From 1f72e0209013af5bc3c583951b4bcd85fe50f19e Mon Sep 17 00:00:00 2001 From: Garrett Date: Tue, 3 Aug 2021 21:14:43 +0000 Subject: [PATCH 1/2] remove envproxy references from chart --- templates/NOTES.txt | 5 -- templates/_common.tpl | 20 ----- templates/_ingress.tpl | 2 - templates/coderd.yaml | 9 --- templates/envproxy.yaml | 157 ---------------------------------------- templates/ingress.yaml | 21 ------ templates/psp.yaml | 3 - templates/rbac.yaml | 2 +- 8 files changed, 1 insertion(+), 218 deletions(-) delete mode 100644 templates/envproxy.yaml diff --git a/templates/NOTES.txt b/templates/NOTES.txt index e08d8b2e..fc968629 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -41,11 +41,6 @@ Deprecated: The "dashboard" Kubernetes Service has been merged with "coderd". {{- end }} {{ end }} -{{- if gt (len (keys (.Values.envproxy | dict))) 1 }} -Deprecated: The "envproxy" Kubernetes Service has been merged with "coderd". - ✗ All "envproxy.*" values can be safely removed. - ✗ Workspaces will need to be rebuilt after this change. -{{ end }} {{- else }} {{- if eq (include "coder.hasNginxIngress" .) "true" }} Deprecated: The "nginx" ingress controller will be removed in a future release. diff --git a/templates/_common.tpl b/templates/_common.tpl index 75663768..0731d9b2 100644 --- a/templates/_common.tpl +++ b/templates/_common.tpl @@ -117,32 +117,12 @@ tolerations: {{- end }} {{- end }} {{- end }} -{{/* - coder.envproxy.accessURL is a URL for accessing the envproxy. -*/}} -{{- define "coder.envproxy.accessURL" }} -{{- if ne (merge .Values dict | dig "envproxy" "accessURL" "") "" }} -{{- .Values.envproxy.accessURL -}} -{{- else if ne (merge .Values dict | dig "ingress" "host" "") "" }} - {{- if .Values.ingress.tls.enable -}} - https:// - {{- else -}} - http:// - {{- end -}} - {{- .Values.ingress.host }} -{{- else }} -{{- end }} -{{- end }} {{/* coder.cluster.accessURL is a URL for accessing the Kubernetes cluster. */}} {{- define "coder.cluster.accessURL" }} -{{- if ne (merge .Values dict | dig "envproxy" "clusterAddress" "") "" }} -{{- .Values.envproxy.clusterAddress -}} -{{- else -}} https://kubernetes.default{{ include "movedValue" (dict "Values" .Values "Key" "services.clusterDomainSuffix") }}:443 {{- end }} -{{- end }} {{/* coder.services.nodeSelector adds nodeSelectors if any are specified to diff --git a/templates/_ingress.tpl b/templates/_ingress.tpl index 72e219e7..a9bac6af 100644 --- a/templates/_ingress.tpl +++ b/templates/_ingress.tpl @@ -25,8 +25,6 @@ {{- define "coder.hasNginxIngress" }} {{- if (lookup "v1" "Service" .Release.Namespace "ingress-nginx") -}} true -{{- else if (lookup "v1" "Service" .Release.Namespace "envproxy") -}} -true {{- else -}} false {{- end }} diff --git a/templates/coderd.yaml b/templates/coderd.yaml index 35103565..5660e051 100644 --- a/templates/coderd.yaml +++ b/templates/coderd.yaml @@ -135,15 +135,6 @@ spec: - name: TRUST_PROXY_IP value: {{ .Values.coderd.trustProxyIP | quote }} {{- end }} - {{- if not .Values.coderd.satellite.enable }} - {{- if eq (include "coder.useServiceNext" .) "false" }} - - name: BUILT_IN_ENVPROXY_TOKEN - valueFrom: - secretKeyRef: - name: built-in-envproxy-token - key: token - {{- end }} - {{- end }} {{- if .Values.coderd.satellite.enable }} - name: CODER_SATELLITE_PRIVATE_KEY valueFrom: diff --git a/templates/envproxy.yaml b/templates/envproxy.yaml deleted file mode 100644 index 18a33b4d..00000000 --- a/templates/envproxy.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- if eq (include "coder.useServiceNext" .) "false" }} -{{- /* Don't deploy envproxy on replica */}} -{{- if not .Values.coderd.satellite.enable }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: built-in-envproxy-token - namespace: {{ .Release.Namespace | quote }} -type: Opaque -# Adapted from https://stackoverflow.com/a/64325744 -data: - {{- if (lookup "v1" "Secret" .Release.Namespace "built-in-envproxy-token") }} - token: {{ (lookup "v1" "Secret" .Release.Namespace "built-in-envproxy-token").data.token }} - {{- else }} - token: {{ randAlphaNum 32 | b64enc }} - {{- end }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - coder.deployment: envproxy - name: envproxy - namespace: {{ .Release.Namespace | quote }} - annotations: - {{- range $key, $value := fromYaml (include "movedValue" (dict "Values" .Values "Key" "services.annotations")) }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - replicas: {{ merge .Values dict | dig "envproxy" "replicas" 1 }} - strategy: - rollingUpdate: - maxSurge: "25%" - maxUnavailable: "25%" - selector: - matchLabels: - coder.deployment: envproxy - template: - metadata: - labels: - coder.deployment: envproxy - annotations: - {{- range $key, $value := fromYaml (include "movedValue" (dict "Values" .Values "Key" "services.annotations")) }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - securityContext: - runAsNonRoot: true - restartPolicy: Always - # 4 hours - terminationGracePeriodSeconds: {{ merge .Values dict | dig "envproxy" "terminationGracePeriodSeconds" 30 }} - # envproxy itself doesn't use this service account, but instead forwards - # the account token to the cemanager. - serviceAccountName: coder -{{- include "coder.services.nodeSelector" . | indent 6 }} -{{- include "coder.serviceTolerations" . | indent 6 }} - containers: - - name: envproxy - image: {{ merge .Values dict | dig "envproxy" "image" "" | quote }} - imagePullPolicy: Always - ports: - - name: tcp-envproxy - containerPort: 8080 -{{- if eq (merge .Values dict | dig "ssh" "enable" true) true }} - - name: ssh-envproxy - containerPort: 2222 -{{- end}} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: {{ merge .Values dict | dig "envproxy" "securityContext" "readOnlyRootFilesystem" true }} - # envproxy is a daemon service, no need to allocate a tty for it. - tty: false - env: - - name: HUMAN_LOG - value: {{ .Values.logging.human | quote }} - - name: JSON_LOG - value: {{ .Values.logging.json | quote }} - - name: STACKDRIVER_LOG - value: {{ .Values.logging.stackdriver | quote }} - - name: VERBOSE - value: "true" - - name: SPLUNK_URL - value: {{ .Values.logging.splunk.url | quote }} - - name: SPLUNK_TOKEN - value: {{ .Values.logging.splunk.token | quote }} - - name: SPLUNK_CHANNEL - value: {{ .Values.logging.splunk.channel | quote }} - - name: CLUSTER_ADDRESS - value: {{ include "coder.cluster.accessURL" . | quote }} - - name: CLUSTER_DOMAIN_SUFFIX - value: {{ include "movedValue" (dict "Values" .Values "Key" "services.clusterDomainSuffix") | quote }} - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ENVPROXY_ACCESS_URL - value: {{ include "coder.envproxy.accessURL" . | quote }} - - name: ENVIRONMENT_SA_NAME - value: "" - - name: SSH_ENABLED - value: {{ merge .Values dict | dig "ssh" "enable" true | quote }} - - name: CEMANAGER_ACCESS_URL - value: {{ include "coder.accessURL" . | quote }} - - name: CEMANAGER_TOKEN - valueFrom: - secretKeyRef: - name: built-in-envproxy-token - key: token - - name: STORAGE_CLASS - value: {{ .Values.storageClassName | quote }} - - name: DEVURL_HOST - value: {{ include "movedValue" (dict "Values" .Values "Key" "coderd.devurlsHost") }} - command: - - /entrypoint.sh - - envproxy - - run - readinessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 10 - failureThreshold: 7 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 10 - failureThreshold: 7 - periodSeconds: 10 -{{- include "coder.resources" (merge .Values dict | dig "envproxy" "resources" dict) | indent 10 }} -{{- include "coder.volumeMounts" . | indent 10 }} -{{- include "coder.volumes" . | indent 6 }} - ---- -apiVersion: v1 -kind: Service -metadata: - name: envproxy - namespace: {{ .Release.Namespace | quote }} -spec: - type: {{ .Values.serviceType | quote }} - selector: - coder.deployment: envproxy - ports: - - name: tcp-envproxy - port: 8080 - protocol: TCP -{{- if eq (merge .Values dict | dig "ssh" "enable" true) true}} - - name: tcp-ssh - port: 2222 - protocol: TCP -{{- end }} -{{- end }} -{{- end }} diff --git a/templates/ingress.yaml b/templates/ingress.yaml index 66f987a5..1633bf65 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -33,8 +33,6 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx -data: - 22: "{{ .Release.Namespace }}/envproxy:2222" --- kind: ConfigMap apiVersion: v1 @@ -379,13 +377,6 @@ spec: http: paths: {{- if (merge .Values dict | dig "ingress" "useDefault" true) }} - - path: /proxy/ - pathType: Prefix - backend: - service: - name: envproxy - port: - number: 8080 - path: /api pathType: Prefix backend: @@ -414,18 +405,6 @@ spec: port: number: 8080 {{- end }} - {{- if ne (include "movedValue" (dict "Values" .Values "Key" "coderd.devurlsHost")) "" }} - - host: {{ include "movedValue" (dict "Values" .Values "Key" "coderd.devurlsHost") }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: envproxy - port: - number: 8080 - {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/templates/psp.yaml b/templates/psp.yaml index 754aeb7f..34beec1d 100644 --- a/templates/psp.yaml +++ b/templates/psp.yaml @@ -30,9 +30,6 @@ subjects: - kind: ServiceAccount name: {{ include "coder.serviceName" }} namespace: {{ .Release.Namespace | quote }} - - kind: ServiceAccount - name: envproxy - namespace: {{ .Release.Namespace | quote }} roleRef: kind: Role name: coder-restricted diff --git a/templates/rbac.yaml b/templates/rbac.yaml index 0c67836b..c9439afa 100644 --- a/templates/rbac.yaml +++ b/templates/rbac.yaml @@ -8,7 +8,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} name: environments --- -# The service account that the envproxy passes to cemanager on startup. +# The service account for the built in workspace provider on application installation. apiVersion: v1 kind: ServiceAccount metadata: From c3dda9ad082f837b692b53866ac1b35f0be24ac2 Mon Sep 17 00:00:00 2001 From: Garrett Date: Tue, 3 Aug 2021 21:35:28 +0000 Subject: [PATCH 2/2] Fix cluster address --- templates/_common.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/_common.tpl b/templates/_common.tpl index 0731d9b2..91013e04 100644 --- a/templates/_common.tpl +++ b/templates/_common.tpl @@ -120,8 +120,8 @@ tolerations: {{/* coder.cluster.accessURL is a URL for accessing the Kubernetes cluster. */}} -{{- define "coder.cluster.accessURL" }} - https://kubernetes.default{{ include "movedValue" (dict "Values" .Values "Key" "services.clusterDomainSuffix") }}:443 +{{- define "coder.cluster.accessURL" -}} +https://kubernetes.default{{ include "movedValue" (dict "Values" .Values "Key" "services.clusterDomainSuffix") }}:443 {{- end }} {{/*