diff --git a/helm/coder/tests/chart_test.go b/helm/coder/tests/chart_test.go index a00ad7ee28..638b9e5005 100644 --- a/helm/coder/tests/chart_test.go +++ b/helm/coder/tests/chart_test.go @@ -117,6 +117,14 @@ var testCases = []testCase{ name: "securitycontext", expectedError: "", }, + { + name: "custom_resources", + expectedError: "", + }, + { + name: "partial_resources", + expectedError: "", + }, } type testCase struct { diff --git a/helm/coder/tests/testdata/auto_access_url_1.golden b/helm/coder/tests/testdata/auto_access_url_1.golden index 2677375921..2eace7fe12 100644 --- a/helm/coder/tests/testdata/auto_access_url_1.golden +++ b/helm/coder/tests/testdata/auto_access_url_1.golden @@ -181,7 +181,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/auto_access_url_1_coder.golden b/helm/coder/tests/testdata/auto_access_url_1_coder.golden index 39acb62538..3d99137388 100644 --- a/helm/coder/tests/testdata/auto_access_url_1_coder.golden +++ b/helm/coder/tests/testdata/auto_access_url_1_coder.golden @@ -181,7 +181,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/auto_access_url_2.golden b/helm/coder/tests/testdata/auto_access_url_2.golden index 7c3c0207eb..fe34f3ca58 100644 --- a/helm/coder/tests/testdata/auto_access_url_2.golden +++ b/helm/coder/tests/testdata/auto_access_url_2.golden @@ -181,7 +181,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/auto_access_url_2_coder.golden b/helm/coder/tests/testdata/auto_access_url_2_coder.golden index ca3265c890..0b36e6a77e 100644 --- a/helm/coder/tests/testdata/auto_access_url_2_coder.golden +++ b/helm/coder/tests/testdata/auto_access_url_2_coder.golden @@ -181,7 +181,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/auto_access_url_3.golden b/helm/coder/tests/testdata/auto_access_url_3.golden index 9bd33b54a6..cad0bd1dc6 100644 --- a/helm/coder/tests/testdata/auto_access_url_3.golden +++ b/helm/coder/tests/testdata/auto_access_url_3.golden @@ -179,7 +179,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/auto_access_url_3_coder.golden b/helm/coder/tests/testdata/auto_access_url_3_coder.golden index 36fff8666c..dd8b73b55d 100644 --- a/helm/coder/tests/testdata/auto_access_url_3_coder.golden +++ b/helm/coder/tests/testdata/auto_access_url_3_coder.golden @@ -179,7 +179,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/command.golden b/helm/coder/tests/testdata/command.golden index 899ac924ba..877d85ee2f 100644 --- a/helm/coder/tests/testdata/command.golden +++ b/helm/coder/tests/testdata/command.golden @@ -179,7 +179,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/command_args.golden b/helm/coder/tests/testdata/command_args.golden index 9c907d9494..6ddf716706 100644 --- a/helm/coder/tests/testdata/command_args.golden +++ b/helm/coder/tests/testdata/command_args.golden @@ -180,7 +180,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/command_args_coder.golden b/helm/coder/tests/testdata/command_args_coder.golden index c0e5e7d32d..46a666928c 100644 --- a/helm/coder/tests/testdata/command_args_coder.golden +++ b/helm/coder/tests/testdata/command_args_coder.golden @@ -180,7 +180,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/command_coder.golden b/helm/coder/tests/testdata/command_coder.golden index 7b5acf605c..314f75b0e4 100644 --- a/helm/coder/tests/testdata/command_coder.golden +++ b/helm/coder/tests/testdata/command_coder.golden @@ -179,7 +179,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/custom_resources.golden b/helm/coder/tests/testdata/custom_resources.golden new file mode 100644 index 0000000000..67d78de581 --- /dev/null +++ b/helm/coder/tests/testdata/custom_resources.golden @@ -0,0 +1,201 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder + namespace: default +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms + namespace: default +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" + namespace: default +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + namespace: default + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: None + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + nodePort: + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: http://coder.default.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: + limits: + cpu: 4000m + memory: 8192Mi + requests: + cpu: 1000m + memory: 2048Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 + volumes: [] diff --git a/helm/coder/tests/testdata/custom_resources.yaml b/helm/coder/tests/testdata/custom_resources.yaml new file mode 100644 index 0000000000..4e65ef3b83 --- /dev/null +++ b/helm/coder/tests/testdata/custom_resources.yaml @@ -0,0 +1,10 @@ +coder: + image: + tag: latest + resources: + limits: + cpu: 4000m + memory: 8192Mi + requests: + cpu: 1000m + memory: 2048Mi \ No newline at end of file diff --git a/helm/coder/tests/testdata/custom_resources_coder.golden b/helm/coder/tests/testdata/custom_resources_coder.golden new file mode 100644 index 0000000000..c5ea2daad7 --- /dev/null +++ b/helm/coder/tests/testdata/custom_resources_coder.golden @@ -0,0 +1,201 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder + namespace: coder +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms + namespace: coder +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" + namespace: coder +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + namespace: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: None + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + nodePort: + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder + namespace: coder +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: http://coder.coder.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: + limits: + cpu: 4000m + memory: 8192Mi + requests: + cpu: 1000m + memory: 2048Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 + volumes: [] diff --git a/helm/coder/tests/testdata/default_values.golden b/helm/coder/tests/testdata/default_values.golden index 6510c50a82..b20caa4bca 100644 --- a/helm/coder/tests/testdata/default_values.golden +++ b/helm/coder/tests/testdata/default_values.golden @@ -179,7 +179,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/default_values_coder.golden b/helm/coder/tests/testdata/default_values_coder.golden index 72c3e29600..2dd24fe80d 100644 --- a/helm/coder/tests/testdata/default_values_coder.golden +++ b/helm/coder/tests/testdata/default_values_coder.golden @@ -179,7 +179,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/env_from.golden b/helm/coder/tests/testdata/env_from.golden index 9abd0578c7..49a4b6b883 100644 --- a/helm/coder/tests/testdata/env_from.golden +++ b/helm/coder/tests/testdata/env_from.golden @@ -191,7 +191,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/env_from_coder.golden b/helm/coder/tests/testdata/env_from_coder.golden index 3588860882..82f7d718c0 100644 --- a/helm/coder/tests/testdata/env_from_coder.golden +++ b/helm/coder/tests/testdata/env_from_coder.golden @@ -191,7 +191,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/extra_templates.golden b/helm/coder/tests/testdata/extra_templates.golden index a8aab8f7b8..7b152c7633 100644 --- a/helm/coder/tests/testdata/extra_templates.golden +++ b/helm/coder/tests/testdata/extra_templates.golden @@ -188,7 +188,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/extra_templates_coder.golden b/helm/coder/tests/testdata/extra_templates_coder.golden index b93eb1d821..58555b8625 100644 --- a/helm/coder/tests/testdata/extra_templates_coder.golden +++ b/helm/coder/tests/testdata/extra_templates_coder.golden @@ -188,7 +188,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/labels_annotations.golden b/helm/coder/tests/testdata/labels_annotations.golden index 3636fd3223..7b92ea77be 100644 --- a/helm/coder/tests/testdata/labels_annotations.golden +++ b/helm/coder/tests/testdata/labels_annotations.golden @@ -187,7 +187,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/labels_annotations_coder.golden b/helm/coder/tests/testdata/labels_annotations_coder.golden index 60782e25ed..d54a1467a7 100644 --- a/helm/coder/tests/testdata/labels_annotations_coder.golden +++ b/helm/coder/tests/testdata/labels_annotations_coder.golden @@ -187,7 +187,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/partial_resources.golden b/helm/coder/tests/testdata/partial_resources.golden new file mode 100644 index 0000000000..504734b47a --- /dev/null +++ b/helm/coder/tests/testdata/partial_resources.golden @@ -0,0 +1,198 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder + namespace: default +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms + namespace: default +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" + namespace: default +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + namespace: default + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: None + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + nodePort: + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: http://coder.default.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: + requests: + cpu: 1500m + memory: 3072Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 + volumes: [] diff --git a/helm/coder/tests/testdata/partial_resources.yaml b/helm/coder/tests/testdata/partial_resources.yaml new file mode 100644 index 0000000000..8df8def8b5 --- /dev/null +++ b/helm/coder/tests/testdata/partial_resources.yaml @@ -0,0 +1,7 @@ +coder: + image: + tag: latest + resources: + requests: + cpu: 1500m + memory: 3072Mi \ No newline at end of file diff --git a/helm/coder/tests/testdata/partial_resources_coder.golden b/helm/coder/tests/testdata/partial_resources_coder.golden new file mode 100644 index 0000000000..e51a8b4cde --- /dev/null +++ b/helm/coder/tests/testdata/partial_resources_coder.golden @@ -0,0 +1,198 @@ +--- +# Source: coder/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder + namespace: coder +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-workspace-perms + namespace: coder +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder" + namespace: coder +subjects: + - kind: ServiceAccount + name: "coder" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-workspace-perms +--- +# Source: coder/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder + namespace: coder + labels: + helm.sh/chart: coder-0.1.0 + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/managed-by: Helm + annotations: + {} +spec: + type: LoadBalancer + sessionAffinity: None + ports: + - name: "http" + port: 80 + targetPort: "http" + protocol: TCP + nodePort: + externalTrafficPolicy: "Cluster" + selector: + app.kubernetes.io/name: coder + app.kubernetes.io/instance: release-name +--- +# Source: coder/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + name: coder + namespace: coder +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder + app.kubernetes.io/part-of: coder + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-0.1.0 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - coder + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - server + command: + - /opt/coder + env: + - name: CODER_HTTP_ADDRESS + value: 0.0.0.0:8080 + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_ACCESS_URL + value: http://coder.coder.svc.cluster.local + - name: KUBE_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CODER_DERP_SERVER_RELAY_URL + value: http://$(KUBE_POD_IP):8080 + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + name: coder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + resources: + requests: + cpu: 1500m + memory: 3072Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder + terminationGracePeriodSeconds: 60 + volumes: [] diff --git a/helm/coder/tests/testdata/prometheus.golden b/helm/coder/tests/testdata/prometheus.golden index b86bca59b0..0048accac8 100644 --- a/helm/coder/tests/testdata/prometheus.golden +++ b/helm/coder/tests/testdata/prometheus.golden @@ -183,7 +183,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/prometheus_coder.golden b/helm/coder/tests/testdata/prometheus_coder.golden index 74176bbecf..ec5dfa81fc 100644 --- a/helm/coder/tests/testdata/prometheus_coder.golden +++ b/helm/coder/tests/testdata/prometheus_coder.golden @@ -183,7 +183,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/provisionerd_psk.golden b/helm/coder/tests/testdata/provisionerd_psk.golden index 45a61be4f3..6d199a8c11 100644 --- a/helm/coder/tests/testdata/provisionerd_psk.golden +++ b/helm/coder/tests/testdata/provisionerd_psk.golden @@ -184,7 +184,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/provisionerd_psk_coder.golden b/helm/coder/tests/testdata/provisionerd_psk_coder.golden index 55af7c3ee2..7ba2337d0c 100644 --- a/helm/coder/tests/testdata/provisionerd_psk_coder.golden +++ b/helm/coder/tests/testdata/provisionerd_psk_coder.golden @@ -184,7 +184,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/sa.golden b/helm/coder/tests/testdata/sa.golden index 33fb3fc5c5..bf00741be7 100644 --- a/helm/coder/tests/testdata/sa.golden +++ b/helm/coder/tests/testdata/sa.golden @@ -180,7 +180,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/sa_coder.golden b/helm/coder/tests/testdata/sa_coder.golden index c13b665509..c9d1cc0ec1 100644 --- a/helm/coder/tests/testdata/sa_coder.golden +++ b/helm/coder/tests/testdata/sa_coder.golden @@ -180,7 +180,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/sa_disabled.golden b/helm/coder/tests/testdata/sa_disabled.golden index 411ad26fdd..ca7dd9a270 100644 --- a/helm/coder/tests/testdata/sa_disabled.golden +++ b/helm/coder/tests/testdata/sa_disabled.golden @@ -165,7 +165,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/sa_disabled_coder.golden b/helm/coder/tests/testdata/sa_disabled_coder.golden index 2eebccf8bc..5a9109bb50 100644 --- a/helm/coder/tests/testdata/sa_disabled_coder.golden +++ b/helm/coder/tests/testdata/sa_disabled_coder.golden @@ -165,7 +165,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/sa_extra_rules.golden b/helm/coder/tests/testdata/sa_extra_rules.golden index 024b5f8054..70c81ce6f4 100644 --- a/helm/coder/tests/testdata/sa_extra_rules.golden +++ b/helm/coder/tests/testdata/sa_extra_rules.golden @@ -193,7 +193,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/sa_extra_rules_coder.golden b/helm/coder/tests/testdata/sa_extra_rules_coder.golden index a0791d1566..47bfb8a23d 100644 --- a/helm/coder/tests/testdata/sa_extra_rules_coder.golden +++ b/helm/coder/tests/testdata/sa_extra_rules_coder.golden @@ -193,7 +193,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/securitycontext.golden b/helm/coder/tests/testdata/securitycontext.golden index 27b928a31e..dcc719b893 100644 --- a/helm/coder/tests/testdata/securitycontext.golden +++ b/helm/coder/tests/testdata/securitycontext.golden @@ -179,7 +179,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/helm/coder/tests/testdata/securitycontext_coder.golden b/helm/coder/tests/testdata/securitycontext_coder.golden index 5ac24c6fcb..d72412e7a3 100644 --- a/helm/coder/tests/testdata/securitycontext_coder.golden +++ b/helm/coder/tests/testdata/securitycontext_coder.golden @@ -179,7 +179,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/helm/coder/tests/testdata/svc_loadbalancer.golden b/helm/coder/tests/testdata/svc_loadbalancer.golden index 5ed1bffeaa..05d49585f6 100644 --- a/helm/coder/tests/testdata/svc_loadbalancer.golden +++ b/helm/coder/tests/testdata/svc_loadbalancer.golden @@ -179,7 +179,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/svc_loadbalancer_class.golden b/helm/coder/tests/testdata/svc_loadbalancer_class.golden index 746227c1fe..38178fc338 100644 --- a/helm/coder/tests/testdata/svc_loadbalancer_class.golden +++ b/helm/coder/tests/testdata/svc_loadbalancer_class.golden @@ -180,7 +180,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/svc_loadbalancer_class_coder.golden b/helm/coder/tests/testdata/svc_loadbalancer_class_coder.golden index ac35f941dc..156b10dbd4 100644 --- a/helm/coder/tests/testdata/svc_loadbalancer_class_coder.golden +++ b/helm/coder/tests/testdata/svc_loadbalancer_class_coder.golden @@ -180,7 +180,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/svc_loadbalancer_coder.golden b/helm/coder/tests/testdata/svc_loadbalancer_coder.golden index 0e7ff69fba..7657e247b4 100644 --- a/helm/coder/tests/testdata/svc_loadbalancer_coder.golden +++ b/helm/coder/tests/testdata/svc_loadbalancer_coder.golden @@ -179,7 +179,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/svc_nodeport.golden b/helm/coder/tests/testdata/svc_nodeport.golden index c687bb4314..46948472d3 100644 --- a/helm/coder/tests/testdata/svc_nodeport.golden +++ b/helm/coder/tests/testdata/svc_nodeport.golden @@ -178,7 +178,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/svc_nodeport_coder.golden b/helm/coder/tests/testdata/svc_nodeport_coder.golden index 685c90b35d..9fc2805def 100644 --- a/helm/coder/tests/testdata/svc_nodeport_coder.golden +++ b/helm/coder/tests/testdata/svc_nodeport_coder.golden @@ -178,7 +178,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/tls.golden b/helm/coder/tests/testdata/tls.golden index bce1cd1c74..b0859b1f74 100644 --- a/helm/coder/tests/testdata/tls.golden +++ b/helm/coder/tests/testdata/tls.golden @@ -195,7 +195,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/tls_coder.golden b/helm/coder/tests/testdata/tls_coder.golden index a9eb138ad1..51a2797723 100644 --- a/helm/coder/tests/testdata/tls_coder.golden +++ b/helm/coder/tests/testdata/tls_coder.golden @@ -195,7 +195,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/topology.golden b/helm/coder/tests/testdata/topology.golden index 648db931ab..d0179c6d29 100644 --- a/helm/coder/tests/testdata/topology.golden +++ b/helm/coder/tests/testdata/topology.golden @@ -179,7 +179,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/topology_coder.golden b/helm/coder/tests/testdata/topology_coder.golden index 1950d4d2fa..2c9f074f04 100644 --- a/helm/coder/tests/testdata/topology_coder.golden +++ b/helm/coder/tests/testdata/topology_coder.golden @@ -179,7 +179,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/workspace_proxy.golden b/helm/coder/tests/testdata/workspace_proxy.golden index 7d380ac852..61fe50685a 100644 --- a/helm/coder/tests/testdata/workspace_proxy.golden +++ b/helm/coder/tests/testdata/workspace_proxy.golden @@ -187,7 +187,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/tests/testdata/workspace_proxy_coder.golden b/helm/coder/tests/testdata/workspace_proxy_coder.golden index 9907499027..a9330d5cc4 100644 --- a/helm/coder/tests/testdata/workspace_proxy_coder.golden +++ b/helm/coder/tests/testdata/workspace_proxy_coder.golden @@ -187,7 +187,13 @@ spec: path: /healthz port: http scheme: HTTP - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/coder/values.yaml b/helm/coder/values.yaml index c1f39526dd..d44200a8ce 100644 --- a/helm/coder/values.yaml +++ b/helm/coder/values.yaml @@ -196,16 +196,15 @@ coder: # exec: # command: ["/bin/sh","-c","echo preStart"] - # coder.resources -- The resources to request for Coder. These are optional - # and are not set by default. + # coder.resources -- The resources to request for Coder. The below values are + # defaults and can be overridden. resources: - {} # limits: - # cpu: 2000m - # memory: 4096Mi + # cpu: 2000m + # memory: 4096Mi # requests: - # cpu: 2000m - # memory: 4096Mi + # cpu: 2000m + # memory: 4096Mi # coder.certs -- CA bundles to mount inside the Coder pod. certs: diff --git a/helm/libcoder/templates/_coder.yaml b/helm/libcoder/templates/_coder.yaml index 5a0154ae0d..b836bdf1df 100644 --- a/helm/libcoder/templates/_coder.yaml +++ b/helm/libcoder/templates/_coder.yaml @@ -66,7 +66,16 @@ imagePullPolicy: {{ .Values.coder.image.pullPolicy }} command: {{- toYaml .Values.coder.command | nindent 2 }} resources: - {{- toYaml .Values.coder.resources | nindent 2 }} + {{- if and (hasKey .Values.coder "resources") (not (empty .Values.coder.resources)) }} + {{- toYaml .Values.coder.resources | nindent 2 }} + {{- else }} + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi + {{- end }} lifecycle: {{- toYaml .Values.coder.lifecycle | nindent 2 }} securityContext: {{ toYaml .Values.coder.securityContext | nindent 2 }} diff --git a/helm/provisioner/tests/chart_test.go b/helm/provisioner/tests/chart_test.go index 8830ab87c9..a6f3ba7370 100644 --- a/helm/provisioner/tests/chart_test.go +++ b/helm/provisioner/tests/chart_test.go @@ -95,6 +95,14 @@ var testCases = []testCase{ name: "name_override_existing_sa", expectedError: "", }, + { + name: "custom_resources", + expectedError: "", + }, + { + name: "partial_resources", + expectedError: "", + }, } type testCase struct { diff --git a/helm/provisioner/tests/testdata/command.golden b/helm/provisioner/tests/testdata/command.golden index 86ee74fdee..0ab1a80a74 100644 --- a/helm/provisioner/tests/testdata/command.golden +++ b/helm/provisioner/tests/testdata/command.golden @@ -123,7 +123,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/command_args.golden b/helm/provisioner/tests/testdata/command_args.golden index 7d51f41b6b..519e2b449c 100644 --- a/helm/provisioner/tests/testdata/command_args.golden +++ b/helm/provisioner/tests/testdata/command_args.golden @@ -123,7 +123,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/command_args_coder.golden b/helm/provisioner/tests/testdata/command_args_coder.golden index 30732650f8..51a5b72058 100644 --- a/helm/provisioner/tests/testdata/command_args_coder.golden +++ b/helm/provisioner/tests/testdata/command_args_coder.golden @@ -123,7 +123,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/command_coder.golden b/helm/provisioner/tests/testdata/command_coder.golden index c8b96ef938..b529ceacea 100644 --- a/helm/provisioner/tests/testdata/command_coder.golden +++ b/helm/provisioner/tests/testdata/command_coder.golden @@ -123,7 +123,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/custom_resources.golden b/helm/provisioner/tests/testdata/custom_resources.golden new file mode 100644 index 0000000000..7076fb548b --- /dev/null +++ b/helm/provisioner/tests/testdata/custom_resources.golden @@ -0,0 +1,145 @@ +--- +# Source: coder-provisioner/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder-provisioner + app.kubernetes.io/part-of: coder-provisioner + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-provisioner-0.1.0 + name: coder-provisioner + namespace: default +--- +# Source: coder-provisioner/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-provisioner-workspace-perms + namespace: default +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder-provisioner/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder-provisioner" + namespace: default +subjects: + - kind: ServiceAccount + name: "coder-provisioner" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-provisioner-workspace-perms +--- +# Source: coder-provisioner/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder-provisioner + app.kubernetes.io/part-of: coder-provisioner + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-provisioner-0.1.0 + name: coder-provisioner + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder-provisioner + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder-provisioner + app.kubernetes.io/part-of: coder-provisioner + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-provisioner-0.1.0 + spec: + containers: + - args: + - provisionerd + - start + command: + - /opt/coder + env: + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_PROVISIONER_DAEMON_PSK + valueFrom: + secretKeyRef: + key: psk + name: coder-provisioner-psk + - name: CODER_URL + value: http://coder.default.svc.cluster.local + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + name: coder + ports: null + resources: + limits: + cpu: 4000m + memory: 8192Mi + requests: + cpu: 1000m + memory: 2048Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder-provisioner + terminationGracePeriodSeconds: 600 + volumes: [] diff --git a/helm/provisioner/tests/testdata/custom_resources.yaml b/helm/provisioner/tests/testdata/custom_resources.yaml new file mode 100644 index 0000000000..498d58afd7 --- /dev/null +++ b/helm/provisioner/tests/testdata/custom_resources.yaml @@ -0,0 +1,10 @@ +coder: + image: + tag: latest + resources: + limits: + cpu: 4000m + memory: 8192Mi + requests: + cpu: 1000m + memory: 2048Mi diff --git a/helm/provisioner/tests/testdata/custom_resources_coder.golden b/helm/provisioner/tests/testdata/custom_resources_coder.golden new file mode 100644 index 0000000000..58d54fd2aa --- /dev/null +++ b/helm/provisioner/tests/testdata/custom_resources_coder.golden @@ -0,0 +1,145 @@ +--- +# Source: coder-provisioner/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder-provisioner + app.kubernetes.io/part-of: coder-provisioner + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-provisioner-0.1.0 + name: coder-provisioner + namespace: coder +--- +# Source: coder-provisioner/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-provisioner-workspace-perms + namespace: coder +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder-provisioner/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder-provisioner" + namespace: coder +subjects: + - kind: ServiceAccount + name: "coder-provisioner" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-provisioner-workspace-perms +--- +# Source: coder-provisioner/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder-provisioner + app.kubernetes.io/part-of: coder-provisioner + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-provisioner-0.1.0 + name: coder-provisioner + namespace: coder +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder-provisioner + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder-provisioner + app.kubernetes.io/part-of: coder-provisioner + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-provisioner-0.1.0 + spec: + containers: + - args: + - provisionerd + - start + command: + - /opt/coder + env: + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_PROVISIONER_DAEMON_PSK + valueFrom: + secretKeyRef: + key: psk + name: coder-provisioner-psk + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + name: coder + ports: null + resources: + limits: + cpu: 4000m + memory: 8192Mi + requests: + cpu: 1000m + memory: 2048Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder-provisioner + terminationGracePeriodSeconds: 600 + volumes: [] diff --git a/helm/provisioner/tests/testdata/default_values.golden b/helm/provisioner/tests/testdata/default_values.golden index b8d24ed93b..d90d2fa158 100644 --- a/helm/provisioner/tests/testdata/default_values.golden +++ b/helm/provisioner/tests/testdata/default_values.golden @@ -123,7 +123,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/default_values_coder.golden b/helm/provisioner/tests/testdata/default_values_coder.golden index 2c9e22777e..ed208eccf1 100644 --- a/helm/provisioner/tests/testdata/default_values_coder.golden +++ b/helm/provisioner/tests/testdata/default_values_coder.golden @@ -123,7 +123,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/extra_templates.golden b/helm/provisioner/tests/testdata/extra_templates.golden index 6f0ac71a1c..86a7952301 100644 --- a/helm/provisioner/tests/testdata/extra_templates.golden +++ b/helm/provisioner/tests/testdata/extra_templates.golden @@ -132,7 +132,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/extra_templates_coder.golden b/helm/provisioner/tests/testdata/extra_templates_coder.golden index 805a314c76..4fd17f9969 100644 --- a/helm/provisioner/tests/testdata/extra_templates_coder.golden +++ b/helm/provisioner/tests/testdata/extra_templates_coder.golden @@ -132,7 +132,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/labels_annotations.golden b/helm/provisioner/tests/testdata/labels_annotations.golden index 262d9df2ce..fae597e2f5 100644 --- a/helm/provisioner/tests/testdata/labels_annotations.golden +++ b/helm/provisioner/tests/testdata/labels_annotations.golden @@ -131,7 +131,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/labels_annotations_coder.golden b/helm/provisioner/tests/testdata/labels_annotations_coder.golden index 23b4a43e1a..292618e6cd 100644 --- a/helm/provisioner/tests/testdata/labels_annotations_coder.golden +++ b/helm/provisioner/tests/testdata/labels_annotations_coder.golden @@ -131,7 +131,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/name_override.golden b/helm/provisioner/tests/testdata/name_override.golden index 6f35952422..07cee6a958 100644 --- a/helm/provisioner/tests/testdata/name_override.golden +++ b/helm/provisioner/tests/testdata/name_override.golden @@ -132,7 +132,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/name_override_coder.golden b/helm/provisioner/tests/testdata/name_override_coder.golden index c70058bafa..3fb7159842 100644 --- a/helm/provisioner/tests/testdata/name_override_coder.golden +++ b/helm/provisioner/tests/testdata/name_override_coder.golden @@ -132,7 +132,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/name_override_existing_sa.golden b/helm/provisioner/tests/testdata/name_override_existing_sa.golden index 8d2c3da528..f18af50c87 100644 --- a/helm/provisioner/tests/testdata/name_override_existing_sa.golden +++ b/helm/provisioner/tests/testdata/name_override_existing_sa.golden @@ -52,7 +52,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/name_override_existing_sa_coder.golden b/helm/provisioner/tests/testdata/name_override_existing_sa_coder.golden index 112d117e86..2463c6badb 100644 --- a/helm/provisioner/tests/testdata/name_override_existing_sa_coder.golden +++ b/helm/provisioner/tests/testdata/name_override_existing_sa_coder.golden @@ -52,7 +52,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/partial_resources.golden b/helm/provisioner/tests/testdata/partial_resources.golden new file mode 100644 index 0000000000..f08bccf550 --- /dev/null +++ b/helm/provisioner/tests/testdata/partial_resources.golden @@ -0,0 +1,142 @@ +--- +# Source: coder-provisioner/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder-provisioner + app.kubernetes.io/part-of: coder-provisioner + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-provisioner-0.1.0 + name: coder-provisioner + namespace: default +--- +# Source: coder-provisioner/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-provisioner-workspace-perms + namespace: default +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder-provisioner/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder-provisioner" + namespace: default +subjects: + - kind: ServiceAccount + name: "coder-provisioner" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-provisioner-workspace-perms +--- +# Source: coder-provisioner/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder-provisioner + app.kubernetes.io/part-of: coder-provisioner + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-provisioner-0.1.0 + name: coder-provisioner + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder-provisioner + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder-provisioner + app.kubernetes.io/part-of: coder-provisioner + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-provisioner-0.1.0 + spec: + containers: + - args: + - provisionerd + - start + command: + - /opt/coder + env: + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_PROVISIONER_DAEMON_PSK + valueFrom: + secretKeyRef: + key: psk + name: coder-provisioner-psk + - name: CODER_URL + value: http://coder.default.svc.cluster.local + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + name: coder + ports: null + resources: + requests: + cpu: 1500m + memory: 3072Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder-provisioner + terminationGracePeriodSeconds: 600 + volumes: [] diff --git a/helm/provisioner/tests/testdata/partial_resources.yaml b/helm/provisioner/tests/testdata/partial_resources.yaml new file mode 100644 index 0000000000..ddec3aa942 --- /dev/null +++ b/helm/provisioner/tests/testdata/partial_resources.yaml @@ -0,0 +1,7 @@ +coder: + image: + tag: latest + resources: + requests: + cpu: 1500m + memory: 3072Mi diff --git a/helm/provisioner/tests/testdata/partial_resources_coder.golden b/helm/provisioner/tests/testdata/partial_resources_coder.golden new file mode 100644 index 0000000000..2f9ae4c1d4 --- /dev/null +++ b/helm/provisioner/tests/testdata/partial_resources_coder.golden @@ -0,0 +1,142 @@ +--- +# Source: coder-provisioner/templates/coder.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder-provisioner + app.kubernetes.io/part-of: coder-provisioner + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-provisioner-0.1.0 + name: coder-provisioner + namespace: coder +--- +# Source: coder-provisioner/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: coder-provisioner-workspace-perms + namespace: coder +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: coder-provisioner/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "coder-provisioner" + namespace: coder +subjects: + - kind: ServiceAccount + name: "coder-provisioner" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: coder-provisioner-workspace-perms +--- +# Source: coder-provisioner/templates/coder.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder-provisioner + app.kubernetes.io/part-of: coder-provisioner + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-provisioner-0.1.0 + name: coder-provisioner + namespace: coder +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: coder-provisioner + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coder-provisioner + app.kubernetes.io/part-of: coder-provisioner + app.kubernetes.io/version: 0.1.0 + helm.sh/chart: coder-provisioner-0.1.0 + spec: + containers: + - args: + - provisionerd + - start + command: + - /opt/coder + env: + - name: CODER_PROMETHEUS_ADDRESS + value: 0.0.0.0:2112 + - name: CODER_PROVISIONER_DAEMON_PSK + valueFrom: + secretKeyRef: + key: psk + name: coder-provisioner-psk + - name: CODER_URL + value: http://coder.coder.svc.cluster.local + image: ghcr.io/coder/coder:latest + imagePullPolicy: IfNotPresent + lifecycle: {} + name: coder + ports: null + resources: + requests: + cpu: 1500m + memory: 3072Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: null + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: [] + restartPolicy: Always + serviceAccountName: coder-provisioner + terminationGracePeriodSeconds: 600 + volumes: [] diff --git a/helm/provisioner/tests/testdata/provisionerd_key.golden b/helm/provisioner/tests/testdata/provisionerd_key.golden index 73421e9240..b51a124673 100644 --- a/helm/provisioner/tests/testdata/provisionerd_key.golden +++ b/helm/provisioner/tests/testdata/provisionerd_key.golden @@ -123,7 +123,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/provisionerd_key_coder.golden b/helm/provisioner/tests/testdata/provisionerd_key_coder.golden index 03e347b284..1b04c54cb7 100644 --- a/helm/provisioner/tests/testdata/provisionerd_key_coder.golden +++ b/helm/provisioner/tests/testdata/provisionerd_key_coder.golden @@ -123,7 +123,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/provisionerd_key_psk_empty_workaround.golden b/helm/provisioner/tests/testdata/provisionerd_key_psk_empty_workaround.golden index 73421e9240..b51a124673 100644 --- a/helm/provisioner/tests/testdata/provisionerd_key_psk_empty_workaround.golden +++ b/helm/provisioner/tests/testdata/provisionerd_key_psk_empty_workaround.golden @@ -123,7 +123,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/provisionerd_key_psk_empty_workaround_coder.golden b/helm/provisioner/tests/testdata/provisionerd_key_psk_empty_workaround_coder.golden index 03e347b284..1b04c54cb7 100644 --- a/helm/provisioner/tests/testdata/provisionerd_key_psk_empty_workaround_coder.golden +++ b/helm/provisioner/tests/testdata/provisionerd_key_psk_empty_workaround_coder.golden @@ -123,7 +123,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/provisionerd_psk.golden b/helm/provisioner/tests/testdata/provisionerd_psk.golden index 8b9ea878b5..8310d91899 100644 --- a/helm/provisioner/tests/testdata/provisionerd_psk.golden +++ b/helm/provisioner/tests/testdata/provisionerd_psk.golden @@ -125,7 +125,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/provisionerd_psk_coder.golden b/helm/provisioner/tests/testdata/provisionerd_psk_coder.golden index 61a8c7a0c1..2652be46c2 100644 --- a/helm/provisioner/tests/testdata/provisionerd_psk_coder.golden +++ b/helm/provisioner/tests/testdata/provisionerd_psk_coder.golden @@ -125,7 +125,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/sa.golden b/helm/provisioner/tests/testdata/sa.golden index 6f836c593b..b9f8c40070 100644 --- a/helm/provisioner/tests/testdata/sa.golden +++ b/helm/provisioner/tests/testdata/sa.golden @@ -124,7 +124,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/sa_coder.golden b/helm/provisioner/tests/testdata/sa_coder.golden index 97650df0e5..f66d6fab90 100644 --- a/helm/provisioner/tests/testdata/sa_coder.golden +++ b/helm/provisioner/tests/testdata/sa_coder.golden @@ -124,7 +124,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/sa_disabled.golden b/helm/provisioner/tests/testdata/sa_disabled.golden index f403daa33a..cbb588a89f 100644 --- a/helm/provisioner/tests/testdata/sa_disabled.golden +++ b/helm/provisioner/tests/testdata/sa_disabled.golden @@ -52,7 +52,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null diff --git a/helm/provisioner/tests/testdata/sa_disabled_coder.golden b/helm/provisioner/tests/testdata/sa_disabled_coder.golden index 5429858ca1..57f025a7ec 100644 --- a/helm/provisioner/tests/testdata/sa_disabled_coder.golden +++ b/helm/provisioner/tests/testdata/sa_disabled_coder.golden @@ -52,7 +52,13 @@ spec: lifecycle: {} name: coder ports: null - resources: {} + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 2000m + memory: 4096Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null