diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 44c88d2e..b0a5f83a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -11,6 +11,7 @@ on: - 0.6.x - 0.7.x - 0.8.x + - 0.9.x jobs: release: permissions: diff --git a/charts/coder/.helmignore b/charts/coder/.helmignore deleted file mode 100644 index 957f15e7..00000000 --- a/charts/coder/.helmignore +++ /dev/null @@ -1,27 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -Makefile -artifacthub-repo.yml - -tests diff --git a/charts/coder/Chart.yaml b/charts/coder/Chart.yaml deleted file mode 100644 index a68aa330..00000000 --- a/charts/coder/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -name: coder -description: Remote development environments on your infrastructure -home: https://github.com/coder/coder - -# version and appVersion are injected at release and will always be shown as -# 0.1.0 in the repository. -# -# If you're installing the Helm chart directly from git it will have this -# version, which means the auto-generated image URI will be invalid. You can set -# "coder.image.tag" to the desired tag manually. -type: application -version: "0.1.0" -appVersion: "0.1.0" - -# Coder has a hard requirement on Kubernetes 1.19, as this version introduced -# the networking.k8s.io/v1 API. -kubeVersion: ">= 1.19.0-0" - -keywords: - - coder - - terraform -sources: - - https://github.com/coder/coder/tree/main/helm -icon: https://helm.coder.com/coder_logo_black.png -maintainers: - - name: Coder Technologies, Inc. - email: support@coder.com - url: https://coder.com/contact diff --git a/charts/coder/Makefile b/charts/coder/Makefile deleted file mode 100644 index a3f689b1..00000000 --- a/charts/coder/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# Use a single bash shell for each job, and immediately exit on failure -SHELL := bash -.SHELLFLAGS = -ceu -.ONESHELL: - -# This doesn't work on directories. -# See https://stackoverflow.com/questions/25752543/make-delete-on-error-for-directory-targets -.DELETE_ON_ERROR: - -all: lint -.PHONY: all - -lint: lint/helm -.PHONY: lint - -lint/helm: - helm lint --strict --set coder.image.tag=v0.0.1 . -.PHONY: lint/helm diff --git a/charts/coder/README.md b/charts/coder/README.md deleted file mode 100644 index 5fa85ec5..00000000 --- a/charts/coder/README.md +++ /dev/null @@ -1,53 +0,0 @@ -# Coder Helm Chart - -This directory contains the Helm chart used to deploy Coder onto a Kubernetes -cluster. It contains the minimum required components to run Coder on Kubernetes, -and notably (compared to Coder Classic) does not include a database server. - -## Getting Started - -> **Warning**: The main branch in this repository does not represent the -> latest release of Coder. Please reference our installation docs for -> instructions on a tagged release. - -View -[our docs](https://coder.com/docs/coder-oss/latest/install/kubernetes) -for detailed installation instructions. - -## Values - -Please refer to [values.yaml](values.yaml) for available Helm values and their -defaults. - -A good starting point for your values file is: - -```yaml -coder: - # You can specify any environment variables you'd like to pass to Coder - # here. Coder consumes environment variables listed in - # `coder server --help`, and these environment variables are also passed - # to the workspace provisioner (so you can consume them in your Terraform - # templates for auth keys etc.). - # - # Please keep in mind that you should not set `CODER_ADDRESS`, - # `CODER_TLS_ENABLE`, `CODER_TLS_CERT_FILE` or `CODER_TLS_KEY_FILE` as - # they are already set by the Helm chart and will cause conflicts. - env: - - name: CODER_ACCESS_URL - value: "https://coder.example.com" - - name: CODER_PG_CONNECTION_URL - valueFrom: - secretKeyRef: - # You'll need to create a secret called coder-db-url with your - # Postgres connection URL like: - # postgres://coder:password@postgres:5432/coder?sslmode=disable - name: coder-db-url - key: url - - # This env enables the Prometheus metrics endpoint. - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - tls: - secretNames: - - my-tls-secret-name -``` diff --git a/charts/coder/artifacthub-repo.yml b/charts/coder/artifacthub-repo.yml deleted file mode 100644 index f14e888a..00000000 --- a/charts/coder/artifacthub-repo.yml +++ /dev/null @@ -1,7 +0,0 @@ -# This file is uploaded to GCS at helm.coder.com/v2/artifacthub-repo.yml and -# used by ArtifactHub to verify the repository. -# See: https://artifacthub.io/packages/helm/coder-v2/coder -repositoryID: b23f08c6-ad91-4122-aeb9-e2dfd02cda43 -owners: - - name: colin - email: colin@coder.com diff --git a/charts/coder/templates/NOTES.txt b/charts/coder/templates/NOTES.txt deleted file mode 100644 index 18fc33c1..00000000 --- a/charts/coder/templates/NOTES.txt +++ /dev/null @@ -1,6 +0,0 @@ -{{/* -Deprecation notices: -*/}} - -Enjoy Coder! Please create an issue at https://github.com/coder/coder if you run -into any problems! :) diff --git a/charts/coder/templates/_helpers.tpl b/charts/coder/templates/_helpers.tpl deleted file mode 100644 index b850a91f..00000000 --- a/charts/coder/templates/_helpers.tpl +++ /dev/null @@ -1,231 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "coder.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "coder.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Selector labels - -!!!!! DO NOT ADD ANY MORE SELECTORS. IT IS A BREAKING CHANGE !!!!! -*/}} -{{- define "coder.selectorLabels" -}} -app.kubernetes.io/name: {{ include "coder.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "coder.labels" -}} -helm.sh/chart: {{ include "coder.chart" . }} -{{ include "coder.selectorLabels" . }} -app.kubernetes.io/part-of: {{ include "coder.name" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Coder Docker image URI -*/}} -{{- define "coder.image" -}} -{{- if and (eq .Values.coder.image.tag "") (eq .Chart.AppVersion "0.1.0") -}} -{{ fail "You must specify the coder.image.tag value if you're installing the Helm chart directly from Git." }} -{{- end -}} -{{ .Values.coder.image.repo }}:{{ .Values.coder.image.tag | default (printf "v%v" .Chart.AppVersion) }} -{{- end }} - -{{/* -Coder TLS enabled. -*/}} -{{- define "coder.tlsEnabled" -}} -{{- if .Values.coder.tls.secretNames -}} -true -{{- else -}} -false -{{- end -}} -{{- end }} - -{{/* -Coder ingress TLS enabled. -*/}} -{{- define "coder.ingressTlsEnabled" -}} -{{- if .Values.coder.ingress.tls.enable -}} -true -{{- else -}} -false -{{- end -}} -{{- end }} - -{{/* -Coder TLS environment variables. -*/}} -{{- define "coder.tlsEnv" }} -{{- if eq (include "coder.tlsEnabled" .) "true" -}} -- name: CODER_TLS_ENABLE - value: "true" -- name: CODER_TLS_ADDRESS - value: "0.0.0.0:8443" -- name: CODER_TLS_CERT_FILE - value: "{{ range $idx, $secretName := .Values.coder.tls.secretNames -}}{{ if $idx }},{{ end }}/etc/ssl/certs/coder/{{ $secretName }}/tls.crt{{- end }}" -- name: CODER_TLS_KEY_FILE - value: "{{ range $idx, $secretName := .Values.coder.tls.secretNames -}}{{ if $idx }},{{ end }}/etc/ssl/certs/coder/{{ $secretName }}/tls.key{{- end }}" -{{- end }} -{{- end }} - -{{/* -Coder ingress environment variables. -*/}} -{{- define "coder.ingressEnv" }} -{{- if .Values.coder.ingress.enable -}} -{{- $proto := "http" -}} -{{- if eq (include "coder.ingressTlsEnabled" .) "true" -}} -{{- $proto = "https" -}} -{{- end -}} -- name: CODER_WILDCARD_ACCESS_URL - value: {{ .Values.coder.ingress.wildcardHost | quote }} -- name: CODER_ACCESS_URL - value: {{ printf "%s://%s" $proto .Values.coder.ingress.host | quote }} -{{- end }} -{{- end }} - -{{/* -Coder default access URL -*/}} -{{- define "coder.defaultAccessURL" }} - {{- $proto := "" -}} - {{- $port := "" -}} - {{- if eq (include "coder.tlsEnabled" .) "true" -}} - {{- $proto = "https" -}} - {{- if eq .Values.coder.service.type "NodePort" -}} - {{- $port = .Values.coder.service.httpsNodePort -}} - {{- end -}} - {{- else -}} - {{- $proto = "http" -}} - {{- if eq .Values.coder.service.type "NodePort" -}} - {{- $port = .Values.coder.service.httpNodePort -}} - {{- end -}} - {{- end -}} - {{- if .Values.global.externalHostAddress -}} - {{ printf "%s://%s:%s" $proto .Values.global.externalHostAddress $port }} - {{- else -}} - {{ $proto }}://coder.{{ .Release.Namespace }}.svc.cluster.local - {{- end }} -{{- end }} - -{{/* -Coder volume definitions. -*/}} -{{- define "coder.volumeList" }} -{{ range $secretName := .Values.coder.tls.secretNames -}} -- name: "tls-{{ $secretName }}" - secret: - secretName: {{ $secretName | quote }} -{{ end -}} -{{ range $secret := .Values.coder.certs.secrets -}} -- name: "ca-cert-{{ $secret.name }}" - secret: - secretName: {{ $secret.name | quote }} -{{ end -}} -{{ if gt (len .Values.coder.volumes) 0 -}} -{{ toYaml .Values.coder.volumes }} -{{ end -}} -{{- end }} - -{{/* -Coder volumes yaml. -*/}} -{{- define "coder.volumes" }} -{{- if trim (include "coder.volumeList" .) -}} -volumes: -{{- include "coder.volumeList" . -}} -{{- else -}} -volumes: [] -{{- end -}} -{{- end }} - -{{/* -Coder volume mounts. -*/}} -{{- define "coder.volumeMountList" }} -{{ range $secretName := .Values.coder.tls.secretNames -}} -- name: "tls-{{ $secretName }}" - mountPath: "/etc/ssl/certs/coder/{{ $secretName }}" - readOnly: true -{{ end -}} -{{ range $secret := .Values.coder.certs.secrets -}} -- name: "ca-cert-{{ $secret.name }}" - mountPath: "/etc/ssl/certs/{{ $secret.name }}.crt" - subPath: {{ $secret.key | quote }} - readOnly: true -{{ end -}} -{{ if gt (len .Values.coder.volumeMounts) 0 -}} -{{ toYaml .Values.coder.volumeMounts }} -{{ end -}} -{{- end }} - -{{/* -Coder volume mounts yaml. -*/}} -{{- define "coder.volumeMounts" }} -{{- if trim (include "coder.volumeMountList" .) -}} -volumeMounts: -{{- include "coder.volumeMountList" . -}} -{{- else -}} -volumeMounts: [] -{{- end -}} -{{- end }} - -{{/* -Coder ingress wildcard hostname with the wildcard suffix stripped. -*/}} -{{- define "coder.ingressWildcardHost" -}} -{{/* This regex replace is required as the original input including the suffix - * is not a legal ingress host. We need to remove the suffix and keep the - * wildcard '*'. - * - * - '\\*' Starts with '*' - * - '[^.]*' Suffix is 0 or more characters, '-suffix' - * - '(' Start domain capture group - * - '\\.' The domain should be separated with a '.' from the subdomain - * - '.*' Rest of the domain. - * - ')' $1 is the ''.example.com' - */}} -{{- regexReplaceAll "\\*[^.]*(\\..*)" .Values.coder.ingress.wildcardHost "*${1}" -}} -{{- end }} - -{{/* -Fail on fully deprecated values or deprecated value combinations. This is -included at the top of coder.yaml. -*/}} -{{- define "coder.verifyDeprecated" }} -{{/* -Deprecated value coder.tls.secretName must not be used. -*/}} -{{- if .Values.coder.tls.secretName }} -{{ fail "coder.tls.secretName is deprecated, use coder.tls.secretNames instead." }} -{{- end }} -{{- end }} - -{{/* -Renders a value that contains a template. -Usage: -{{ include "coder.renderTemplate" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "coder.renderTemplate" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/charts/coder/templates/coder.yaml b/charts/coder/templates/coder.yaml deleted file mode 100644 index a911c125..00000000 --- a/charts/coder/templates/coder.yaml +++ /dev/null @@ -1,144 +0,0 @@ -{{- include "coder.verifyDeprecated" . -}} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.coder.serviceAccount.name | quote }} - annotations: {{ toYaml .Values.coder.serviceAccount.annotations | nindent 4 }} - labels: - {{- include "coder.labels" . | nindent 4 }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: coder - labels: - {{- include "coder.labels" . | nindent 4 }} - {{- with .Values.coder.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: {{ toYaml .Values.coder.annotations | nindent 4}} -spec: - replicas: {{ .Values.coder.replicaCount }} - selector: - matchLabels: - {{- include "coder.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "coder.labels" . | nindent 8 }} - {{- with .Values.coder.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - annotations: - {{- toYaml .Values.coder.podAnnotations | nindent 8 }} - spec: - serviceAccountName: {{ .Values.coder.serviceAccount.name | quote }} - restartPolicy: Always - {{- with .Values.coder.image.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 60 - {{- with .Values.coder.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.coder.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.coder.nodeSelector }} - nodeSelector: - {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.coder.initContainers }} - initContainers: - {{ toYaml . | nindent 8 }} - {{- end }} - containers: - - name: coder - image: {{ include "coder.image" . | quote }} - imagePullPolicy: {{ .Values.coder.image.pullPolicy }} - command: - {{- toYaml .Values.coder.command | nindent 12 }} - args: - {{- if .Values.coder.commandArgs }} - {{- toYaml .Values.coder.commandArgs | nindent 12 }} - {{- else }} - {{- if .Values.coder.workspaceProxy }} - - wsproxy - {{- end }} - - server - {{- end }} - resources: - {{- toYaml .Values.coder.resources | nindent 12 }} - lifecycle: - {{- toYaml .Values.coder.lifecycle | nindent 12 }} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - {{- $hasAccessURL := false }} - {{- range .Values.coder.env }} - {{- if or (eq .name "CODER_ACCESS_URL") ($.Values.coder.ingress.enable) }} - {{- $hasAccessURL = true }} - {{- end }} - {{- end }} - {{- if not $hasAccessURL }} - - name: CODER_ACCESS_URL - value: {{ include "coder.defaultAccessURL" . | quote }} - {{- end }} - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - {{- include "coder.tlsEnv" . | nindent 12 -}} - {{- include "coder.ingressEnv" . | nindent 12 -}} - {{- with .Values.coder.env -}} - {{ toYaml . | nindent 12 }} - {{- end }} - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - {{- if eq (include "coder.tlsEnabled" .) "true" }} - - name: "https" - containerPort: 8443 - protocol: TCP - {{- end }} - {{- range .Values.coder.env }} - {{- if eq .name "CODER_PROMETHEUS_ENABLE" }} - {{/* - This sadly has to be nested to avoid evaluating the second part - of the condition too early and potentially getting type errors if - the value is not a string (like a `valueFrom`). We do not support - `valueFrom` for this env var specifically. - */}} - {{- if eq .value "true" }} - - name: "prometheus-http" - containerPort: 2112 - protocol: TCP - {{- end }} - {{- end }} - {{- end }} - securityContext: {{ toYaml .Values.coder.securityContext | nindent 12 }} - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - {{- include "coder.volumeMounts" . | nindent 10 }} - - {{- include "coder.volumes" . | nindent 6 }} diff --git a/charts/coder/templates/extra-templates.yaml b/charts/coder/templates/extra-templates.yaml deleted file mode 100644 index e0476581..00000000 --- a/charts/coder/templates/extra-templates.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraTemplates }} ---- -{{ include "coder.renderTemplate" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/coder/templates/ingress.yaml b/charts/coder/templates/ingress.yaml deleted file mode 100644 index 7dd2a138..00000000 --- a/charts/coder/templates/ingress.yaml +++ /dev/null @@ -1,54 +0,0 @@ - -{{- if .Values.coder.ingress.enable }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: coder - labels: - {{- include "coder.labels" . | nindent 4 }} - annotations: - {{- toYaml .Values.coder.ingress.annotations | nindent 4 }} -spec: - {{- if .Values.coder.ingress.className }} - {{/* If this is set to an empty string it fails validation on K8s */}} - ingressClassName: {{ .Values.coder.ingress.className | quote }} - {{- end }} - - rules: - - host: {{ .Values.coder.ingress.host | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: coder - port: - name: "http" - - {{- if .Values.coder.ingress.wildcardHost }} - - host: {{ include "coder.ingressWildcardHost" . | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: coder - port: - name: "http" - {{- end }} - - {{- if .Values.coder.ingress.tls.enable }} - tls: - - hosts: - - {{ .Values.coder.ingress.host | quote }} - secretName: {{ .Values.coder.ingress.tls.secretName | quote}} - {{- if .Values.coder.ingress.tls.wildcardSecretName }} - - hosts: - - {{ include "coder.ingressWildcardHost" . | quote }} - secretName: {{ .Values.coder.ingress.tls.wildcardSecretName | quote}} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/coder/templates/rbac.yaml b/charts/coder/templates/rbac.yaml deleted file mode 100644 index 3105e1a6..00000000 --- a/charts/coder/templates/rbac.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.coder.serviceAccount.workspacePerms }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-workspace-perms -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -{{- if .Values.coder.serviceAccount.enableDeployments }} - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Values.coder.serviceAccount.name | quote }} -subjects: - - kind: ServiceAccount - name: {{ .Values.coder.serviceAccount.name | quote }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-workspace-perms -{{- end }} diff --git a/charts/coder/templates/service.yaml b/charts/coder/templates/service.yaml deleted file mode 100644 index 3507b4d7..00000000 --- a/charts/coder/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.coder.service.enable }} ---- -apiVersion: v1 -kind: Service -metadata: - name: coder - labels: - {{- include "coder.labels" . | nindent 4 }} - annotations: - {{- toYaml .Values.coder.service.annotations | nindent 4 }} -spec: - type: {{ .Values.coder.service.type }} - sessionAffinity: {{ .Values.coder.service.sessionAffinity }} - ports: - - name: "http" - port: 80 - targetPort: "http" - protocol: TCP - {{ if eq .Values.coder.service.type "NodePort" }}nodePort: {{ .Values.coder.service.httpNodePort }}{{ end }} - {{- if eq (include "coder.tlsEnabled" .) "true" }} - - name: "https" - port: 443 - targetPort: "https" - protocol: TCP - {{ if eq .Values.coder.service.type "NodePort" }}nodePort: {{ .Values.coder.service.httpsNodePort }}{{ end }} - {{- end }} - {{- if eq "LoadBalancer" .Values.coder.service.type }} - {{- with .Values.coder.service.loadBalancerIP }} - loadBalancerIP: {{ . | quote }} - {{- end }} - {{- with .Values.coder.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ . | quote }} - {{- end }} - {{- end }} - selector: - {{- include "coder.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/charts/coder/tests/chart_test.go b/charts/coder/tests/chart_test.go deleted file mode 100644 index 7442be08..00000000 --- a/charts/coder/tests/chart_test.go +++ /dev/null @@ -1,176 +0,0 @@ -package tests // nolint: testpackage - -import ( - "bytes" - "flag" - "os" - "os/exec" - "path/filepath" - "runtime" - "testing" - - "github.com/stretchr/testify/require" - "golang.org/x/xerrors" - - "github.com/coder/coder/testutil" -) - -// These tests run `helm template` with the values file specified in each test -// and compare the output to the contents of the corresponding golden file. -// All values and golden files are located in the `testdata` directory. -// To update golden files, run `go test . -update`. - -// UpdateGoldenFiles is a flag that can be set to update golden files. -var UpdateGoldenFiles = flag.Bool("update", false, "Update golden files") - -var TestCases = []TestCase{ - { - name: "default_values", - expectedError: "", - }, - { - name: "missing_values", - expectedError: `You must specify the coder.image.tag value if you're installing the Helm chart directly from Git.`, - }, - { - name: "tls", - expectedError: "", - }, - { - name: "sa", - expectedError: "", - }, - { - name: "labels_annotations", - expectedError: "", - }, - { - name: "workspace_proxy", - expectedError: "", - }, - { - name: "command", - expectedError: "", - }, - { - name: "command_args", - expectedError: "", - }, -} - -type TestCase struct { - name string // Name of the test case. This is used to control which values and golden file are used. - expectedError string // Expected error from running `helm template`. -} - -func (tc TestCase) valuesFilePath() string { - return filepath.Join("./testdata", tc.name+".yaml") -} - -func (tc TestCase) goldenFilePath() string { - return filepath.Join("./testdata", tc.name+".golden") -} - -func TestRenderChart(t *testing.T) { - t.Parallel() - if *UpdateGoldenFiles { - t.Skip("Golden files are being updated. Skipping test.") - } - if testutil.InCI() { - switch runtime.GOOS { - case "windows", "darwin": - t.Skip("Skipping tests on Windows and macOS in CI") - } - } - - // Ensure that Helm is available in $PATH - helmPath := lookupHelm(t) - for _, tc := range TestCases { - tc := tc - t.Run(tc.name, func(t *testing.T) { - t.Parallel() - - // Ensure that the values file exists. - valuesFilePath := tc.valuesFilePath() - if _, err := os.Stat(valuesFilePath); os.IsNotExist(err) { - t.Fatalf("values file %q does not exist", valuesFilePath) - } - - // Run helm template with the values file. - templateOutput, err := runHelmTemplate(t, helmPath, "..", valuesFilePath) - if tc.expectedError != "" { - require.Error(t, err, "helm template should have failed") - require.Contains(t, templateOutput, tc.expectedError, "helm template output should contain expected error") - } else { - require.NoError(t, err, "helm template should not have failed") - require.NotEmpty(t, templateOutput, "helm template output should not be empty") - goldenFilePath := tc.goldenFilePath() - goldenBytes, err := os.ReadFile(goldenFilePath) - require.NoError(t, err, "failed to read golden file %q", goldenFilePath) - - // Remove carriage returns to make tests pass on Windows. - goldenBytes = bytes.Replace(goldenBytes, []byte("\r"), []byte(""), -1) - expected := string(goldenBytes) - - require.NoError(t, err, "failed to load golden file %q") - require.Equal(t, expected, templateOutput) - } - }) - } -} - -func TestUpdateGoldenFiles(t *testing.T) { - t.Parallel() - if !*UpdateGoldenFiles { - t.Skip("Run with -update to update golden files") - } - - helmPath := lookupHelm(t) - for _, tc := range TestCases { - if tc.expectedError != "" { - t.Logf("skipping test case %q with render error", tc.name) - continue - } - - valuesPath := tc.valuesFilePath() - templateOutput, err := runHelmTemplate(t, helmPath, "..", valuesPath) - - require.NoError(t, err, "failed to run `helm template -f %q`", valuesPath) - - goldenFilePath := tc.goldenFilePath() - err = os.WriteFile(goldenFilePath, []byte(templateOutput), 0o644) // nolint:gosec - require.NoError(t, err, "failed to write golden file %q", goldenFilePath) - } - t.Log("Golden files updated. Please review the changes and commit them.") -} - -// runHelmTemplate runs helm template on the given chart with the given values and -// returns the raw output. -func runHelmTemplate(t testing.TB, helmPath, chartDir, valuesFilePath string) (string, error) { - // Ensure that valuesFilePath exists - if _, err := os.Stat(valuesFilePath); err != nil { - return "", xerrors.Errorf("values file %q does not exist: %w", valuesFilePath, err) - } - - cmd := exec.Command(helmPath, "template", chartDir, "-f", valuesFilePath, "--namespace", "default") - t.Logf("exec command: %v", cmd.Args) - out, err := cmd.CombinedOutput() - return string(out), err -} - -// lookupHelm ensures that Helm is available in $PATH and returns the path to the -// Helm executable. -func lookupHelm(t testing.TB) string { - helmPath, err := exec.LookPath("helm") - if err != nil { - t.Fatalf("helm not found in $PATH: %v", err) - return "" - } - t.Logf("Using helm at %q", helmPath) - return helmPath -} - -func TestMain(m *testing.M) { - flag.Parse() - os.Exit(m.Run()) -} diff --git a/charts/coder/tests/testdata/command.golden b/charts/coder/tests/testdata/command.golden deleted file mode 100644 index 616971e9..00000000 --- a/charts/coder/tests/testdata/command.golden +++ /dev/null @@ -1,198 +0,0 @@ ---- -# Source: coder/templates/coder.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder" - annotations: - {} - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-workspace-perms -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "coder" -subjects: - - kind: ServiceAccount - name: "coder" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-workspace-perms ---- -# Source: coder/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - type: LoadBalancer - sessionAffinity: ClientIP - ports: - - name: "http" - port: 80 - targetPort: "http" - protocol: TCP - externalTrafficPolicy: "Cluster" - selector: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name ---- -# Source: coder/templates/coder.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} - spec: - serviceAccountName: "coder" - restartPolicy: Always - terminationGracePeriodSeconds: 60 - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - coder - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/colin - args: - - server - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "http://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: [] - volumes: [] diff --git a/charts/coder/tests/testdata/command.yaml b/charts/coder/tests/testdata/command.yaml deleted file mode 100644 index ef4c8de9..00000000 --- a/charts/coder/tests/testdata/command.yaml +++ /dev/null @@ -1,5 +0,0 @@ -coder: - image: - tag: latest - command: - - /opt/colin diff --git a/charts/coder/tests/testdata/command_args.golden b/charts/coder/tests/testdata/command_args.golden deleted file mode 100644 index 92e87fd5..00000000 --- a/charts/coder/tests/testdata/command_args.golden +++ /dev/null @@ -1,199 +0,0 @@ ---- -# Source: coder/templates/coder.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder" - annotations: - {} - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-workspace-perms -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "coder" -subjects: - - kind: ServiceAccount - name: "coder" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-workspace-perms ---- -# Source: coder/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - type: LoadBalancer - sessionAffinity: ClientIP - ports: - - name: "http" - port: 80 - targetPort: "http" - protocol: TCP - externalTrafficPolicy: "Cluster" - selector: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name ---- -# Source: coder/templates/coder.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} - spec: - serviceAccountName: "coder" - restartPolicy: Always - terminationGracePeriodSeconds: 60 - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - coder - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/coder - args: - - arg1 - - arg2 - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "http://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: [] - volumes: [] diff --git a/charts/coder/tests/testdata/command_args.yaml b/charts/coder/tests/testdata/command_args.yaml deleted file mode 100644 index 59d012aa..00000000 --- a/charts/coder/tests/testdata/command_args.yaml +++ /dev/null @@ -1,6 +0,0 @@ -coder: - image: - tag: latest - commandArgs: - - arg1 - - arg2 diff --git a/charts/coder/tests/testdata/default_values.golden b/charts/coder/tests/testdata/default_values.golden deleted file mode 100644 index cb1988e1..00000000 --- a/charts/coder/tests/testdata/default_values.golden +++ /dev/null @@ -1,198 +0,0 @@ ---- -# Source: coder/templates/coder.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder" - annotations: - {} - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-workspace-perms -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "coder" -subjects: - - kind: ServiceAccount - name: "coder" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-workspace-perms ---- -# Source: coder/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - type: LoadBalancer - sessionAffinity: ClientIP - ports: - - name: "http" - port: 80 - targetPort: "http" - protocol: TCP - externalTrafficPolicy: "Cluster" - selector: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name ---- -# Source: coder/templates/coder.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} - spec: - serviceAccountName: "coder" - restartPolicy: Always - terminationGracePeriodSeconds: 60 - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - coder - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/coder - args: - - server - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "http://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: [] - volumes: [] diff --git a/charts/coder/tests/testdata/default_values.yaml b/charts/coder/tests/testdata/default_values.yaml deleted file mode 100644 index 70cdc8b4..00000000 --- a/charts/coder/tests/testdata/default_values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -coder: - image: - tag: latest diff --git a/charts/coder/tests/testdata/labels_annotations.golden b/charts/coder/tests/testdata/labels_annotations.golden deleted file mode 100644 index e6f85d0d..00000000 --- a/charts/coder/tests/testdata/labels_annotations.golden +++ /dev/null @@ -1,204 +0,0 @@ ---- -# Source: coder/templates/coder.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder" - annotations: - {} - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-workspace-perms -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "coder" -subjects: - - kind: ServiceAccount - name: "coder" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-workspace-perms ---- -# Source: coder/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - type: LoadBalancer - sessionAffinity: ClientIP - ports: - - name: "http" - port: 80 - targetPort: "http" - protocol: TCP - externalTrafficPolicy: "Cluster" - selector: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name ---- -# Source: coder/templates/coder.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - com.coder/label/baz: qux - com.coder/label/foo: bar - annotations: - com.coder/annotation/baz: qux - com.coder/annotation/foo: bar -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - com.coder/podLabel/baz: qux - com.coder/podLabel/foo: bar - annotations: - com.coder/podAnnotation/baz: qux - com.coder/podAnnotation/foo: bar - spec: - serviceAccountName: "coder" - restartPolicy: Always - terminationGracePeriodSeconds: 60 - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - coder - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/coder - args: - - server - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "http://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: [] - volumes: [] diff --git a/charts/coder/tests/testdata/labels_annotations.yaml b/charts/coder/tests/testdata/labels_annotations.yaml deleted file mode 100644 index a7ddda70..00000000 --- a/charts/coder/tests/testdata/labels_annotations.yaml +++ /dev/null @@ -1,15 +0,0 @@ -coder: - image: - tag: latest - annotations: - com.coder/annotation/foo: bar - com.coder/annotation/baz: qux - labels: - com.coder/label/foo: bar - com.coder/label/baz: qux - podAnnotations: - com.coder/podAnnotation/foo: bar - com.coder/podAnnotation/baz: qux - podLabels: - com.coder/podLabel/foo: bar - com.coder/podLabel/baz: qux diff --git a/charts/coder/tests/testdata/missing_values.yaml b/charts/coder/tests/testdata/missing_values.yaml deleted file mode 100644 index e69de29b..00000000 diff --git a/charts/coder/tests/testdata/sa.golden b/charts/coder/tests/testdata/sa.golden deleted file mode 100644 index 5e94a678..00000000 --- a/charts/coder/tests/testdata/sa.golden +++ /dev/null @@ -1,198 +0,0 @@ ---- -# Source: coder/templates/coder.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder-service-account" - annotations: - eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/coder-service-account - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-workspace-perms -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "coder-service-account" -subjects: - - kind: ServiceAccount - name: "coder-service-account" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-workspace-perms ---- -# Source: coder/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - type: LoadBalancer - sessionAffinity: ClientIP - ports: - - name: "http" - port: 80 - targetPort: "http" - protocol: TCP - externalTrafficPolicy: "Cluster" - selector: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name ---- -# Source: coder/templates/coder.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} - spec: - serviceAccountName: "coder-service-account" - restartPolicy: Always - terminationGracePeriodSeconds: 60 - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - coder - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/coder - args: - - server - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "http://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: [] - volumes: [] diff --git a/charts/coder/tests/testdata/sa.yaml b/charts/coder/tests/testdata/sa.yaml deleted file mode 100644 index 4e0c98c2..00000000 --- a/charts/coder/tests/testdata/sa.yaml +++ /dev/null @@ -1,8 +0,0 @@ -coder: - image: - tag: latest - serviceAccount: - name: coder-service-account - annotations: - eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/coder-service-account - workspacePerms: true diff --git a/charts/coder/tests/testdata/tls.golden b/charts/coder/tests/testdata/tls.golden deleted file mode 100644 index 8ef85d13..00000000 --- a/charts/coder/tests/testdata/tls.golden +++ /dev/null @@ -1,220 +0,0 @@ ---- -# Source: coder/templates/coder.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder" - annotations: - {} - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-workspace-perms -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "coder" -subjects: - - kind: ServiceAccount - name: "coder" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-workspace-perms ---- -# Source: coder/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - type: LoadBalancer - sessionAffinity: ClientIP - ports: - - name: "http" - port: 80 - targetPort: "http" - protocol: TCP - - name: "https" - port: 443 - targetPort: "https" - protocol: TCP - externalTrafficPolicy: "Cluster" - selector: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name ---- -# Source: coder/templates/coder.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} - spec: - serviceAccountName: "coder" - restartPolicy: Always - terminationGracePeriodSeconds: 60 - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - coder - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/coder - args: - - server - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "https://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - - name: CODER_TLS_ENABLE - value: "true" - - name: CODER_TLS_ADDRESS - value: "0.0.0.0:8443" - - name: CODER_TLS_CERT_FILE - value: "/etc/ssl/certs/coder/coder-tls/tls.crt" - - name: CODER_TLS_KEY_FILE - value: "/etc/ssl/certs/coder/coder-tls/tls.key" - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - - name: "https" - containerPort: 8443 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: - - name: "tls-coder-tls" - mountPath: "/etc/ssl/certs/coder/coder-tls" - readOnly: true - - volumes: - - name: "tls-coder-tls" - secret: - secretName: "coder-tls" diff --git a/charts/coder/tests/testdata/tls.yaml b/charts/coder/tests/testdata/tls.yaml deleted file mode 100644 index f6f181ae..00000000 --- a/charts/coder/tests/testdata/tls.yaml +++ /dev/null @@ -1,6 +0,0 @@ -coder: - image: - tag: latest - tls: - secretNames: - - coder-tls diff --git a/charts/coder/tests/testdata/workspace_proxy.golden b/charts/coder/tests/testdata/workspace_proxy.golden deleted file mode 100644 index 88e0213b..00000000 --- a/charts/coder/tests/testdata/workspace_proxy.golden +++ /dev/null @@ -1,206 +0,0 @@ ---- -# Source: coder/templates/coder.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "coder" - annotations: - {} - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-workspace-perms -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -# Source: coder/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "coder" -subjects: - - kind: ServiceAccount - name: "coder" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-workspace-perms ---- -# Source: coder/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - type: LoadBalancer - sessionAffinity: ClientIP - ports: - - name: "http" - port: 80 - targetPort: "http" - protocol: TCP - externalTrafficPolicy: "Cluster" - selector: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name ---- -# Source: coder/templates/coder.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: coder - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - template: - metadata: - labels: - helm.sh/chart: coder-0.1.0 - app.kubernetes.io/name: coder - app.kubernetes.io/instance: release-name - app.kubernetes.io/part-of: coder - app.kubernetes.io/version: "0.1.0" - app.kubernetes.io/managed-by: Helm - annotations: - {} - spec: - serviceAccountName: "coder" - restartPolicy: Always - terminationGracePeriodSeconds: 60 - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - coder - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - name: coder - image: "ghcr.io/coder/coder:latest" - imagePullPolicy: IfNotPresent - command: - - /opt/coder - args: - - wsproxy - - server - resources: - {} - lifecycle: - {} - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:8080" - - name: CODER_PROMETHEUS_ADDRESS - value: "0.0.0.0:2112" - # Set the default access URL so a `helm apply` works by default. - # See: https://github.com/coder/coder/issues/5024 - - name: CODER_ACCESS_URL - value: "http://coder.default.svc.cluster.local" - # Used for inter-pod communication with high-availability. - - name: KUBE_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CODER_DERP_SERVER_RELAY_URL - value: "http://$(KUBE_POD_IP):8080" - - - name: CODER_PRIMARY_ACCESS_URL - value: https://dev.coder.com - - name: CODER_PROXY_SESSION_TOKEN - valueFrom: - secretKeyRef: - key: token - name: coder-workspace-proxy-session-token - ports: - - name: "http" - containerPort: 8080 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - readinessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - livenessProbe: - httpGet: - path: /healthz - port: "http" - scheme: "HTTP" - volumeMounts: [] - volumes: [] diff --git a/charts/coder/tests/testdata/workspace_proxy.yaml b/charts/coder/tests/testdata/workspace_proxy.yaml deleted file mode 100644 index 46f9f436..00000000 --- a/charts/coder/tests/testdata/workspace_proxy.yaml +++ /dev/null @@ -1,14 +0,0 @@ -coder: - workspaceProxy: true - - image: - tag: latest - - env: - - name: CODER_PRIMARY_ACCESS_URL - value: "https://dev.coder.com" - - name: CODER_PROXY_SESSION_TOKEN - valueFrom: - secretKeyRef: - name: coder-workspace-proxy-session-token - key: token diff --git a/charts/coder/values.yaml b/charts/coder/values.yaml deleted file mode 100644 index 0f364db8..00000000 --- a/charts/coder/values.yaml +++ /dev/null @@ -1,303 +0,0 @@ -# coder -- Primary configuration for `coder server`. -coder: - externalHostAddress: "" - # coder.env -- The environment variables to set for Coder. These can be used - # to configure all aspects of `coder server`. Please see `coder server --help` - # for information about what environment variables can be set. - # Note: The following environment variables are set by default and cannot be - # overridden: - # - CODER_HTTP_ADDRESS: set to 0.0.0.0:8080 and cannot be changed. - # - CODER_TLS_ADDRESS: set to 0.0.0.0:8443 if tls.secretName is not empty. - # - CODER_TLS_ENABLE: set if tls.secretName is not empty. - # - CODER_TLS_CERT_FILE: set if tls.secretName is not empty. - # - CODER_TLS_KEY_FILE: set if tls.secretName is not empty. - # - CODER_PROMETHEUS_ADDRESS: set to 0.0.0.0:2112 and cannot be changed. - # Prometheus must still be enabled by setting CODER_PROMETHEUS_ENABLE. - # - KUBE_POD_IP - # - CODER_DERP_SERVER_RELAY_URL - # - # We will additionally set CODER_ACCESS_URL if unset to the cluster service - # URL. - env: [] - # - name: "CODER_ACCESS_URL" - # value: "https://coder.example.com" - - # coder.image -- The image to use for Coder. - image: - # coder.image.repo -- The repository of the image. - repo: "ghcr.io/coder/coder" - # coder.image.tag -- The tag of the image, defaults to {{.Chart.AppVersion}} - # if not set. If you're using the chart directly from git, the default - # app version will not work and you'll need to set this value. The helm - # chart helpfully fails quickly in this case. - tag: "" - # coder.image.pullPolicy -- The pull policy to use for the image. See: - # https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy - pullPolicy: IfNotPresent - # coder.image.pullSecrets -- The secrets used for pulling the Coder image from - # a private registry. - pullSecrets: [] - # - name: "pull-secret" - - # coder.initContainers -- Init containers for the deployment. See: - # https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - initContainers: - [] - # - name: init-container - # image: busybox:1.28 - # command: ['sh', '-c', "sleep 2"] - - # coder.annotations -- The Deployment annotations. See: - # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - annotations: {} - - # coder.labels -- The Deployment labels. See: - # https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - labels: {} - - # coder.podAnnotations -- The Coder pod annotations. See: - # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - podAnnotations: {} - - # coder.podLabels -- The Coder pod labels. See: - # https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - - # coder.serviceAccount -- Configuration for the automatically created service - # account. Creation of the service account cannot be disabled. - serviceAccount: - # coder.serviceAccount.workspacePerms -- Whether or not to grant the coder - # service account permissions to manage workspaces. This includes - # permission to manage pods and persistent volume claims in the deployment - # namespace. - # - # It is recommended to keep this on if you are using Kubernetes templates - # within Coder. - workspacePerms: true - # coder.serviceAccount.enableDeployments -- Provides the service account permission - # to manage Kubernetes deployments. - enableDeployments: true - # coder.serviceAccount.annotations -- The Coder service account annotations. - annotations: {} - # coder.serviceAccount.name -- The service account name - name: coder - - # coder.securityContext -- Fields related to the container's security - # context (as opposed to the pod). Some fields are also present in the pod - # security context, in which case these values will take precedence. - securityContext: - # coder.securityContext.runAsNonRoot -- Requires that the coder container - # runs as an unprivileged user. If setting runAsUser to 0 (root), this - # will need to be set to false. - runAsNonRoot: true - # coder.securityContext.runAsUser -- Sets the user id of the container. - # For security reasons, we recommend using a non-root user. - runAsUser: 1000 - # coder.securityContext.runAsGroup -- Sets the group id of the container. - # For security reasons, we recommend using a non-root group. - runAsGroup: 1000 - # coder.securityContext.readOnlyRootFilesystem -- Mounts the container's - # root filesystem as read-only. - readOnlyRootFilesystem: null - # coder.securityContext.seccompProfile -- Sets the seccomp profile for - # the coder container. - seccompProfile: - type: RuntimeDefault - # coder.securityContext.allowPrivilegeEscalation -- Controls whether - # the container can gain additional privileges, such as escalating to - # root. It is recommended to leave this setting disabled in production. - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - - # coder.volumes -- A list of extra volumes to add to the Coder pod. - volumes: [] - # - name: "my-volume" - # emptyDir: {} - - # coder.volumeMounts -- A list of extra volume mounts to add to the Coder pod. - volumeMounts: [] - # - name: "my-volume" - # mountPath: "/mnt/my-volume" - - # coder.tls -- The TLS configuration for Coder. - tls: - # coder.tls.secretNames -- A list of TLS server certificate secrets to mount - # into the Coder pod. The secrets should exist in the same namespace as the - # Helm deployment and should be of type "kubernetes.io/tls". The secrets - # will be automatically mounted into the pod if specified, and the correct - # "CODER_TLS_*" environment variables will be set for you. - secretNames: [] - - # coder.replicaCount -- The number of Kubernetes deployment replicas. This - # should only be increased if High Availability is enabled. - # - # This is an Enterprise feature. Contact sales@coder.com. - replicaCount: 1 - - # coder.workspaceProxy -- Whether or not this deployment of Coder is a Coder - # Workspace Proxy. Workspace Proxies reduce the latency between the user and - # their workspace for web connections (workspace apps and web terminal) and - # proxied connections from the CLI. Workspace Proxies are optional and only - # recommended for geographically sparse teams. - # - # Make sure you set CODER_PRIMARY_ACCESS_URL and CODER_PROXY_SESSION_TOKEN in - # the environment below. You can get a proxy token using the CLI: - # coder wsproxy create \ - # --name "proxy-name" \ - # --display-name "Proxy Name" \ - # --icon "/emojis/xyz.png" - # - # This is an Enterprise feature. Contact sales@coder.com - # Docs: https://coder.com/docs/v2/latest/admin/workspace-proxies - workspaceProxy: false - - # coder.lifecycle -- container lifecycle handlers for the Coder container, allowing - # for lifecycle events such as postStart and preStop events - # See: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ - lifecycle: - {} - # postStart: - # exec: - # command: ["/bin/sh", "-c", "echo postStart"] - # preStop: - # exec: - # command: ["/bin/sh","-c","echo preStart"] - - # coder.resources -- The resources to request for Coder. These are optional - # and are not set by default. - resources: - {} - # limits: - # cpu: 2000m - # memory: 4096Mi - # requests: - # cpu: 2000m - # memory: 4096Mi - - # coder.certs -- CA bundles to mount inside the Coder pod. - certs: - # coder.certs.secrets -- A list of CA bundle secrets to mount into the Coder - # pod. The secrets should exist in the same namespace as the Helm - # deployment. - # - # The given key in each secret is mounted at - # `/etc/ssl/certs/{secret_name}.crt`. - secrets: - [] - # - name: "my-ca-bundle" - # key: "ca-bundle.crt" - - # coder.affinity -- Allows specifying an affinity rule for the `coder` deployment. - # The default rule prefers to schedule coder pods on different - # nodes, which is only applicable if coder.replicaCount is greater than 1. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - "coder" - topologyKey: kubernetes.io/hostname - weight: 1 - - # coder.tolerations -- Tolerations for tainted nodes. - # See: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: - {} - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - - # coder.nodeSelector -- Node labels for constraining coder pods to nodes. - # See: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - nodeSelector: {} - # kubernetes.io/os: linux - - # coder.service -- The Service object to expose for Coder. - service: - # coder.service.enable -- Whether to create the Service object. - enable: true - # coder.service.type -- The type of service to expose. See: - # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: LoadBalancer - # coder.service.sessionAffinity -- Must be set to ClientIP or None - # AWS ELB does not support session stickiness based on ClientIP, so you must set this to None. - # The error message you might see: "Unsupported load balancer affinity: ClientIP" - # https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity - sessionAffinity: ClientIP - # coder.service.externalTrafficPolicy -- The external traffic policy to use. - # You may need to change this to "Local" to preserve the source IP address - # in some situations. - # https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - externalTrafficPolicy: Cluster - # coder.service.loadBalancerIP -- The IP address of the LoadBalancer. If not - # specified, a new IP will be generated each time the load balancer is - # recreated. It is recommended to manually create a static IP address in - # your cloud and specify it here in production to avoid accidental IP - # address changes. - loadBalancerIP: "" - # coder.service.annotations -- The service annotations. See: - # https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - annotations: {} - # coder.service.httpNodePort -- Must be set if coder.service.type is set to NodePort. If not set by default and for convenience, - # the Kubernetes control plane will allocate a port from a range (default: 30000-32767) - httpNodePort: "" - # coder.service.httpsNodePort -- Must be set if coder.service.type is set to NodePort. If not set by default and for convenience, - # the Kubernetes control plane will allocate a port from a range (default: 30000-32767) - httpsNodePort: "" - - # coder.ingress -- The Ingress object to expose for Coder. - ingress: - # coder.ingress.enable -- Whether to create the Ingress object. If using an - # Ingress, we recommend not specifying coder.tls.secretNames as the Ingress - # will handle TLS termination. - enable: false - # coder.ingress.className -- The name of the Ingress class to use. - className: "" - # coder.ingress.host -- The hostname to match on. - # Be sure to also set CODER_ACCESS_URL within coder.env[] - host: "" - # coder.ingress.wildcardHost -- The wildcard hostname to match on. Should be - # in the form "*.example.com" or "*-suffix.example.com". If you are using a - # suffix after the wildcard, the suffix will be stripped from the created - # ingress to ensure that it is a legal ingress host. Optional if not using - # applications over subdomains. - # Be sure to also set CODER_WILDCARD_ACCESS_URL within coder.env[] - wildcardHost: "" - # coder.ingress.annotations -- The ingress annotations. - annotations: {} - # coder.ingress.tls -- The TLS configuration to use for the Ingress. - tls: - # coder.ingress.tls.enable -- Whether to enable TLS on the Ingress. - enable: false - # coder.ingress.tls.secretName -- The name of the TLS secret to use. - secretName: "" - # coder.ingress.tls.wildcardSecretName -- The name of the TLS secret to - # use for the wildcard host. - wildcardSecretName: "" - - # coder.command -- The command to use when running the Coder container. Used - # for customizing the location of the `coder` binary in your image. - command: - - /opt/coder - - # coder.commandArgs -- Set arguments for the entrypoint command of the Coder pod. - commandArgs: [] - -# extraTemplates -- Array of extra objects to deploy with the release. Strings -# are evaluated as a template and can use template expansions and functions. All -# other objects are used as yaml. -extraTemplates: - #- | - # apiVersion: v1 - # kind: ConfigMap - # metadata: - # name: my-configmap - # data: - # key: {{ .Values.myCustomValue | quote }} diff --git a/charts/core/Chart.yaml b/charts/core/Chart.yaml index d0c1df1c..96225800 100644 --- a/charts/core/Chart.yaml +++ b/charts/core/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: core description: Core backend application for DigitalHub. type: application -version: 0.2.17 +version: 0.2.18 appVersion: "0.8.0" maintainers: - name: ffais diff --git a/charts/core/templates/deployment.yaml b/charts/core/templates/deployment.yaml index bfe173d0..7610d261 100644 --- a/charts/core/templates/deployment.yaml +++ b/charts/core/templates/deployment.yaml @@ -15,6 +15,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/ext-postgres-operator/Chart.yaml b/charts/ext-postgres-operator/Chart.yaml index 5977640d..da756272 100644 --- a/charts/ext-postgres-operator/Chart.yaml +++ b/charts/ext-postgres-operator/Chart.yaml @@ -11,7 +11,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.2.4 +version: 1.2.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/ext-postgres-operator/templates/operator.yaml b/charts/ext-postgres-operator/templates/operator.yaml index 5f045c44..17f6a81d 100644 --- a/charts/ext-postgres-operator/templates/operator.yaml +++ b/charts/ext-postgres-operator/templates/operator.yaml @@ -12,8 +12,9 @@ spec: {{- include "chart.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: diff --git a/charts/kubeflow-pipelines/Chart.yaml b/charts/kubeflow-pipelines/Chart.yaml index ac6e40d4..d512bb93 100644 --- a/charts/kubeflow-pipelines/Chart.yaml +++ b/charts/kubeflow-pipelines/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubeflow-pipelines description: A Helm chart for deploying Kubeflow Pipelines type: application -version: 0.1.0 +version: 0.1.1 maintainers: - name: ffais url: https://github.com/ffais diff --git a/charts/kubeflow-pipelines/templates/deployments/metadata-grpc-deployment.yaml b/charts/kubeflow-pipelines/templates/deployments/metadata-grpc-deployment.yaml index 2cdc3b11..4f6e100a 100644 --- a/charts/kubeflow-pipelines/templates/deployments/metadata-grpc-deployment.yaml +++ b/charts/kubeflow-pipelines/templates/deployments/metadata-grpc-deployment.yaml @@ -13,6 +13,9 @@ spec: component: metadata-grpc-server template: metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmaps/pipeline-install-config.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secrets/mysql-secret.yaml") . | sha256sum }} labels: application-crd-id: kubeflow-pipelines component: metadata-grpc-server diff --git a/charts/kubeflow-pipelines/templates/deployments/ml-pipeline-scheduledworkflow.yaml b/charts/kubeflow-pipelines/templates/deployments/ml-pipeline-scheduledworkflow.yaml index 176e47ea..457172e4 100644 --- a/charts/kubeflow-pipelines/templates/deployments/ml-pipeline-scheduledworkflow.yaml +++ b/charts/kubeflow-pipelines/templates/deployments/ml-pipeline-scheduledworkflow.yaml @@ -14,6 +14,7 @@ spec: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + checksum/config: {{ include (print $.Template.BasePath "/configmaps/pipeline-install-config.yaml") . | sha256sum }} labels: app: ml-pipeline-scheduledworkflow application-crd-id: kubeflow-pipelines diff --git a/charts/kubeflow-pipelines/templates/deployments/ml-pipeline-ui.yaml b/charts/kubeflow-pipelines/templates/deployments/ml-pipeline-ui.yaml index 80bbc79c..749f1c12 100644 --- a/charts/kubeflow-pipelines/templates/deployments/ml-pipeline-ui.yaml +++ b/charts/kubeflow-pipelines/templates/deployments/ml-pipeline-ui.yaml @@ -14,6 +14,8 @@ spec: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + checksum/config: {{ include (print $.Template.BasePath "/configmaps/ml-pipeline-ui-configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secrets/mlpipeline-s3-artifact.yaml") . | sha256sum }} labels: app: ml-pipeline-ui application-crd-id: kubeflow-pipelines diff --git a/charts/kubeflow-pipelines/templates/deployments/ml-pipeline.yaml b/charts/kubeflow-pipelines/templates/deployments/ml-pipeline.yaml index 37580cb3..5e08f6cd 100644 --- a/charts/kubeflow-pipelines/templates/deployments/ml-pipeline.yaml +++ b/charts/kubeflow-pipelines/templates/deployments/ml-pipeline.yaml @@ -14,6 +14,9 @@ spec: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + checksum/config: {{ include (print $.Template.BasePath "/configmaps/pipeline-install-config.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/secrets/mysql-secret.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/secrets/mlpipeline-s3-artifact.yaml") . | sha256sum }} labels: app: ml-pipeline application-crd-id: kubeflow-pipelines diff --git a/charts/kubeflow-pipelines/templates/deployments/workflow-controller.yaml b/charts/kubeflow-pipelines/templates/deployments/workflow-controller.yaml index f59106be..0408e964 100644 --- a/charts/kubeflow-pipelines/templates/deployments/workflow-controller.yaml +++ b/charts/kubeflow-pipelines/templates/deployments/workflow-controller.yaml @@ -13,6 +13,8 @@ spec: application-crd-id: kubeflow-pipelines template: metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmaps/workflow-controller-configmap.yaml") . | sha256sum }} labels: app: workflow-controller application-crd-id: kubeflow-pipelines diff --git a/charts/kubeflow-pipelines/templates/secrets/mlpipeline-s3-artifact.yaml b/charts/kubeflow-pipelines/templates/secrets/mlpipeline-s3-artifact.yaml new file mode 100644 index 00000000..ad021594 --- /dev/null +++ b/charts/kubeflow-pipelines/templates/secrets/mlpipeline-s3-artifact.yaml @@ -0,0 +1,13 @@ +{{- if not .Values.s3.externalSecret.secretName }} +apiVersion: v1 +data: + accesskey: {{ .Values.s3.accessKey | b64enc | quote }} + secretkey: {{ .Values.s3.secretKey | b64enc | quote }} +kind: Secret +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: mlpipeline-s3-artifact +type: Opaque +{{- end }} diff --git a/charts/nakamasato-mysql-operator/.helmignore b/charts/nakamasato-mysql-operator/.helmignore deleted file mode 100755 index 0e8a0eb3..00000000 --- a/charts/nakamasato-mysql-operator/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/nakamasato-mysql-operator/Chart.yaml b/charts/nakamasato-mysql-operator/Chart.yaml deleted file mode 100755 index 0b8006b0..00000000 --- a/charts/nakamasato-mysql-operator/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: nakamasato-mysql-operator -description: A Helm chart for Kubernetes -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: v0.3.3 -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "v0.3.3" diff --git a/charts/nakamasato-mysql-operator/README.md b/charts/nakamasato-mysql-operator/README.md deleted file mode 100644 index e626aa14..00000000 --- a/charts/nakamasato-mysql-operator/README.md +++ /dev/null @@ -1,40 +0,0 @@ -# [mysql-operator](https://github.com/nakamasato/mysql-operator) - -## Values - -1. **cloudSecretManagerType**: `raw` or `gcp`. With `raw`, you need to give root user password in `MySQL` custom resource. With `gcp`, you can securely store root user password in GCP SecretManager. This root user password is used to manage (create/edit/update) MySQL users, databases, etc. -1. **gcpServiceAccount**: Only for `cloudSecretManagerType=gcp`. GCP service account for Pod `SA_NAME@PROJECT.iam.gserviceaccount.com` - 1. This service account needs the following roles: - 1. `roles/secretmanager.secretAccessor` to allow to get root password from SecretManager - -1. **gcpProjectId**: Only for `cloudSecretManagerType=gcp` -1. **cloudSQL.instanceConnectionName**: `InstanceConnectionName` for [Google Cloud SQL](https://cloud.google.com/sql/) if you use Cloud SQL to manage with mysql-operator. `::` - - - -## Usage - -### Dryrun - -You can check the final yaml with `--dry-run`: - -``` -helm install mysql-operator ./charts/mysql-operator \ - --dry-run \ - --set cloudSecretManagerType=gcp \ - --set gcpServiceAccount=${SA_NAME}@${PROJECT}.iam.gserviceaccount.com \ - --set gcpProjectId=$PROJECT \ - --set cloudSQL.instanceConnectionName=$PROJECT:$REGION:$INSTANCE_NAME \ - --namespace mysql-operator -``` - -### Install - -``` -helm install mysql-operator ./charts/mysql-operator \ - --set cloudSecretManagerType=gcp \ - --set gcpServiceAccount=${SA_NAME}@${PROJECT}.iam.gserviceaccount.com \ - --set gcpProjectId=$PROJECT \ - --set cloudSQL.instanceConnectionName=$PROJECT:$REGION:$INSTANCE_NAME \ - --namespace mysql-operator -``` diff --git a/charts/nakamasato-mysql-operator/crds/mysql-crd.yaml b/charts/nakamasato-mysql-operator/crds/mysql-crd.yaml deleted file mode 100644 index 38355228..00000000 --- a/charts/nakamasato-mysql-operator/crds/mysql-crd.yaml +++ /dev/null @@ -1,138 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: mysqls.mysql.nakamasato.com -spec: - group: mysql.nakamasato.com - names: - kind: MySQL - listKind: MySQLList - plural: mysqls - singular: mysql - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.host - name: Host - type: string - - jsonPath: .spec.adminUser.name - name: AdminUser - type: string - - jsonPath: .status.connected - name: Connected - type: boolean - - description: The number of MySQLUsers that belongs to the MySQL - jsonPath: .status.userCount - name: UserCount - type: integer - - description: The number of MySQLDBs that belongs to the MySQL - jsonPath: .status.dbCount - name: DBCount - type: integer - - jsonPath: .status.reason - name: Reason - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: MySQL is the Schema for the mysqls API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MySQLSpec holds the connection information for the target - MySQL cluster. - properties: - adminPassword: - description: AdminPassword is MySQL password to connect target MySQL - cluster. - properties: - name: - description: Secret Name - type: string - type: - description: Secret Type (e.g. gcp, raw, k8s) - enum: - - raw - - gcp - - k8s - type: string - required: - - name - - type - type: object - adminUser: - description: AdminUser is MySQL user to connect target MySQL cluster. - properties: - name: - description: Secret Name - type: string - type: - description: Secret Type (e.g. gcp, raw, k8s) - enum: - - raw - - gcp - - k8s - type: string - required: - - name - - type - type: object - host: - description: Host is MySQL host of target MySQL cluster. - type: string - port: - default: 3306 - description: Port is MySQL port of target MySQL cluster. - type: integer - required: - - adminPassword - - adminUser - - host - type: object - status: - description: MySQLStatus defines the observed state of MySQL - properties: - connected: - description: true if successfully connected to the MySQL cluster - type: boolean - dbCount: - default: 0 - description: The number of database in this MySQL - format: int32 - type: integer - reason: - description: Reason for connection failure - type: string - userCount: - default: 0 - description: The number of users in this MySQL - format: int32 - type: integer - required: - - dbCount - - userCount - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/nakamasato-mysql-operator/crds/mysqldb-crd.yaml b/charts/nakamasato-mysql-operator/crds/mysqldb-crd.yaml deleted file mode 100644 index 00a55b8c..00000000 --- a/charts/nakamasato-mysql-operator/crds/mysqldb-crd.yaml +++ /dev/null @@ -1,107 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: mysqldbs.mysql.nakamasato.com -spec: - group: mysql.nakamasato.com - names: - kind: MySQLDB - listKind: MySQLDBList - plural: mysqldbs - singular: mysqldb - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The phase of MySQLDB - jsonPath: .status.phase - name: Phase - type: string - - description: The reason for the current phase of this MySQLDB - jsonPath: .status.reason - name: Reason - type: string - - description: schema_migration table if schema migration is enabled. - jsonPath: .status.schemaMigration - name: SchemaMigration - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: MySQLDB is the Schema for the mysqldbs API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MySQLDBSpec defines the desired state of MySQLDB - properties: - dbName: - description: MySQL Database name - type: string - mysqlName: - description: MySQL (CRD) name to reference to, which decides the destination - MySQL server - type: string - schemaMigrationFromGitHub: - description: MySQL Database Schema Migrations from GitHub - properties: - owner: - type: string - path: - type: string - ref: - type: string - repo: - type: string - required: - - owner - - path - - repo - type: object - required: - - dbName - - mysqlName - type: object - status: - description: MySQLDBStatus defines the observed state of MySQLDB - properties: - phase: - description: The phase of database creation - type: string - reason: - description: The reason for the current phase - type: string - schemaMigration: - description: Schema Migration status - properties: - dirty: - type: boolean - version: - type: integer - required: - - dirty - - version - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/nakamasato-mysql-operator/crds/mysqluser-crd.yaml b/charts/nakamasato-mysql-operator/crds/mysqluser-crd.yaml deleted file mode 100644 index af75d520..00000000 --- a/charts/nakamasato-mysql-operator/crds/mysqluser-crd.yaml +++ /dev/null @@ -1,179 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: mysqlusers.mysql.nakamasato.com -spec: - group: mysql.nakamasato.com - names: - kind: MySQLUser - listKind: MySQLUserList - plural: mysqlusers - singular: mysqluser - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: true if MySQL user is created - jsonPath: .status.mysql_user_created - name: MySQLUser - type: boolean - - description: true if Secret is created - jsonPath: .status.secret_created - name: Secret - type: boolean - - description: The phase of this MySQLUser - jsonPath: .status.phase - name: Phase - type: string - - description: The reason for the current phase of this MySQLUser - jsonPath: .status.reason - name: Reason - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: MySQLUser is the Schema for the mysqlusers API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MySQLUserSpec defines the desired state of MySQLUser - properties: - grants: - description: Grants for the MySQL user - items: - description: Grant defines the privileges and the resource for a - MySQL user - properties: - "on": - description: Resource on which the privileges are applied - type: string - privileges: - description: Privileges for the MySQL user - type: string - required: - - "on" - - privileges - type: object - type: array - host: - default: '%' - description: MySQL hostname for MySQL account - type: string - mysqlName: - description: MySQL (CRD) name to reference to, which decides the destination - MySQL server - type: string - required: - - mysqlName - type: object - status: - description: MySQLUserStatus defines the observed state of MySQLUser - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - mysql_user_created: - default: false - description: true if MySQL user is created - type: boolean - phase: - type: string - reason: - type: string - secret_created: - default: false - description: true if Secret is created - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/nakamasato-mysql-operator/templates/_helpers.tpl b/charts/nakamasato-mysql-operator/templates/_helpers.tpl deleted file mode 100755 index 0a1dd23d..00000000 --- a/charts/nakamasato-mysql-operator/templates/_helpers.tpl +++ /dev/null @@ -1,57 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "chart.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "chart.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "chart.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{/* -Common labels -*/}} -{{- define "chart.labels" -}} -helm.sh/chart: {{ include "chart.chart" . }} -{{ include "chart.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} -{{/* -Selector labels -*/}} -{{- define "chart.selectorLabels" -}} -app.kubernetes.io/name: {{ include "chart.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} -{{/* -Create the name of the service account to use -*/}} -{{- define "chart.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "chart.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/nakamasato-mysql-operator/templates/deployment.yaml b/charts/nakamasato-mysql-operator/templates/deployment.yaml deleted file mode 100644 index 64cae9ef..00000000 --- a/charts/nakamasato-mysql-operator/templates/deployment.yaml +++ /dev/null @@ -1,126 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "chart.fullname" . }}-controller-manager - labels: - {{- include "chart.labels" . | nindent 4 }} - {{- if .Values.gcpServiceAccount }} - annotations: - iam.gke.io/gcp-service-account: {{ .Values.gcpServiceAccount }} - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "chart.fullname" . }}-controller-manager - labels: - control-plane: controller-manager - {{- include "chart.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.controllerManager.replicas }} - selector: - matchLabels: - control-plane: controller-manager - {{- include "chart.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - control-plane: controller-manager - {{- include "chart.selectorLabels" . | nindent 8 }} - spec: - containers: - - args: - - --leader-elect - {{- if eq .Values.cloudSecretManagerType "gcp" }} - - --cloud-secret-manager=gcp - {{- end }} - {{- if eq .Values.cloudSecretManagerType "k8s" }} - - --cloud-secret-manager=k8s - {{- end }} - command: - - /manager - image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag | default .Chart.AppVersion }} - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10 - }} - securityContext: - allowPrivilegeEscalation: false - {{- if eq .Values.cloudSecretManagerType "gcp" }} - {{- if .Values.gcpServiceAccount }} - env: - - name: PROJECT_ID - value: {{ .Values.gcpProjectId }} - {{- else }} - volumeMounts: - - name: gcp-sa-private-key - mountPath: /var/secrets/google - env: - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/secrets/google/sa-private-key.json - - name: PROJECT_ID - value: {{ .Values.gcpProjectId }} - {{- end }} - {{- end }} - {{- if eq .Values.cloudSecretManagerType "k8s" }} - env: - - name: WATCH_NAMESPACE - value: {{ .Release.Namespace }} - - name: SECRET_NAMESPACE - value: {{ .Release.Namespace }} - {{- end }} - # https://cloud.google.com/sql/docs/mysql/connect-instance-kubernetes#deploy_the_sample_app - {{- with .Values.cloudSQL }} - # If you are using the Go Connector (recommended), you can - # remove cloud-sql-proxy (everything below this line) - - name: cloud-sql-proxy - # This uses the latest version of the Cloud SQL Proxy - # It is recommended to use a specific version for production environments. - # See: https://github.com/GoogleCloudPlatform/cloudsql-proxy - image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:latest - args: - # If connecting from a VPC-native GKE cluster, you can use the - # following flag to have the proxy connect over private IP - {{- if .usePrivateIp }} - # - "--private-ip" - {{- end }} - - # If you are not connecting with Automatic IAM, you can delete - # the following flag. - {{- if .enableIamAuth }} - - "--auto-iam-authn" - {{- end }} - - # tcp should be set to the port the proxy should listen on - # and should match the DB_PORT value set above. - # Defaults: MySQL: 3306, Postgres: 5432, SQLServer: 1433 - - "--port=3306" - - {{ .instanceConnectionName }} - securityContext: - # The default Cloud SQL proxy image runs as the - # "nonroot" user and group (uid: 65532) by default. - runAsNonRoot: true - {{- end }} - - securityContext: - runAsNonRoot: true - serviceAccountName: {{ include "chart.fullname" . }}-controller-manager - terminationGracePeriodSeconds: 10 - {{- if and (eq .Values.cloudSecretManagerType "gcp") (empty .Values.gcpServiceAccount) }} - volumes: - - name: gcp-sa-private-key - secret: - secretName: gcp-sa-private-key - {{- end }} diff --git a/charts/nakamasato-mysql-operator/templates/leader-election-rbac.yaml b/charts/nakamasato-mysql-operator/templates/leader-election-rbac.yaml deleted file mode 100644 index d0e738e4..00000000 --- a/charts/nakamasato-mysql-operator/templates/leader-election-rbac.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "chart.fullname" . }}-leader-election-role - labels: - {{- include "chart.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "chart.fullname" . }}-leader-election-rolebinding - labels: - {{- include "chart.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: '{{ include "chart.fullname" . }}-leader-election-role' -subjects: -- kind: ServiceAccount - name: '{{ include "chart.fullname" . }}-controller-manager' - namespace: '{{ .Release.Namespace }}' diff --git a/charts/nakamasato-mysql-operator/templates/manager-config.yaml b/charts/nakamasato-mysql-operator/templates/manager-config.yaml deleted file mode 100644 index af5eaf38..00000000 --- a/charts/nakamasato-mysql-operator/templates/manager-config.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "chart.fullname" . }}-manager-config - labels: - {{- include "chart.labels" . | nindent 4 }} -data: - controller_manager_config.yaml: | - apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 - health: - healthProbeBindAddress: {{ .Values.managerConfig.controllerManagerConfigYaml.health.healthProbeBindAddress - | quote }} - kind: ControllerManagerConfig - leaderElection: - leaderElect: {{ .Values.managerConfig.controllerManagerConfigYaml.leaderElection.leaderElect - }} - resourceName: {{ .Values.managerConfig.controllerManagerConfigYaml.leaderElection.resourceName - | quote }} - metrics: - bindAddress: {{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindAddress - | quote }} - webhook: - port: {{ .Values.managerConfig.controllerManagerConfigYaml.webhook.port }} diff --git a/charts/nakamasato-mysql-operator/templates/manager-rbac.yaml b/charts/nakamasato-mysql-operator/templates/manager-rbac.yaml deleted file mode 100644 index 919f157b..00000000 --- a/charts/nakamasato-mysql-operator/templates/manager-rbac.yaml +++ /dev/null @@ -1,120 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "chart.fullname" . }}-manager-role - labels: - {{- include "chart.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update -- apiGroups: - - mysql.nakamasato.com - resources: - - mysqldbs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mysql.nakamasato.com - resources: - - mysqldbs/finalizers - verbs: - - update -- apiGroups: - - mysql.nakamasato.com - resources: - - mysqldbs/status - verbs: - - get - - patch - - update -- apiGroups: - - mysql.nakamasato.com - resources: - - mysqls - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mysql.nakamasato.com - resources: - - mysqls/finalizers - verbs: - - update -- apiGroups: - - mysql.nakamasato.com - resources: - - mysqls/status - verbs: - - get - - patch - - update -- apiGroups: - - mysql.nakamasato.com - resources: - - mysqlusers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mysql.nakamasato.com - resources: - - mysqlusers/finalizers - verbs: - - update -- apiGroups: - - mysql.nakamasato.com - resources: - - mysqlusers/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "chart.fullname" . }}-manager-rolebinding - labels: - {{- include "chart.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: '{{ include "chart.fullname" . }}-manager-role' -subjects: -- kind: ServiceAccount - name: '{{ include "chart.fullname" . }}-controller-manager' - namespace: '{{ .Release.Namespace }}' diff --git a/charts/nakamasato-mysql-operator/templates/metrics-reader-rbac.yaml b/charts/nakamasato-mysql-operator/templates/metrics-reader-rbac.yaml deleted file mode 100644 index ce5d8b5a..00000000 --- a/charts/nakamasato-mysql-operator/templates/metrics-reader-rbac.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "chart.fullname" . }}-metrics-reader - labels: - {{- include "chart.labels" . | nindent 4 }} -rules: -- nonResourceURLs: - - /metrics - verbs: - - get diff --git a/charts/nakamasato-mysql-operator/templates/metrics-service.yaml b/charts/nakamasato-mysql-operator/templates/metrics-service.yaml deleted file mode 100644 index ad532be1..00000000 --- a/charts/nakamasato-mysql-operator/templates/metrics-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "chart.fullname" . }}-metrics-service - labels: - control-plane: controller-manager - {{- include "chart.labels" . | nindent 4 }} -spec: - type: {{ .Values.metricsService.type }} - selector: - control-plane: controller-manager - {{- include "chart.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.metricsService.ports | toYaml | nindent 2 -}} diff --git a/charts/nakamasato-mysql-operator/templates/proxy-rbac.yaml b/charts/nakamasato-mysql-operator/templates/proxy-rbac.yaml deleted file mode 100644 index d40fc07d..00000000 --- a/charts/nakamasato-mysql-operator/templates/proxy-rbac.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "chart.fullname" . }}-proxy-role - labels: - {{- include "chart.labels" . | nindent 4 }} -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "chart.fullname" . }}-proxy-rolebinding - labels: - {{- include "chart.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: '{{ include "chart.fullname" . }}-proxy-role' -subjects: -- kind: ServiceAccount - name: '{{ include "chart.fullname" . }}-controller-manager' - namespace: '{{ .Release.Namespace }}' diff --git a/charts/nakamasato-mysql-operator/values.yaml b/charts/nakamasato-mysql-operator/values.yaml deleted file mode 100644 index 2e68a625..00000000 --- a/charts/nakamasato-mysql-operator/values.yaml +++ /dev/null @@ -1,38 +0,0 @@ -cloudSecretManagerType: raw # set gcp if you use GCP SecretManager -# gcpServiceAccount: GSA_NAME@GSA_PROJECT.iam.gserviceaccount.com -# gcpProjectId: -# cloudSQL: -# instanceConnectionName: -# enableIamAuth: false -# usePrivateIp: false -controllerManager: - manager: - image: - repository: ghcr.io/nakamasato/mysql-operator - tag: v0.3.3 - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 20Mi - replicas: 1 -managerConfig: - controllerManagerConfigYaml: - health: - healthProbeBindAddress: :8081 - leaderElection: - leaderElect: true - resourceName: dfc6d3c2.nakamasato.com - metrics: - bindAddress: 127.0.0.1:8080 - webhook: - port: 9443 -metricsService: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - type: ClusterIP