Skip to content

Commit 32bed26

Browse files
ethanndicksonethanndickson
committed
feat: add tls to scaletest infrastructure
1 parent 6553771 commit 32bed26

File tree

10 files changed

+250
-143
lines changed

10 files changed

+250
-143
lines changed

.editorconfig

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ trim_trailing_whitespace = true
77
insert_final_newline = true
88
indent_style = tab
99

10-
[*.{yaml,yml,tf,tfvars,nix}]
10+
[*.{yaml,yml,tf,tftpl,tfvars,nix}]
1111
indent_style = space
1212
indent_size = 2
1313

scaletest/terraform/action/cf_dns.tf

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,12 @@ resource "cloudflare_record" "coder" {
66
type = "A"
77
ttl = 3600
88
}
9+
10+
resource "cloudflare_record" "coder_wildcard" {
11+
for_each = local.deployments
12+
zone_id = var.cloudflare_zone_id
13+
name = each.value.wildcard_subdomain
14+
content = "${each.value.subdomain}.${var.cloudflare_domain}"
15+
type = "CNAME"
16+
ttl = 3600
17+
}

scaletest/terraform/action/coder_helm_values.tftpl

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ coder:
2222
%{~ if workspace_proxy ~}
2323
- name: "CODER_ACCESS_URL"
2424
value: "${access_url}"
25+
- name: "CODER_WILDCARD_ACCESS_URL"
26+
value: "${wildcard_access_url}"
2527
- name: CODER_PRIMARY_ACCESS_URL
2628
value: "${primary_url}"
2729
- name: CODER_PROXY_SESSION_TOKEN
@@ -45,6 +47,8 @@ coder:
4547
%{~ if !workspace_proxy && !provisionerd ~}
4648
- name: "CODER_ACCESS_URL"
4749
value: "${access_url}"
50+
- name: "CODER_WILDCARD_ACCESS_URL"
51+
value: "${wildcard_access_url}"
4852
- name: "CODER_PG_CONNECTION_URL"
4953
valueFrom:
5054
secretKeyRef:
@@ -109,3 +113,8 @@ coder:
109113
- emptyDir:
110114
sizeLimit: 1024Mi
111115
name: cache
116+
%{~ if !provisionerd ~}
117+
tls:
118+
secretNames:
119+
- "${tls_secret_name}"
120+
%{~ endif ~}

scaletest/terraform/action/gcp_clusters.tf

Lines changed: 21 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -6,25 +6,31 @@ data "google_compute_default_service_account" "default" {
66
locals {
77
deployments = {
88
primary = {
9-
subdomain = "${var.name}-scaletest"
10-
url = "http://${var.name}-scaletest.${var.cloudflare_domain}"
11-
region = "us-east1"
12-
zone = "us-east1-c"
13-
subnet = "scaletest"
9+
subdomain = "primary.${var.name}"
10+
wildcard_subdomain = "*.primary.${var.name}"
11+
url = "https://primary.${var.name}.${var.cloudflare_domain}"
12+
wildcard_access_url = "*.primary.${var.name}.${var.cloudflare_domain}"
13+
region = "us-east1"
14+
zone = "us-east1-c"
15+
subnet = "scaletest"
1416
}
1517
europe = {
16-
subdomain = "${var.name}-europe-scaletest"
17-
url = "http://${var.name}-europe-scaletest.${var.cloudflare_domain}"
18-
region = "europe-west1"
19-
zone = "europe-west1-b"
20-
subnet = "scaletest"
18+
subdomain = "europe.${var.name}"
19+
wildcard_subdomain = "*.europe.${var.name}"
20+
url = "https://europe.${var.name}.${var.cloudflare_domain}"
21+
wildcard_access_url = "*.europe.${var.name}.${var.cloudflare_domain}"
22+
region = "europe-west1"
23+
zone = "europe-west1-b"
24+
subnet = "scaletest"
2125
}
2226
asia = {
23-
subdomain = "${var.name}-asia-scaletest"
24-
url = "http://${var.name}-asia-scaletest.${var.cloudflare_domain}"
25-
region = "asia-southeast1"
26-
zone = "asia-southeast1-a"
27-
subnet = "scaletest"
27+
subdomain = "asia.${var.name}"
28+
wildcard_subdomain = "*.asia.${var.name}"
29+
url = "https://asia.${var.name}.${var.cloudflare_domain}"
30+
wildcard_access_url = "*.asia.${var.name}.${var.cloudflare_domain}"
31+
region = "asia-southeast1"
32+
zone = "asia-southeast1-a"
33+
subnet = "scaletest"
2834
}
2935
}
3036
node_pools = {

scaletest/terraform/action/k8s_coder_asia.tf

Lines changed: 59 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,23 @@ resource "kubernetes_secret" "proxy_token_asia" {
4343
}
4444
}
4545

46+
resource "kubernetes_secret" "coder_tls_asia" {
47+
provider = kubernetes.asia
48+
49+
type = "kubernetes.io/tls"
50+
metadata {
51+
name = "coder-tls"
52+
namespace = kubernetes_namespace.coder_asia.metadata.0.name
53+
}
54+
data = {
55+
"tls.crt" = data.kubernetes_secret.coder_tls["asia"].data["tls.crt"]
56+
"tls.key" = data.kubernetes_secret.coder_tls["asia"].data["tls.key"]
57+
}
58+
lifecycle {
59+
ignore_changes = [timeouts, wait_for_service_account_token]
60+
}
61+
}
62+
4663
resource "helm_release" "coder_asia" {
4764
provider = helm.asia
4865

@@ -52,25 +69,27 @@ resource "helm_release" "coder_asia" {
5269
version = var.coder_chart_version
5370
namespace = kubernetes_namespace.coder_asia.metadata.0.name
5471
values = [templatefile("${path.module}/coder_helm_values.tftpl", {
55-
workspace_proxy = true,
56-
provisionerd = false,
57-
primary_url = local.deployments.primary.url,
58-
proxy_token = kubernetes_secret.proxy_token_asia.metadata.0.name,
59-
db_secret = null,
60-
ip_address = google_compute_address.coder["asia"].address,
61-
provisionerd_psk = null,
62-
access_url = local.deployments.asia.url,
63-
node_pool = google_container_node_pool.node_pool["asia_coder"].name,
64-
release_name = local.coder_release_name,
65-
experiments = var.coder_experiments,
66-
image_repo = var.coder_image_repo,
67-
image_tag = var.coder_image_tag,
68-
replicas = local.scenarios[var.scenario].coder.replicas,
69-
cpu_request = local.scenarios[var.scenario].coder.cpu_request,
70-
mem_request = local.scenarios[var.scenario].coder.mem_request,
71-
cpu_limit = local.scenarios[var.scenario].coder.cpu_limit,
72-
mem_limit = local.scenarios[var.scenario].coder.mem_limit,
73-
deployment = "asia",
72+
workspace_proxy = true,
73+
provisionerd = false,
74+
primary_url = local.deployments.primary.url,
75+
proxy_token = kubernetes_secret.proxy_token_asia.metadata.0.name,
76+
db_secret = null,
77+
ip_address = google_compute_address.coder["asia"].address,
78+
provisionerd_psk = null,
79+
access_url = local.deployments.asia.url,
80+
wildcard_access_url = local.deployments.asia.wildcard_access_url,
81+
node_pool = google_container_node_pool.node_pool["asia_coder"].name,
82+
release_name = local.coder_release_name,
83+
experiments = var.coder_experiments,
84+
image_repo = var.coder_image_repo,
85+
image_tag = var.coder_image_tag,
86+
replicas = local.scenarios[var.scenario].coder.replicas,
87+
cpu_request = local.scenarios[var.scenario].coder.cpu_request,
88+
mem_request = local.scenarios[var.scenario].coder.mem_request,
89+
cpu_limit = local.scenarios[var.scenario].coder.cpu_limit,
90+
mem_limit = local.scenarios[var.scenario].coder.mem_limit,
91+
deployment = "asia",
92+
tls_secret_name = kubernetes_secret.coder_tls_asia.metadata.0.name,
7493
})]
7594

7695
depends_on = [null_resource.license]
@@ -85,25 +104,27 @@ resource "helm_release" "provisionerd_asia" {
85104
version = var.provisionerd_chart_version
86105
namespace = kubernetes_namespace.coder_asia.metadata.0.name
87106
values = [templatefile("${path.module}/coder_helm_values.tftpl", {
88-
workspace_proxy = false,
89-
provisionerd = true,
90-
primary_url = null,
91-
proxy_token = null,
92-
db_secret = null,
93-
ip_address = null,
94-
provisionerd_psk = kubernetes_secret.provisionerd_psk_asia.metadata.0.name,
95-
access_url = local.deployments.primary.url,
96-
node_pool = google_container_node_pool.node_pool["asia_coder"].name,
97-
release_name = local.coder_release_name,
98-
experiments = var.coder_experiments,
99-
image_repo = var.coder_image_repo,
100-
image_tag = var.coder_image_tag,
101-
replicas = local.scenarios[var.scenario].provisionerd.replicas,
102-
cpu_request = local.scenarios[var.scenario].provisionerd.cpu_request,
103-
mem_request = local.scenarios[var.scenario].provisionerd.mem_request,
104-
cpu_limit = local.scenarios[var.scenario].provisionerd.cpu_limit,
105-
mem_limit = local.scenarios[var.scenario].provisionerd.mem_limit,
106-
deployment = "asia",
107+
workspace_proxy = false,
108+
provisionerd = true,
109+
primary_url = null,
110+
proxy_token = null,
111+
db_secret = null,
112+
ip_address = null,
113+
provisionerd_psk = kubernetes_secret.provisionerd_psk_asia.metadata.0.name,
114+
access_url = local.deployments.primary.url,
115+
wildcard_access_url = null,
116+
node_pool = google_container_node_pool.node_pool["asia_coder"].name,
117+
release_name = local.coder_release_name,
118+
experiments = var.coder_experiments,
119+
image_repo = var.coder_image_repo,
120+
image_tag = var.coder_image_tag,
121+
replicas = local.scenarios[var.scenario].provisionerd.replicas,
122+
cpu_request = local.scenarios[var.scenario].provisionerd.cpu_request,
123+
mem_request = local.scenarios[var.scenario].provisionerd.mem_request,
124+
cpu_limit = local.scenarios[var.scenario].provisionerd.cpu_limit,
125+
mem_limit = local.scenarios[var.scenario].provisionerd.mem_limit,
126+
deployment = "asia",
127+
tls_secret_name = null,
107128
})]
108129

109130
depends_on = [null_resource.license]

scaletest/terraform/action/k8s_coder_europe.tf

Lines changed: 59 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,23 @@ resource "kubernetes_secret" "proxy_token_europe" {
4343
}
4444
}
4545

46+
resource "kubernetes_secret" "coder_tls_europe" {
47+
provider = kubernetes.europe
48+
49+
type = "kubernetes.io/tls"
50+
metadata {
51+
name = "coder-tls"
52+
namespace = kubernetes_namespace.coder_europe.metadata.0.name
53+
}
54+
data = {
55+
"tls.crt" = data.kubernetes_secret.coder_tls["europe"].data["tls.crt"]
56+
"tls.key" = data.kubernetes_secret.coder_tls["europe"].data["tls.key"]
57+
}
58+
lifecycle {
59+
ignore_changes = [timeouts, wait_for_service_account_token]
60+
}
61+
}
62+
4663
resource "helm_release" "coder_europe" {
4764
provider = helm.europe
4865

@@ -52,25 +69,27 @@ resource "helm_release" "coder_europe" {
5269
version = var.coder_chart_version
5370
namespace = kubernetes_namespace.coder_europe.metadata.0.name
5471
values = [templatefile("${path.module}/coder_helm_values.tftpl", {
55-
workspace_proxy = true,
56-
provisionerd = false,
57-
primary_url = local.deployments.primary.url,
58-
proxy_token = kubernetes_secret.proxy_token_europe.metadata.0.name,
59-
db_secret = null,
60-
ip_address = google_compute_address.coder["europe"].address,
61-
provisionerd_psk = null,
62-
access_url = local.deployments.europe.url,
63-
node_pool = google_container_node_pool.node_pool["europe_coder"].name,
64-
release_name = local.coder_release_name,
65-
experiments = var.coder_experiments,
66-
image_repo = var.coder_image_repo,
67-
image_tag = var.coder_image_tag,
68-
replicas = local.scenarios[var.scenario].coder.replicas,
69-
cpu_request = local.scenarios[var.scenario].coder.cpu_request,
70-
mem_request = local.scenarios[var.scenario].coder.mem_request,
71-
cpu_limit = local.scenarios[var.scenario].coder.cpu_limit,
72-
mem_limit = local.scenarios[var.scenario].coder.mem_limit,
73-
deployment = "europe",
72+
workspace_proxy = true,
73+
provisionerd = false,
74+
primary_url = local.deployments.primary.url,
75+
proxy_token = kubernetes_secret.proxy_token_europe.metadata.0.name,
76+
db_secret = null,
77+
ip_address = google_compute_address.coder["europe"].address,
78+
provisionerd_psk = null,
79+
access_url = local.deployments.europe.url,
80+
wildcard_access_url = local.deployments.europe.wildcard_access_url,
81+
node_pool = google_container_node_pool.node_pool["europe_coder"].name,
82+
release_name = local.coder_release_name,
83+
experiments = var.coder_experiments,
84+
image_repo = var.coder_image_repo,
85+
image_tag = var.coder_image_tag,
86+
replicas = local.scenarios[var.scenario].coder.replicas,
87+
cpu_request = local.scenarios[var.scenario].coder.cpu_request,
88+
mem_request = local.scenarios[var.scenario].coder.mem_request,
89+
cpu_limit = local.scenarios[var.scenario].coder.cpu_limit,
90+
mem_limit = local.scenarios[var.scenario].coder.mem_limit,
91+
deployment = "europe",
92+
tls_secret_name = kubernetes_secret.coder_tls_europe.metadata.0.name,
7493
})]
7594

7695
depends_on = [null_resource.license]
@@ -85,25 +104,27 @@ resource "helm_release" "provisionerd_europe" {
85104
version = var.provisionerd_chart_version
86105
namespace = kubernetes_namespace.coder_europe.metadata.0.name
87106
values = [templatefile("${path.module}/coder_helm_values.tftpl", {
88-
workspace_proxy = false,
89-
provisionerd = true,
90-
primary_url = null,
91-
proxy_token = null,
92-
db_secret = null,
93-
ip_address = null,
94-
provisionerd_psk = kubernetes_secret.provisionerd_psk_europe.metadata.0.name,
95-
access_url = local.deployments.primary.url,
96-
node_pool = google_container_node_pool.node_pool["europe_coder"].name,
97-
release_name = local.coder_release_name,
98-
experiments = var.coder_experiments,
99-
image_repo = var.coder_image_repo,
100-
image_tag = var.coder_image_tag,
101-
replicas = local.scenarios[var.scenario].provisionerd.replicas,
102-
cpu_request = local.scenarios[var.scenario].provisionerd.cpu_request,
103-
mem_request = local.scenarios[var.scenario].provisionerd.mem_request,
104-
cpu_limit = local.scenarios[var.scenario].provisionerd.cpu_limit,
105-
mem_limit = local.scenarios[var.scenario].provisionerd.mem_limit,
106-
deployment = "europe",
107+
workspace_proxy = false,
108+
provisionerd = true,
109+
primary_url = null,
110+
proxy_token = null,
111+
db_secret = null,
112+
ip_address = null,
113+
provisionerd_psk = kubernetes_secret.provisionerd_psk_europe.metadata.0.name,
114+
access_url = local.deployments.primary.url,
115+
wildcard_access_url = null,
116+
node_pool = google_container_node_pool.node_pool["europe_coder"].name,
117+
release_name = local.coder_release_name,
118+
experiments = var.coder_experiments,
119+
image_repo = var.coder_image_repo,
120+
image_tag = var.coder_image_tag,
121+
replicas = local.scenarios[var.scenario].provisionerd.replicas,
122+
cpu_request = local.scenarios[var.scenario].provisionerd.cpu_request,
123+
mem_request = local.scenarios[var.scenario].provisionerd.mem_request,
124+
cpu_limit = local.scenarios[var.scenario].provisionerd.cpu_limit,
125+
mem_limit = local.scenarios[var.scenario].provisionerd.mem_limit,
126+
deployment = "europe",
127+
tls_secret_name = null,
107128
})]
108129

109130
depends_on = [null_resource.license]

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy