chore: add derpserver to wsproxy, add proxies to derpmap (#7311)

2025-07-03 16:13:58 +00:00 · 2023-07-26 09:21:04 -07:00
parent 70692c2e4e
commit 2f0a9996e7
58 changed files with 3001 additions and 386 deletions
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@ -118,10 +118,13 @@ type Options struct {
 	RealIPConfig                   *httpmw.RealIPConfig
 	TrialGenerator                 func(ctx context.Context, email string) error
 	// TLSCertificates is used to mesh DERP servers securely.
-	TLSCertificates             []tls.Certificate
-	TailnetCoordinator          tailnet.Coordinator
-	DERPServer                  *derp.Server
-	DERPMap                     *tailcfg.DERPMap
+	TLSCertificates    []tls.Certificate
+	TailnetCoordinator tailnet.Coordinator
+	DERPServer         *derp.Server
+	// BaseDERPMap is used as the base DERP map for all clients and agents.
+	// Proxies are added to this list.
+	BaseDERPMap                 *tailcfg.DERPMap
+	DERPMapUpdateFrequency      time.Duration
 	SwaggerEndpoint             bool
 	SetUserGroups               func(ctx context.Context, tx database.Store, userID uuid.UUID, groupNames []string) error
 	SetUserSiteRoles            func(ctx context.Context, tx database.Store, userID uuid.UUID, roles []string) error
@ -236,12 +239,15 @@ func New(options *Options) *API {
 	if options.PrometheusRegistry == nil {
 		options.PrometheusRegistry = prometheus.NewRegistry()
 	}
-	if options.TailnetCoordinator == nil {
-		options.TailnetCoordinator = tailnet.NewCoordinator(options.Logger)
-	}
 	if options.DERPServer == nil {
 		options.DERPServer = derp.NewServer(key.NewNode(), tailnet.Logger(options.Logger.Named("derp")))
 	}
+	if options.DERPMapUpdateFrequency == 0 {
+		options.DERPMapUpdateFrequency = 5 * time.Second
+	}
+	if options.TailnetCoordinator == nil {
+		options.TailnetCoordinator = tailnet.NewCoordinator(options.Logger)
+	}
 	if options.Auditor == nil {
 		options.Auditor = audit.NewNop()
 	}
@ -281,22 +287,6 @@ func New(options *Options) *API {
 		v := schedule.NewAGPLUserQuietHoursScheduleStore()
 		options.UserQuietHoursScheduleStore.Store(&v)
 	}
-	if options.HealthcheckFunc == nil {
-		options.HealthcheckFunc = func(ctx context.Context, apiKey string) *healthcheck.Report {
-			return healthcheck.Run(ctx, &healthcheck.ReportOptions{
-				DB:        options.Database,
-				AccessURL: options.AccessURL,
-				DERPMap:   options.DERPMap.Clone(),
-				APIKey:    apiKey,
-			})
-		}
-	}
-	if options.HealthcheckTimeout == 0 {
-		options.HealthcheckTimeout = 30 * time.Second
-	}
-	if options.HealthcheckRefresh == 0 {
-		options.HealthcheckRefresh = 10 * time.Minute
-	}

 	siteCacheDir := options.CacheDir
 	if siteCacheDir != "" {
@ -376,6 +366,22 @@ func New(options *Options) *API {
 			*options.UpdateCheckOptions,
 		)
 	}
+	if options.HealthcheckFunc == nil {
+		options.HealthcheckFunc = func(ctx context.Context, apiKey string) *healthcheck.Report {
+			return healthcheck.Run(ctx, &healthcheck.ReportOptions{
+				DB:        options.Database,
+				AccessURL: options.AccessURL,
+				DERPMap:   api.DERPMap(),
+				APIKey:    apiKey,
+			})
+		}
+	}
+	if options.HealthcheckTimeout == 0 {
+		options.HealthcheckTimeout = 30 * time.Second
+	}
+	if options.HealthcheckRefresh == 0 {
+		options.HealthcheckRefresh = 10 * time.Minute
+	}

 	var oidcAuthURLParams map[string]string
 	if options.OIDCConfig != nil {
@ -388,7 +394,7 @@ func New(options *Options) *API {
 		api.agentProvider, err = NewServerTailnet(api.ctx,
 			options.Logger,
 			options.DERPServer,
-			options.DERPMap,
+			options.BaseDERPMap,
 			func(context.Context) (tailnet.MultiAgentConn, error) {
 				return (*api.TailnetCoordinator.Load()).ServeMultiAgent(uuid.New()), nil
 			},
@ -544,6 +550,10 @@ func New(options *Options) *API {
 			r.Use(apiKeyMiddleware)
 			r.Get("/regions", api.regions)
 		})
+		r.Route("/derp-map", func(r chi.Router) {
+			// r.Use(apiKeyMiddleware)
+			r.Get("/", api.derpMapUpdates)
+		})
 		r.Route("/deployment", func(r chi.Router) {
 			r.Use(apiKeyMiddleware)
 			r.Get("/config", api.deploymentValues)
@ -953,6 +963,8 @@ type API struct {
 	// UserQuietHoursScheduleStore is a pointer to an atomic pointer for the
 	// same reason as TemplateScheduleStore.
 	UserQuietHoursScheduleStore *atomic.Pointer[schedule.UserQuietHoursScheduleStore]
+	// DERPMapper mutates the DERPMap to include workspace proxies.
+	DERPMapper atomic.Pointer[func(derpMap *tailcfg.DERPMap) *tailcfg.DERPMap]

 	HTTPAuth *HTTPAuthorizer

@ -1107,6 +1119,15 @@ func (api *API) CreateInMemoryProvisionerDaemon(ctx context.Context, debounce ti
 	return proto.NewDRPCProvisionerDaemonClient(clientSession), nil
 }

+func (api *API) DERPMap() *tailcfg.DERPMap {
+	fn := api.DERPMapper.Load()
+	if fn != nil {
+		return (*fn)(api.Options.BaseDERPMap)
+	}
+
+	return api.Options.BaseDERPMap
+}
+
 // nolint:revive
 func ReadExperiments(log slog.Logger, raw []string) codersdk.Experiments {
 	exps := make([]codersdk.Experiment, 0, len(raw))