace_proxy.golden new file mode 100644 index 0000000000..0bcf6f56d0 --- /dev/null +++ b/helm/tests/testdata/workspace_proxy.golden @@ -0,0 +1,177 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "coder" + annotations: + {} + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["*"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["*"] +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: ClientIP + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} + spec: + serviceAccountName: "coder" + restartPolicy: Always + terminationGracePeriodSeconds: 60 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - name: coder + image: "ghcr.io/coder/coder:latest" + imagePullPolicy: IfNotPresent + command: + - /opt/coder + args: + - proxy + - server + resources: + {} + lifecycle: + {} + env: + - name: CODER_HTTP_ADDRESS + value: "0.0.0.0:8080" + - name: CODER_PROMETHEUS_ADDRESS + value: "0.0.0.0:2112" + # Set the default access URL so a `helm apply` works by default. + # See: https://github.com/coder/coder/issues/5024 + - name: CODER_ACCESS_URL + value: "http://coder.default.svc.cluster.local" + # Used for inter-pod communication with high-availability. + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: "http://$(KUBE_POD_IP):8080" + + - name: CODER_PRIMARY_ACCESS_URL + value: https://dev.coder.com + - name: CODER_PROXY_SESSION_TOKEN + valueFrom: + secretKeyRef: + key: token + name: coder-workspace-proxy-session-token + ports: + - name: "http" + containerPort: 8080 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + readinessProbe: + httpGet: + path: /api/v2/buildinfo + port: "http" + scheme: "HTTP" + livenessProbe: + httpGet: + path: /api/v2/buildinfo + port: "http" + scheme: "HTTP" + volumeMounts: [] + volumes: [] diff --git a/helm/tests/testdata/workspace_proxy.yaml b/helm/tests/testdata/workspace_proxy.yaml new file mode 100644 index 0000000000..46f9f436c1 --- /dev/null +++ b/helm/tests/testdata/workspace_proxy.yaml @@ -0,0 +1,14 @@ +coder: + workspaceProxy: true + + image: + tag: latest + + env: + - name: CODER_PRIMARY_ACCESS_URL + value: "https://dev.coder.com" + - name: CODER_PROXY_SESSION_TOKEN + valueFrom: + secretKeyRef: + name: coder-workspace-proxy-session-token + key: token diff --git a/helm/values.yaml b/helm/values.yaml index 7fce83add8..7c39ba9318 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,10 +1,28 @@ # coder -- Primary configuration for `coder server`. coder: - # coder.replicaCount -- The number of Kubernetes deployment replicas. - # This should only be increased if High Availability is enabled. + # coder.replicaCount -- The number of Kubernetes deployment replicas. This + # should only be increased if High Availability is enabled. + # # This is an Enterprise feature. Contact sales@coder.com. replicaCount: 1 + # coder.workspaceProxy -- Whether or not this deployment of Coder is a Coder + # Workspace Proxy. Workspace Proxies reduce the latency between the user and + # their workspace for web connections (workspace apps and web terminal) and + # proxied connections from the CLI. Workspace Proxies are optional and only + # recommended for geographically sparse teams. + # + # Make sure you set CODER_PRIMARY_ACCESS_URL and CODER_PROXY_SESSION_TOKEN in + # the environment below. You can get a proxy token using the CLI: + # coder proxy create \ + # --name "proxy-name" \ + # --display-name "Proxy Name" \ + # --icon "/emojis/xyz.png" + # + # This is an Enterprise feature. Contact sales@coder.com + # Docs: https://coder.com/docs/v2/latest/admin/workspace-proxies + workspaceProxy: false + # coder.image -- The image to use for Coder. image: # coder.image.repo -- The repository of the image.