Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit8ce3548

Browse files
committed
feat: add tls to scaletest infrastructure
1 parent82f2e15 commit8ce3548

File tree

10 files changed

+270
-133
lines changed

10 files changed

+270
-133
lines changed

‎.editorconfig‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ trim_trailing_whitespace = true
77
insert_final_newline =true
88
indent_style =tab
99

10-
[*.{yaml,yml,tf,tfvars,nix}]
10+
[*.{yaml,yml,tf,tftpl,tfvars,nix}]
1111
indent_style =space
1212
indent_size =2
1313

‎scaletest/terraform/action/cf_dns.tf‎

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,17 @@ data "cloudflare_zone" "domain" {
55
resource"cloudflare_record""coder" {
66
for_each=local.deployments
77
zone_id=data.cloudflare_zone.domain.zone_id
8-
name=each.value.subdomain
8+
name="${each.value.subdomain}.${var.cloudflare_domain}"
99
content=google_compute_address.coder[each.key].address
1010
type="A"
1111
ttl=3600
1212
}
13+
14+
resource"cloudflare_record""coder_wildcard" {
15+
for_each=local.deployments
16+
zone_id=data.cloudflare_zone.domain.id
17+
name=each.value.wildcard_subdomain
18+
content=cloudflare_record.coder[each.key].name
19+
type="CNAME"
20+
ttl=3600
21+
}

‎scaletest/terraform/action/coder_helm_values.tftpl‎

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ coder:
2222
%{~ifworkspace_proxy ~}
2323
- name:"CODER_ACCESS_URL"
2424
value:"${access_url}"
25+
- name:"CODER_WILDCARD_ACCESS_URL"
26+
value:"${wildcard_access_url}"
2527
- name: CODER_PRIMARY_ACCESS_URL
2628
value:"${primary_url}"
2729
- name: CODER_PROXY_SESSION_TOKEN
@@ -45,6 +47,8 @@ coder:
4547
%{~if!workspace_proxy&&!provisionerd ~}
4648
- name:"CODER_ACCESS_URL"
4749
value:"${access_url}"
50+
- name:"CODER_WILDCARD_ACCESS_URL"
51+
value:"${wildcard_access_url}"
4852
- name:"CODER_PG_CONNECTION_URL"
4953
valueFrom:
5054
secretKeyRef:
@@ -109,3 +113,8 @@ coder:
109113
- emptyDir:
110114
sizeLimit: 1024Mi
111115
name: cache
116+
%{~if!provisionerd ~}
117+
tls:
118+
secretNames:
119+
-"${tls_secret_name}"
120+
%{~ endif ~}

‎scaletest/terraform/action/gcp_clusters.tf‎

Lines changed: 27 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -6,25 +6,31 @@ data "google_compute_default_service_account" "default" {
66
locals {
77
deployments={
88
primary= {
9-
subdomain="${var.name}-scaletest"
10-
url="http://${var.name}-scaletest.${var.cloudflare_domain}"
11-
region="us-east1"
12-
zone="us-east1-c"
13-
subnet="scaletest"
9+
subdomain="primary.${var.name}"
10+
wildcard_subdomain="*.primary.${var.name}"
11+
url="https://primary.${var.name}.${var.cloudflare_domain}"
12+
wildcard_access_url="*.primary.${var.name}.${var.cloudflare_domain}"
13+
region="us-east1"
14+
zone="us-east1-c"
15+
subnet="scaletest"
1416
}
1517
europe= {
16-
subdomain="${var.name}-europe-scaletest"
17-
url="http://${var.name}-europe-scaletest.${var.cloudflare_domain}"
18-
region="europe-west1"
19-
zone="europe-west1-b"
20-
subnet="scaletest"
18+
subdomain="europe.${var.name}"
19+
wildcard_subdomain="*.europe.${var.name}"
20+
url="https://europe.${var.name}.${var.cloudflare_domain}"
21+
wildcard_access_url="*.europe.${var.name}.${var.cloudflare_domain}"
22+
region="europe-west1"
23+
zone="europe-west1-b"
24+
subnet="scaletest"
2125
}
2226
asia= {
23-
subdomain="${var.name}-asia-scaletest"
24-
url="http://${var.name}-asia-scaletest.${var.cloudflare_domain}"
25-
region="asia-southeast1"
26-
zone="asia-southeast1-a"
27-
subnet="scaletest"
27+
subdomain="asia.${var.name}"
28+
wildcard_subdomain="*.asia.${var.name}"
29+
url="https://asia.${var.name}.${var.cloudflare_domain}"
30+
wildcard_access_url="*.asia.${var.name}.${var.cloudflare_domain}"
31+
region="asia-southeast1"
32+
zone="asia-southeast1-a"
33+
subnet="scaletest"
2834
}
2935
}
3036
node_pools={
@@ -146,6 +152,11 @@ resource "google_container_node_pool" "node_pool" {
146152
}
147153
}
148154
lifecycle {
149-
ignore_changes=[management[0].auto_repair,management[0].auto_upgrade,timeouts]
155+
ignore_changes=[
156+
management[0].auto_repair,
157+
management[0].auto_upgrade,
158+
timeouts,
159+
node_config[0].resource_labels
160+
]
150161
}
151162
}

‎scaletest/terraform/action/k8s_coder_asia.tf‎

Lines changed: 59 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,23 @@ resource "kubernetes_secret" "proxy_token_asia" {
4343
}
4444
}
4545

46+
resource"kubernetes_secret""coder_tls_asia" {
47+
provider=kubernetes.asia
48+
49+
type="kubernetes.io/tls"
50+
metadata {
51+
name="coder-tls"
52+
namespace=kubernetes_namespace.coder_asia.metadata.0.name
53+
}
54+
data={
55+
"tls.crt"= data.kubernetes_secret.coder_tls["asia"].data["tls.crt"]
56+
"tls.key"= data.kubernetes_secret.coder_tls["asia"].data["tls.key"]
57+
}
58+
lifecycle {
59+
ignore_changes=[timeouts,wait_for_service_account_token]
60+
}
61+
}
62+
4663
resource"helm_release""coder_asia" {
4764
provider=helm.asia
4865

@@ -52,25 +69,27 @@ resource "helm_release" "coder_asia" {
5269
version=var.coder_chart_version
5370
namespace=kubernetes_namespace.coder_asia.metadata.0.name
5471
values=[templatefile("${path.module}/coder_helm_values.tftpl", {
55-
workspace_proxy=true,
56-
provisionerd=false,
57-
primary_url= local.deployments.primary.url,
58-
proxy_token= kubernetes_secret.proxy_token_asia.metadata.0.name,
59-
db_secret=null,
60-
ip_address= google_compute_address.coder["asia"].address,
61-
provisionerd_psk=null,
62-
access_url= local.deployments.asia.url,
63-
node_pool= google_container_node_pool.node_pool["asia_coder"].name,
64-
release_name= local.coder_release_name,
65-
experiments= var.coder_experiments,
66-
image_repo= var.coder_image_repo,
67-
image_tag= var.coder_image_tag,
68-
replicas= local.scenarios[var.scenario].coder.replicas,
69-
cpu_request= local.scenarios[var.scenario].coder.cpu_request,
70-
mem_request= local.scenarios[var.scenario].coder.mem_request,
71-
cpu_limit= local.scenarios[var.scenario].coder.cpu_limit,
72-
mem_limit= local.scenarios[var.scenario].coder.mem_limit,
73-
deployment="asia",
72+
workspace_proxy=true,
73+
provisionerd=false,
74+
primary_url= local.deployments.primary.url,
75+
proxy_token= kubernetes_secret.proxy_token_asia.metadata.0.name,
76+
db_secret=null,
77+
ip_address= google_compute_address.coder["asia"].address,
78+
provisionerd_psk=null,
79+
access_url= local.deployments.asia.url,
80+
wildcard_access_url= local.deployments.asia.wildcard_access_url,
81+
node_pool= google_container_node_pool.node_pool["asia_coder"].name,
82+
release_name= local.coder_release_name,
83+
experiments= var.coder_experiments,
84+
image_repo= var.coder_image_repo,
85+
image_tag= var.coder_image_tag,
86+
replicas= local.scenarios[var.scenario].coder.replicas,
87+
cpu_request= local.scenarios[var.scenario].coder.cpu_request,
88+
mem_request= local.scenarios[var.scenario].coder.mem_request,
89+
cpu_limit= local.scenarios[var.scenario].coder.cpu_limit,
90+
mem_limit= local.scenarios[var.scenario].coder.mem_limit,
91+
deployment="asia",
92+
tls_secret_name= kubernetes_secret.coder_tls_asia.metadata.0.name,
7493
})]
7594

7695
depends_on=[null_resource.license]
@@ -85,25 +104,27 @@ resource "helm_release" "provisionerd_asia" {
85104
version=var.provisionerd_chart_version
86105
namespace=kubernetes_namespace.coder_asia.metadata.0.name
87106
values=[templatefile("${path.module}/coder_helm_values.tftpl", {
88-
workspace_proxy=false,
89-
provisionerd=true,
90-
primary_url=null,
91-
proxy_token=null,
92-
db_secret=null,
93-
ip_address=null,
94-
provisionerd_psk= kubernetes_secret.provisionerd_psk_asia.metadata.0.name,
95-
access_url= local.deployments.primary.url,
96-
node_pool= google_container_node_pool.node_pool["asia_coder"].name,
97-
release_name= local.coder_release_name,
98-
experiments= var.coder_experiments,
99-
image_repo= var.coder_image_repo,
100-
image_tag= var.coder_image_tag,
101-
replicas= local.scenarios[var.scenario].provisionerd.replicas,
102-
cpu_request= local.scenarios[var.scenario].provisionerd.cpu_request,
103-
mem_request= local.scenarios[var.scenario].provisionerd.mem_request,
104-
cpu_limit= local.scenarios[var.scenario].provisionerd.cpu_limit,
105-
mem_limit= local.scenarios[var.scenario].provisionerd.mem_limit,
106-
deployment="asia",
107+
workspace_proxy=false,
108+
provisionerd=true,
109+
primary_url=null,
110+
proxy_token=null,
111+
db_secret=null,
112+
ip_address=null,
113+
provisionerd_psk= kubernetes_secret.provisionerd_psk_asia.metadata.0.name,
114+
access_url= local.deployments.primary.url,
115+
wildcard_access_url=null,
116+
node_pool= google_container_node_pool.node_pool["asia_coder"].name,
117+
release_name= local.coder_release_name,
118+
experiments= var.coder_experiments,
119+
image_repo= var.coder_image_repo,
120+
image_tag= var.coder_image_tag,
121+
replicas= local.scenarios[var.scenario].provisionerd.replicas,
122+
cpu_request= local.scenarios[var.scenario].provisionerd.cpu_request,
123+
mem_request= local.scenarios[var.scenario].provisionerd.mem_request,
124+
cpu_limit= local.scenarios[var.scenario].provisionerd.cpu_limit,
125+
mem_limit= local.scenarios[var.scenario].provisionerd.mem_limit,
126+
deployment="asia",
127+
tls_secret_name=null,
107128
})]
108129

109130
depends_on=[null_resource.license]

‎scaletest/terraform/action/k8s_coder_europe.tf‎

Lines changed: 59 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,23 @@ resource "kubernetes_secret" "proxy_token_europe" {
4343
}
4444
}
4545

46+
resource"kubernetes_secret""coder_tls_europe" {
47+
provider=kubernetes.europe
48+
49+
type="kubernetes.io/tls"
50+
metadata {
51+
name="coder-tls"
52+
namespace=kubernetes_namespace.coder_europe.metadata.0.name
53+
}
54+
data={
55+
"tls.crt"= data.kubernetes_secret.coder_tls["europe"].data["tls.crt"]
56+
"tls.key"= data.kubernetes_secret.coder_tls["europe"].data["tls.key"]
57+
}
58+
lifecycle {
59+
ignore_changes=[timeouts,wait_for_service_account_token]
60+
}
61+
}
62+
4663
resource"helm_release""coder_europe" {
4764
provider=helm.europe
4865

@@ -52,25 +69,27 @@ resource "helm_release" "coder_europe" {
5269
version=var.coder_chart_version
5370
namespace=kubernetes_namespace.coder_europe.metadata.0.name
5471
values=[templatefile("${path.module}/coder_helm_values.tftpl", {
55-
workspace_proxy=true,
56-
provisionerd=false,
57-
primary_url= local.deployments.primary.url,
58-
proxy_token= kubernetes_secret.proxy_token_europe.metadata.0.name,
59-
db_secret=null,
60-
ip_address= google_compute_address.coder["europe"].address,
61-
provisionerd_psk=null,
62-
access_url= local.deployments.europe.url,
63-
node_pool= google_container_node_pool.node_pool["europe_coder"].name,
64-
release_name= local.coder_release_name,
65-
experiments= var.coder_experiments,
66-
image_repo= var.coder_image_repo,
67-
image_tag= var.coder_image_tag,
68-
replicas= local.scenarios[var.scenario].coder.replicas,
69-
cpu_request= local.scenarios[var.scenario].coder.cpu_request,
70-
mem_request= local.scenarios[var.scenario].coder.mem_request,
71-
cpu_limit= local.scenarios[var.scenario].coder.cpu_limit,
72-
mem_limit= local.scenarios[var.scenario].coder.mem_limit,
73-
deployment="europe",
72+
workspace_proxy=true,
73+
provisionerd=false,
74+
primary_url= local.deployments.primary.url,
75+
proxy_token= kubernetes_secret.proxy_token_europe.metadata.0.name,
76+
db_secret=null,
77+
ip_address= google_compute_address.coder["europe"].address,
78+
provisionerd_psk=null,
79+
access_url= local.deployments.europe.url,
80+
wildcard_access_url= local.deployments.europe.wildcard_access_url,
81+
node_pool= google_container_node_pool.node_pool["europe_coder"].name,
82+
release_name= local.coder_release_name,
83+
experiments= var.coder_experiments,
84+
image_repo= var.coder_image_repo,
85+
image_tag= var.coder_image_tag,
86+
replicas= local.scenarios[var.scenario].coder.replicas,
87+
cpu_request= local.scenarios[var.scenario].coder.cpu_request,
88+
mem_request= local.scenarios[var.scenario].coder.mem_request,
89+
cpu_limit= local.scenarios[var.scenario].coder.cpu_limit,
90+
mem_limit= local.scenarios[var.scenario].coder.mem_limit,
91+
deployment="europe",
92+
tls_secret_name= kubernetes_secret.coder_tls_europe.metadata.0.name,
7493
})]
7594

7695
depends_on=[null_resource.license]
@@ -85,25 +104,27 @@ resource "helm_release" "provisionerd_europe" {
85104
version=var.provisionerd_chart_version
86105
namespace=kubernetes_namespace.coder_europe.metadata.0.name
87106
values=[templatefile("${path.module}/coder_helm_values.tftpl", {
88-
workspace_proxy=false,
89-
provisionerd=true,
90-
primary_url=null,
91-
proxy_token=null,
92-
db_secret=null,
93-
ip_address=null,
94-
provisionerd_psk= kubernetes_secret.provisionerd_psk_europe.metadata.0.name,
95-
access_url= local.deployments.primary.url,
96-
node_pool= google_container_node_pool.node_pool["europe_coder"].name,
97-
release_name= local.coder_release_name,
98-
experiments= var.coder_experiments,
99-
image_repo= var.coder_image_repo,
100-
image_tag= var.coder_image_tag,
101-
replicas= local.scenarios[var.scenario].provisionerd.replicas,
102-
cpu_request= local.scenarios[var.scenario].provisionerd.cpu_request,
103-
mem_request= local.scenarios[var.scenario].provisionerd.mem_request,
104-
cpu_limit= local.scenarios[var.scenario].provisionerd.cpu_limit,
105-
mem_limit= local.scenarios[var.scenario].provisionerd.mem_limit,
106-
deployment="europe",
107+
workspace_proxy=false,
108+
provisionerd=true,
109+
primary_url=null,
110+
proxy_token=null,
111+
db_secret=null,
112+
ip_address=null,
113+
provisionerd_psk= kubernetes_secret.provisionerd_psk_europe.metadata.0.name,
114+
access_url= local.deployments.primary.url,
115+
wildcard_access_url=null,
116+
node_pool= google_container_node_pool.node_pool["europe_coder"].name,
117+
release_name= local.coder_release_name,
118+
experiments= var.coder_experiments,
119+
image_repo= var.coder_image_repo,
120+
image_tag= var.coder_image_tag,
121+
replicas= local.scenarios[var.scenario].provisionerd.replicas,
122+
cpu_request= local.scenarios[var.scenario].provisionerd.cpu_request,
123+
mem_request= local.scenarios[var.scenario].provisionerd.mem_request,
124+
cpu_limit= local.scenarios[var.scenario].provisionerd.cpu_limit,
125+
mem_limit= local.scenarios[var.scenario].provisionerd.mem_limit,
126+
deployment="europe",
127+
tls_secret_name=null,
107128
})]
108129

109130
depends_on=[null_resource.license]

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp