mirror of
https://github.com/coder/coder.git
synced 2025-07-12 00:14:10 +00:00
323 lines
7.5 KiB
HCL
323 lines
7.5 KiB
HCL
terraform {
|
|
required_providers {
|
|
coder = {
|
|
source = "coder/coder"
|
|
}
|
|
kubernetes = {
|
|
source = "hashicorp/kubernetes"
|
|
}
|
|
}
|
|
}
|
|
|
|
data "coder_parameter" "home_disk" {
|
|
name = "Disk Size"
|
|
description = "How large should the disk storing the home directory be?"
|
|
icon = "https://cdn-icons-png.flaticon.com/512/2344/2344147.png"
|
|
type = "number"
|
|
default = 10
|
|
mutable = true
|
|
validation {
|
|
min = 10
|
|
max = 100
|
|
}
|
|
}
|
|
|
|
variable "use_kubeconfig" {
|
|
type = bool
|
|
default = true
|
|
description = <<-EOF
|
|
Use host kubeconfig? (true/false)
|
|
Set this to false if the Coder host is itself running as a Pod on the same
|
|
Kubernetes cluster as you are deploying workspaces to.
|
|
Set this to true if the Coder host is running outside the Kubernetes cluster
|
|
for workspaces. A valid "~/.kube/config" must be present on the Coder host.
|
|
EOF
|
|
}
|
|
|
|
provider "coder" {}
|
|
|
|
variable "namespace" {
|
|
type = string
|
|
description = "The namespace to create workspaces in (must exist prior to creating workspaces)"
|
|
}
|
|
|
|
variable "create_tun" {
|
|
type = bool
|
|
description = "Add a TUN device to the workspace."
|
|
default = false
|
|
}
|
|
|
|
variable "create_fuse" {
|
|
type = bool
|
|
description = "Add a FUSE device to the workspace."
|
|
default = false
|
|
}
|
|
|
|
variable "max_cpus" {
|
|
type = string
|
|
description = "Max number of CPUs the workspace may use (e.g. 2)."
|
|
}
|
|
|
|
variable "min_cpus" {
|
|
type = string
|
|
description = "Minimum number of CPUs the workspace may use (e.g. .1)."
|
|
}
|
|
|
|
variable "max_memory" {
|
|
type = string
|
|
description = "Maximum amount of memory to allocate the workspace (in GB)."
|
|
}
|
|
|
|
variable "min_memory" {
|
|
type = string
|
|
description = "Minimum amount of memory to allocate the workspace (in GB)."
|
|
}
|
|
|
|
provider "kubernetes" {
|
|
# Authenticate via ~/.kube/config or a Coder-specific ServiceAccount, depending on admin preferences
|
|
config_path = var.use_kubeconfig == true ? "~/.kube/config" : null
|
|
}
|
|
|
|
data "coder_workspace" "me" {}
|
|
data "coder_workspace_owner" "me" {}
|
|
|
|
resource "coder_agent" "main" {
|
|
os = "linux"
|
|
arch = "amd64"
|
|
startup_script = <<EOT
|
|
#!/bin/bash
|
|
# home folder can be empty, so copying default bash settings
|
|
if [ ! -f ~/.profile ]; then
|
|
cp /etc/skel/.profile $HOME
|
|
fi
|
|
if [ ! -f ~/.bashrc ]; then
|
|
cp /etc/skel/.bashrc $HOME
|
|
fi
|
|
|
|
# Add any commands that should be executed at workspace startup (e.g install requirements, start a program, etc) here
|
|
EOT
|
|
}
|
|
|
|
# See https://registry.coder.com/modules/coder/code-server
|
|
module "code-server" {
|
|
count = data.coder_workspace.me.start_count
|
|
source = "registry.coder.com/coder/code-server/coder"
|
|
|
|
# This ensures that the latest non-breaking version of the module gets downloaded, you can also pin the module version to prevent breaking changes in production.
|
|
version = "~> 1.0"
|
|
|
|
agent_id = coder_agent.main.id
|
|
order = 1
|
|
}
|
|
|
|
# See https://registry.coder.com/modules/coder/jetbrains-gateway
|
|
module "jetbrains_gateway" {
|
|
count = data.coder_workspace.me.start_count
|
|
source = "registry.coder.com/coder/jetbrains-gateway/coder"
|
|
|
|
# JetBrains IDEs to make available for the user to select
|
|
jetbrains_ides = ["IU", "PY", "WS", "PS", "RD", "CL", "GO", "RM"]
|
|
default = "IU"
|
|
|
|
# Default folder to open when starting a JetBrains IDE
|
|
folder = "/home/coder"
|
|
|
|
# This ensures that the latest non-breaking version of the module gets downloaded, you can also pin the module version to prevent breaking changes in production.
|
|
version = "~> 1.0"
|
|
|
|
agent_id = coder_agent.main.id
|
|
agent_name = "main"
|
|
order = 2
|
|
}
|
|
|
|
resource "kubernetes_persistent_volume_claim" "home" {
|
|
metadata {
|
|
name = "coder-${lower(data.coder_workspace_owner.me.name)}-${lower(data.coder_workspace.me.name)}-home"
|
|
namespace = var.namespace
|
|
}
|
|
wait_until_bound = false
|
|
spec {
|
|
access_modes = ["ReadWriteOnce"]
|
|
resources {
|
|
requests = {
|
|
storage = "${data.coder_parameter.home_disk.value}Gi"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_pod" "main" {
|
|
count = data.coder_workspace.me.start_count
|
|
|
|
metadata {
|
|
name = "coder-${lower(data.coder_workspace_owner.me.name)}-${lower(data.coder_workspace.me.name)}"
|
|
namespace = var.namespace
|
|
}
|
|
|
|
spec {
|
|
restart_policy = "Never"
|
|
|
|
container {
|
|
name = "dev"
|
|
# We highly recommend pinning this to a specific release of envbox, as the latest tag may change.
|
|
image = "ghcr.io/coder/envbox:latest"
|
|
image_pull_policy = "Always"
|
|
command = ["/envbox", "docker"]
|
|
|
|
security_context {
|
|
privileged = true
|
|
}
|
|
|
|
resources {
|
|
requests = {
|
|
"cpu" : "${var.min_cpus}"
|
|
"memory" : "${var.min_memory}G"
|
|
}
|
|
|
|
limits = {
|
|
"cpu" : "${var.max_cpus}"
|
|
"memory" : "${var.max_memory}G"
|
|
}
|
|
}
|
|
|
|
env {
|
|
name = "CODER_AGENT_TOKEN"
|
|
value = coder_agent.main.token
|
|
}
|
|
|
|
env {
|
|
name = "CODER_AGENT_URL"
|
|
value = data.coder_workspace.me.access_url
|
|
}
|
|
|
|
env {
|
|
name = "CODER_INNER_IMAGE"
|
|
value = "index.docker.io/codercom/enterprise-base:ubuntu-20240812"
|
|
}
|
|
|
|
env {
|
|
name = "CODER_INNER_USERNAME"
|
|
value = "coder"
|
|
}
|
|
|
|
env {
|
|
name = "CODER_BOOTSTRAP_SCRIPT"
|
|
value = coder_agent.main.init_script
|
|
}
|
|
|
|
env {
|
|
name = "CODER_MOUNTS"
|
|
value = "/home/coder:/home/coder"
|
|
}
|
|
|
|
env {
|
|
name = "CODER_ADD_FUSE"
|
|
value = var.create_fuse
|
|
}
|
|
|
|
env {
|
|
name = "CODER_INNER_HOSTNAME"
|
|
value = data.coder_workspace.me.name
|
|
}
|
|
|
|
env {
|
|
name = "CODER_ADD_TUN"
|
|
value = var.create_tun
|
|
}
|
|
|
|
env {
|
|
name = "CODER_CPUS"
|
|
value_from {
|
|
resource_field_ref {
|
|
resource = "limits.cpu"
|
|
}
|
|
}
|
|
}
|
|
|
|
env {
|
|
name = "CODER_MEMORY"
|
|
value_from {
|
|
resource_field_ref {
|
|
resource = "limits.memory"
|
|
}
|
|
}
|
|
}
|
|
|
|
volume_mount {
|
|
mount_path = "/home/coder"
|
|
name = "home"
|
|
read_only = false
|
|
sub_path = "home"
|
|
}
|
|
|
|
volume_mount {
|
|
mount_path = "/var/lib/coder/docker"
|
|
name = "home"
|
|
sub_path = "cache/docker"
|
|
}
|
|
|
|
volume_mount {
|
|
mount_path = "/var/lib/coder/containers"
|
|
name = "home"
|
|
sub_path = "cache/containers"
|
|
}
|
|
|
|
volume_mount {
|
|
mount_path = "/var/lib/sysbox"
|
|
name = "sysbox"
|
|
}
|
|
|
|
volume_mount {
|
|
mount_path = "/var/lib/containers"
|
|
name = "home"
|
|
sub_path = "envbox/containers"
|
|
}
|
|
|
|
volume_mount {
|
|
mount_path = "/var/lib/docker"
|
|
name = "home"
|
|
sub_path = "envbox/docker"
|
|
}
|
|
|
|
volume_mount {
|
|
mount_path = "/usr/src"
|
|
name = "usr-src"
|
|
}
|
|
|
|
volume_mount {
|
|
mount_path = "/lib/modules"
|
|
name = "lib-modules"
|
|
}
|
|
}
|
|
|
|
volume {
|
|
name = "home"
|
|
persistent_volume_claim {
|
|
claim_name = kubernetes_persistent_volume_claim.home.metadata.0.name
|
|
read_only = false
|
|
}
|
|
}
|
|
|
|
volume {
|
|
name = "sysbox"
|
|
empty_dir {}
|
|
}
|
|
|
|
volume {
|
|
name = "usr-src"
|
|
host_path {
|
|
path = "/usr/src"
|
|
type = ""
|
|
}
|
|
}
|
|
|
|
volume {
|
|
name = "lib-modules"
|
|
host_path {
|
|
path = "/lib/modules"
|
|
type = ""
|
|
}
|
|
}
|
|
}
|
|
}
|