--- # Source: coder/templates/coder.yaml apiVersion: v1 kind: ServiceAccount metadata: name: "coder" annotations: {} labels: helm.sh/chart: coder-0.1.0 app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name app.kubernetes.io/part-of: coder app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: coder-workspace-perms rules: - apiGroups: [""] resources: ["pods"] verbs: ["*"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["*"] --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: "coder" subjects: - kind: ServiceAccount name: "coder" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: coder-workspace-perms --- # Source: coder/templates/service.yaml apiVersion: v1 kind: Service metadata: name: coder labels: helm.sh/chart: coder-0.1.0 app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name app.kubernetes.io/part-of: coder app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm annotations: {} spec: type: LoadBalancer sessionAffinity: ClientIP ports: - name: "http" port: 80 targetPort: "http" protocol: TCP - name: "https" port: 443 targetPort: "https" protocol: TCP externalTrafficPolicy: "Cluster" selector: app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name --- # Source: coder/templates/coder.yaml apiVersion: apps/v1 kind: Deployment metadata: name: coder labels: helm.sh/chart: coder-0.1.0 app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name app.kubernetes.io/part-of: coder app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm annotations: {} spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name template: metadata: labels: helm.sh/chart: coder-0.1.0 app.kubernetes.io/name: coder app.kubernetes.io/instance: release-name app.kubernetes.io/part-of: coder app.kubernetes.io/version: "0.1.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: "coder" restartPolicy: Always terminationGracePeriodSeconds: 60 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/instance operator: In values: - coder topologyKey: kubernetes.io/hostname weight: 1 containers: - name: coder image: "ghcr.io/coder/coder:latest" imagePullPolicy: IfNotPresent resources: {} env: - name: CODER_HTTP_ADDRESS value: "0.0.0.0:8080" - name: CODER_PROMETHEUS_ADDRESS value: "0.0.0.0:2112" # Set the default access URL so a `helm apply` works by default. # See: https://github.com/coder/coder/issues/5024 - name: CODER_ACCESS_URL value: "https://coder.default.svc.cluster.local" # Used for inter-pod communication with high-availability. - name: KUBE_POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: CODER_DERP_SERVER_RELAY_URL value: "http://$(KUBE_POD_IP):8080" - name: CODER_TLS_ENABLE value: "true" - name: CODER_TLS_ADDRESS value: "0.0.0.0:8443" - name: CODER_TLS_CERT_FILE value: "/etc/ssl/certs/coder/coder-tls/tls.crt" - name: CODER_TLS_KEY_FILE value: "/etc/ssl/certs/coder/coder-tls/tls.key" ports: - name: "http" containerPort: 8080 protocol: TCP - name: "https" containerPort: 8443 protocol: TCP securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault readinessProbe: httpGet: path: /api/v2/buildinfo port: "http" scheme: "HTTP" livenessProbe: httpGet: path: /api/v2/buildinfo port: "http" scheme: "HTTP" volumeMounts: - name: "tls-coder-tls" mountPath: "/etc/ssl/certs/coder/coder-tls" readOnly: true volumes: - name: "tls-coder-tls" secret: secretName: "coder-tls"