--- # Source: coder/templates/coder.yaml apiVersion: v1 kind: ServiceAccount metadata: name: "coder" annotations: {} labels: helm.sh/chart: coder-0.1.0 app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name app.kubernetes.io/part-of: coder app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: coder-workspace-perms rules: - apiGroups: [""] resources: ["pods"] verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: - create - delete - deletecollection - get - list - patch - update - watch --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: "coder" subjects: - kind: ServiceAccount name: "coder" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: coder-workspace-perms --- # Source: coder/templates/service.yaml apiVersion: v1 kind: Service metadata: name: coder labels: helm.sh/chart: coder-0.1.0 app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name app.kubernetes.io/part-of: coder app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm annotations: {} spec: type: LoadBalancer sessionAffinity: ClientIP ports: - name: "http" port: 80 targetPort: "http" protocol: TCP externalTrafficPolicy: "Cluster" selector: app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name --- # Source: coder/templates/coder.yaml apiVersion: apps/v1 kind: Deployment metadata: name: coder labels: helm.sh/chart: coder-0.1.0 app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name app.kubernetes.io/part-of: coder app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm annotations: {} spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name template: metadata: labels: helm.sh/chart: coder-0.1.0 app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name app.kubernetes.io/part-of: coder app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm annotations: {} spec: serviceAccountName: "coder" restartPolicy: Always terminationGracePeriodSeconds: 60 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/instance operator: In values: - coder topologyKey: kubernetes.io/hostname weight: 1 containers: - name: coder image: "ghcr.io/coder/coder:latest" imagePullPolicy: IfNotPresent command: - /opt/coder args: - wsproxy - server resources: {} lifecycle: {} env: - name: CODER_HTTP_ADDRESS value: "0.0.0.0:8080" - name: CODER_PROMETHEUS_ADDRESS value: "0.0.0.0:2112" # Set the default access URL so a `helm apply` works by default. # See: https://github.com/coder/coder/issues/5024 - name: CODER_ACCESS_URL value: "http://coder.default.svc.cluster.local" # Used for inter-pod communication with high-availability. - name: KUBE_POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: CODER_DERP_SERVER_RELAY_URL value: "http://$(KUBE_POD_IP):8080" - name: CODER_PRIMARY_ACCESS_URL value: https://dev.coder.com - name: CODER_PROXY_SESSION_TOKEN valueFrom: secretKeyRef: key: token name: coder-workspace-proxy-session-token ports: - name: "http" containerPort: 8080 protocol: TCP securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault readinessProbe: httpGet: path: /api/v2/buildinfo port: "http" scheme: "HTTP" livenessProbe: httpGet: path: /api/v2/buildinfo port: "http" scheme: "HTTP" volumeMounts: [] volumes: []