2024-04-24 19:01:04 +02:00
|
|
|
{...}: {
|
|
|
|
|
resource = {
|
|
|
|
|
kubernetes_pod."workspace" = {
|
|
|
|
|
count = "\${data.coder_workspace.me.start_count}";
|
|
|
|
|
metadata = {
|
|
|
|
|
name = "coder-\${lower(data.coder_workspace.me.owner)}-\${lower(data.coder_workspace.me.name)}";
|
|
|
|
|
namespace = "\${var.namespace}";
|
|
|
|
|
annotations."com.coder.user.email" = "\${data.coder_workspace.me.owner_email}";
|
|
|
|
|
labels = {
|
|
|
|
|
"app.kubernetes.io/instance" = "coder-workspace-\${lower(data.coder_workspace.me.owner)}-\${lower(data.coder_workspace.me.name)}";
|
|
|
|
|
"app.kubernetes.io/name" = "coder-workspace";
|
|
|
|
|
"app.kubernetes.io/part-of" = "coder";
|
|
|
|
|
"com.coder.resource" = "true";
|
|
|
|
|
"com.coder.user.id" = "\${data.coder_workspace.me.owner_id}";
|
|
|
|
|
"com.coder.user.name" = "\${data.coder_workspace.me.owner}";
|
|
|
|
|
"com.coder.workspace.id" = "\${data.coder_workspace.me.id}";
|
|
|
|
|
"com.coder.workspace.name" = "\${data.coder_workspace.me.name}";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
spec = {
|
|
|
|
|
affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution = {
|
|
|
|
|
weight = 1;
|
|
|
|
|
pod_affinity_term = {
|
|
|
|
|
topology_key = "kubernetes.io/hostname";
|
|
|
|
|
label_selector.match_expressions = {
|
|
|
|
|
key = "app.kubernetes.io/name";
|
|
|
|
|
operator = "In";
|
|
|
|
|
values = ["coder-workspace"];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-04-26 20:44:44 +02:00
|
|
|
init_container = [
|
2024-05-07 20:18:50 +02:00
|
|
|
{
|
|
|
|
|
name = "chown";
|
|
|
|
|
image = "alpine:3";
|
|
|
|
|
command = ["chown" "1000:1000" "/mnt/nix" "/mnt/tmp" "/mnt/home"];
|
|
|
|
|
security_context.run_as_user = "0";
|
|
|
|
|
volume_mount = [
|
|
|
|
|
{
|
|
|
|
|
mount_path = "/mnt/home";
|
|
|
|
|
name = "home";
|
|
|
|
|
read_only = false;
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
mount_path = "/mnt/nix";
|
|
|
|
|
name = "nix-store";
|
|
|
|
|
read_only = false;
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
mount_path = "/mnt/tmp";
|
|
|
|
|
name = "tmp";
|
|
|
|
|
read_only = false;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
}
|
2024-04-26 20:44:44 +02:00
|
|
|
{
|
|
|
|
|
name = "copy-nix-store";
|
|
|
|
|
image = "registry.gitlab.com/technofab/coder-templates/nix-coder-image:\${data.coder_parameter.image_tag.value}";
|
|
|
|
|
command = ["cp" "-nR" "/nix/." "/pv_nix"];
|
|
|
|
|
security_context.run_as_user = "1000";
|
|
|
|
|
volume_mount = [
|
|
|
|
|
{
|
|
|
|
|
mount_path = "/pv_nix";
|
|
|
|
|
name = "nix-store";
|
|
|
|
|
read_only = false;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
];
|
2024-04-24 19:01:04 +02:00
|
|
|
container = [
|
|
|
|
|
{
|
|
|
|
|
name = "workspace";
|
2024-04-24 19:06:12 +02:00
|
|
|
image = "registry.gitlab.com/technofab/coder-templates/nix-coder-image:\${data.coder_parameter.image_tag.value}";
|
2024-04-24 19:01:04 +02:00
|
|
|
command = ["/bin/sh" "-c" "\${resource.coder_agent.coder.init_script}"];
|
|
|
|
|
env = [
|
|
|
|
|
{
|
|
|
|
|
name = "CODER_AGENT_TOKEN";
|
|
|
|
|
value = "\${resource.coder_agent.coder.token}";
|
|
|
|
|
}
|
2024-04-27 19:52:51 +02:00
|
|
|
{
|
|
|
|
|
name = "DOTFILES_REPO";
|
|
|
|
|
value = "\${data.coder_parameter.dotfiles_repo.value}";
|
|
|
|
|
}
|
2024-04-24 19:01:04 +02:00
|
|
|
];
|
|
|
|
|
resources = {
|
|
|
|
|
requests = {
|
2024-05-08 13:36:59 +02:00
|
|
|
cpu = "\${var.cpu_request}";
|
|
|
|
|
memory = "\${var.memory_request}";
|
2024-04-24 19:01:04 +02:00
|
|
|
};
|
|
|
|
|
limits = {
|
|
|
|
|
cpu = "\${data.coder_parameter.cpu.value}";
|
|
|
|
|
memory = "\${data.coder_parameter.memory.value}";
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-04-26 21:20:55 +02:00
|
|
|
security_context = {
|
|
|
|
|
run_as_user = 1000;
|
|
|
|
|
run_as_group = 1000;
|
|
|
|
|
};
|
2024-04-24 19:01:04 +02:00
|
|
|
volume_mount = [
|
|
|
|
|
{
|
|
|
|
|
mount_path = "/home";
|
|
|
|
|
name = "home";
|
|
|
|
|
read_only = false;
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
mount_path = "/nix";
|
|
|
|
|
name = "nix-store";
|
|
|
|
|
read_only = false;
|
|
|
|
|
}
|
2024-04-26 20:44:44 +02:00
|
|
|
{
|
|
|
|
|
mount_path = "/tmp";
|
|
|
|
|
name = "tmp";
|
|
|
|
|
read_only = false;
|
|
|
|
|
}
|
2024-04-24 19:01:04 +02:00
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
security_context = {
|
2024-04-26 21:20:55 +02:00
|
|
|
run_as_user = 1000;
|
|
|
|
|
run_as_group = 1000;
|
2024-04-24 19:01:04 +02:00
|
|
|
};
|
|
|
|
|
volume = [
|
|
|
|
|
{
|
|
|
|
|
name = "home";
|
|
|
|
|
persistent_volume_claim.claim_name = "\${resource.kubernetes_persistent_volume_claim.home.metadata.0.name}";
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
name = "nix-store";
|
|
|
|
|
persistent_volume_claim.claim_name = "\${resource.kubernetes_persistent_volume_claim.nix-store.metadata.0.name}";
|
|
|
|
|
}
|
2024-04-26 20:44:44 +02:00
|
|
|
{
|
|
|
|
|
name = "tmp";
|
|
|
|
|
empty_dir = {
|
|
|
|
|
medium = "Memory";
|
|
|
|
|
# not used for now
|
|
|
|
|
# sizeLimit = "200Mi";
|
|
|
|
|
};
|
|
|
|
|
}
|
2024-04-24 19:01:04 +02:00
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
kubernetes_persistent_volume_claim."home" = {
|
|
|
|
|
metadata = {
|
|
|
|
|
name = "coder-home-\${lower(data.coder_workspace.me.owner)}-\${lower(data.coder_workspace.me.name)}";
|
|
|
|
|
namespace = "\${var.namespace}";
|
|
|
|
|
annotations."com.coder.user.email" = "\${data.coder_workspace.me.owner_email}";
|
|
|
|
|
labels = {
|
|
|
|
|
"app.kubernetes.io/instance" = "coder-pvc-home-\${lower(data.coder_workspace.me.owner)}-\${lower(data.coder_workspace.me.name)}";
|
|
|
|
|
"app.kubernetes.io/name" = "coder-pvc";
|
|
|
|
|
"app.kubernetes.io/part-of" = "coder";
|
|
|
|
|
"com.coder.resource" = "true";
|
|
|
|
|
"com.coder.user.id" = "\${data.coder_workspace.me.owner_id}";
|
|
|
|
|
"com.coder.user.name" = "\${data.coder_workspace.me.owner}";
|
|
|
|
|
"com.coder.workspace.id" = "\${data.coder_workspace.me.id}";
|
|
|
|
|
"com.coder.workspace.name" = "\${data.coder_workspace.me.name}";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
spec = {
|
|
|
|
|
access_modes = ["ReadWriteOnce"];
|
|
|
|
|
resources.requests.storage = "\${data.coder_parameter.home_disk_size.value}Gi";
|
|
|
|
|
};
|
|
|
|
|
wait_until_bound = false;
|
|
|
|
|
};
|
|
|
|
|
kubernetes_persistent_volume_claim."nix-store" = {
|
|
|
|
|
metadata = {
|
|
|
|
|
name = "coder-nix-store-\${lower(data.coder_workspace.me.owner)}-\${lower(data.coder_workspace.me.name)}";
|
|
|
|
|
namespace = "\${var.namespace}";
|
|
|
|
|
annotations."com.coder.user.email" = "\${data.coder_workspace.me.owner_email}";
|
|
|
|
|
labels = {
|
|
|
|
|
"app.kubernetes.io/instance" = "coder-pvc-nix-store-\${lower(data.coder_workspace.me.owner)}-\${lower(data.coder_workspace.me.name)}";
|
|
|
|
|
"app.kubernetes.io/name" = "coder-pvc";
|
|
|
|
|
"app.kubernetes.io/part-of" = "coder";
|
|
|
|
|
"com.coder.resource" = "true";
|
|
|
|
|
"com.coder.user.id" = "\${data.coder_workspace.me.owner_id}";
|
|
|
|
|
"com.coder.user.name" = "\${data.coder_workspace.me.owner}";
|
|
|
|
|
"com.coder.workspace.id" = "\${data.coder_workspace.me.id}";
|
|
|
|
|
"com.coder.workspace.name" = "\${data.coder_workspace.me.name}";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
spec = {
|
|
|
|
|
access_modes = ["ReadWriteOnce"];
|
|
|
|
|
resources.requests.storage = "\${data.coder_parameter.nix_store_disk_size.value}Gi";
|
|
|
|
|
};
|
|
|
|
|
wait_until_bound = false;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
