--- # Source: coder/templates/coder.yaml apiVersion: v1 kind: ServiceAccount metadata: annotations: {} labels: app.kubernetes.io/instance: coder app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: coder app.kubernetes.io/part-of: coder app.kubernetes.io/version: 2.20.0 helm.sh/chart: coder-2.20.0 name: coder namespace: coder --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: coder-workspace-perms namespace: coder rules: - apiGroups: [""] resources: ["pods"] verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - apps resources: - deployments verbs: - create - delete - deletecollection - get - list - patch - update - watch --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: "coder" namespace: coder subjects: - kind: ServiceAccount name: "coder" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: coder-workspace-perms --- # Source: coder/templates/service.yaml apiVersion: v1 kind: Service metadata: name: coder namespace: coder labels: helm.sh/chart: coder-2.20.0 app.kubernetes.io/name: coder app.kubernetes.io/instance: coder app.kubernetes.io/part-of: coder app.kubernetes.io/version: "2.20.0" app.kubernetes.io/managed-by: Helm annotations: {} spec: type: LoadBalancer sessionAffinity: None ports: - name: "http" port: 80 targetPort: "http" protocol: TCP nodePort: externalTrafficPolicy: "Cluster" selector: app.kubernetes.io/name: coder app.kubernetes.io/instance: coder --- # Source: coder/templates/coder.yaml apiVersion: apps/v1 kind: Deployment metadata: annotations: {} labels: app.kubernetes.io/instance: coder app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: coder app.kubernetes.io/part-of: coder app.kubernetes.io/version: 2.20.0 helm.sh/chart: coder-2.20.0 name: coder namespace: coder spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: coder app.kubernetes.io/name: coder template: metadata: annotations: {} labels: app.kubernetes.io/instance: coder app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: coder app.kubernetes.io/part-of: coder app.kubernetes.io/version: 2.20.0 helm.sh/chart: coder-2.20.0 spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/instance operator: In values: - coder topologyKey: kubernetes.io/hostname weight: 1 containers: - args: - server command: - /opt/coder env: - name: CODER_HTTP_ADDRESS value: 0.0.0.0:8080 - name: CODER_PROMETHEUS_ADDRESS value: 0.0.0.0:2112 - name: CODER_ACCESS_URL value: http://coder.coder.svc.cluster.local - name: KUBE_POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: CODER_DERP_SERVER_RELAY_URL value: http://$(KUBE_POD_IP):8080 - name: CODER_PG_CONNECTION_URL valueFrom: secretKeyRef: key: url name: coder-db-url - name: CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER_ENABLE value: "false" image: ghcr.io/coder/coder:v2.20.0 imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: httpGet: path: /healthz port: http scheme: HTTP name: coder ports: - containerPort: 8080 name: http protocol: TCP readinessProbe: httpGet: path: /healthz port: http scheme: HTTP resources: {} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: null runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault volumeMounts: [] restartPolicy: Always serviceAccountName: coder terminationGracePeriodSeconds: 60 volumes: []