From d045c7d10334e061ee6440ef42734d80fe17f1bc Mon Sep 17 00:00:00 2001 From: deansheather Date: Thu, 30 Jun 2022 07:15:55 +0000 Subject: [PATCH 1/7] feat: add basic helm chart --- helm/.helmignore | 23 ++++++++++ helm/Chart.yaml | 29 ++++++++++++ helm/templates/NOTES.txt | 16 +++++++ helm/templates/_helpers.tpl | 33 ++++++++++++++ helm/templates/deployment.yaml | 50 +++++++++++++++++++++ helm/templates/ingress.yaml | 32 ++++++++++++++ helm/templates/service.yaml | 19 ++++++++ helm/values.yaml | 81 ++++++++++++++++++++++++++++++++++ 8 files changed, 283 insertions(+) create mode 100644 helm/.helmignore create mode 100644 helm/Chart.yaml create mode 100644 helm/templates/NOTES.txt create mode 100644 helm/templates/_helpers.tpl create mode 100644 helm/templates/deployment.yaml create mode 100644 helm/templates/ingress.yaml create mode 100644 helm/templates/service.yaml create mode 100644 helm/values.yaml diff --git a/helm/.helmignore b/helm/.helmignore new file mode 100644 index 0000000000000..0e8a0eb36f4ca --- /dev/null +++ b/helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000000000..f66f0caee65d8 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: coder +description: Remote development environments on your infrastructure. +home: https://github.com/coder/coder + +# version and appVersion are injected at release. +type: application +version: "0.1.0" +appVersion: "0.1.0" + +# Coder has a hard requirement on Kubernetes 1.19, as this version +# introduced the networking.k8s.io/v1 API for the Ingress and +# NetworkPolicy resources. +# +# Additionally, the NOTES.txt file emits a warning if the cluster +# version is outside our soft requirement, in accordance with our +# official support policy. +kubeVersion: ">= 1.19.0-0" + +keywords: + - coder + - terraform +sources: + - https://github.com/coder/coder/tree/main/helm +icon: https://helm.coder.com/coder_logo_black.png +maintainers: + - name: Coder Technologies, Inc. + email: support@coder.com + url: https://coder.com/contact diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt new file mode 100644 index 0000000000000..c6108e984e1ed --- /dev/null +++ b/helm/templates/NOTES.txt @@ -0,0 +1,16 @@ +{{- if not (semverCompare ">= 1.21.0-0" .Capabilities.KubeVersion.Version) -}} +============================== KUBERNETES SUPPORT ============================== + +NOTICE: Coder follows the Kubernetes upstream version support policy, and the +latest stable release version of Coder supports the previous two minor releases +as well as the current release of Kubernetes at time of publication. + +Your Kubernetes version is: {{ .Capabilities.KubeVersion }} + +Coder {{ .Chart.AppVersion }} requires Kubernetes >= 1.21 + +Coder cannot provide any guarantees of compatibility nor technical support for +this version of Kubernetes. + +============================== KUBERNETES SUPPORT ============================== +{{- end -}} diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl new file mode 100644 index 0000000000000..807439ce627c1 --- /dev/null +++ b/helm/templates/_helpers.tpl @@ -0,0 +1,33 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "coder.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "coder.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "coder.labels" -}} +helm.sh/chart: {{ include "coder.chart" . }} +{{ include "coder.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "coder.selectorLabels" -}} +app.kubernetes.io/name: {{ include "coder.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml new file mode 100644 index 0000000000000..837bc98196153 --- /dev/null +++ b/helm/templates/deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: coder + labels: + {{- include "coder.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.coder.replicaCount }} + selector: + matchLabels: + {{- include "coder.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "coder.selectorLabels" . | nindent 8 }} + spec: + restartPolicy: Always + terminationGracePeriodSeconds: 300 + containers: + - name: coder + image: "{{ .Values.coder.image.repo }}:{{ .Values.coder.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.coder.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: CODER_ADDRESS + value: "0.0.0.0:80" + {{- if .Values.coder.tls.secretName }} + - name: CODER_TLS_ENABLE + value: "true" + - name: CODER_TLS_CERT_FILE + value: /etc/ssl/certs/coder/tls.crt + - name: CODER_TLS_KEY_FILE + value: /etc/ssl/certs/coder/tls.key + {{- end }} + {{- with .Values.coder.env -}} + {{ toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 80 + protocol: TCP + readinessProbe: + httpGet: + path: / + port: http + livenessProbe: + httpGet: + path: / + port: http diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml new file mode 100644 index 0000000000000..1842bc08228c8 --- /dev/null +++ b/helm/templates/ingress.yaml @@ -0,0 +1,32 @@ +{{- if .Values.coder.ingress.enable }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: coder + labels: + {{- include "coder.labels" . | nindent 4 }} +spec: + {{- if .Values.coder.ingress.className }} + {{/* If this is set to an empty string it fails validation on K8s */}} + ingressClassName: {{ .Values.coder.ingress.className | quote }} + {{- end }} + rules: + - host: {{ .Values.coder.ingress.host | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: coder + port: + name: http + + {{- if .Values.coder.ingress.tls.enable }} + tls: + - hosts: + - {{ .Values.coder.ingress.host | quote }} + secretName: {{ .Values.coder.ingress.tls.secretName | quote}} + {{- end }} +{{- end }} diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml new file mode 100644 index 0000000000000..f769d6740948a --- /dev/null +++ b/helm/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: coder + labels: + {{- include "coder.labels" . | nindent 4 }} +spec: + type: {{ .Values.coder.service.type }} + ports: + - name: http + port: 80 + targetPort: http + protocol: TCP + - name: https + port: 443 + targetPort: https + protocol: TCP + selector: + {{- include "coder.selectorLabels" . | nindent 4 }} diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 0000000000000..00bc9db8dd36c --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,81 @@ +# coder -- Primary configuration for `coder server`. +coder: + # coder.replicaCount -- The number of Kubernetes deployment replicas. + replicaCount: 1 + + # coder.image -- The image to use for Coder. + image: + # coder.image.repo -- The repository of the image. + repo: "ghcr.io/coder/coder" + # coder.image.tag -- The tag of the image, defaults to the same version as + # the chart. + tag: "{{.Release.Version}}" + # coder.image.pullPolicy -- The pull policy to use for the image. See: + # https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + pullPolicy: IfNotPresent + + # coder.service -- The Service object to expose for Coder. + service: + # coder.service.type -- The type of service to expose. See: + # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: LoadBalancer + # coder.service.externalTrafficPolicy -- The external traffic policy to use. + # On AWS EKS you may need to change this to "Cluster". See: + # https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + externalTrafficPolicy: Local + # coder.service.loadBalancerIP -- The IP address of the LoadBalancer. If not + # specified, a new IP will be generated each time the load balancer is + # recreated. It is recommended to manually create a static IP address in + # your cloud and specify it here in production to avoid accidental IP + # address changes. + loadBalancerIP: "" + + # coder.ingress -- The Ingress object to expose for Coder. + ingress: + # coder.ingress.enable -- Whether to enable the Ingress. + enable: false + # coder.ingress.className -- The name of the Ingress class to use. + className: "" + # coder.ingress.host -- The hostname to match on. + host: "coder.example.com" + # coder.ingress.tls -- The TLS configuration to use for the Ingress. + tls: + # coder.ingress.tls.enable -- Whether to enable TLS on the Ingress. + enable: false + # coder.ingress.tls.secretName -- The name of the TLS secret to use. + secretName: "" + + # coder.tls -- The TLS configuration for Coder. + tls: + # coder.tls.secretName -- The name of the secret containing the TLS + # certificate. The secret should exist in the same namespace as the Helm + # deployment and should be of type "kubernetes.io/tls". The secret will be + # automatically mounted into the pod if specified, and the correct + # "CODER_TLS_*" environment variables will be set for you. + secretName: "" + + # coder.resources -- The resources to request for Coder. These are optional + # and are not set by default. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # coder.env -- The environment variables to set for Coder. These can be used + # to configure all aspects of `coder server`. Please see `coder server --help` + # for information about what environment variables can be set. + # + # Note: The following environment variables are set by default and cannot be + # overridden: + # - CODER_ADDRESS: set to 0.0.0.0:80 and cannot be changed. + # - CODER_TLS_ENABLE: set if tls.secretName is not empty. + # - CODER_TLS_CERT_FILE: set if tls.secretName is not empty. + # - CODER_TLS_KEY_FILE: set if tls.secretName is not empty. + env: + - name: CODER_ACCESS_URL + value: "https://coder.example.com" + - name: CODER_PG_CONNECTION_URL + value: "postgres://coder:password@postgres:5432/coder?sslmode=disable" From a0b722c1eb1deb738c609009748a67b7a4f68262 Mon Sep 17 00:00:00 2001 From: deansheather Date: Thu, 30 Jun 2022 08:01:47 +0000 Subject: [PATCH 2/7] feat: add Helm build script --- .github/workflows/release.yaml | 7 +++ helm/Chart.yaml | 10 ++-- scripts/helm.sh | 87 ++++++++++++++++++++++++++++++++++ 3 files changed, 98 insertions(+), 6 deletions(-) create mode 100755 scripts/helm.sh diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5ae04d665b08c..c767cc908032e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -275,12 +275,19 @@ jobs: - name: ls artifacts run: ls artifacts + - name: Publish Helm + run: | + set -euxo pipefail + ./scripts/helm.sh --push + mv ./dist/*.tgz ./artifacts/ + - name: Publish Release run: | ./scripts/publish_release.sh \ ${{ (github.event.inputs.dry_run || github.event.inputs.snapshot) && '--dry-run' }} \ ./artifacts/*.zip \ ./artifacts/*.tar.gz \ + ./artifacts/*.tgz \ ./artifacts/*.apk \ ./artifacts/*.deb \ ./artifacts/*.rpm diff --git a/helm/Chart.yaml b/helm/Chart.yaml index f66f0caee65d8..dd16df2a01bc0 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -8,13 +8,11 @@ type: application version: "0.1.0" appVersion: "0.1.0" -# Coder has a hard requirement on Kubernetes 1.19, as this version -# introduced the networking.k8s.io/v1 API for the Ingress and -# NetworkPolicy resources. +# Coder has a hard requirement on Kubernetes 1.19, as this version introduced +# the networking.k8s.io/v1 API for the Ingress and NetworkPolicy resources. # -# Additionally, the NOTES.txt file emits a warning if the cluster -# version is outside our soft requirement, in accordance with our -# official support policy. +# Additionally, the NOTES.txt file emits a warning if the cluster version is +# outside our soft requirement, in accordance with our official support policy. kubeVersion: ">= 1.19.0-0" keywords: diff --git a/scripts/helm.sh b/scripts/helm.sh new file mode 100755 index 0000000000000..5978a5f373937 --- /dev/null +++ b/scripts/helm.sh @@ -0,0 +1,87 @@ +#!/usr/bin/env bash + +# This script creates a Helm package for the given version. It will output a +# .tgz file at the specified path, and may optionally push it to the Coder OSS +# repo. +# +# ./helm.sh [--version 1.2.3] [--output path/to/coder.tgz] [--push] +# +# If no version is specified, defaults to the version from ./version.sh. +# +# If no output path is specified, defaults to +# "$repo_root/dist/coder_helm_$version.tgz". +# +# If the --push parameter is specified, the resulting artifact will be published +# to the Coder OSS repo. This requires `gsutil` to be installed and configured. + +set -euo pipefail +# shellcheck source=scripts/lib.sh +source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" + +version="" +output_path="" +push=0 + +args="$(getopt -o "" -l version:,output:,push -- "$@")" +eval set -- "$args" +while true; do + case "$1" in + --version) + version="$2" + shift 2 + ;; + --output) + output_path="$(realpath "$2")" + shift 2 + ;; + --push) + push="1" + shift + ;; + --) + shift + break + ;; + *) + error "Unrecognized option: $1" + ;; + esac +done + +# Remove the "v" prefix. +version="${version#v}" +if [[ "$version" == "" ]]; then + version="$(execrelative ./version.sh)" +fi + +if [[ "$output_path" == "" ]]; then + cdroot + mkdir -p dist + output_path="$(realpath "dist/coder_helm_$version.tgz")" +fi + +# Check dependencies +dependencies helm + +# Make a destination temporary directory, as you cannot fully control the output +# path of `helm package` except for the directory name :/ +cdroot +temp_dir="$(mktemp -d)" + +cdroot +cd ./helm +log "--- Packaging helm chart for version $version ($output_path)" +helm package \ + --version "$version" \ + --app-version "$version" \ + --destination "$temp_dir" \ + . 1>&2 + +log "Moving helm chart to $output_path" +cp "$temp_dir"/*.tgz "$output_path" +rm -rf "$temp_dir" + +if [[ "$push" == 1 ]]; then + log "--- Publishing helm chart..." + # TODO: figure out how/where we want to publish the helm chart +fi From fba27bc4569dc1a35555af5566076e24353b9096 Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Fri, 22 Jul 2022 15:24:34 +0000 Subject: [PATCH 3/7] progress --- Dockerfile | 5 ++ helm/Chart.yaml | 3 +- helm/templates/_helpers.tpl | 16 +++--- helm/templates/deployment.yaml | 26 +++++++--- helm/templates/service.yaml | 14 ++++-- helm/values.yaml | 91 ++++++++++++++++++---------------- 6 files changed, 92 insertions(+), 63 deletions(-) diff --git a/Dockerfile b/Dockerfile index 489c7266485ca..3b3223de6cbaa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,4 +14,9 @@ LABEL \ # The coder binary is injected by scripts/build_docker.sh. ADD coder /opt/coder +# Create coder group and user. +RUN addgroup -g 1000 coder && + adduser -D -g "" -h /home/coder -G coder -u 1000 coder +USER coder:coder + ENTRYPOINT [ "/opt/coder", "server" ] diff --git a/helm/Chart.yaml b/helm/Chart.yaml index dd16df2a01bc0..55db37752f1d4 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -3,7 +3,8 @@ name: coder description: Remote development environments on your infrastructure. home: https://github.com/coder/coder -# version and appVersion are injected at release. +# version and appVersion are injected at release and will always be shown as +# 0.1.0 in the repository. type: application version: "0.1.0" appVersion: "0.1.0" diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 807439ce627c1..e723c6f1e9197 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -12,6 +12,14 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} +{{/* +Selector labels +*/}} +{{- define "coder.selectorLabels" -}} +app.kubernetes.io/name: {{ include "coder.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + {{/* Common labels */}} @@ -23,11 +31,3 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} - -{{/* -Selector labels -*/}} -{{- define "coder.selectorLabels" -}} -app.kubernetes.io/name: {{ include "coder.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index 837bc98196153..7738dd0597038 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -5,7 +5,10 @@ metadata: labels: {{- include "coder.labels" . | nindent 4 }} spec: - replicas: {{ .Values.coder.replicaCount }} + # NOTE: this is currently not used as coder v2 does not support high + # availability yet. + # replicas: {{ .Values.coder.replicaCount }} + replicas: 1 selector: matchLabels: {{- include "coder.selectorLabels" . | nindent 6 }} @@ -15,36 +18,45 @@ spec: {{- include "coder.selectorLabels" . | nindent 8 }} spec: restartPolicy: Always - terminationGracePeriodSeconds: 300 + terminationGracePeriodSeconds: 60 containers: - name: coder - image: "{{ .Values.coder.image.repo }}:{{ .Values.coder.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.coder.image.repo }}:{{ .Values.coder.image.tag | default (printf "v%v" .Chart.AppVersion) }}" imagePullPolicy: {{ .Values.coder.image.pullPolicy }} resources: {{- toYaml .Values.resources | nindent 12 }} env: - - name: CODER_ADDRESS - value: "0.0.0.0:80" {{- if .Values.coder.tls.secretName }} + - name: CODER_ADDRESS + value: "0.0.0.0:443" - name: CODER_TLS_ENABLE value: "true" - name: CODER_TLS_CERT_FILE value: /etc/ssl/certs/coder/tls.crt - name: CODER_TLS_KEY_FILE value: /etc/ssl/certs/coder/tls.key + {{- else }} + - name: CODER_ADDRESS + value: "0.0.0.0:80" {{- end }} {{- with .Values.coder.env -}} {{ toYaml . | nindent 12 }} {{- end }} ports: + {{- if .Values.coder.tls.secretName }} + - name: https + containerPort: 443 + protocol: TCP + {{- else }} - name: http containerPort: 80 protocol: TCP + {{- end }} readinessProbe: httpGet: - path: / + path: /api/v2/buildinfo port: http livenessProbe: httpGet: - path: / + path: /api/v2/buildinfo port: http diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml index f769d6740948a..84c47d9107da9 100644 --- a/helm/templates/service.yaml +++ b/helm/templates/service.yaml @@ -1,3 +1,5 @@ +{{- if .Values.coder.service.enable }} +--- apiVersion: v1 kind: Service metadata: @@ -7,13 +9,17 @@ metadata: spec: type: {{ .Values.coder.service.type }} ports: - - name: http - port: 80 - targetPort: http - protocol: TCP + {{- if .Values.coder.tls.secretName }} - name: https port: 443 targetPort: https protocol: TCP + {{- else }} + - name: http + port: 80 + targetPort: http + protocol: TCP + {{- end }} selector: {{- include "coder.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml index 00bc9db8dd36c..b83cceac77e15 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,28 +1,68 @@ # coder -- Primary configuration for `coder server`. coder: - # coder.replicaCount -- The number of Kubernetes deployment replicas. - replicaCount: 1 + # NOTE: this is currently not used as coder v2 does not support high + # availability yet. + # # coder.replicaCount -- The number of Kubernetes deployment replicas. + # replicaCount: 1 # coder.image -- The image to use for Coder. image: # coder.image.repo -- The repository of the image. repo: "ghcr.io/coder/coder" - # coder.image.tag -- The tag of the image, defaults to the same version as - # the chart. - tag: "{{.Release.Version}}" + # coder.image.tag -- The tag of the image, defaults to {{.Chart.AppVersion}} + # if not set. + tag: "" # coder.image.pullPolicy -- The pull policy to use for the image. See: # https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy pullPolicy: IfNotPresent + # coder.env -- The environment variables to set for Coder. These can be used + # to configure all aspects of `coder server`. Please see `coder server --help` + # for information about what environment variables can be set. + # + # Note: The following environment variables are set by default and cannot be + # overridden: + # - CODER_ADDRESS: set to 0.0.0.0:80 and cannot be changed. + # - CODER_TLS_ENABLE: set if tls.secretName is not empty. + # - CODER_TLS_CERT_FILE: set if tls.secretName is not empty. + # - CODER_TLS_KEY_FILE: set if tls.secretName is not empty. + env: + - name: CODER_ACCESS_URL + value: "https://coder.example.com" + #- name: CODER_PG_CONNECTION_URL + # value: "postgres://coder:password@postgres:5432/coder?sslmode=disable" + + # coder.tls -- The TLS configuration for Coder. + tls: + # coder.tls.secretName -- The name of the secret containing the TLS + # certificate. The secret should exist in the same namespace as the Helm + # deployment and should be of type "kubernetes.io/tls". The secret will be + # automatically mounted into the pod if specified, and the correct + # "CODER_TLS_*" environment variables will be set for you. + secretName: "" + + # coder.resources -- The resources to request for Coder. These are optional + # and are not set by default. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # coder.service -- The Service object to expose for Coder. service: + # coder.service.enable -- Whether to create the Service object. + enable: true # coder.service.type -- The type of service to expose. See: # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: LoadBalancer # coder.service.externalTrafficPolicy -- The external traffic policy to use. - # On AWS EKS you may need to change this to "Cluster". See: + # You may need to change this to "Local" to preserve the source IP address + # in some situations. # https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - externalTrafficPolicy: Local + externalTrafficPolicy: Cluster # coder.service.loadBalancerIP -- The IP address of the LoadBalancer. If not # specified, a new IP will be generated each time the load balancer is # recreated. It is recommended to manually create a static IP address in @@ -32,7 +72,7 @@ coder: # coder.ingress -- The Ingress object to expose for Coder. ingress: - # coder.ingress.enable -- Whether to enable the Ingress. + # coder.ingress.enable -- Whether to create the Ingress object. enable: false # coder.ingress.className -- The name of the Ingress class to use. className: "" @@ -44,38 +84,3 @@ coder: enable: false # coder.ingress.tls.secretName -- The name of the TLS secret to use. secretName: "" - - # coder.tls -- The TLS configuration for Coder. - tls: - # coder.tls.secretName -- The name of the secret containing the TLS - # certificate. The secret should exist in the same namespace as the Helm - # deployment and should be of type "kubernetes.io/tls". The secret will be - # automatically mounted into the pod if specified, and the correct - # "CODER_TLS_*" environment variables will be set for you. - secretName: "" - - # coder.resources -- The resources to request for Coder. These are optional - # and are not set by default. - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - # coder.env -- The environment variables to set for Coder. These can be used - # to configure all aspects of `coder server`. Please see `coder server --help` - # for information about what environment variables can be set. - # - # Note: The following environment variables are set by default and cannot be - # overridden: - # - CODER_ADDRESS: set to 0.0.0.0:80 and cannot be changed. - # - CODER_TLS_ENABLE: set if tls.secretName is not empty. - # - CODER_TLS_CERT_FILE: set if tls.secretName is not empty. - # - CODER_TLS_KEY_FILE: set if tls.secretName is not empty. - env: - - name: CODER_ACCESS_URL - value: "https://coder.example.com" - - name: CODER_PG_CONNECTION_URL - value: "postgres://coder:password@postgres:5432/coder?sslmode=disable" From 1a6d67c36b093078a754b7050755be1b9977047b Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Fri, 22 Jul 2022 15:46:59 +0000 Subject: [PATCH 4/7] remove helm soft version requirement --- helm/Chart.yaml | 5 +---- helm/templates/NOTES.txt | 16 ---------------- 2 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 helm/templates/NOTES.txt diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 55db37752f1d4..166aa7cea6077 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -10,10 +10,7 @@ version: "0.1.0" appVersion: "0.1.0" # Coder has a hard requirement on Kubernetes 1.19, as this version introduced -# the networking.k8s.io/v1 API for the Ingress and NetworkPolicy resources. -# -# Additionally, the NOTES.txt file emits a warning if the cluster version is -# outside our soft requirement, in accordance with our official support policy. +# the networking.k8s.io/v1 API. kubeVersion: ">= 1.19.0-0" keywords: diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt deleted file mode 100644 index c6108e984e1ed..0000000000000 --- a/helm/templates/NOTES.txt +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not (semverCompare ">= 1.21.0-0" .Capabilities.KubeVersion.Version) -}} -============================== KUBERNETES SUPPORT ============================== - -NOTICE: Coder follows the Kubernetes upstream version support policy, and the -latest stable release version of Coder supports the previous two minor releases -as well as the current release of Kubernetes at time of publication. - -Your Kubernetes version is: {{ .Capabilities.KubeVersion }} - -Coder {{ .Chart.AppVersion }} requires Kubernetes >= 1.21 - -Coder cannot provide any guarantees of compatibility nor technical support for -this version of Kubernetes. - -============================== KUBERNETES SUPPORT ============================== -{{- end -}} From f5f6afc290928086c4276c7020e148ade3d080da Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Fri, 22 Jul 2022 16:55:21 +0000 Subject: [PATCH 5/7] change coderd ports to be above 1024 in helm --- Dockerfile | 2 +- helm/templates/deployment.yaml | 8 ++++---- scripts/version.sh | 5 +++++ 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3b3223de6cbaa..cce691ca0cc62 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ LABEL \ ADD coder /opt/coder # Create coder group and user. -RUN addgroup -g 1000 coder && +RUN addgroup -g 1000 coder && \ adduser -D -g "" -h /home/coder -G coder -u 1000 coder USER coder:coder diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index 7738dd0597038..cc4a66839e3ad 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -28,7 +28,7 @@ spec: env: {{- if .Values.coder.tls.secretName }} - name: CODER_ADDRESS - value: "0.0.0.0:443" + value: "0.0.0.0:8443" - name: CODER_TLS_ENABLE value: "true" - name: CODER_TLS_CERT_FILE @@ -37,7 +37,7 @@ spec: value: /etc/ssl/certs/coder/tls.key {{- else }} - name: CODER_ADDRESS - value: "0.0.0.0:80" + value: "0.0.0.0:8080" {{- end }} {{- with .Values.coder.env -}} {{ toYaml . | nindent 12 }} @@ -45,11 +45,11 @@ spec: ports: {{- if .Values.coder.tls.secretName }} - name: https - containerPort: 443 + containerPort: 8443 protocol: TCP {{- else }} - name: http - containerPort: 80 + containerPort: 8080 protocol: TCP {{- end }} readinessProbe: diff --git a/scripts/version.sh b/scripts/version.sh index 220da35328a27..628fdef3e4ba0 100755 --- a/scripts/version.sh +++ b/scripts/version.sh @@ -15,6 +15,11 @@ set -euo pipefail source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" cdroot +if [[ "${CODER_FORCE_VERSION:-}" != "" ]]; then + echo "$CODER_FORCE_VERSION" + exit 0 +fi + last_tag="$(git describe --tags --abbrev=0)" version="$last_tag" From 5339819da2c8ca82c4fb5d8fecf0895739fc43e0 Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Fri, 22 Jul 2022 21:15:34 +0000 Subject: [PATCH 6/7] Change coder user in dockerfile to be system user --- Dockerfile | 2 +- helm/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index cce691ca0cc62..6dcdcc21205bf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ ADD coder /opt/coder # Create coder group and user. RUN addgroup -g 1000 coder && \ - adduser -D -g "" -h /home/coder -G coder -u 1000 coder + adduser -D -g "" -h /home/coder -G coder -u 1000 -S -s /bin/sh coder USER coder:coder ENTRYPOINT [ "/opt/coder", "server" ] diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 166aa7cea6077..2b73b7c6d641c 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: coder -description: Remote development environments on your infrastructure. +description: Remote development environments on your infrastructure home: https://github.com/coder/coder # version and appVersion are injected at release and will always be shown as From 761e12473567616289c54e1668135c678250e46c Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Tue, 26 Jul 2022 15:52:28 +0000 Subject: [PATCH 7/7] Remove ingress object from helm chart --- helm/templates/ingress.yaml | 32 -------------------------------- helm/values.yaml | 15 --------------- 2 files changed, 47 deletions(-) delete mode 100644 helm/templates/ingress.yaml diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml deleted file mode 100644 index 1842bc08228c8..0000000000000 --- a/helm/templates/ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.coder.ingress.enable }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: coder - labels: - {{- include "coder.labels" . | nindent 4 }} -spec: - {{- if .Values.coder.ingress.className }} - {{/* If this is set to an empty string it fails validation on K8s */}} - ingressClassName: {{ .Values.coder.ingress.className | quote }} - {{- end }} - rules: - - host: {{ .Values.coder.ingress.host | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: coder - port: - name: http - - {{- if .Values.coder.ingress.tls.enable }} - tls: - - hosts: - - {{ .Values.coder.ingress.host | quote }} - secretName: {{ .Values.coder.ingress.tls.secretName | quote}} - {{- end }} -{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml index b83cceac77e15..2090296dc467d 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -69,18 +69,3 @@ coder: # your cloud and specify it here in production to avoid accidental IP # address changes. loadBalancerIP: "" - - # coder.ingress -- The Ingress object to expose for Coder. - ingress: - # coder.ingress.enable -- Whether to create the Ingress object. - enable: false - # coder.ingress.className -- The name of the Ingress class to use. - className: "" - # coder.ingress.host -- The hostname to match on. - host: "coder.example.com" - # coder.ingress.tls -- The TLS configuration to use for the Ingress. - tls: - # coder.ingress.tls.enable -- Whether to enable TLS on the Ingress. - enable: false - # coder.ingress.tls.secretName -- The name of the TLS secret to use. - secretName: "" pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy