Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

chore(scaletest): add tls to infrastructure#19412

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
ethanndickson merged 1 commit intomainfromethan/tls-scaletest
Aug 25, 2025
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion.editorconfig
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -7,7 +7,7 @@ trim_trailing_whitespace = true
insert_final_newline =true
indent_style =tab

[*.{yaml,yml,tf,tfvars,nix}]
[*.{yaml,yml,tf,tftpl,tfvars,nix}]
indent_style =space
indent_size =2

Expand Down
11 changes: 10 additions & 1 deletionscaletest/terraform/action/cf_dns.tf
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -5,8 +5,17 @@ data "cloudflare_zone" "domain" {
resource "cloudflare_record" "coder" {
for_each = local.deployments
zone_id = data.cloudflare_zone.domain.zone_id
name = each.value.subdomain
name ="${each.value.subdomain}.${var.cloudflare_domain}"
content = google_compute_address.coder[each.key].address
type = "A"
ttl = 3600
}

resource "cloudflare_record" "coder_wildcard" {
for_each = local.deployments
zone_id = data.cloudflare_zone.domain.id
name = each.value.wildcard_subdomain
content = cloudflare_record.coder[each.key].name
type = "CNAME"
ttl = 3600
}
9 changes: 9 additions & 0 deletionsscaletest/terraform/action/coder_helm_values.tftpl
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -22,6 +22,8 @@ coder:
%{~ifworkspace_proxy ~}
- name:"CODER_ACCESS_URL"
value:"${access_url}"
- name:"CODER_WILDCARD_ACCESS_URL"
value:"${wildcard_access_url}"
- name: CODER_PRIMARY_ACCESS_URL
value:"${primary_url}"
- name: CODER_PROXY_SESSION_TOKEN
Expand All@@ -45,6 +47,8 @@ coder:
%{~if!workspace_proxy&&!provisionerd ~}
- name:"CODER_ACCESS_URL"
value:"${access_url}"
- name:"CODER_WILDCARD_ACCESS_URL"
value:"${wildcard_access_url}"
- name:"CODER_PG_CONNECTION_URL"
valueFrom:
secretKeyRef:
Expand DownExpand Up@@ -109,3 +113,8 @@ coder:
- emptyDir:
sizeLimit: 1024Mi
name: cache
%{~if!provisionerd ~}
tls:
secretNames:
-"${tls_secret_name}"
%{~ endif ~}
43 changes: 27 additions & 16 deletionsscaletest/terraform/action/gcp_clusters.tf
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -6,25 +6,31 @@ data "google_compute_default_service_account" "default" {
locals {
deployments = {
primary = {
subdomain = "${var.name}-scaletest"
url = "http://${var.name}-scaletest.${var.cloudflare_domain}"
region = "us-east1"
zone = "us-east1-c"
subnet = "scaletest"
subdomain = "primary.${var.name}"
wildcard_subdomain = "*.primary.${var.name}"
url = "https://primary.${var.name}.${var.cloudflare_domain}"
wildcard_access_url = "*.primary.${var.name}.${var.cloudflare_domain}"
region = "us-east1"
zone = "us-east1-c"
subnet = "scaletest"
}
europe = {
subdomain = "${var.name}-europe-scaletest"
url = "http://${var.name}-europe-scaletest.${var.cloudflare_domain}"
region = "europe-west1"
zone = "europe-west1-b"
subnet = "scaletest"
subdomain = "europe.${var.name}"
wildcard_subdomain = "*.europe.${var.name}"
url = "https://europe.${var.name}.${var.cloudflare_domain}"
wildcard_access_url = "*.europe.${var.name}.${var.cloudflare_domain}"
region = "europe-west1"
zone = "europe-west1-b"
subnet = "scaletest"
}
asia = {
subdomain = "${var.name}-asia-scaletest"
url = "http://${var.name}-asia-scaletest.${var.cloudflare_domain}"
region = "asia-southeast1"
zone = "asia-southeast1-a"
subnet = "scaletest"
subdomain = "asia.${var.name}"
wildcard_subdomain = "*.asia.${var.name}"
url = "https://asia.${var.name}.${var.cloudflare_domain}"
wildcard_access_url = "*.asia.${var.name}.${var.cloudflare_domain}"
region = "asia-southeast1"
zone = "asia-southeast1-a"
subnet = "scaletest"
}
}
node_pools = {
Expand DownExpand Up@@ -146,6 +152,11 @@ resource "google_container_node_pool" "node_pool" {
}
}
lifecycle {
ignore_changes = [management[0].auto_repair, management[0].auto_upgrade, timeouts]
ignore_changes = [
management[0].auto_repair,
management[0].auto_upgrade,
timeouts,
node_config[0].resource_labels
]
}
}
97 changes: 59 additions & 38 deletionsscaletest/terraform/action/k8s_coder_asia.tf
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -43,6 +43,23 @@ resource "kubernetes_secret" "proxy_token_asia" {
}
}

resource"kubernetes_secret""coder_tls_asia" {
provider=kubernetes.asia

type="kubernetes.io/tls"
metadata {
name="coder-tls"
namespace=kubernetes_namespace.coder_asia.metadata.0.name
}
data={
"tls.crt"= data.kubernetes_secret.coder_tls["asia"].data["tls.crt"]
"tls.key"= data.kubernetes_secret.coder_tls["asia"].data["tls.key"]
}
lifecycle {
ignore_changes=[timeouts,wait_for_service_account_token]
}
}

resource"helm_release""coder_asia" {
provider=helm.asia

Expand All@@ -52,25 +69,27 @@ resource "helm_release" "coder_asia" {
version=var.coder_chart_version
namespace=kubernetes_namespace.coder_asia.metadata.0.name
values=[templatefile("${path.module}/coder_helm_values.tftpl", {
workspace_proxy=true,
provisionerd=false,
primary_url= local.deployments.primary.url,
proxy_token= kubernetes_secret.proxy_token_asia.metadata.0.name,
db_secret=null,
ip_address= google_compute_address.coder["asia"].address,
provisionerd_psk=null,
access_url= local.deployments.asia.url,
node_pool= google_container_node_pool.node_pool["asia_coder"].name,
release_name= local.coder_release_name,
experiments= var.coder_experiments,
image_repo= var.coder_image_repo,
image_tag= var.coder_image_tag,
replicas= local.scenarios[var.scenario].coder.replicas,
cpu_request= local.scenarios[var.scenario].coder.cpu_request,
mem_request= local.scenarios[var.scenario].coder.mem_request,
cpu_limit= local.scenarios[var.scenario].coder.cpu_limit,
mem_limit= local.scenarios[var.scenario].coder.mem_limit,
deployment="asia",
workspace_proxy=true,
provisionerd=false,
primary_url= local.deployments.primary.url,
proxy_token= kubernetes_secret.proxy_token_asia.metadata.0.name,
db_secret=null,
ip_address= google_compute_address.coder["asia"].address,
provisionerd_psk=null,
access_url= local.deployments.asia.url,
wildcard_access_url= local.deployments.asia.wildcard_access_url,
node_pool= google_container_node_pool.node_pool["asia_coder"].name,
release_name= local.coder_release_name,
experiments= var.coder_experiments,
image_repo= var.coder_image_repo,
image_tag= var.coder_image_tag,
replicas= local.scenarios[var.scenario].coder.replicas,
cpu_request= local.scenarios[var.scenario].coder.cpu_request,
mem_request= local.scenarios[var.scenario].coder.mem_request,
cpu_limit= local.scenarios[var.scenario].coder.cpu_limit,
mem_limit= local.scenarios[var.scenario].coder.mem_limit,
deployment="asia",
tls_secret_name= kubernetes_secret.coder_tls_asia.metadata.0.name,
})]

depends_on=[null_resource.license]
Expand All@@ -85,25 +104,27 @@ resource "helm_release" "provisionerd_asia" {
version=var.provisionerd_chart_version
namespace=kubernetes_namespace.coder_asia.metadata.0.name
values=[templatefile("${path.module}/coder_helm_values.tftpl", {
workspace_proxy=false,
provisionerd=true,
primary_url=null,
proxy_token=null,
db_secret=null,
ip_address=null,
provisionerd_psk= kubernetes_secret.provisionerd_psk_asia.metadata.0.name,
access_url= local.deployments.primary.url,
node_pool= google_container_node_pool.node_pool["asia_coder"].name,
release_name= local.coder_release_name,
experiments= var.coder_experiments,
image_repo= var.coder_image_repo,
image_tag= var.coder_image_tag,
replicas= local.scenarios[var.scenario].provisionerd.replicas,
cpu_request= local.scenarios[var.scenario].provisionerd.cpu_request,
mem_request= local.scenarios[var.scenario].provisionerd.mem_request,
cpu_limit= local.scenarios[var.scenario].provisionerd.cpu_limit,
mem_limit= local.scenarios[var.scenario].provisionerd.mem_limit,
deployment="asia",
workspace_proxy=false,
provisionerd=true,
primary_url=null,
proxy_token=null,
db_secret=null,
ip_address=null,
provisionerd_psk= kubernetes_secret.provisionerd_psk_asia.metadata.0.name,
access_url= local.deployments.primary.url,
wildcard_access_url=null,
node_pool= google_container_node_pool.node_pool["asia_coder"].name,
release_name= local.coder_release_name,
experiments= var.coder_experiments,
image_repo= var.coder_image_repo,
image_tag= var.coder_image_tag,
replicas= local.scenarios[var.scenario].provisionerd.replicas,
cpu_request= local.scenarios[var.scenario].provisionerd.cpu_request,
mem_request= local.scenarios[var.scenario].provisionerd.mem_request,
cpu_limit= local.scenarios[var.scenario].provisionerd.cpu_limit,
mem_limit= local.scenarios[var.scenario].provisionerd.mem_limit,
deployment="asia",
tls_secret_name=null,
})]

depends_on=[null_resource.license]
Expand Down
97 changes: 59 additions & 38 deletionsscaletest/terraform/action/k8s_coder_europe.tf
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -43,6 +43,23 @@ resource "kubernetes_secret" "proxy_token_europe" {
}
}

resource"kubernetes_secret""coder_tls_europe" {
provider=kubernetes.europe

type="kubernetes.io/tls"
metadata {
name="coder-tls"
namespace=kubernetes_namespace.coder_europe.metadata.0.name
}
data={
"tls.crt"= data.kubernetes_secret.coder_tls["europe"].data["tls.crt"]
"tls.key"= data.kubernetes_secret.coder_tls["europe"].data["tls.key"]
}
lifecycle {
ignore_changes=[timeouts,wait_for_service_account_token]
}
}

resource"helm_release""coder_europe" {
provider=helm.europe

Expand All@@ -52,25 +69,27 @@ resource "helm_release" "coder_europe" {
version=var.coder_chart_version
namespace=kubernetes_namespace.coder_europe.metadata.0.name
values=[templatefile("${path.module}/coder_helm_values.tftpl", {
workspace_proxy=true,
provisionerd=false,
primary_url= local.deployments.primary.url,
proxy_token= kubernetes_secret.proxy_token_europe.metadata.0.name,
db_secret=null,
ip_address= google_compute_address.coder["europe"].address,
provisionerd_psk=null,
access_url= local.deployments.europe.url,
node_pool= google_container_node_pool.node_pool["europe_coder"].name,
release_name= local.coder_release_name,
experiments= var.coder_experiments,
image_repo= var.coder_image_repo,
image_tag= var.coder_image_tag,
replicas= local.scenarios[var.scenario].coder.replicas,
cpu_request= local.scenarios[var.scenario].coder.cpu_request,
mem_request= local.scenarios[var.scenario].coder.mem_request,
cpu_limit= local.scenarios[var.scenario].coder.cpu_limit,
mem_limit= local.scenarios[var.scenario].coder.mem_limit,
deployment="europe",
workspace_proxy=true,
provisionerd=false,
primary_url= local.deployments.primary.url,
proxy_token= kubernetes_secret.proxy_token_europe.metadata.0.name,
db_secret=null,
ip_address= google_compute_address.coder["europe"].address,
provisionerd_psk=null,
access_url= local.deployments.europe.url,
wildcard_access_url= local.deployments.europe.wildcard_access_url,
node_pool= google_container_node_pool.node_pool["europe_coder"].name,
release_name= local.coder_release_name,
experiments= var.coder_experiments,
image_repo= var.coder_image_repo,
image_tag= var.coder_image_tag,
replicas= local.scenarios[var.scenario].coder.replicas,
cpu_request= local.scenarios[var.scenario].coder.cpu_request,
mem_request= local.scenarios[var.scenario].coder.mem_request,
cpu_limit= local.scenarios[var.scenario].coder.cpu_limit,
mem_limit= local.scenarios[var.scenario].coder.mem_limit,
deployment="europe",
tls_secret_name= kubernetes_secret.coder_tls_europe.metadata.0.name,
})]

depends_on=[null_resource.license]
Expand All@@ -85,25 +104,27 @@ resource "helm_release" "provisionerd_europe" {
version=var.provisionerd_chart_version
namespace=kubernetes_namespace.coder_europe.metadata.0.name
values=[templatefile("${path.module}/coder_helm_values.tftpl", {
workspace_proxy=false,
provisionerd=true,
primary_url=null,
proxy_token=null,
db_secret=null,
ip_address=null,
provisionerd_psk= kubernetes_secret.provisionerd_psk_europe.metadata.0.name,
access_url= local.deployments.primary.url,
node_pool= google_container_node_pool.node_pool["europe_coder"].name,
release_name= local.coder_release_name,
experiments= var.coder_experiments,
image_repo= var.coder_image_repo,
image_tag= var.coder_image_tag,
replicas= local.scenarios[var.scenario].provisionerd.replicas,
cpu_request= local.scenarios[var.scenario].provisionerd.cpu_request,
mem_request= local.scenarios[var.scenario].provisionerd.mem_request,
cpu_limit= local.scenarios[var.scenario].provisionerd.cpu_limit,
mem_limit= local.scenarios[var.scenario].provisionerd.mem_limit,
deployment="europe",
workspace_proxy=false,
provisionerd=true,
primary_url=null,
proxy_token=null,
db_secret=null,
ip_address=null,
provisionerd_psk= kubernetes_secret.provisionerd_psk_europe.metadata.0.name,
access_url= local.deployments.primary.url,
wildcard_access_url=null,
node_pool= google_container_node_pool.node_pool["europe_coder"].name,
release_name= local.coder_release_name,
experiments= var.coder_experiments,
image_repo= var.coder_image_repo,
image_tag= var.coder_image_tag,
replicas= local.scenarios[var.scenario].provisionerd.replicas,
cpu_request= local.scenarios[var.scenario].provisionerd.cpu_request,
mem_request= local.scenarios[var.scenario].provisionerd.mem_request,
cpu_limit= local.scenarios[var.scenario].provisionerd.cpu_limit,
mem_limit= local.scenarios[var.scenario].provisionerd.mem_limit,
deployment="europe",
tls_secret_name=null,
})]

depends_on=[null_resource.license]
Expand Down
Loading
Loading
[8]ページ先頭
©2009-2025 Movatter.jp