Skip to content

Latest commit

 

History

History
90 lines (79 loc) · 3.23 KB

README.org

File metadata and controls

90 lines (79 loc) · 3.23 KB
Raw

iipod

Setup

terraform init

Create a .envrc

export CODER_URL="https://coder.sharing.io"
export CODER_DOMAIN="coder.sharing.io" #*.DOMAIN for spaces
export LOCAL_IP="" # local to the cluster for ingress
export PUBLIC_IP="" # external DNS / reachable by everyone
# Need to create domains, so need PDNS account
export PDNS_API_KEY="" # Usually pretty short
export PDNS_API_URL="https://pdns.ii.nz" # We may run this per cluster later
export PDNS_API_ACCOUNT="" # Actually the PowerDNS Admin account
# RFC2136 TSIG
export DNS_UPDATE_SERVER="" # DNS Server to connect to
export DNS_UPDATE_KEYNAME="sharing.io." # TSIG Key Name
export DNS_UPDATE_KEYALGORITHM="hmac-sha256" # TSIG Key Algorithm
export DNS_UPDATE_KEYSECRET=""
# The rest of these are for the defaults for the template default vars and workspace rich-params
export DEFAULT_GIT_URL="https://github.com/ii/iipod/"
export DEFAULT_ORG_URL=""
export DEFAULT_CONTAINER_IMAGE="ghcr.io/ii/iipod:2024.10.17.2139"

# For when we create/push a template, to push a .terraform.lock
export TF_VERSION="1.9.7"
# For when we instanciate a template, the name and how long to keep it up
export CODER_TEMPLATE_NAME="iipod"
# export CODER_WORKSPACE_STOP_AFTER="7d"
export OPENAI_API_TOKEN=""

Push the standard template

coder template push \
  --yes \
  --directory . \
  --variable coder_url=$CODER_URL \
  --variable ingress_ip=$INGRESS_IP \
  --variable coder_domain=$CODER_DOMAIN \
  --variable openai_api_token=$OPENAI_API_TOKEN \
  --variable pdns_api_url=$PDNS_API_URL \
  --variable pdns_api_key=$PDNS_API_KEY \
  --variable pdns_api_account=$PDNS_API_ACCOUNT \
  --variable dns_update_server=$DNS_UPDATE_SERVER \
  --variable dns_update_keyname=$DNS_UPDATE_KEYNAME \
  --variable dns_update_keyalgorithm=$DNS_UPDATE_KEYALGORITHM \
  --variable dns_update_keysecret=$DNS_UPDATE_KEYSECRET \
  --variable default_git_url=$DEFAULT_GIT_URL \
  --variable default_org_url=$DEFAULT_ORG_URL \
  --variable default_container_image=$DEFAULT_CONTAINER_IMAGE \
  $CODER_TEMPLATE_NAME \
  --message "$USER iipod Template at $(date)" --variable public_ip="$(dig +short A coder.sharing.io)" \
  --variable privileged=false

Push the privileged template

coder template push \
  --yes \
  --directory . \
  --variable coder_url=$CODER_URL \
  --variable ingress_ip=$INGRESS_IP \
  --variable coder_domain=$CODER_DOMAIN \
  --variable openai_api_token=$OPENAI_API_TOKEN \
  --variable pdns_api_url=$PDNS_API_URL \
  --variable pdns_api_key=$PDNS_API_KEY \
  --variable pdns_api_account=$PDNS_API_ACCOUNT \
  --variable dns_update_server=$DNS_UPDATE_SERVER \
  --variable dns_update_keyname=$DNS_UPDATE_KEYNAME \
  --variable dns_update_keyalgorithm=$DNS_UPDATE_KEYALGORITHM \
  --variable dns_update_keysecret=$DNS_UPDATE_KEYSECRET \
  --variable default_git_url=$DEFAULT_GIT_URL \
  --variable default_org_url=$DEFAULT_ORG_URL \
  --variable default_container_image=$DEFAULT_CONTAINER_IMAGE \
  $CODER_TEMPLATE_NAME-privileged \
  --message "$USER iipod Template at $(date)" --variable public_ip="$(dig +short A coder.sharing.io)" \
  --variable privileged=true

Note

Privileged requires the namespace label pod-security.kubernetes.io/enforce: privileged.