shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(helm): disable liveness probes by default, allow all probe settings (#21789)

Browse Source 
Liveness checks are currently causing pods to be killed during
long-running migrations.

They are generally not advisable for our workloads; if a pod becomes
unresponsive we _need_ to know about it (due to a deadlock, etc) and not
paper over the issue by killing the pod.

I've also made all probe settings configurable.

---------

Signed-off-by: Danny Kopping <danny@coder.com>
This commit is contained in:
Danny Kopping
2026-02-02 15:33:49 +02:00
committed by GitHub
parent bcc57632dd
commit d0c67ccb88
62 changed files with 904 additions and 321 deletions
Download Patch File Download Diff File Expand all files Collapse all files
helm/coder/templates/_coder.tpl
+28
View File
@@ -108,16 +108,44 @@ ports:
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.coder.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz
port: "http"
scheme: "HTTP"
initialDelaySeconds: {{ .Values.coder.readinessProbe.initialDelaySeconds }}
{{- if hasKey .Values.coder.readinessProbe "periodSeconds" }}
periodSeconds: {{ .Values.coder.readinessProbe.periodSeconds }}
{{- end }}
{{- if hasKey .Values.coder.readinessProbe "timeoutSeconds" }}
timeoutSeconds: {{ .Values.coder.readinessProbe.timeoutSeconds }}
{{- end }}
{{- if hasKey .Values.coder.readinessProbe "successThreshold" }}
successThreshold: {{ .Values.coder.readinessProbe.successThreshold }}
{{- end }}
{{- if hasKey .Values.coder.readinessProbe "failureThreshold" }}
failureThreshold: {{ .Values.coder.readinessProbe.failureThreshold }}
{{- end }}
{{- end }}
{{- if .Values.coder.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz
port: "http"
scheme: "HTTP"
initialDelaySeconds: {{ .Values.coder.livenessProbe.initialDelaySeconds }}
{{- if hasKey .Values.coder.livenessProbe "periodSeconds" }}
periodSeconds: {{ .Values.coder.livenessProbe.periodSeconds }}
{{- end }}
{{- if hasKey .Values.coder.livenessProbe "timeoutSeconds" }}
timeoutSeconds: {{ .Values.coder.livenessProbe.timeoutSeconds }}
{{- end }}
{{- if hasKey .Values.coder.livenessProbe "successThreshold" }}
successThreshold: {{ .Values.coder.livenessProbe.successThreshold }}
{{- end }}
{{- if hasKey .Values.coder.livenessProbe "failureThreshold" }}
failureThreshold: {{ .Values.coder.livenessProbe.failureThreshold }}
{{- end }}
{{- end }}
{{- end }}
helm/coder/tests/chart_test.go
+8
View File
@@ -137,6 +137,14 @@ var testCases = []testCase{
name: "priority_class_name",
expectedError: "",
},
{
name: "probes_custom",
expectedError: "",
},
{
name: "probes_disabled",
expectedError: "",
},
}
type testCase struct {
helm/coder/tests/testdata/auto_access_url_1.golden
Vendored
-6
View File
@@ -169,12 +169,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/auto_access_url_1_coder.golden
Vendored
-6
View File
@@ -169,12 +169,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/auto_access_url_2.golden
Vendored
-6
View File
@@ -169,12 +169,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/auto_access_url_2_coder.golden
Vendored
-6
View File
@@ -169,12 +169,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/auto_access_url_3.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/auto_access_url_3_coder.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/command.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/command_args.golden
Vendored
-6
View File
@@ -168,12 +168,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/command_args_coder.golden
Vendored
-6
View File
@@ -168,12 +168,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/command_coder.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/custom_resources.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/custom_resources_coder.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/default_values.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/default_values_coder.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/env_from.golden
Vendored
-6
View File
@@ -179,12 +179,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/env_from_coder.golden
Vendored
-6
View File
@@ -179,12 +179,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/extra_templates.golden
Vendored
-6
View File
@@ -176,12 +176,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/extra_templates_coder.golden
Vendored
-6
View File
@@ -176,12 +176,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/labels_annotations.golden
Vendored
-6
View File
@@ -175,12 +175,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/labels_annotations_coder.golden
Vendored
-6
View File
@@ -175,12 +175,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/namespace_rbac.golden
Vendored
-6
View File
@@ -357,12 +357,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/namespace_rbac_coder.golden
Vendored
-6
View File
@@ -357,12 +357,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/partial_resources.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/partial_resources_coder.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/pod_securitycontext.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/pod_securitycontext_coder.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/priority_class_name.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/priority_class_name_coder.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/probes_custom.golden
Vendored
+214
View File
@@ -0,0 +1,214 @@
---
# Source: coder/templates/coder.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
annotations: {}
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: coder
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: 0.1.0
helm.sh/chart: coder-0.1.0
name: coder
namespace: default
---
# Source: coder/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: coder-workspace-perms
namespace: default
rules:
- apiGroups: [""]
resources: ["pods"]
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
# Source: coder/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "coder"
namespace: default
subjects:
- kind: ServiceAccount
name: "coder"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: coder-workspace-perms
---
# Source: coder/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: coder
namespace: default
labels:
helm.sh/chart: coder-0.1.0
app.kubernetes.io/name: coder
app.kubernetes.io/instance: release-name
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: "0.1.0"
app.kubernetes.io/managed-by: Helm
annotations:
{}
spec:
type: LoadBalancer
sessionAffinity: None
ports:
- name: "http"
port: 80
targetPort: "http"
protocol: TCP
nodePort:
externalTrafficPolicy: "Cluster"
selector:
app.kubernetes.io/name: coder
app.kubernetes.io/instance: release-name
---
# Source: coder/templates/coder.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: coder
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: 0.1.0
helm.sh/chart: coder-0.1.0
name: coder
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/name: coder
template:
metadata:
annotations:
app.kubernetes.io/component: coderd
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: coder
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: 0.1.0
helm.sh/chart: coder-0.1.0
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- coder
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- args:
- server
command:
- /opt/coder
env:
- name: CODER_HTTP_ADDRESS
value: 0.0.0.0:8080
- name: CODER_PROMETHEUS_ADDRESS
value: 0.0.0.0:2112
- name: CODER_PPROF_ADDRESS
value: 0.0.0.0:6060
- name: CODER_ACCESS_URL
value: http://coder.default.svc.cluster.local
- name: KUBE_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CODER_DERP_SERVER_RELAY_URL
value: http://$(KUBE_POD_IP):8080
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 10
name: coder
ports:
- containerPort: 8080
name: http
protocol: TCP
readinessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 15
successThreshold: 2
timeoutSeconds: 5
resources:
limits:
cpu: 2000m
memory: 4096Mi
requests:
cpu: 2000m
memory: 4096Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: null
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts: []
restartPolicy: Always
serviceAccountName: coder
terminationGracePeriodSeconds: 60
volumes: []
helm/coder/tests/testdata/probes_custom.yaml
Vendored
+17
View File
@@ -0,0 +1,17 @@
coder:
image:
tag: latest
readinessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 5
successThreshold: 2
failureThreshold: 6
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 20
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
helm/coder/tests/testdata/probes_custom_coder.golden
Vendored
+214
View File
@@ -0,0 +1,214 @@
---
# Source: coder/templates/coder.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
annotations: {}
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: coder
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: 0.1.0
helm.sh/chart: coder-0.1.0
name: coder
namespace: coder
---
# Source: coder/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: coder-workspace-perms
namespace: coder
rules:
- apiGroups: [""]
resources: ["pods"]
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
# Source: coder/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "coder"
namespace: coder
subjects:
- kind: ServiceAccount
name: "coder"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: coder-workspace-perms
---
# Source: coder/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: coder
namespace: coder
labels:
helm.sh/chart: coder-0.1.0
app.kubernetes.io/name: coder
app.kubernetes.io/instance: release-name
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: "0.1.0"
app.kubernetes.io/managed-by: Helm
annotations:
{}
spec:
type: LoadBalancer
sessionAffinity: None
ports:
- name: "http"
port: 80
targetPort: "http"
protocol: TCP
nodePort:
externalTrafficPolicy: "Cluster"
selector:
app.kubernetes.io/name: coder
app.kubernetes.io/instance: release-name
---
# Source: coder/templates/coder.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: coder
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: 0.1.0
helm.sh/chart: coder-0.1.0
name: coder
namespace: coder
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/name: coder
template:
metadata:
annotations:
app.kubernetes.io/component: coderd
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: coder
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: 0.1.0
helm.sh/chart: coder-0.1.0
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- coder
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- args:
- server
command:
- /opt/coder
env:
- name: CODER_HTTP_ADDRESS
value: 0.0.0.0:8080
- name: CODER_PROMETHEUS_ADDRESS
value: 0.0.0.0:2112
- name: CODER_PPROF_ADDRESS
value: 0.0.0.0:6060
- name: CODER_ACCESS_URL
value: http://coder.coder.svc.cluster.local
- name: KUBE_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CODER_DERP_SERVER_RELAY_URL
value: http://$(KUBE_POD_IP):8080
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 10
name: coder
ports:
- containerPort: 8080
name: http
protocol: TCP
readinessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 15
successThreshold: 2
timeoutSeconds: 5
resources:
limits:
cpu: 2000m
memory: 4096Mi
requests:
cpu: 2000m
memory: 4096Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: null
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts: []
restartPolicy: Always
serviceAccountName: coder
terminationGracePeriodSeconds: 60
volumes: []
helm/coder/tests/testdata/probes_disabled.golden
Vendored
+194
View File
@@ -0,0 +1,194 @@
---
# Source: coder/templates/coder.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
annotations: {}
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: coder
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: 0.1.0
helm.sh/chart: coder-0.1.0
name: coder
namespace: default
---
# Source: coder/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: coder-workspace-perms
namespace: default
rules:
- apiGroups: [""]
resources: ["pods"]
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
# Source: coder/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "coder"
namespace: default
subjects:
- kind: ServiceAccount
name: "coder"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: coder-workspace-perms
---
# Source: coder/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: coder
namespace: default
labels:
helm.sh/chart: coder-0.1.0
app.kubernetes.io/name: coder
app.kubernetes.io/instance: release-name
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: "0.1.0"
app.kubernetes.io/managed-by: Helm
annotations:
{}
spec:
type: LoadBalancer
sessionAffinity: None
ports:
- name: "http"
port: 80
targetPort: "http"
protocol: TCP
nodePort:
externalTrafficPolicy: "Cluster"
selector:
app.kubernetes.io/name: coder
app.kubernetes.io/instance: release-name
---
# Source: coder/templates/coder.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: coder
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: 0.1.0
helm.sh/chart: coder-0.1.0
name: coder
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/name: coder
template:
metadata:
annotations:
app.kubernetes.io/component: coderd
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: coder
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: 0.1.0
helm.sh/chart: coder-0.1.0
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- coder
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- args:
- server
command:
- /opt/coder
env:
- name: CODER_HTTP_ADDRESS
value: 0.0.0.0:8080
- name: CODER_PROMETHEUS_ADDRESS
value: 0.0.0.0:2112
- name: CODER_PPROF_ADDRESS
value: 0.0.0.0:6060
- name: CODER_ACCESS_URL
value: http://coder.default.svc.cluster.local
- name: KUBE_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CODER_DERP_SERVER_RELAY_URL
value: http://$(KUBE_POD_IP):8080
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
name: coder
ports:
- containerPort: 8080
name: http
protocol: TCP
resources:
limits:
cpu: 2000m
memory: 4096Mi
requests:
cpu: 2000m
memory: 4096Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: null
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts: []
restartPolicy: Always
serviceAccountName: coder
terminationGracePeriodSeconds: 60
volumes: []
helm/coder/tests/testdata/probes_disabled.yaml
Vendored
+7
View File
@@ -0,0 +1,7 @@
coder:
image:
tag: latest
readinessProbe:
enabled: false
livenessProbe:
enabled: false
helm/coder/tests/testdata/probes_disabled_coder.golden
Vendored
+194
View File
@@ -0,0 +1,194 @@
---
# Source: coder/templates/coder.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
annotations: {}
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: coder
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: 0.1.0
helm.sh/chart: coder-0.1.0
name: coder
namespace: coder
---
# Source: coder/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: coder-workspace-perms
namespace: coder
rules:
- apiGroups: [""]
resources: ["pods"]
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
# Source: coder/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "coder"
namespace: coder
subjects:
- kind: ServiceAccount
name: "coder"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: coder-workspace-perms
---
# Source: coder/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: coder
namespace: coder
labels:
helm.sh/chart: coder-0.1.0
app.kubernetes.io/name: coder
app.kubernetes.io/instance: release-name
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: "0.1.0"
app.kubernetes.io/managed-by: Helm
annotations:
{}
spec:
type: LoadBalancer
sessionAffinity: None
ports:
- name: "http"
port: 80
targetPort: "http"
protocol: TCP
nodePort:
externalTrafficPolicy: "Cluster"
selector:
app.kubernetes.io/name: coder
app.kubernetes.io/instance: release-name
---
# Source: coder/templates/coder.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: coder
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: 0.1.0
helm.sh/chart: coder-0.1.0
name: coder
namespace: coder
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/name: coder
template:
metadata:
annotations:
app.kubernetes.io/component: coderd
labels:
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: coder
app.kubernetes.io/part-of: coder
app.kubernetes.io/version: 0.1.0
helm.sh/chart: coder-0.1.0
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- coder
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- args:
- server
command:
- /opt/coder
env:
- name: CODER_HTTP_ADDRESS
value: 0.0.0.0:8080
- name: CODER_PROMETHEUS_ADDRESS
value: 0.0.0.0:2112
- name: CODER_PPROF_ADDRESS
value: 0.0.0.0:6060
- name: CODER_ACCESS_URL
value: http://coder.coder.svc.cluster.local
- name: KUBE_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CODER_DERP_SERVER_RELAY_URL
value: http://$(KUBE_POD_IP):8080
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
name: coder
ports:
- containerPort: 8080
name: http
protocol: TCP
resources:
limits:
cpu: 2000m
memory: 4096Mi
requests:
cpu: 2000m
memory: 4096Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: null
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts: []
restartPolicy: Always
serviceAccountName: coder
terminationGracePeriodSeconds: 60
volumes: []
helm/coder/tests/testdata/prometheus.golden
Vendored
-6
View File
@@ -168,12 +168,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/prometheus_coder.golden
Vendored
-6
View File
@@ -168,12 +168,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/provisionerd_psk.golden
Vendored
-6
View File
@@ -172,12 +172,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/provisionerd_psk_coder.golden
Vendored
-6
View File
@@ -172,12 +172,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/sa.golden
Vendored
-6
View File
@@ -169,12 +169,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/sa_coder.golden
Vendored
-6
View File
@@ -169,12 +169,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/sa_disabled.golden
Vendored
-6
View File
@@ -153,12 +153,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/sa_disabled_coder.golden
Vendored
-6
View File
@@ -153,12 +153,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/sa_extra_rules.golden
Vendored
-6
View File
@@ -180,12 +180,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/sa_extra_rules_coder.golden
Vendored
-6
View File
@@ -180,12 +180,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/securitycontext.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/securitycontext_coder.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/svc_loadbalancer.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/svc_loadbalancer_class.golden
Vendored
-6
View File
@@ -168,12 +168,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/svc_loadbalancer_class_coder.golden
Vendored
-6
View File
@@ -168,12 +168,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/svc_loadbalancer_coder.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/svc_nodeport.golden
Vendored
-6
View File
@@ -166,12 +166,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/svc_nodeport_coder.golden
Vendored
-6
View File
@@ -166,12 +166,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/tls.golden
Vendored
-6
View File
@@ -180,12 +180,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/tls_coder.golden
Vendored
-6
View File
@@ -180,12 +180,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/topology.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/topology_coder.golden
Vendored
-6
View File
@@ -167,12 +167,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/workspace_proxy.golden
Vendored
-6
View File
@@ -175,12 +175,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/tests/testdata/workspace_proxy_coder.golden
Vendored
-6
View File
@@ -175,12 +175,6 @@ spec:
image: ghcr.io/coder/coder:latest
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
initialDelaySeconds: 0
name: coder
ports:
- containerPort: 8080
helm/coder/values.yaml
+28
View File
@@ -266,16 +266,44 @@ coder:
# memory: 4096Mi
# coder.readinessProbe -- Readiness probe configuration for the Coder container.
# See https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#Probe
# for default values.
readinessProbe:
# coder.readinessProbe.enabled -- Whether to enable the readiness probe.
enabled: true
# coder.readinessProbe.initialDelaySeconds -- Number of seconds after the container
# has started before readiness probes are initiated.
initialDelaySeconds: 0
# coder.readinessProbe.periodSeconds -- How often (in seconds) to perform the probe.
# periodSeconds: 10
# coder.readinessProbe.timeoutSeconds -- Number of seconds after which the probe times out.
# timeoutSeconds: 1
# coder.readinessProbe.successThreshold -- Minimum consecutive successes for the probe
# to be considered successful after having failed.
# successThreshold: 1
# coder.readinessProbe.failureThreshold -- Minimum consecutive failures for the probe
# to be considered failed after having succeeded.
# failureThreshold: 3
# coder.livenessProbe -- Liveness probe configuration for the Coder container.
# See https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#Probe
# for default values.
livenessProbe:
# coder.livenessProbe.enabled -- Whether to enable the liveness probe.
enabled: false
# coder.livenessProbe.initialDelaySeconds -- Number of seconds after the container
# has started before liveness probes are initiated.
initialDelaySeconds: 0
# coder.livenessProbe.periodSeconds -- How often (in seconds) to perform the probe.
# periodSeconds: 10
# coder.livenessProbe.timeoutSeconds -- Number of seconds after which the probe times out.
# timeoutSeconds: 1
# coder.livenessProbe.successThreshold -- Minimum consecutive successes for the probe
# to be considered successful after having failed.
# successThreshold: 1
# coder.livenessProbe.failureThreshold -- Minimum consecutive failures for the probe
# to be considered failed after having succeeded.
# failureThreshold: 3
# coder.certs -- CA bundles to mount inside the Coder pod.
certs: