mirror of https://github.com/coder/coder.git
feat: add provisioner chart to release and docs (#9050)
* Add provisioner chart to release and docs Signed-off-by: Spike Curtis <spike@coder.com> * Update docs/admin/provisioners.md Co-authored-by: Muhammad Atif Ali <atif@coder.com> * Prettier Signed-off-by: Spike Curtis <spike@coder.com> * spell out PSK first time per section Co-authored-by: Cian Johnston <cian@coder.com> --------- Signed-off-by: Spike Curtis <spike@coder.com> Co-authored-by: Muhammad Atif Ali <atif@coder.com> Co-authored-by: Cian Johnston <cian@coder.com>
This commit is contained in:
parent
6fd9975aed
commit
ff9252c706
|
@ -141,7 +141,8 @@ jobs:
|
|||
build/coder_"$version"_linux_{amd64,armv7,arm64}.{tar.gz,apk,deb,rpm} \
|
||||
build/coder_"$version"_{darwin,windows}_{amd64,arm64}.zip \
|
||||
build/coder_"$version"_windows_amd64_installer.exe \
|
||||
build/coder_helm_"$version".tgz
|
||||
build/coder_helm_"$version".tgz \
|
||||
build/provisioner_helm_"$version".tgz
|
||||
env:
|
||||
CODER_SIGN_DARWIN: "1"
|
||||
AC_CERTIFICATE_FILE: /tmp/apple_cert.p12
|
||||
|
@ -295,9 +296,11 @@ jobs:
|
|||
version="$(./scripts/version.sh)"
|
||||
mkdir -p build/helm
|
||||
cp "build/coder_helm_${version}.tgz" build/helm
|
||||
cp "build/provisioner_helm_${version}.tgz" build/helm
|
||||
gsutil cp gs://helm.coder.com/v2/index.yaml build/helm/index.yaml
|
||||
helm repo index build/helm --url https://helm.coder.com/v2 --merge build/helm/index.yaml
|
||||
gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/coder_helm_${version}.tgz gs://helm.coder.com/v2
|
||||
gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/provisioner_helm_${version}.tgz gs://helm.coder.com/v2
|
||||
gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/index.yaml gs://helm.coder.com/v2
|
||||
gsutil -h "Cache-Control:no-cache,max-age=0" cp helm/artifacthub-repo.yml gs://helm.coder.com/v2
|
||||
|
||||
|
|
8
Makefile
8
Makefile
|
@ -344,15 +344,19 @@ push/$(CODER_MAIN_IMAGE): $(CODER_MAIN_IMAGE)
|
|||
docker manifest push "$$image_tag"
|
||||
.PHONY: push/$(CODER_MAIN_IMAGE)
|
||||
|
||||
# Helm charts that are available
|
||||
charts = coder provisioner
|
||||
|
||||
# Shortcut for Helm chart package.
|
||||
build/coder_helm.tgz: build/coder_helm_$(VERSION).tgz
|
||||
$(foreach chart,$(charts),build/$(chart)_helm.tgz): build/%_helm.tgz: build/%_helm_$(VERSION).tgz
|
||||
rm -f "$@"
|
||||
ln "$<" "$@"
|
||||
|
||||
# Helm chart package.
|
||||
build/coder_helm_$(VERSION).tgz:
|
||||
$(foreach chart,$(charts),build/$(chart)_helm_$(VERSION).tgz): build/%_helm_$(VERSION).tgz:
|
||||
./scripts/helm.sh \
|
||||
--version "$(VERSION)" \
|
||||
--chart $* \
|
||||
--output "$@"
|
||||
|
||||
site/out/index.html: site/package.json $(shell find ./site $(FIND_EXCLUSIONS) -type f \( -name '*.ts' -o -name '*.tsx' \))
|
||||
|
|
|
@ -10,22 +10,23 @@ By default, the Coder server runs [built-in provisioner daemons](../cli/server.m
|
|||
|
||||
- **Reduce server load**: External provisioners reduce load and build queue times from the Coder server. See [Scaling Coder](./scale.md#concurrent-workspace-builds) for more details.
|
||||
|
||||
> External provisioners are in an [alpha state](../contributing/feature-stages.md#alpha-features) and the behavior is subject to change. Use [GitHub issues](https://github.com/coder/coder) to leave feedback.
|
||||
|
||||
## Running external provisioners
|
||||
|
||||
Each provisioner can run a single [concurrent workspace build](./scale.md#concurrent-workspace-builds). For example, running 30 provisioner containers will allow 30 users to start workspaces at the same time.
|
||||
|
||||
Provisioners are started with the [coder provisionerd start](../cli/provisionerd_start.md) command.
|
||||
|
||||
### Authentication
|
||||
## Authentication
|
||||
|
||||
The provisioner server must authenticate with your Coder deployment. There are two authentication methods:
|
||||
The provisioner daemon must authenticate with your Coder deployment.
|
||||
|
||||
- PSK: Set a [provisioner daemon PSK](../cli/server#--provisioner-daemon-psk) on the Coder server and start the provisioner with `coder provisionerd start --psk <your-psk>`
|
||||
- User token: [Authenticate](../cli.md#--token) the Coder CLI as a user with the Template Admin or Owner role.
|
||||
Set a [provisioner daemon pre-shared key (PSK)](../cli/server.md#--provisioner-daemon-psk) on the Coder server and start the provisioner with
|
||||
`coder provisionerd start --psk <your-psk>`. If you are [installing with Helm](../install/kubernetes#install-coder-with-helm),
|
||||
see the [Helm example](#example-running-an-external-provisioner-with-helm) below.
|
||||
|
||||
### Types of provisioners
|
||||
> Coder still supports authenticating the provisioner daemon with a [token](../cli.md#--token) from a user with the
|
||||
> Template Admin or Owner role. This method is deprecated in favor of the PSK, which only has permission to access
|
||||
> provisioner daemon APIs. We recommend migrating to the PSK as soon as practical.
|
||||
|
||||
## Types of provisioners
|
||||
|
||||
- **Generic provisioners** can pick up any build job from templates without provisioner tags.
|
||||
|
||||
|
@ -65,7 +66,68 @@ The provisioner server must authenticate with your Coder deployment. There are t
|
|||
--provisioner-tag scope=user
|
||||
```
|
||||
|
||||
### Example: Running an external provisioner on a VM
|
||||
## Example: Running an external provisioner with Helm
|
||||
|
||||
Coder provides a Helm chart for running external provisioner daemons, which you will use in concert with the Helm chart
|
||||
for deploying the Coder server.
|
||||
|
||||
1. Create a long, random pre-shared key (PSK) and store it in a Kubernetes secret
|
||||
|
||||
```shell
|
||||
kubectl create secret generic coder-provisioner-psk --from-literal=psk=`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 26`
|
||||
```
|
||||
|
||||
1. Modify your Coder `values.yaml` to include
|
||||
|
||||
```yaml
|
||||
provisionerDaemon:
|
||||
pskSecretName: "coder-provisioner-psk"
|
||||
```
|
||||
|
||||
1. Redeploy Coder with the new `values.yaml` to roll out the PSK. You can omit `--version <your version>` to also upgrade
|
||||
Coder to the latest version.
|
||||
|
||||
```shell
|
||||
helm upgrade coder coder-v2/coder \
|
||||
--namespace coder \
|
||||
--version <your version> \
|
||||
--values values.yaml
|
||||
```
|
||||
|
||||
1. Create a `provisioner-values.yaml` file for the provisioner daemons Helm chart. For example
|
||||
|
||||
```yaml
|
||||
coder:
|
||||
env:
|
||||
- name: CODER_URL
|
||||
value: "https://coder.example.com"
|
||||
replicaCount: 10
|
||||
provisionerDaemon:
|
||||
pskSecretName: "coder-provisioner-psk"
|
||||
tags:
|
||||
location: auh
|
||||
kind: k8s
|
||||
```
|
||||
|
||||
This example creates a deployment of 10 provisioner daemons (for 10 concurrent builds) with the listed tags. For
|
||||
generic provisioners, remove the tags.
|
||||
|
||||
> Refer to the [values.yaml](https://github.com/coder/coder/blob/main/helm/provisioner/values.yaml) file for the
|
||||
> coder-provisioner chart for information on what values can be specified.
|
||||
|
||||
1. Install the provisioner daemon chart
|
||||
|
||||
```shell
|
||||
helm install coder-provisioner coder-v2/coder-provisioner \
|
||||
--namespace coder \
|
||||
--version <your version> \
|
||||
--values provisioner-values.yaml
|
||||
```
|
||||
|
||||
You can verify that your provisioner daemons have successfully connected to Coderd by looking for a log with message
|
||||
`provisionerd successfully connected to coderd` from each Pod.
|
||||
|
||||
## Example: Running an external provisioner on a VM
|
||||
|
||||
```sh
|
||||
curl -L https://coder.com/install.sh | sh
|
||||
|
@ -74,7 +136,7 @@ export CODER_SESSION_TOKEN=your_token
|
|||
coder provisionerd start
|
||||
```
|
||||
|
||||
### Example: Running an external provisioner via Docker
|
||||
## Example: Running an external provisioner via Docker
|
||||
|
||||
```sh
|
||||
docker run --rm -it \
|
||||
|
|
Binary file not shown.
|
@ -0,0 +1,36 @@
|
|||
# Coder Helm Chart
|
||||
|
||||
This directory contains the Helm chart used to deploy Coder provisioner daemons onto a Kubernetes
|
||||
cluster.
|
||||
|
||||
External provisioner daemons are an Enterprise feature. Contact sales@coder.com.
|
||||
|
||||
## Getting Started
|
||||
|
||||
> **Warning**: The main branch in this repository does not represent the
|
||||
> latest release of Coder. Please reference our installation docs for
|
||||
> instructions on a tagged release.
|
||||
|
||||
View
|
||||
[our docs](https://coder.com/docs/v2/latest/admin/provisioners)
|
||||
for detailed installation instructions.
|
||||
|
||||
## Values
|
||||
|
||||
Please refer to [values.yaml](values.yaml) for available Helm values and their
|
||||
defaults.
|
||||
|
||||
A good starting point for your values file is:
|
||||
|
||||
```yaml
|
||||
coder:
|
||||
env:
|
||||
- name: CODER_URL
|
||||
value: "https://coder.example.com"
|
||||
# This env enables the Prometheus metrics endpoint.
|
||||
- name: CODER_PROMETHEUS_ADDRESS
|
||||
value: "0.0.0.0:2112"
|
||||
replicaCount: 10
|
||||
provisionerDaemon:
|
||||
pskSecretName: "coder-provisioner-psk"
|
||||
```
|
Binary file not shown.
|
@ -4,15 +4,14 @@
|
|||
# .tgz file at the specified path, and may optionally push it to the Coder OSS
|
||||
# repo.
|
||||
#
|
||||
# ./helm.sh [--version 1.2.3] [--output path/to/coder.tgz] [--push]
|
||||
# ./helm.sh [--version 1.2.3] [--chart coder|provisioner] [--output path/to/coder.tgz]
|
||||
#
|
||||
# If no version is specified, defaults to the version from ./version.sh.
|
||||
#
|
||||
# If no output path is specified, defaults to
|
||||
# "$repo_root/build/coder_helm_$version.tgz".
|
||||
# If no chart is specified, defaults to 'coder'
|
||||
#
|
||||
# If the --push parameter is specified, the resulting artifact will be published
|
||||
# to the Coder OSS repo. This requires `gsutil` to be installed and configured.
|
||||
# If no output path is specified, defaults to
|
||||
# "$repo_root/build/$chart_helm_$version.tgz".
|
||||
|
||||
set -euo pipefail
|
||||
# shellcheck source=scripts/lib.sh
|
||||
|
@ -20,9 +19,9 @@ source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
|
|||
|
||||
version=""
|
||||
output_path=""
|
||||
push=0
|
||||
chart=""
|
||||
|
||||
args="$(getopt -o "" -l version:,output:,push -- "$@")"
|
||||
args="$(getopt -o "" -l version:,chart:,output:,push -- "$@")"
|
||||
eval set -- "$args"
|
||||
while true; do
|
||||
case "$1" in
|
||||
|
@ -30,14 +29,14 @@ while true; do
|
|||
version="$2"
|
||||
shift 2
|
||||
;;
|
||||
--chart)
|
||||
chart="$2"
|
||||
shift 2
|
||||
;;
|
||||
--output)
|
||||
output_path="$(realpath "$2")"
|
||||
shift 2
|
||||
;;
|
||||
--push)
|
||||
push="1"
|
||||
shift
|
||||
;;
|
||||
--)
|
||||
shift
|
||||
break
|
||||
|
@ -54,10 +53,17 @@ if [[ "$version" == "" ]]; then
|
|||
version="$(execrelative ./version.sh)"
|
||||
fi
|
||||
|
||||
if [[ "$chart" == "" ]]; then
|
||||
chart="coder"
|
||||
fi
|
||||
if ! [[ "$chart" =~ ^(coder|provisioner)$ ]]; then
|
||||
error "--chart value must be one of (coder, provisioner)"
|
||||
fi
|
||||
|
||||
if [[ "$output_path" == "" ]]; then
|
||||
cdroot
|
||||
mkdir -p build
|
||||
output_path="$(realpath "build/coder_helm_$version.tgz")"
|
||||
output_path="$(realpath "build/${chart}_helm_${version}.tgz")"
|
||||
fi
|
||||
|
||||
# Check dependencies
|
||||
|
@ -69,10 +75,10 @@ cdroot
|
|||
temp_dir="$(mktemp -d)"
|
||||
|
||||
cdroot
|
||||
cd ./helm/coder
|
||||
cd ./helm/$chart
|
||||
log "--- Updating dependencies"
|
||||
helm dependency update .
|
||||
log "--- Packaging helm chart for version $version ($output_path)"
|
||||
log "--- Packaging helm chart $chart for version $version ($output_path)"
|
||||
helm package \
|
||||
--version "$version" \
|
||||
--app-version "$version" \
|
||||
|
@ -82,8 +88,3 @@ helm package \
|
|||
log "Moving helm chart to $output_path"
|
||||
cp "$temp_dir"/*.tgz "$output_path"
|
||||
rm -rf "$temp_dir"
|
||||
|
||||
if [[ "$push" == 1 ]]; then
|
||||
log "--- Publishing helm chart..."
|
||||
# TODO: figure out how/where we want to publish the helm chart
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue