2.18.0 upgrade, coder-logstream-kube, & new templates

Author: ericpaulsen

helm/coder-logstream-kube/coder-logstream-kube-role.yaml

@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: coder-logstream-kube-role
+rules:
+- apiGroups: [""]
+  resources: ["pods", "events"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["apps"]
+  resources: ["replicasets", "events"]
+  verbs: ["get", "watch", "list"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: coder-logstream-kube-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: coder-logstream-kube-role
+subjects:
+- kind: ServiceAccount
+  name: coder-logstream-kube
+  namespace: coder

helm/coder-logstream-kube/coderd-role.yaml

@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: coder-workspaces
+rules:
+  - apiGroups: ["", "apps", "networking.k8s.io"]
+    resources: ["persistentvolumeclaims", "pods", "deployments", "services", "secrets", "pods/exec","pods/log", "events", "networkpolicies", "serviceaccounts"]
+    verbs: ["create", "get", "list", "watch", "update", "patch", "delete", "deletecollection"]
+  - apiGroups: ["metrics.k8s.io", "storage.k8s.io"]
+    resources: ["pods", "storageclasses"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: coder-workspaces
+subjects:
+  - kind: ServiceAccount
+    name: coder
+    namespace: coder
+roleRef:
+  kind: Role
+  name: coder-workspaces
+  apiGroup: rbac.authorization.k8s.io

helm/coder-logstream-kube/role.yaml

@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: coder-logstream-kube-role
+rules:
+- apiGroups: [""]
+  resources: ["pods", "events"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["apps"]
+  resources: ["replicasets", "events"]
+  verbs: ["get", "watch", "list"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: coder-logstream-kube-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: coder-logstream-kube-role
+subjects:
+- kind: ServiceAccount
+  name: coder-logstream-kube
+  namespace: coder-workspaces

helm/coder-logstream-kube/values.yaml

@@ -0,0 +1,2 @@
+USER-SUPPLIED VALUES:
+url: https://eric-aks.demo.coder.com

helm/values.yaml

@@ -8,7 +8,7 @@ coder:
 
   image:
     # custom image with az & gcloud CLIs installed
-    repo: "docker.io/ericpaulsen/coder-2.7.0"
+    repo: "docker.io/ericpaulsen/coder-2.18.0"
     tag: "multi-cloud"
     pullPolicy: Always
 
@@ -33,7 +33,17 @@ coder:
   - name: gcp-service-account-key
     secret:
       secretName: gcp-service-account-key
+  - name: eric-ca
+    secret:
+      secretName: eric-ca
+      items:
+      - key: eric-ca.pem
+        path: eric-ca.pem
   volumeMounts:
+  - name: eric-ca
+    mountPath: /etc/ssl/certs/eric-ca.pem
+    subPath: eric-ca.pem
+    readOnly: true
   - name: gke-kubeconfig
     mountPath: /var/secrets/gke
     readOnly: false

templates/code-server-pod/main.tf

@@ -29,8 +29,12 @@ variable "use_kubeconfig" {
 }
 
 provider "kubernetes" {
-  # Authenticate via ~/.kube/config or a Coder-specific ServiceAccount, depending on admin preferences
-  config_path = var.use_kubeconfig == true ? "~/.kube/config" : null
+  host = "https://8F9725368681A223B3D7220FB406F73E.sk1.us-west-1.eks.amazonaws.com"
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    args        = ["eks", "get-token", "--cluster-name", "mark-trial-cluster"]
+    command     = "aws"
+  }
 }
 
 data "coder_workspace" "me" {}
@@ -269,7 +273,7 @@ resource "kubernetes_pod" "main" {
   ]
   metadata {
     name      = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
-    namespace = "coder"
+    namespace = "oss"
   }
   spec {
     security_context {
@@ -315,7 +319,7 @@ resource "kubernetes_pod" "main" {
 resource "kubernetes_persistent_volume_claim" "home-directory" {
   metadata {
     name      = "home-coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
-    namespace = "coder"
+    namespace = "oss"
   }
   wait_until_bound = false
   spec {

templates/no-resource/main.tf

@@ -0,0 +1,52 @@
+terraform {
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = "0.18.0"
+    }
+  }
+}
+
+resource "null_resource" "example1" {
+  provisioner "local-exec" {
+    command     = "/usr/bin/coder agent &>/dev/null &"
+    interpreter = ["sh", "-c"]
+    environment = {
+      CODER_AGENT_TOKEN = coder_agent.main.token
+      CODER_AGENT_URL   = data.coder_workspace.me.access_url
+    }
+  }
+}
+
+data "coder_workspace" "me" {}
+
+resource "coder_agent" "main" {
+  os   = "linux"
+  arch = "amd64"
+
+  startup_script = <<-EOT
+    set -e
+ 
+    # install and start code-server
+    curl -fsSL https://code-server.dev/install.sh | sh
+    code-server --auth none --port 13337 >/dev/null 2>&1 &
+ 
+  EOT
+}
+
+# code-server
+resource "coder_app" "code-server" {
+  agent_id     = coder_agent.main.id
+  slug         = "code-server"
+  display_name = "code-server"
+  icon         = "/icon/code.svg"
+  url          = "http://localhost:13337?folder=~/"
+  subdomain    = false
+  share        = "owner"
+
+  healthcheck {
+    url       = "http://localhost:13337/healthz"
+    interval  = 3
+    threshold = 10
+  }
+}