Setup
terraform init
Create a .envrc
export CODER_URL="https://coder.sharing.io"
export CODER_DOMAIN="coder.sharing.io" #*.DOMAIN for spaces
export LOCAL_IP="" # local to the cluster for ingress
export PUBLIC_IP="" # external DNS / reachable by everyone
# Need to create domains, so need PDNS account
export PDNS_API_KEY="" # Usually pretty short
export PDNS_API_URL="https://pdns.ii.nz" # We may run this per cluster later
export PDNS_API_ACCOUNT="" # Actually the PowerDNS Admin account
# RFC2136 TSIG
export DNS_UPDATE_SERVER="" # DNS Server to connect to
export DNS_UPDATE_KEYNAME="sharing.io." # TSIG Key Name
export DNS_UPDATE_KEYALGORITHM="hmac-sha256" # TSIG Key Algorithm
export DNS_UPDATE_KEYSECRET=""
# The rest of these are for the defaults for the template default vars and workspace rich-params
export DEFAULT_GIT_URL="https://github.com/ii/iipod/"
export DEFAULT_ORG_URL=""
export DEFAULT_CONTAINER_IMAGE="ghcr.io/ii/iipod:2024.10.17.2139"
# For when we create/push a template, to push a .terraform.lock
export TF_VERSION="1.9.7"
# For when we instanciate a template, the name and how long to keep it up
export CODER_TEMPLATE_NAME="iipod"
# export CODER_WORKSPACE_STOP_AFTER="7d"
export OPENAI_API_TOKEN=""
Push the standard template
coder template push \
--yes \
--directory . \
--variable coder_url=$CODER_URL \
--variable ingress_ip=$INGRESS_IP \
--variable coder_domain=$CODER_DOMAIN \
--variable openai_api_token=$OPENAI_API_TOKEN \
--variable pdns_api_url=$PDNS_API_URL \
--variable pdns_api_key=$PDNS_API_KEY \
--variable pdns_api_account=$PDNS_API_ACCOUNT \
--variable dns_update_server=$DNS_UPDATE_SERVER \
--variable dns_update_keyname=$DNS_UPDATE_KEYNAME \
--variable dns_update_keyalgorithm=$DNS_UPDATE_KEYALGORITHM \
--variable dns_update_keysecret=$DNS_UPDATE_KEYSECRET \
--variable default_git_url=$DEFAULT_GIT_URL \
--variable default_org_url=$DEFAULT_ORG_URL \
--variable default_container_image=$DEFAULT_CONTAINER_IMAGE \
$CODER_TEMPLATE_NAME \
--message "$USER iipod Template at $(date)" --variable public_ip="$(dig +short A coder.sharing.io)" \
--variable privileged=false
Push the privileged template
coder template push \
--yes \
--directory . \
--variable coder_url=$CODER_URL \
--variable ingress_ip=$INGRESS_IP \
--variable coder_domain=$CODER_DOMAIN \
--variable openai_api_token=$OPENAI_API_TOKEN \
--variable pdns_api_url=$PDNS_API_URL \
--variable pdns_api_key=$PDNS_API_KEY \
--variable pdns_api_account=$PDNS_API_ACCOUNT \
--variable dns_update_server=$DNS_UPDATE_SERVER \
--variable dns_update_keyname=$DNS_UPDATE_KEYNAME \
--variable dns_update_keyalgorithm=$DNS_UPDATE_KEYALGORITHM \
--variable dns_update_keysecret=$DNS_UPDATE_KEYSECRET \
--variable default_git_url=$DEFAULT_GIT_URL \
--variable default_org_url=$DEFAULT_ORG_URL \
--variable default_container_image=$DEFAULT_CONTAINER_IMAGE \
$CODER_TEMPLATE_NAME-privileged \
--message "$USER iipod Template at $(date)" --variable public_ip="$(dig +short A coder.sharing.io)" \
--variable privileged=true
Privileged requires the namespace label pod-security.kubernetes.io/enforce: privileged
.