Logs from the coder pod:Started HTTP listener at http://0.0.0.0:8080╔════════════════════════════════════╗║          View the Web UI:          ║║   https://coder.xxx.com            ║╚════════════════════════════════════╝2025-04-29 07:01:02.749 [erro]  connect to postgres failed ...    error= up:               github.com/coder/coder/v2/coderd/database/migrations.UpWithFS                   /home/runner/work/coder/coder/coderd/database/migrations/migrate.go:137             - no migration foundfor version 20241016151312:read downfor version 20241016151312 .: file does not existEncountered an error running"coder server", see"coder server --help"for more informationerror: connect to postgres: connect to postgres: migrate up: up: no migration foundfor version 20241016151312:read downfor version 20241016151312 .: file does not exist

resource"helm_release""coder" {repository="https://helm.coder.com/v2"chart="coder"name="coder"values=[file("${path.module}/manifests/coder.yaml")  ]set=[{    name="coder.env[1].name"    value="CODER_PG_CONNECTION_URL"  },{    name="coder.env[1].value"    value= data.kubernetes_secret_v1.db_credentials.data["uri"]   }]}

# coder -- Primary configuration for `coder server`.coder:# coder.env -- The environment variables to set for Coder. These can be used# to configure all aspects of `coder server`. Please see `coder server --help`# for information about what environment variables can be set.# Note: The following environment variables are set by default and cannot be# overridden:# - CODER_HTTP_ADDRESS: set to 0.0.0.0:8080 and cannot be changed.# - CODER_TLS_ADDRESS: set to 0.0.0.0:8443 if tls.secretName is not empty.# - CODER_TLS_ENABLE: set if tls.secretName is not empty.# - CODER_TLS_CERT_FILE: set if tls.secretName is not empty.# - CODER_TLS_KEY_FILE: set if tls.secretName is not empty.# - CODER_PROMETHEUS_ADDRESS: set to 0.0.0.0:2112 and cannot be changed.#   Prometheus must still be enabled by setting CODER_PROMETHEUS_ENABLE.# - KUBE_POD_IP# - CODER_DERP_SERVER_RELAY_URL## We will additionally set CODER_ACCESS_URL if unset to the cluster service# URL, unless coder.envUseClusterAccessURL is set to false.env:    -name:"CODER_ACCESS_URL"value:"https://coder.xxx.com"# coder.envFrom -- Secrets or ConfigMaps to use for Coder's environment# variables. If you want one environment variable read from a secret, then use# coder.env valueFrom. See the K8s docs for valueFrom here:# https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data## If setting CODER_ACCESS_URL in coder.envFrom, then you must set# coder.envUseClusterAccessURL to false.envFrom:[]# - configMapRef:#     name: coder-config# - secretRef:#     name: coder-config# coder.envUseClusterAccessURL -- Determines whether the CODER_ACCESS_URL env# is added to coder.env if it's not already set there. Set this to false if# defining CODER_ACCESS_URL in coder.envFrom to avoid conflicts.envUseClusterAccessURL:true# coder.image -- The image to use for Coder.image:# coder.image.repo -- The repository of the image.repo:"ghcr.io/coder/coder"# coder.image.tag -- The tag of the image, defaults to {{.Chart.AppVersion}}# if not set. If you're using the chart directly from git, the default# app version will not work and you'll need to set this value. The helm# chart helpfully fails quickly in this case.tag:""# coder.image.pullPolicy -- The pull policy to use for the image. See:# https://kubernetes.io/docs/concepts/containers/images/#image-pull-policypullPolicy:IfNotPresent# coder.image.pullSecrets -- The secrets used for pulling the Coder image from# a private registry.pullSecrets:[]#  - name: "pull-secret"# coder.initContainers -- Init containers for the deployment. See:# https://kubernetes.io/docs/concepts/workloads/pods/init-containers/initContainers:[]# - name: init-container#   image: busybox:1.28#   command: ['sh', '-c', "sleep 2"]# coder.annotations -- The Deployment annotations. See:# https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/annotations:{}# coder.labels -- The Deployment labels. See:# https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/labels:{}# coder.podAnnotations -- The Coder pod annotations. See:# https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/podAnnotations:{}# coder.podLabels -- The Coder pod labels. See:# https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/podLabels:{}# coder.serviceAccount -- Configuration for the automatically created service# account. Creation of the service account cannot be disabled.serviceAccount:# coder.serviceAccount.workspacePerms -- Whether or not to grant the coder# service account permissions to manage workspaces. This includes# permission to manage pods and persistent volume claims in the deployment# namespace.## It is recommended to keep this on if you are using Kubernetes templates# within Coder.workspacePerms:true# coder.serviceAccount.enableDeployments -- Provides the service account# permission to manage Kubernetes deployments. Depends on workspacePerms.enableDeployments:true# coder.serviceAccount.extraRules -- Additional permissions added to the SA# role. Depends on workspacePerms.extraRules:[]# - apiGroups: [""]#   resources: ["services"]#   verbs:#     - create#     - delete#     - deletecollection#     - get#     - list#     - patch#     - update#     - watch# coder.serviceAccount.annotations -- The Coder service account annotations.annotations:{}# coder.serviceAccount.name -- The service account namename:coder# coder.serviceAccount.disableCreate -- Whether to create the service account or use existing service account.disableCreate:false# coder.securityContext -- Fields related to the container's security# context (as opposed to the pod). Some fields are also present in the pod# security context, in which case these values will take precedence.securityContext:# coder.securityContext.runAsNonRoot -- Requires that the coder container# runs as an unprivileged user. If setting runAsUser to 0 (root), this# will need to be set to false.runAsNonRoot:true# coder.securityContext.runAsUser -- Sets the user id of the container.# For security reasons, we recommend using a non-root user.runAsUser:1000# coder.securityContext.runAsGroup -- Sets the group id of the container.# For security reasons, we recommend using a non-root group.runAsGroup:1000# coder.securityContext.readOnlyRootFilesystem -- Mounts the container's# root filesystem as read-only.readOnlyRootFilesystem:null# coder.securityContext.seccompProfile -- Sets the seccomp profile for# the coder container.seccompProfile:type:RuntimeDefault# coder.securityContext.allowPrivilegeEscalation -- Controls whether# the container can gain additional privileges, such as escalating to# root. It is recommended to leave this setting disabled in production.allowPrivilegeEscalation:false# coder.volumes -- A list of extra volumes to add to the Coder pod.volumes:[]# - name: "my-volume"#   emptyDir: {}# coder.volumeMounts -- A list of extra volume mounts to add to the Coder pod.volumeMounts:[]# - name: "my-volume"#   mountPath: "/mnt/my-volume"# coder.tls -- The TLS configuration for Coder.tls:# coder.tls.secretNames -- A list of TLS server certificate secrets to mount# into the Coder pod. The secrets should exist in the same namespace as the# Helm deployment and should be of type "kubernetes.io/tls". The secrets# will be automatically mounted into the pod if specified, and the correct# "CODER_TLS_*" environment variables will be set for you.secretNames:[]# coder.replicaCount -- The number of Kubernetes deployment replicas. This# should only be increased if High Availability is enabled.## This is an Enterprise feature. Contact sales@coder.com.replicaCount:1# coder.workspaceProxy -- Whether or not this deployment of Coder is a Coder# Workspace Proxy. Workspace Proxies reduce the latency between the user and# their workspace for web connections (workspace apps and web terminal) and# proxied connections from the CLI. Workspace Proxies are optional and only# recommended for geographically sparse teams.## Make sure you set CODER_PRIMARY_ACCESS_URL and CODER_PROXY_SESSION_TOKEN in# the environment below. You can get a proxy token using the CLI:#   coder wsproxy create \#     --name "proxy-name" \#     --display-name "Proxy Name" \#     --icon "/emojis/xyz.png"## This is an Enterprise feature. Contact sales@coder.com# Docs: https://coder.com/docs/admin/workspace-proxiesworkspaceProxy:false# coder.lifecycle -- container lifecycle handlers for the Coder container, allowing# for lifecycle events such as postStart and preStop events# See: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/lifecycle:{}# postStart:#   exec:#     command: ["/bin/sh", "-c", "echo postStart"]# preStop:#   exec:#     command: ["/bin/sh","-c","echo preStart"]# coder.resources -- The resources to request for Coder. The below values are# defaults and can be overridden.resources:# limits:#  cpu: 2000m#  memory: 4096Mi# requests:#  cpu: 2000m#  memory: 4096Mi# coder.certs -- CA bundles to mount inside the Coder pod.certs:# coder.certs.secrets -- A list of CA bundle secrets to mount into the Coder# pod. The secrets should exist in the same namespace as the Helm# deployment.## The given key in each secret is mounted at# `/etc/ssl/certs/{secret_name}.crt`.secrets:[]# - name: "my-ca-bundle"#   key: "ca-bundle.crt"# coder.affinity -- Allows specifying an affinity rule for the `coder` deployment.# The default rule prefers to schedule coder pods on different# nodes, which is only applicable if coder.replicaCount is greater than 1.affinity:podAntiAffinity:preferredDuringSchedulingIgnoredDuringExecution:        -podAffinityTerm:labelSelector:matchExpressions:                -key:app.kubernetes.io/instanceoperator:Invalues:                    -"coder"topologyKey:kubernetes.io/hostnameweight:1topologySpreadConstraints:# - maxSkew: 1#   topologyKey: kubernetes.io/hostname#   whenUnsatisfiable: DoNotSchedule#   labelSelector:#     matchLabels:#       app.kubernetes.io/instance: coder# coder.tolerations -- Tolerations for tainted nodes.# See: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/tolerations:[]# - key: "key"#   operator: "Equal"#   value: "value"#   effect: "NoSchedule"# coder.nodeSelector -- Node labels for constraining coder pods to nodes.# See: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselectornodeSelector:{}#  kubernetes.io/os: linux# coder.service -- The Service object to expose for Coder.service:# coder.service.enable -- Whether to create the Service object.enable:true# coder.service.type -- The type of service to expose. See:# https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-typestype:LoadBalancer# coder.service.sessionAffinity -- Must be set to ClientIP or None# AWS ELB does not support session stickiness based on ClientIP, so you must set this to None.# The error message you might see: "Unsupported load balancer affinity: ClientIP"# https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinitysessionAffinity:None# coder.service.externalTrafficPolicy -- The external traffic policy to use.# You may need to change this to "Local" to preserve the source IP address# in some situations.# https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ipexternalTrafficPolicy:Cluster# coder.service.loadBalancerIP -- The IP address of the LoadBalancer. If not# specified, a new IP will be generated each time the load balancer is# recreated. It is recommended to manually create a static IP address in# your cloud and specify it here in production to avoid accidental IP# address changes.loadBalancerIP:""# coder.service.loadBalancerClass -- The class name of the LoadBalancer. See:# https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-classloadBalancerClass:""# coder.service.annotations -- The service annotations. See:# https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancerannotations:{}# coder.service.httpNodePort -- Enabled if coder.service.type is set to# NodePort or LoadBalancer. If not set, Kubernetes will allocate a port from the default# range, 30000-32767.httpNodePort:""# coder.service.httpsNodePort -- Enabled if coder.service.type is set to# NodePort or LoadBalancer. If not set, Kubernetes will allocate a port from the default# range, 30000-32767.httpsNodePort:""# coder.ingress -- The Ingress object to expose for Coder.ingress:# coder.ingress.enable -- Whether to create the Ingress object. If using an# Ingress, we recommend not specifying coder.tls.secretNames as the Ingress# will handle TLS termination.enable:true# coder.ingress.className -- The name of the Ingress class to use.className:"nginx"# coder.ingress.host -- The hostname to match on.# Be sure to also set CODER_ACCESS_URL within coder.env[]host:"coder.xxx.com"# coder.ingress.wildcardHost -- The wildcard hostname to match on. Should be# in the form "*.example.com" or "*-suffix.example.com". If you are using a# suffix after the wildcard, the suffix will be stripped from the created# ingress to ensure that it is a legal ingress host. Optional if not using# applications over subdomains.# Be sure to also set CODER_WILDCARD_ACCESS_URL within coder.env[]wildcardHost:""# coder.ingress.annotations -- The ingress annotations.annotations:{}# coder.ingress.tls -- The TLS configuration to use for the Ingress.tls:# coder.ingress.tls.enable -- Whether to enable TLS on the Ingress.enable:true# coder.ingress.tls.secretName -- The name of the TLS secret to use.secretName:"coder-tls"# coder.ingress.tls.wildcardSecretName -- The name of the TLS secret to# use for the wildcard host.wildcardSecretName:""# coder.command -- The command to use when running the Coder container. Used# for customizing the location of the `coder` binary in your image.command:    -/opt/coder# coder.commandArgs -- Set arguments for the entrypoint command of the Coder pod.commandArgs:[]# provisionerDaemon -- Configuration for external provisioner daemons.## This is an Enterprise feature. Contact sales@coder.com.provisionerDaemon:# provisionerDaemon.pskSecretName -- The name of the Kubernetes secret that contains the# Pre-Shared Key (PSK) to use to authenticate external provisioner daemons with Coder.  The# secret must be in the same namespace as the Helm deployment, and contain an item called "psk"# which contains the pre-shared key.pskSecretName:""# extraTemplates -- Array of extra objects to deploy with the release. Strings# are evaluated as a template and can use template expansions and functions. All# other objects are used as yaml.extraTemplates:#- |#    apiVersion: v1#    kind: ConfigMap#    metadata:#      name: my-configmap#    data: