diff --git a/kubernetes/aks/apps/argo-apps/kustomization.yaml b/kubernetes/aks/apps/argo-apps/kustomization.yaml index a884ef7d..480c9984 100644 --- a/kubernetes/aks/apps/argo-apps/kustomization.yaml +++ b/kubernetes/aks/apps/argo-apps/kustomization.yaml @@ -15,7 +15,6 @@ resources: - ../../system/ingress-nginx/ - ../../system/monitoring/ - ../../system/cloudnativepg/ - - ../../system/coder/ - ../../system/ori/ patches: diff --git a/kubernetes/aks/system/coder/argo-app.yaml b/kubernetes/aks/system/coder/argo-app.yaml deleted file mode 100644 index c2486d14..00000000 --- a/kubernetes/aks/system/coder/argo-app.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: coder - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - destination: - namespace: coder - server: https://kubernetes.default.svc - sources: - - chart: coder - helm: - releaseName: coder - valueFiles: - - $values/kubernetes/aks/system/coder/helm/values.yaml - repoURL: https://helm.coder.com/v2 - targetRevision: 2.8.3 - - repoURL: https://github.com/ai-cfia/howard.git - targetRevision: HEAD - ref: values - - repoURL: https://github.com/ai-cfia/howard.git - path: kubernetes/aks/system/coder/base - targetRevision: HEAD - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/kubernetes/aks/system/coder/base/namespace.yaml b/kubernetes/aks/system/coder/base/namespace.yaml deleted file mode 100644 index c92cca6a..00000000 --- a/kubernetes/aks/system/coder/base/namespace.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: coder - labels: - name: coder diff --git a/kubernetes/aks/system/coder/base/postgresql-cluster.yaml b/kubernetes/aks/system/coder/base/postgresql-cluster.yaml deleted file mode 100644 index d7874c74..00000000 --- a/kubernetes/aks/system/coder/base/postgresql-cluster.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: coder-pgsql - namespace: coder -spec: - instances: 3 - - imageName: ghcr.io/cloudnative-pg/postgresql:16.1 - - superuserSecret: - name: superuser-secret - - bootstrap: - initdb: - database: coder - owner: coder - secret: - name: coder-pgsql-secret - storage: - size: 20Gi diff --git a/kubernetes/aks/system/coder/helm/values.yaml b/kubernetes/aks/system/coder/helm/values.yaml deleted file mode 100644 index b3a00687..00000000 --- a/kubernetes/aks/system/coder/helm/values.yaml +++ /dev/null @@ -1,366 +0,0 @@ -# coder -- Primary configuration for `coder server`. -coder: - # coder.env -- The environment variables to set for Coder. These can be used - # to configure all aspects of `coder server`. Please see `coder server --help` - # for information about what environment variables can be set. - # Note: The following environment variables are set by default and cannot be - # overridden: - # - CODER_TLS_ADDRESS: set to 0.0.0.0:8443 if tls.secretName is not empty. - # - CODER_TLS_ENABLE: set if tls.secretName is not empty. - # - CODER_TLS_CERT_FILE: set if tls.secretName is not empty. - # - CODER_TLS_KEY_FILE: set if tls.secretName is not empty. - # - CODER_PROMETHEUS_ADDRESS: set to 0.0.0.0:2112 and cannot be changed. - # Prometheus must still be enabled by setting CODER_PROMETHEUS_ENABLE. - # - KUBE_POD_IP - # - CODER_DERP_SERVER_RELAY_URL - # - # We will additionally set CODER_ACCESS_URL if unset to the cluster service - # URL, unless coder.envUseClusterAccessURL is set to false. - env: - - name: CODER_PG_CONNECTION_URL - valueFrom: - secretKeyRef: - name: coder-pgsql-secret - key: url - - - name: CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS - value: "true" - - name: CODER_OAUTH2_GITHUB_ALLOWED_ORGS - value: "ai-cfia" - - name: CODER_OAUTH2_GITHUB_CLIENT_ID - value: "e0984fa5808c63e6ce06" - - name: CODER_OAUTH2_GITHUB_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: coder-pgsql-secret - key: github.client.secret - - - name: CODER_ACCESS_URL - value: "https://coder.inspection.alpha.canada.ca" - - # coder.envFrom -- Secrets or ConfigMaps to use for Coder's environment - # variables. If you want one environment variable read from a secret, then use - # coder.env valueFrom. See the K8s docs for valueFrom here: - # https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data - # - # If setting CODER_ACCESS_URL in coder.envFrom, then you must set - # coder.envUseClusterAccessURL to false. - envFrom: [] - # - configMapRef: - # name: coder-config - # - secretRef: - # name: coder-config - - # coder.envUseClusterAccessURL -- Determines whether the CODER_ACCESS_URL env - # is added to coder.env if it's not already set there. Set this to false if - # defining CODER_ACCESS_URL in coder.envFrom to avoid conflicts. - envUseClusterAccessURL: false - - # coder.image -- The image to use for Coder. - image: - # coder.image.repo -- The repository of the image. - repo: "ghcr.io/coder/coder" - # coder.image.tag -- The tag of the image, defaults to {{.Chart.AppVersion}} - # if not set. If you're using the chart directly from git, the default - # app version will not work and you'll need to set this value. The helm - # chart helpfully fails quickly in this case. - tag: "" - # coder.image.pullPolicy -- The pull policy to use for the image. See: - # https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy - pullPolicy: IfNotPresent - # coder.image.pullSecrets -- The secrets used for pulling the Coder image from - # a private registry. - pullSecrets: [] - # - name: "pull-secret" - - # coder.initContainers -- Init containers for the deployment. See: - # https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - initContainers: - [] - # - name: init-container - # image: busybox:1.28 - # command: ['sh', '-c', "sleep 2"] - - # coder.annotations -- The Deployment annotations. See: - # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - annotations: {} - - # coder.labels -- The Deployment labels. See: - # https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - labels: {} - - # coder.podAnnotations -- The Coder pod annotations. See: - # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - podAnnotations: {} - - # coder.podLabels -- The Coder pod labels. See: - # https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - - # coder.serviceAccount -- Configuration for the automatically created service - # account. Creation of the service account cannot be disabled. - serviceAccount: - # coder.serviceAccount.workspacePerms -- Whether or not to grant the coder - # service account permissions to manage workspaces. This includes - # permission to manage pods and persistent volume claims in the deployment - # namespace. - # - # It is recommended to keep this on if you are using Kubernetes templates - # within Coder. - workspacePerms: true - # coder.serviceAccount.enableDeployments -- Provides the service account - # permission to manage Kubernetes deployments. Depends on workspacePerms. - enableDeployments: true - # coder.serviceAccount.extraRules -- Additional permissions added to the SA - # role. Depends on workspacePerms. - extraRules: [] - # - apiGroups: [""] - # resources: ["services"] - # verbs: - # - create - # - delete - # - deletecollection - # - get - # - list - # - patch - # - update - # - watch - - # coder.serviceAccount.annotations -- The Coder service account annotations. - annotations: {} - # coder.serviceAccount.name -- The service account name - name: coder - - # coder.securityContext -- Fields related to the container's security - # context (as opposed to the pod). Some fields are also present in the pod - # security context, in which case these values will take precedence. - securityContext: - # coder.securityContext.runAsNonRoot -- Requires that the coder container - # runs as an unprivileged user. If setting runAsUser to 0 (root), this - # will need to be set to false. - runAsNonRoot: true - # coder.securityContext.runAsUser -- Sets the user id of the container. - # For security reasons, we recommend using a non-root user. - runAsUser: 1000 - # coder.securityContext.runAsGroup -- Sets the group id of the container. - # For security reasons, we recommend using a non-root group. - runAsGroup: 1000 - # coder.securityContext.readOnlyRootFilesystem -- Mounts the container's - # root filesystem as read-only. - readOnlyRootFilesystem: null - # coder.securityContext.seccompProfile -- Sets the seccomp profile for - # the coder container. - seccompProfile: - type: RuntimeDefault - # coder.securityContext.allowPrivilegeEscalation -- Controls whether - # the container can gain additional privileges, such as escalating to - # root. It is recommended to leave this setting disabled in production. - allowPrivilegeEscalation: false - - # coder.volumes -- A list of extra volumes to add to the Coder pod. - volumes: [] - # - name: "my-volume" - # emptyDir: {} - - # coder.volumeMounts -- A list of extra volume mounts to add to the Coder pod. - volumeMounts: [] - # - name: "my-volume" - # mountPath: "/mnt/my-volume" - - # coder.tls -- The TLS configuration for Coder. - tls: - # coder.tls.secretNames -- A list of TLS server certificate secrets to mount - # into the Coder pod. The secrets should exist in the same namespace as the - # Helm deployment and should be of type "kubernetes.io/tls". The secrets - # will be automatically mounted into the pod if specified, and the correct - # "CODER_TLS_*" environment variables will be set for you. - secretNames: [] - - # coder.replicaCount -- The number of Kubernetes deployment replicas. This - # should only be increased if High Availability is enabled. - # - # This is an Enterprise feature. Contact sales@coder.com. - replicaCount: 1 - - # coder.workspaceProxy -- Whether or not this deployment of Coder is a Coder - # Workspace Proxy. Workspace Proxies reduce the latency between the user and - # their workspace for web connections (workspace apps and web terminal) and - # proxied connections from the CLI. Workspace Proxies are optional and only - # recommended for geographically sparse teams. - # - # Make sure you set CODER_PRIMARY_ACCESS_URL and CODER_PROXY_SESSION_TOKEN in - # the environment below. You can get a proxy token using the CLI: - # coder wsproxy create \ - # --name "proxy-name" \ - # --display-name "Proxy Name" \ - # --icon "/emojis/xyz.png" - # - # This is an Enterprise feature. Contact sales@coder.com - # Docs: https://coder.com/docs/v2/latest/admin/workspace-proxies - workspaceProxy: false - - # coder.lifecycle -- container lifecycle handlers for the Coder container, allowing - # for lifecycle events such as postStart and preStop events - # See: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ - lifecycle: - {} - # postStart: - # exec: - # command: ["/bin/sh", "-c", "echo postStart"] - # preStop: - # exec: - # command: ["/bin/sh","-c","echo preStart"] - - # coder.resources -- The resources to request for Coder. These are optional - # and are not set by default. - resources: - {} - # limits: - # cpu: 2000m - # memory: 4096Mi - # requests: - # cpu: 2000m - # memory: 4096Mi - - # coder.certs -- CA bundles to mount inside the Coder pod. - certs: - # coder.certs.secrets -- A list of CA bundle secrets to mount into the Coder - # pod. The secrets should exist in the same namespace as the Helm - # deployment. - # - # The given key in each secret is mounted at - # `/etc/ssl/certs/{secret_name}.crt`. - secrets: - [] - # - name: "my-ca-bundle" - # key: "ca-bundle.crt" - - # coder.affinity -- Allows specifying an affinity rule for the `coder` deployment. - # The default rule prefers to schedule coder pods on different - # nodes, which is only applicable if coder.replicaCount is greater than 1. - # affinity: - # podAntiAffinity: - # preferredDuringSchedulingIgnoredDuringExecution: - # - podAffinityTerm: - # labelSelector: - # matchExpressions: - # - key: app.kubernetes.io/instance - # operator: In - # values: - # - "coder" - # topologyKey: kubernetes.io/hostname - # weight: 1 - - # coder.tolerations -- Tolerations for tainted nodes. - # See: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: - {} - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - - # coder.nodeSelector -- Node labels for constraining coder pods to nodes. - # See: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - nodeSelector: {} - # kubernetes.io/os: linux - - # coder.service -- The Service object to expose for Coder. - service: - # coder.service.enable -- Whether to create the Service object. - enable: true - # coder.service.type -- The type of service to expose. See: - # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: ClusterIP - # coder.service.sessionAffinity -- Must be set to ClientIP or None - # AWS ELB does not support session stickiness based on ClientIP, so you must set this to None. - # The error message you might see: "Unsupported load balancer affinity: ClientIP" - # https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity - sessionAffinity: None - # coder.service.externalTrafficPolicy -- The external traffic policy to use. - # You may need to change this to "Local" to preserve the source IP address - # in some situations. - # https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - externalTrafficPolicy: Cluster - # coder.service.loadBalancerIP -- The IP address of the LoadBalancer. If not - # specified, a new IP will be generated each time the load balancer is - # recreated. It is recommended to manually create a static IP address in - # your cloud and specify it here in production to avoid accidental IP - # address changes. - loadBalancerIP: "" - # coder.service.annotations -- The service annotations. See: - # https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - annotations: {} - # coder.service.httpNodePort -- Enabled if coder.service.type is set to - # NodePort. If not set, Kubernetes will allocate a port from the default - # range, 30000-32767. - httpNodePort: "" - # coder.service.httpsNodePort -- Enabled if coder.service.type is set to - # NodePort. If not set, Kubernetes will allocate a port from the default - # range, 30000-32767. - httpsNodePort: "" - - # coder.ingress -- The Ingress object to expose for Coder. - ingress: - # coder.ingress.enable -- Whether to create the Ingress object. If using an - # Ingress, we recommend not specifying coder.tls.secretNames as the Ingress - # will handle TLS termination. - enable: true - # coder.ingress.className -- The name of the Ingress class to use. - className: "nginx" - # coder.ingress.host -- The hostname to match on. - # Be sure to also set CODER_ACCESS_URL within coder.env[] - host: "coder.inspection.alpha.canada.ca" - # coder.ingress.wildcardHost -- The wildcard hostname to match on. Should be - # in the form "*.example.com" or "*-suffix.example.com". If you are using a - # suffix after the wildcard, the suffix will be stripped from the created - # ingress to ensure that it is a legal ingress host. Optional if not using - # applications over subdomains. - # Be sure to also set CODER_WILDCARD_ACCESS_URL within coder.env[] - wildcardHost: "" - # coder.ingress.annotations -- The ingress annotations. - annotations: - external-dns.alpha.kubernetes.io/target: inspection.alpha.canada.ca - cert-manager.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/add-base-url: "true" - ingress.kubernetes.io/force-ssl-redirect: "true" - kubernetes.io/tls-acme: "true" - # coder.ingress.tls -- The TLS configuration to use for the Ingress. - tls: - # coder.ingress.tls.enable -- Whether to enable TLS on the Ingress. - enable: true - # coder.ingress.tls.secretName -- The name of the TLS secret to use. - secretName: "coder-secret" - # coder.ingress.tls.wildcardSecretName -- The name of the TLS secret to - # use for the wildcard host. - wildcardSecretName: "" - - # coder.command -- The command to use when running the Coder container. Used - # for customizing the location of the `coder` binary in your image. - command: - - /opt/coder - - # coder.commandArgs -- Set arguments for the entrypoint command of the Coder pod. - commandArgs: [] - -# provisionerDaemon -- Configuration for external provisioner daemons. -# -# This is an Enterprise feature. Contact sales@coder.com. -provisionerDaemon: - # provisionerDaemon.pskSecretName -- The name of the Kubernetes secret that contains the - # Pre-Shared Key (PSK) to use to authenticate external provisioner daemons with Coder. The - # secret must be in the same namespace as the Helm deployment, and contain an item called "psk" - # which contains the pre-shared key. - pskSecretName: "" - -# extraTemplates -- Array of extra objects to deploy with the release. Strings -# are evaluated as a template and can use template expansions and functions. All -# other objects are used as yaml. -extraTemplates: - #- | - # apiVersion: v1 - # kind: ConfigMap - # metadata: - # name: my-configmap - # data: - # key: {{ .Values.myCustomValue | quote }} diff --git a/kubernetes/aks/system/coder/kustomization.yaml b/kubernetes/aks/system/coder/kustomization.yaml deleted file mode 100644 index d1bc2b63..00000000 --- a/kubernetes/aks/system/coder/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - argo-app.yaml