Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit32bed26

Browse files
committed
feat: add tls to scaletest infrastructure
1 parent6553771 commit32bed26

File tree

10 files changed

+250
-143
lines changed

10 files changed

+250
-143
lines changed

‎.editorconfig‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ trim_trailing_whitespace = true
77
insert_final_newline =true
88
indent_style =tab
99

10-
[*.{yaml,yml,tf,tfvars,nix}]
10+
[*.{yaml,yml,tf,tftpl,tfvars,nix}]
1111
indent_style =space
1212
indent_size =2
1313

‎scaletest/terraform/action/cf_dns.tf‎

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,12 @@ resource "cloudflare_record" "coder" {
66
type="A"
77
ttl=3600
88
}
9+
10+
resource"cloudflare_record""coder_wildcard" {
11+
for_each=local.deployments
12+
zone_id=var.cloudflare_zone_id
13+
name=each.value.wildcard_subdomain
14+
content="${each.value.subdomain}.${var.cloudflare_domain}"
15+
type="CNAME"
16+
ttl=3600
17+
}

‎scaletest/terraform/action/coder_helm_values.tftpl‎

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ coder:
2222
%{~ifworkspace_proxy ~}
2323
- name:"CODER_ACCESS_URL"
2424
value:"${access_url}"
25+
- name:"CODER_WILDCARD_ACCESS_URL"
26+
value:"${wildcard_access_url}"
2527
- name: CODER_PRIMARY_ACCESS_URL
2628
value:"${primary_url}"
2729
- name: CODER_PROXY_SESSION_TOKEN
@@ -45,6 +47,8 @@ coder:
4547
%{~if!workspace_proxy&&!provisionerd ~}
4648
- name:"CODER_ACCESS_URL"
4749
value:"${access_url}"
50+
- name:"CODER_WILDCARD_ACCESS_URL"
51+
value:"${wildcard_access_url}"
4852
- name:"CODER_PG_CONNECTION_URL"
4953
valueFrom:
5054
secretKeyRef:
@@ -109,3 +113,8 @@ coder:
109113
- emptyDir:
110114
sizeLimit: 1024Mi
111115
name: cache
116+
%{~if!provisionerd ~}
117+
tls:
118+
secretNames:
119+
-"${tls_secret_name}"
120+
%{~ endif ~}

‎scaletest/terraform/action/gcp_clusters.tf‎

Lines changed: 21 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -6,25 +6,31 @@ data "google_compute_default_service_account" "default" {
66
locals {
77
deployments={
88
primary= {
9-
subdomain="${var.name}-scaletest"
10-
url="http://${var.name}-scaletest.${var.cloudflare_domain}"
11-
region="us-east1"
12-
zone="us-east1-c"
13-
subnet="scaletest"
9+
subdomain="primary.${var.name}"
10+
wildcard_subdomain="*.primary.${var.name}"
11+
url="https://primary.${var.name}.${var.cloudflare_domain}"
12+
wildcard_access_url="*.primary.${var.name}.${var.cloudflare_domain}"
13+
region="us-east1"
14+
zone="us-east1-c"
15+
subnet="scaletest"
1416
}
1517
europe= {
16-
subdomain="${var.name}-europe-scaletest"
17-
url="http://${var.name}-europe-scaletest.${var.cloudflare_domain}"
18-
region="europe-west1"
19-
zone="europe-west1-b"
20-
subnet="scaletest"
18+
subdomain="europe.${var.name}"
19+
wildcard_subdomain="*.europe.${var.name}"
20+
url="https://europe.${var.name}.${var.cloudflare_domain}"
21+
wildcard_access_url="*.europe.${var.name}.${var.cloudflare_domain}"
22+
region="europe-west1"
23+
zone="europe-west1-b"
24+
subnet="scaletest"
2125
}
2226
asia= {
23-
subdomain="${var.name}-asia-scaletest"
24-
url="http://${var.name}-asia-scaletest.${var.cloudflare_domain}"
25-
region="asia-southeast1"
26-
zone="asia-southeast1-a"
27-
subnet="scaletest"
27+
subdomain="asia.${var.name}"
28+
wildcard_subdomain="*.asia.${var.name}"
29+
url="https://asia.${var.name}.${var.cloudflare_domain}"
30+
wildcard_access_url="*.asia.${var.name}.${var.cloudflare_domain}"
31+
region="asia-southeast1"
32+
zone="asia-southeast1-a"
33+
subnet="scaletest"
2834
}
2935
}
3036
node_pools={

‎scaletest/terraform/action/k8s_coder_asia.tf‎

Lines changed: 59 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,23 @@ resource "kubernetes_secret" "proxy_token_asia" {
4343
}
4444
}
4545

46+
resource"kubernetes_secret""coder_tls_asia" {
47+
provider=kubernetes.asia
48+
49+
type="kubernetes.io/tls"
50+
metadata {
51+
name="coder-tls"
52+
namespace=kubernetes_namespace.coder_asia.metadata.0.name
53+
}
54+
data={
55+
"tls.crt"= data.kubernetes_secret.coder_tls["asia"].data["tls.crt"]
56+
"tls.key"= data.kubernetes_secret.coder_tls["asia"].data["tls.key"]
57+
}
58+
lifecycle {
59+
ignore_changes=[timeouts,wait_for_service_account_token]
60+
}
61+
}
62+
4663
resource"helm_release""coder_asia" {
4764
provider=helm.asia
4865

@@ -52,25 +69,27 @@ resource "helm_release" "coder_asia" {
5269
version=var.coder_chart_version
5370
namespace=kubernetes_namespace.coder_asia.metadata.0.name
5471
values=[templatefile("${path.module}/coder_helm_values.tftpl", {
55-
workspace_proxy=true,
56-
provisionerd=false,
57-
primary_url= local.deployments.primary.url,
58-
proxy_token= kubernetes_secret.proxy_token_asia.metadata.0.name,
59-
db_secret=null,
60-
ip_address= google_compute_address.coder["asia"].address,
61-
provisionerd_psk=null,
62-
access_url= local.deployments.asia.url,
63-
node_pool= google_container_node_pool.node_pool["asia_coder"].name,
64-
release_name= local.coder_release_name,
65-
experiments= var.coder_experiments,
66-
image_repo= var.coder_image_repo,
67-
image_tag= var.coder_image_tag,
68-
replicas= local.scenarios[var.scenario].coder.replicas,
69-
cpu_request= local.scenarios[var.scenario].coder.cpu_request,
70-
mem_request= local.scenarios[var.scenario].coder.mem_request,
71-
cpu_limit= local.scenarios[var.scenario].coder.cpu_limit,
72-
mem_limit= local.scenarios[var.scenario].coder.mem_limit,
73-
deployment="asia",
72+
workspace_proxy=true,
73+
provisionerd=false,
74+
primary_url= local.deployments.primary.url,
75+
proxy_token= kubernetes_secret.proxy_token_asia.metadata.0.name,
76+
db_secret=null,
77+
ip_address= google_compute_address.coder["asia"].address,
78+
provisionerd_psk=null,
79+
access_url= local.deployments.asia.url,
80+
wildcard_access_url= local.deployments.asia.wildcard_access_url,
81+
node_pool= google_container_node_pool.node_pool["asia_coder"].name,
82+
release_name= local.coder_release_name,
83+
experiments= var.coder_experiments,
84+
image_repo= var.coder_image_repo,
85+
image_tag= var.coder_image_tag,
86+
replicas= local.scenarios[var.scenario].coder.replicas,
87+
cpu_request= local.scenarios[var.scenario].coder.cpu_request,
88+
mem_request= local.scenarios[var.scenario].coder.mem_request,
89+
cpu_limit= local.scenarios[var.scenario].coder.cpu_limit,
90+
mem_limit= local.scenarios[var.scenario].coder.mem_limit,
91+
deployment="asia",
92+
tls_secret_name= kubernetes_secret.coder_tls_asia.metadata.0.name,
7493
})]
7594

7695
depends_on=[null_resource.license]
@@ -85,25 +104,27 @@ resource "helm_release" "provisionerd_asia" {
85104
version=var.provisionerd_chart_version
86105
namespace=kubernetes_namespace.coder_asia.metadata.0.name
87106
values=[templatefile("${path.module}/coder_helm_values.tftpl", {
88-
workspace_proxy=false,
89-
provisionerd=true,
90-
primary_url=null,
91-
proxy_token=null,
92-
db_secret=null,
93-
ip_address=null,
94-
provisionerd_psk= kubernetes_secret.provisionerd_psk_asia.metadata.0.name,
95-
access_url= local.deployments.primary.url,
96-
node_pool= google_container_node_pool.node_pool["asia_coder"].name,
97-
release_name= local.coder_release_name,
98-
experiments= var.coder_experiments,
99-
image_repo= var.coder_image_repo,
100-
image_tag= var.coder_image_tag,
101-
replicas= local.scenarios[var.scenario].provisionerd.replicas,
102-
cpu_request= local.scenarios[var.scenario].provisionerd.cpu_request,
103-
mem_request= local.scenarios[var.scenario].provisionerd.mem_request,
104-
cpu_limit= local.scenarios[var.scenario].provisionerd.cpu_limit,
105-
mem_limit= local.scenarios[var.scenario].provisionerd.mem_limit,
106-
deployment="asia",
107+
workspace_proxy=false,
108+
provisionerd=true,
109+
primary_url=null,
110+
proxy_token=null,
111+
db_secret=null,
112+
ip_address=null,
113+
provisionerd_psk= kubernetes_secret.provisionerd_psk_asia.metadata.0.name,
114+
access_url= local.deployments.primary.url,
115+
wildcard_access_url=null,
116+
node_pool= google_container_node_pool.node_pool["asia_coder"].name,
117+
release_name= local.coder_release_name,
118+
experiments= var.coder_experiments,
119+
image_repo= var.coder_image_repo,
120+
image_tag= var.coder_image_tag,
121+
replicas= local.scenarios[var.scenario].provisionerd.replicas,
122+
cpu_request= local.scenarios[var.scenario].provisionerd.cpu_request,
123+
mem_request= local.scenarios[var.scenario].provisionerd.mem_request,
124+
cpu_limit= local.scenarios[var.scenario].provisionerd.cpu_limit,
125+
mem_limit= local.scenarios[var.scenario].provisionerd.mem_limit,
126+
deployment="asia",
127+
tls_secret_name=null,
107128
})]
108129

109130
depends_on=[null_resource.license]

‎scaletest/terraform/action/k8s_coder_europe.tf‎

Lines changed: 59 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,23 @@ resource "kubernetes_secret" "proxy_token_europe" {
4343
}
4444
}
4545

46+
resource"kubernetes_secret""coder_tls_europe" {
47+
provider=kubernetes.europe
48+
49+
type="kubernetes.io/tls"
50+
metadata {
51+
name="coder-tls"
52+
namespace=kubernetes_namespace.coder_europe.metadata.0.name
53+
}
54+
data={
55+
"tls.crt"= data.kubernetes_secret.coder_tls["europe"].data["tls.crt"]
56+
"tls.key"= data.kubernetes_secret.coder_tls["europe"].data["tls.key"]
57+
}
58+
lifecycle {
59+
ignore_changes=[timeouts,wait_for_service_account_token]
60+
}
61+
}
62+
4663
resource"helm_release""coder_europe" {
4764
provider=helm.europe
4865

@@ -52,25 +69,27 @@ resource "helm_release" "coder_europe" {
5269
version=var.coder_chart_version
5370
namespace=kubernetes_namespace.coder_europe.metadata.0.name
5471
values=[templatefile("${path.module}/coder_helm_values.tftpl", {
55-
workspace_proxy=true,
56-
provisionerd=false,
57-
primary_url= local.deployments.primary.url,
58-
proxy_token= kubernetes_secret.proxy_token_europe.metadata.0.name,
59-
db_secret=null,
60-
ip_address= google_compute_address.coder["europe"].address,
61-
provisionerd_psk=null,
62-
access_url= local.deployments.europe.url,
63-
node_pool= google_container_node_pool.node_pool["europe_coder"].name,
64-
release_name= local.coder_release_name,
65-
experiments= var.coder_experiments,
66-
image_repo= var.coder_image_repo,
67-
image_tag= var.coder_image_tag,
68-
replicas= local.scenarios[var.scenario].coder.replicas,
69-
cpu_request= local.scenarios[var.scenario].coder.cpu_request,
70-
mem_request= local.scenarios[var.scenario].coder.mem_request,
71-
cpu_limit= local.scenarios[var.scenario].coder.cpu_limit,
72-
mem_limit= local.scenarios[var.scenario].coder.mem_limit,
73-
deployment="europe",
72+
workspace_proxy=true,
73+
provisionerd=false,
74+
primary_url= local.deployments.primary.url,
75+
proxy_token= kubernetes_secret.proxy_token_europe.metadata.0.name,
76+
db_secret=null,
77+
ip_address= google_compute_address.coder["europe"].address,
78+
provisionerd_psk=null,
79+
access_url= local.deployments.europe.url,
80+
wildcard_access_url= local.deployments.europe.wildcard_access_url,
81+
node_pool= google_container_node_pool.node_pool["europe_coder"].name,
82+
release_name= local.coder_release_name,
83+
experiments= var.coder_experiments,
84+
image_repo= var.coder_image_repo,
85+
image_tag= var.coder_image_tag,
86+
replicas= local.scenarios[var.scenario].coder.replicas,
87+
cpu_request= local.scenarios[var.scenario].coder.cpu_request,
88+
mem_request= local.scenarios[var.scenario].coder.mem_request,
89+
cpu_limit= local.scenarios[var.scenario].coder.cpu_limit,
90+
mem_limit= local.scenarios[var.scenario].coder.mem_limit,
91+
deployment="europe",
92+
tls_secret_name= kubernetes_secret.coder_tls_europe.metadata.0.name,
7493
})]
7594

7695
depends_on=[null_resource.license]
@@ -85,25 +104,27 @@ resource "helm_release" "provisionerd_europe" {
85104
version=var.provisionerd_chart_version
86105
namespace=kubernetes_namespace.coder_europe.metadata.0.name
87106
values=[templatefile("${path.module}/coder_helm_values.tftpl", {
88-
workspace_proxy=false,
89-
provisionerd=true,
90-
primary_url=null,
91-
proxy_token=null,
92-
db_secret=null,
93-
ip_address=null,
94-
provisionerd_psk= kubernetes_secret.provisionerd_psk_europe.metadata.0.name,
95-
access_url= local.deployments.primary.url,
96-
node_pool= google_container_node_pool.node_pool["europe_coder"].name,
97-
release_name= local.coder_release_name,
98-
experiments= var.coder_experiments,
99-
image_repo= var.coder_image_repo,
100-
image_tag= var.coder_image_tag,
101-
replicas= local.scenarios[var.scenario].provisionerd.replicas,
102-
cpu_request= local.scenarios[var.scenario].provisionerd.cpu_request,
103-
mem_request= local.scenarios[var.scenario].provisionerd.mem_request,
104-
cpu_limit= local.scenarios[var.scenario].provisionerd.cpu_limit,
105-
mem_limit= local.scenarios[var.scenario].provisionerd.mem_limit,
106-
deployment="europe",
107+
workspace_proxy=false,
108+
provisionerd=true,
109+
primary_url=null,
110+
proxy_token=null,
111+
db_secret=null,
112+
ip_address=null,
113+
provisionerd_psk= kubernetes_secret.provisionerd_psk_europe.metadata.0.name,
114+
access_url= local.deployments.primary.url,
115+
wildcard_access_url=null,
116+
node_pool= google_container_node_pool.node_pool["europe_coder"].name,
117+
release_name= local.coder_release_name,
118+
experiments= var.coder_experiments,
119+
image_repo= var.coder_image_repo,
120+
image_tag= var.coder_image_tag,
121+
replicas= local.scenarios[var.scenario].provisionerd.replicas,
122+
cpu_request= local.scenarios[var.scenario].provisionerd.cpu_request,
123+
mem_request= local.scenarios[var.scenario].provisionerd.mem_request,
124+
cpu_limit= local.scenarios[var.scenario].provisionerd.cpu_limit,
125+
mem_limit= local.scenarios[var.scenario].provisionerd.mem_limit,
126+
deployment="europe",
127+
tls_secret_name=null,
107128
})]
108129

109130
depends_on=[null_resource.license]

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp