Skip to content

Commit 8ce3548

Browse files
ethanndicksonethanndickson
committed
feat: add tls to scaletest infrastructure
1 parent 82f2e15 commit 8ce3548

File tree

10 files changed

+270
-133
lines changed

10 files changed

+270
-133
lines changed

.editorconfig

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ trim_trailing_whitespace = true
77
insert_final_newline = true
88
indent_style = tab
99

10-
[*.{yaml,yml,tf,tfvars,nix}]
10+
[*.{yaml,yml,tf,tftpl,tfvars,nix}]
1111
indent_style = space
1212
indent_size = 2
1313

scaletest/terraform/action/cf_dns.tf

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,17 @@ data "cloudflare_zone" "domain" {
55
resource "cloudflare_record" "coder" {
66
for_each = local.deployments
77
zone_id = data.cloudflare_zone.domain.zone_id
8-
name = each.value.subdomain
8+
name = "${each.value.subdomain}.${var.cloudflare_domain}"
99
content = google_compute_address.coder[each.key].address
1010
type = "A"
1111
ttl = 3600
1212
}
13+
14+
resource "cloudflare_record" "coder_wildcard" {
15+
for_each = local.deployments
16+
zone_id = data.cloudflare_zone.domain.id
17+
name = each.value.wildcard_subdomain
18+
content = cloudflare_record.coder[each.key].name
19+
type = "CNAME"
20+
ttl = 3600
21+
}

scaletest/terraform/action/coder_helm_values.tftpl

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ coder:
2222
%{~ if workspace_proxy ~}
2323
- name: "CODER_ACCESS_URL"
2424
value: "${access_url}"
25+
- name: "CODER_WILDCARD_ACCESS_URL"
26+
value: "${wildcard_access_url}"
2527
- name: CODER_PRIMARY_ACCESS_URL
2628
value: "${primary_url}"
2729
- name: CODER_PROXY_SESSION_TOKEN
@@ -45,6 +47,8 @@ coder:
4547
%{~ if !workspace_proxy && !provisionerd ~}
4648
- name: "CODER_ACCESS_URL"
4749
value: "${access_url}"
50+
- name: "CODER_WILDCARD_ACCESS_URL"
51+
value: "${wildcard_access_url}"
4852
- name: "CODER_PG_CONNECTION_URL"
4953
valueFrom:
5054
secretKeyRef:
@@ -109,3 +113,8 @@ coder:
109113
- emptyDir:
110114
sizeLimit: 1024Mi
111115
name: cache
116+
%{~ if !provisionerd ~}
117+
tls:
118+
secretNames:
119+
- "${tls_secret_name}"
120+
%{~ endif ~}

scaletest/terraform/action/gcp_clusters.tf

Lines changed: 27 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -6,25 +6,31 @@ data "google_compute_default_service_account" "default" {
66
locals {
77
deployments = {
88
primary = {
9-
subdomain = "${var.name}-scaletest"
10-
url = "http://${var.name}-scaletest.${var.cloudflare_domain}"
11-
region = "us-east1"
12-
zone = "us-east1-c"
13-
subnet = "scaletest"
9+
subdomain = "primary.${var.name}"
10+
wildcard_subdomain = "*.primary.${var.name}"
11+
url = "https://primary.${var.name}.${var.cloudflare_domain}"
12+
wildcard_access_url = "*.primary.${var.name}.${var.cloudflare_domain}"
13+
region = "us-east1"
14+
zone = "us-east1-c"
15+
subnet = "scaletest"
1416
}
1517
europe = {
16-
subdomain = "${var.name}-europe-scaletest"
17-
url = "http://${var.name}-europe-scaletest.${var.cloudflare_domain}"
18-
region = "europe-west1"
19-
zone = "europe-west1-b"
20-
subnet = "scaletest"
18+
subdomain = "europe.${var.name}"
19+
wildcard_subdomain = "*.europe.${var.name}"
20+
url = "https://europe.${var.name}.${var.cloudflare_domain}"
21+
wildcard_access_url = "*.europe.${var.name}.${var.cloudflare_domain}"
22+
region = "europe-west1"
23+
zone = "europe-west1-b"
24+
subnet = "scaletest"
2125
}
2226
asia = {
23-
subdomain = "${var.name}-asia-scaletest"
24-
url = "http://${var.name}-asia-scaletest.${var.cloudflare_domain}"
25-
region = "asia-southeast1"
26-
zone = "asia-southeast1-a"
27-
subnet = "scaletest"
27+
subdomain = "asia.${var.name}"
28+
wildcard_subdomain = "*.asia.${var.name}"
29+
url = "https://asia.${var.name}.${var.cloudflare_domain}"
30+
wildcard_access_url = "*.asia.${var.name}.${var.cloudflare_domain}"
31+
region = "asia-southeast1"
32+
zone = "asia-southeast1-a"
33+
subnet = "scaletest"
2834
}
2935
}
3036
node_pools = {
@@ -146,6 +152,11 @@ resource "google_container_node_pool" "node_pool" {
146152
}
147153
}
148154
lifecycle {
149-
ignore_changes = [management[0].auto_repair, management[0].auto_upgrade, timeouts]
155+
ignore_changes = [
156+
management[0].auto_repair,
157+
management[0].auto_upgrade,
158+
timeouts,
159+
node_config[0].resource_labels
160+
]
150161
}
151162
}

scaletest/terraform/action/k8s_coder_asia.tf

Lines changed: 59 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,23 @@ resource "kubernetes_secret" "proxy_token_asia" {
4343
}
4444
}
4545

46+
resource "kubernetes_secret" "coder_tls_asia" {
47+
provider = kubernetes.asia
48+
49+
type = "kubernetes.io/tls"
50+
metadata {
51+
name = "coder-tls"
52+
namespace = kubernetes_namespace.coder_asia.metadata.0.name
53+
}
54+
data = {
55+
"tls.crt" = data.kubernetes_secret.coder_tls["asia"].data["tls.crt"]
56+
"tls.key" = data.kubernetes_secret.coder_tls["asia"].data["tls.key"]
57+
}
58+
lifecycle {
59+
ignore_changes = [timeouts, wait_for_service_account_token]
60+
}
61+
}
62+
4663
resource "helm_release" "coder_asia" {
4764
provider = helm.asia
4865

@@ -52,25 +69,27 @@ resource "helm_release" "coder_asia" {
5269
version = var.coder_chart_version
5370
namespace = kubernetes_namespace.coder_asia.metadata.0.name
5471
values = [templatefile("${path.module}/coder_helm_values.tftpl", {
55-
workspace_proxy = true,
56-
provisionerd = false,
57-
primary_url = local.deployments.primary.url,
58-
proxy_token = kubernetes_secret.proxy_token_asia.metadata.0.name,
59-
db_secret = null,
60-
ip_address = google_compute_address.coder["asia"].address,
61-
provisionerd_psk = null,
62-
access_url = local.deployments.asia.url,
63-
node_pool = google_container_node_pool.node_pool["asia_coder"].name,
64-
release_name = local.coder_release_name,
65-
experiments = var.coder_experiments,
66-
image_repo = var.coder_image_repo,
67-
image_tag = var.coder_image_tag,
68-
replicas = local.scenarios[var.scenario].coder.replicas,
69-
cpu_request = local.scenarios[var.scenario].coder.cpu_request,
70-
mem_request = local.scenarios[var.scenario].coder.mem_request,
71-
cpu_limit = local.scenarios[var.scenario].coder.cpu_limit,
72-
mem_limit = local.scenarios[var.scenario].coder.mem_limit,
73-
deployment = "asia",
72+
workspace_proxy = true,
73+
provisionerd = false,
74+
primary_url = local.deployments.primary.url,
75+
proxy_token = kubernetes_secret.proxy_token_asia.metadata.0.name,
76+
db_secret = null,
77+
ip_address = google_compute_address.coder["asia"].address,
78+
provisionerd_psk = null,
79+
access_url = local.deployments.asia.url,
80+
wildcard_access_url = local.deployments.asia.wildcard_access_url,
81+
node_pool = google_container_node_pool.node_pool["asia_coder"].name,
82+
release_name = local.coder_release_name,
83+
experiments = var.coder_experiments,
84+
image_repo = var.coder_image_repo,
85+
image_tag = var.coder_image_tag,
86+
replicas = local.scenarios[var.scenario].coder.replicas,
87+
cpu_request = local.scenarios[var.scenario].coder.cpu_request,
88+
mem_request = local.scenarios[var.scenario].coder.mem_request,
89+
cpu_limit = local.scenarios[var.scenario].coder.cpu_limit,
90+
mem_limit = local.scenarios[var.scenario].coder.mem_limit,
91+
deployment = "asia",
92+
tls_secret_name = kubernetes_secret.coder_tls_asia.metadata.0.name,
7493
})]
7594

7695
depends_on = [null_resource.license]
@@ -85,25 +104,27 @@ resource "helm_release" "provisionerd_asia" {
85104
version = var.provisionerd_chart_version
86105
namespace = kubernetes_namespace.coder_asia.metadata.0.name
87106
values = [templatefile("${path.module}/coder_helm_values.tftpl", {
88-
workspace_proxy = false,
89-
provisionerd = true,
90-
primary_url = null,
91-
proxy_token = null,
92-
db_secret = null,
93-
ip_address = null,
94-
provisionerd_psk = kubernetes_secret.provisionerd_psk_asia.metadata.0.name,
95-
access_url = local.deployments.primary.url,
96-
node_pool = google_container_node_pool.node_pool["asia_coder"].name,
97-
release_name = local.coder_release_name,
98-
experiments = var.coder_experiments,
99-
image_repo = var.coder_image_repo,
100-
image_tag = var.coder_image_tag,
101-
replicas = local.scenarios[var.scenario].provisionerd.replicas,
102-
cpu_request = local.scenarios[var.scenario].provisionerd.cpu_request,
103-
mem_request = local.scenarios[var.scenario].provisionerd.mem_request,
104-
cpu_limit = local.scenarios[var.scenario].provisionerd.cpu_limit,
105-
mem_limit = local.scenarios[var.scenario].provisionerd.mem_limit,
106-
deployment = "asia",
107+
workspace_proxy = false,
108+
provisionerd = true,
109+
primary_url = null,
110+
proxy_token = null,
111+
db_secret = null,
112+
ip_address = null,
113+
provisionerd_psk = kubernetes_secret.provisionerd_psk_asia.metadata.0.name,
114+
access_url = local.deployments.primary.url,
115+
wildcard_access_url = null,
116+
node_pool = google_container_node_pool.node_pool["asia_coder"].name,
117+
release_name = local.coder_release_name,
118+
experiments = var.coder_experiments,
119+
image_repo = var.coder_image_repo,
120+
image_tag = var.coder_image_tag,
121+
replicas = local.scenarios[var.scenario].provisionerd.replicas,
122+
cpu_request = local.scenarios[var.scenario].provisionerd.cpu_request,
123+
mem_request = local.scenarios[var.scenario].provisionerd.mem_request,
124+
cpu_limit = local.scenarios[var.scenario].provisionerd.cpu_limit,
125+
mem_limit = local.scenarios[var.scenario].provisionerd.mem_limit,
126+
deployment = "asia",
127+
tls_secret_name = null,
107128
})]
108129

109130
depends_on = [null_resource.license]

scaletest/terraform/action/k8s_coder_europe.tf

Lines changed: 59 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,23 @@ resource "kubernetes_secret" "proxy_token_europe" {
4343
}
4444
}
4545

46+
resource "kubernetes_secret" "coder_tls_europe" {
47+
provider = kubernetes.europe
48+
49+
type = "kubernetes.io/tls"
50+
metadata {
51+
name = "coder-tls"
52+
namespace = kubernetes_namespace.coder_europe.metadata.0.name
53+
}
54+
data = {
55+
"tls.crt" = data.kubernetes_secret.coder_tls["europe"].data["tls.crt"]
56+
"tls.key" = data.kubernetes_secret.coder_tls["europe"].data["tls.key"]
57+
}
58+
lifecycle {
59+
ignore_changes = [timeouts, wait_for_service_account_token]
60+
}
61+
}
62+
4663
resource "helm_release" "coder_europe" {
4764
provider = helm.europe
4865

@@ -52,25 +69,27 @@ resource "helm_release" "coder_europe" {
5269
version = var.coder_chart_version
5370
namespace = kubernetes_namespace.coder_europe.metadata.0.name
5471
values = [templatefile("${path.module}/coder_helm_values.tftpl", {
55-
workspace_proxy = true,
56-
provisionerd = false,
57-
primary_url = local.deployments.primary.url,
58-
proxy_token = kubernetes_secret.proxy_token_europe.metadata.0.name,
59-
db_secret = null,
60-
ip_address = google_compute_address.coder["europe"].address,
61-
provisionerd_psk = null,
62-
access_url = local.deployments.europe.url,
63-
node_pool = google_container_node_pool.node_pool["europe_coder"].name,
64-
release_name = local.coder_release_name,
65-
experiments = var.coder_experiments,
66-
image_repo = var.coder_image_repo,
67-
image_tag = var.coder_image_tag,
68-
replicas = local.scenarios[var.scenario].coder.replicas,
69-
cpu_request = local.scenarios[var.scenario].coder.cpu_request,
70-
mem_request = local.scenarios[var.scenario].coder.mem_request,
71-
cpu_limit = local.scenarios[var.scenario].coder.cpu_limit,
72-
mem_limit = local.scenarios[var.scenario].coder.mem_limit,
73-
deployment = "europe",
72+
workspace_proxy = true,
73+
provisionerd = false,
74+
primary_url = local.deployments.primary.url,
75+
proxy_token = kubernetes_secret.proxy_token_europe.metadata.0.name,
76+
db_secret = null,
77+
ip_address = google_compute_address.coder["europe"].address,
78+
provisionerd_psk = null,
79+
access_url = local.deployments.europe.url,
80+
wildcard_access_url = local.deployments.europe.wildcard_access_url,
81+
node_pool = google_container_node_pool.node_pool["europe_coder"].name,
82+
release_name = local.coder_release_name,
83+
experiments = var.coder_experiments,
84+
image_repo = var.coder_image_repo,
85+
image_tag = var.coder_image_tag,
86+
replicas = local.scenarios[var.scenario].coder.replicas,
87+
cpu_request = local.scenarios[var.scenario].coder.cpu_request,
88+
mem_request = local.scenarios[var.scenario].coder.mem_request,
89+
cpu_limit = local.scenarios[var.scenario].coder.cpu_limit,
90+
mem_limit = local.scenarios[var.scenario].coder.mem_limit,
91+
deployment = "europe",
92+
tls_secret_name = kubernetes_secret.coder_tls_europe.metadata.0.name,
7493
})]
7594

7695
depends_on = [null_resource.license]
@@ -85,25 +104,27 @@ resource "helm_release" "provisionerd_europe" {
85104
version = var.provisionerd_chart_version
86105
namespace = kubernetes_namespace.coder_europe.metadata.0.name
87106
values = [templatefile("${path.module}/coder_helm_values.tftpl", {
88-
workspace_proxy = false,
89-
provisionerd = true,
90-
primary_url = null,
91-
proxy_token = null,
92-
db_secret = null,
93-
ip_address = null,
94-
provisionerd_psk = kubernetes_secret.provisionerd_psk_europe.metadata.0.name,
95-
access_url = local.deployments.primary.url,
96-
node_pool = google_container_node_pool.node_pool["europe_coder"].name,
97-
release_name = local.coder_release_name,
98-
experiments = var.coder_experiments,
99-
image_repo = var.coder_image_repo,
100-
image_tag = var.coder_image_tag,
101-
replicas = local.scenarios[var.scenario].provisionerd.replicas,
102-
cpu_request = local.scenarios[var.scenario].provisionerd.cpu_request,
103-
mem_request = local.scenarios[var.scenario].provisionerd.mem_request,
104-
cpu_limit = local.scenarios[var.scenario].provisionerd.cpu_limit,
105-
mem_limit = local.scenarios[var.scenario].provisionerd.mem_limit,
106-
deployment = "europe",
107+
workspace_proxy = false,
108+
provisionerd = true,
109+
primary_url = null,
110+
proxy_token = null,
111+
db_secret = null,
112+
ip_address = null,
113+
provisionerd_psk = kubernetes_secret.provisionerd_psk_europe.metadata.0.name,
114+
access_url = local.deployments.primary.url,
115+
wildcard_access_url = null,
116+
node_pool = google_container_node_pool.node_pool["europe_coder"].name,
117+
release_name = local.coder_release_name,
118+
experiments = var.coder_experiments,
119+
image_repo = var.coder_image_repo,
120+
image_tag = var.coder_image_tag,
121+
replicas = local.scenarios[var.scenario].provisionerd.replicas,
122+
cpu_request = local.scenarios[var.scenario].provisionerd.cpu_request,
123+
mem_request = local.scenarios[var.scenario].provisionerd.mem_request,
124+
cpu_limit = local.scenarios[var.scenario].provisionerd.cpu_limit,
125+
mem_limit = local.scenarios[var.scenario].provisionerd.mem_limit,
126+
deployment = "europe",
127+
tls_secret_name = null,
107128
})]
108129

109130
depends_on = [null_resource.license]

0 commit comments

Comments
 (0)