Aug 22, 2025 · Aug 21, 2025 · Aug 22, 2025 · Aug 22, 2025 · Aug 22, 2025 · Aug 22, 2025
diff --git a/scaletest/terraform/action/cf_dns.tf b/scaletest/terraform/action/cf_dns.tf
 data "cloudflare_zone" "domain" {
  name = var.cloudflare_domain
 }

 resource "cloudflare_record" "coder" {
  for_each = local.deployments
  zone_id  =var.cloudflare_zone_id
  zone_id  =data.cloudflare_zone.domain.zone_id
  name     = each.value.subdomain
  content  = google_compute_address.coder[each.key].address
  type     = "A"
diff --git a/scaletest/terraform/action/main.tf b/scaletest/terraform/action/main.tf
 provider "google" {
 }

 data "google_secret_manager_secret_version_access" "cloudflare_api_token_dns" {
  secret  = "cloudflare-api-token-dns"
  project = var.project_id
 }

 provider "cloudflare" {
  api_token = var.cloudflare_api_token
  api_token =coalesce(var.cloudflare_api_token, data.google_secret_manager_secret_version_access.cloudflare_api_token_dns.secret_data)
 }

 provider "kubernetes" {
diff --git a/scaletest/terraform/action/vars.tf b/scaletest/terraform/action/vars.tf
 // GCP
 variable "project_id" {
  description = "The project in which to provision resources"
  default     = "coder-scaletest"
 }

 variable "k8s_version" {
 variable "cloudflare_api_token" {
  description = "Cloudflare API token."
  sensitive   = true
 }

 variable "cloudflare_email" {
  description = "Cloudflare email address."
  sensitive   = true
  # only override if you want to change the cloudflare_domain; pulls the token for scaletest.dev from Google Secrets
  # Manager if null.
  default = null
 }

 variable "cloudflare_domain" {
  description = "Cloudflare coder domain."
 }

 variable "cloudflare_zone_id" {
  description = "Cloudflare zone ID."
  default     = "scaletest.dev"
 }

 // Coder
Original file line number	Diff line number	Diff line change
		@@ -1,6 +1,10 @@
		data "cloudflare_zone" "domain" {
		name = var.cloudflare_domain
		}

		resource "cloudflare_record" "coder" {
		for_each = local.deployments
		zone_id =var.cloudflare_zone_id
		zone_id =data.cloudflare_zone.domain.zone_id
		name = each.value.subdomain
		content = google_compute_address.coder[each.key].address
		type = "A"
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -46,8 +46,13 @@ terraform {
		provider "google" {
		}

		data "google_secret_manager_secret_version_access" "cloudflare_api_token_dns" {
		secret = "cloudflare-api-token-dns"
		project = var.project_id
		}

		provider "cloudflare" {
		api_token = var.cloudflare_api_token
		api_token =coalesce(var.cloudflare_api_token, data.google_secret_manager_secret_version_access.cloudflare_api_token_dns.secret_data)
		}

		provider "kubernetes" {
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -13,6 +13,7 @@ variable "scenario" {
		// GCP
		variable "project_id" {
		description = "The project in which to provision resources"
		default = "coder-scaletest"
		}

		variable "k8s_version" {
Expand All		@@ -24,19 +25,14 @@ variable "k8s_version" {
		variable "cloudflare_api_token" {
		description = "Cloudflare API token."
		sensitive = true
		}

		variable "cloudflare_email" {
		description = "Cloudflare email address."
		sensitive = true
		# only override if you want to change the cloudflare_domain; pulls the token for scaletest.dev from Google Secrets
		# Manager if null.
		default = null
		}

		variable "cloudflare_domain" {
		description = "Cloudflare coder domain."
		}

		variable "cloudflare_zone_id" {
		description = "Cloudflare zone ID."
		default = "scaletest.dev"
Copy link Member ethanndicksonAug 22, 2025• edited Loading Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. We haven't mentioned this domain publicly anywhere else, could omit it here? Copy link Member ethanndicksonAug 22, 2025• edited Loading Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Also, just realising, we should probably not use a hardcoded password on these coder deployments, now that they're accessible on the public web. Copy link ContributorAuthor spikecurtisAug 22, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. They've always been accessible on the public web. I agree we shouldn't use a hardcoded password; didn't realize we did.coder/internal#932 Beyond the scope of this PR. Copy link ContributorAuthor spikecurtisAug 22, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. We haven't mentioned this domain publicly anywhere else, could omit it here? If we're cagey about leaking details like this, we should move all this terraform into a private repo. We have an obvious choice in coder/scaletest WDYT@deansheather @jdomeracki-coder Copy link Member deansheatherAug 22, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. I do think we should move it to a private repo. I haven't heard of any customers using it, and a lot of it was clickops'd anyways so I don't see the point of keeping the Terraform public Copy link Contributor jdomeracki-coderAug 22, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. I think we definitely should move it 💯
		}

		// Coder
Expand Down