From a7ab50f161ff9e04470967418f4a93890a002eb7 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Sat, 14 Sep 2024 13:27:58 -0500 Subject: [PATCH] add coder --- .../cluster/postgrescluster.yaml | 5 ++ .../cluster/pushsecret.yaml | 30 ++++++++++++ .../default/coder/app/externalsecret.yaml | 27 +++++++++++ .../apps/default/coder/app/helmrelease.yaml | 48 +++++++++++++++++++ .../apps/default/coder/app/kustomization.yaml | 7 +++ kubernetes/apps/default/coder/ks.yaml | 24 ++++++++++ 6 files changed, 141 insertions(+) create mode 100644 kubernetes/apps/default/coder/app/externalsecret.yaml create mode 100644 kubernetes/apps/default/coder/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/coder/app/kustomization.yaml create mode 100644 kubernetes/apps/default/coder/ks.yaml diff --git a/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml b/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml index 28e2c4fd..edc3563f 100644 --- a/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml +++ b/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml @@ -75,6 +75,11 @@ spec: - autobrr password: type: AlphaNumeric + - name: coder + databases: + - coder + password: + type: AlphaNumeric - name: gatus databases: - gatus diff --git a/kubernetes/apps/database/crunchy-postgres-operator/cluster/pushsecret.yaml b/kubernetes/apps/database/crunchy-postgres-operator/cluster/pushsecret.yaml index 63a69a50..017b549b 100644 --- a/kubernetes/apps/database/crunchy-postgres-operator/cluster/pushsecret.yaml +++ b/kubernetes/apps/database/crunchy-postgres-operator/cluster/pushsecret.yaml @@ -278,3 +278,33 @@ spec: remoteRef: remoteKey: kasm property: KASM_POSTGRES_PASSWORD +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: coder +spec: + refreshInterval: 1h + secretStoreRefs: + - name: onepassword-connect + kind: ClusterSecretStore + selector: + secret: + name: postgres-pguser-coder + data: + - match: + secretKey: host + remoteRef: + remoteKey: coder + property: CODER_POSTGRES_HOST + - match: + secretKey: user + remoteRef: + remoteKey: coder + property: CODER_POSTGRES_USER + - match: + secretKey: password + remoteRef: + remoteKey: coder + property: CODER_POSTGRES_PASSWORD diff --git a/kubernetes/apps/default/coder/app/externalsecret.yaml b/kubernetes/apps/default/coder/app/externalsecret.yaml new file mode 100644 index 00000000..0dadf486 --- /dev/null +++ b/kubernetes/apps/default/coder/app/externalsecret.yaml @@ -0,0 +1,27 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: coder + namespace: default +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: coder-secret + creationPolicy: Owner + template: + engineVersion: v2 + data: + CODER__POSTGRES_HOST: "postgres-primary-real.database.svc" + CODER__POSTGRES_PORT: "5432" + CODER__POSTGRES_USER: "{{ .CODER_POSTGRES_USER }}" + CODER__POSTGRES_PASSWORD: "{{ .CODER_POSTGRES_PASSWORD }}" + CODER__POSTGRES_MAIN_DB: coder + CODER_PG_CONNECTION_URL: "postgres://{{ .CODER_POSTGRES_USER }}:{{ .CODER_POSTGRES_PASSWORD }}@postgres-primary-real.database.svc/coder" + + dataFrom: + - extract: + key: coder diff --git a/kubernetes/apps/default/coder/app/helmrelease.yaml b/kubernetes/apps/default/coder/app/helmrelease.yaml new file mode 100644 index 00000000..bf8038c0 --- /dev/null +++ b/kubernetes/apps/default/coder/app/helmrelease.yaml @@ -0,0 +1,48 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app coder +spec: + interval: 30m + chart: + spec: + chart: coder + version: 2.15.0 + sourceRef: + kind: HelmRepository + name: coder + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + coder: + podAnnotations: + secret.reloader.stakater.com/reload: coder-secret + env: + - name: CODER_ACCESS_URL + value: https://coder.hsn.dev + - name: CODER_WILDCARD_ACCESS_URL + value: "*.coder.hsn.dev" + - name: CODER_PROMETHEUS_ENABLE + value: "true" + envFrom: + - secretRef: + name: coder-secret + ingress: + enable: true + className: external-nginx + annotations: + external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" + external-dns.alpha.kubernetes.io/target: external.hsn.dev + + host: "coder.hsn.dev" + wildcardHost: "*.coder.hsn.dev" diff --git a/kubernetes/apps/default/coder/app/kustomization.yaml b/kubernetes/apps/default/coder/app/kustomization.yaml new file mode 100644 index 00000000..4eed917b --- /dev/null +++ b/kubernetes/apps/default/coder/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./externalsecret.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/default/coder/ks.yaml b/kubernetes/apps/default/coder/ks.yaml new file mode 100644 index 00000000..a30bb11e --- /dev/null +++ b/kubernetes/apps/default/coder/ks.yaml @@ -0,0 +1,24 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app coder + namespace: flux-system +spec: + targetNamespace: coder + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets-stores + - name: crunchy-postgres-operator-cluster + path: ./kubernetes/apps/default/coder/app + prune: false + sourceRef: + kind: GitRepository + name: theshire + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m