chore: add initial nix-kubernetes template

2025-12-12 02:00:11 +01:00 · 2024-04-24 19:01:04 +02:00 · 2024-04-24 19:01:04 +02:00 · 7cd71e7537
commit 7cd71e7537
parent 6bd319fbe9
8 changed files with 425 additions and 2 deletions
--- a/nix-kubernetes/kubernetes.nix
+++ b/nix-kubernetes/kubernetes.nix
@ -0,0 +1,130 @@
+{...}: {
+  resource = {
+    kubernetes_pod."workspace" = {
+      count = "\${data.coder_workspace.me.start_count}";
+      metadata = {
+        name = "coder-\${lower(data.coder_workspace.me.owner)}-\${lower(data.coder_workspace.me.name)}";
+        namespace = "\${var.namespace}";
+        annotations."com.coder.user.email" = "\${data.coder_workspace.me.owner_email}";
+        labels = {
+          "app.kubernetes.io/instance" = "coder-workspace-\${lower(data.coder_workspace.me.owner)}-\${lower(data.coder_workspace.me.name)}";
+          "app.kubernetes.io/name" = "coder-workspace";
+          "app.kubernetes.io/part-of" = "coder";
+          "com.coder.resource" = "true";
+          "com.coder.user.id" = "\${data.coder_workspace.me.owner_id}";
+          "com.coder.user.name" = "\${data.coder_workspace.me.owner}";
+          "com.coder.workspace.id" = "\${data.coder_workspace.me.id}";
+          "com.coder.workspace.name" = "\${data.coder_workspace.me.name}";
+        };
+      };
+      spec = {
+        affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution = {
+          weight = 1;
+          pod_affinity_term = {
+            topology_key = "kubernetes.io/hostname";
+            label_selector.match_expressions = {
+              key = "app.kubernetes.io/name";
+              operator = "In";
+              values = ["coder-workspace"];
+            };
+          };
+        };
+        container = [
+          {
+            name = "workspace";
+            image = "registry.gitlab.com/technofab/coder-templates/coder-workspace:\${data.coder_parameter.image_tag.value}";
+            command = ["/bin/sh" "-c" "\${resource.coder_agent.coder.init_script}"];
+            env = [
+              {
+                name = "CODER_AGENT_TOKEN";
+                value = "\${resource.coder_agent.coder.token}";
+              }
+            ];
+            resources = {
+              requests = {
+                # TODO: allow configuring this via variables (template wide)
+                cpu = "250m";
+                memory = "512Mi";
+              };
+              limits = {
+                cpu = "\${data.coder_parameter.cpu.value}";
+                memory = "\${data.coder_parameter.memory.value}";
+              };
+            };
+            security_context.run_as_user = "1000";
+            volume_mount = [
+              {
+                mount_path = "/home";
+                name = "home";
+                read_only = false;
+              }
+              {
+                mount_path = "/nix";
+                name = "nix-store";
+                read_only = false;
+              }
+            ];
+          }
+        ];
+        security_context = {
+          fs_group = "1000";
+          run_as_user = "1000";
+        };
+        volume = [
+          {
+            name = "home";
+            persistent_volume_claim.claim_name = "\${resource.kubernetes_persistent_volume_claim.home.metadata.0.name}";
+          }
+          {
+            name = "nix-store";
+            persistent_volume_claim.claim_name = "\${resource.kubernetes_persistent_volume_claim.nix-store.metadata.0.name}";
+          }
+        ];
+      };
+    };
+    kubernetes_persistent_volume_claim."home" = {
+      metadata = {
+        name = "coder-home-\${lower(data.coder_workspace.me.owner)}-\${lower(data.coder_workspace.me.name)}";
+        namespace = "\${var.namespace}";
+        annotations."com.coder.user.email" = "\${data.coder_workspace.me.owner_email}";
+        labels = {
+          "app.kubernetes.io/instance" = "coder-pvc-home-\${lower(data.coder_workspace.me.owner)}-\${lower(data.coder_workspace.me.name)}";
+          "app.kubernetes.io/name" = "coder-pvc";
+          "app.kubernetes.io/part-of" = "coder";
+          "com.coder.resource" = "true";
+          "com.coder.user.id" = "\${data.coder_workspace.me.owner_id}";
+          "com.coder.user.name" = "\${data.coder_workspace.me.owner}";
+          "com.coder.workspace.id" = "\${data.coder_workspace.me.id}";
+          "com.coder.workspace.name" = "\${data.coder_workspace.me.name}";
+        };
+      };
+      spec = {
+        access_modes = ["ReadWriteOnce"];
+        resources.requests.storage = "\${data.coder_parameter.home_disk_size.value}Gi";
+      };
+      wait_until_bound = false;
+    };
+    kubernetes_persistent_volume_claim."nix-store" = {
+      metadata = {
+        name = "coder-nix-store-\${lower(data.coder_workspace.me.owner)}-\${lower(data.coder_workspace.me.name)}";
+        namespace = "\${var.namespace}";
+        annotations."com.coder.user.email" = "\${data.coder_workspace.me.owner_email}";
+        labels = {
+          "app.kubernetes.io/instance" = "coder-pvc-nix-store-\${lower(data.coder_workspace.me.owner)}-\${lower(data.coder_workspace.me.name)}";
+          "app.kubernetes.io/name" = "coder-pvc";
+          "app.kubernetes.io/part-of" = "coder";
+          "com.coder.resource" = "true";
+          "com.coder.user.id" = "\${data.coder_workspace.me.owner_id}";
+          "com.coder.user.name" = "\${data.coder_workspace.me.owner}";
+          "com.coder.workspace.id" = "\${data.coder_workspace.me.id}";
+          "com.coder.workspace.name" = "\${data.coder_workspace.me.name}";
+        };
+      };
+      spec = {
+        access_modes = ["ReadWriteOnce"];
+        resources.requests.storage = "\${data.coder_parameter.nix_store_disk_size.value}Gi";
+      };
+      wait_until_bound = false;
+    };
+  };
+}