feat: Allow static NodePort (#138)

Emyrk · web-flow · commit 349c1057f220 · 2021-08-03T12:52:29.000-05:00
* Add nodeport to coder service
diff --git a/Makefile b/Makefile
@@ -38,7 +38,7 @@ fmt: README.md
 README.md: README.md.gotmpl values.yaml
 	@echo "--- Generating documentation"
 	helm-docs --template-files=$<
-	@echo -e "<!-- DO NOT EDIT. THIS IS GENERATED FROM README.md.gotmpl -->\n\n$$(cat README.md)" > README.md
+	@echo "<!-- DO NOT EDIT. THIS IS GENERATED FROM README.md.gotmpl -->\n\n$$(cat README.md)" > README.md
 .PHONY: README.md
 
 clean:
diff --git a/README.md b/README.md
@@ -25,7 +25,7 @@ View [our docs](https://coder.com/docs/setup/installation) for detailed installa
 | certs | object | Certificate that will be mounted inside Coder services. | `{"secret":{"key":"","name":""}}` |
 | certs.secret.key | string | Key pointing to a certificate in the secret. | `""` |
 | certs.secret.name | string | Name of the secret. | `""` |
-| coderd | object | Primary service responsible for all things Coder! | `{"builtinProviderServiceAccount":{"annotations":{},"labels":{}},"devurlsHost":"","image":"","oidc":{"enableRefresh":false,"redirectOptions":{}},"podSecurityContext":{"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"replicas":1,"resources":{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"512Mi"}},"satellite":{"accessURL":"","enable":false,"primaryURL":""},"securityContext":{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}},"serviceAnnotations":{},"serviceSpec":{"externalTrafficPolicy":"Local","loadBalancerIP":"","loadBalancerSourceRanges":[],"type":"LoadBalancer"},"superAdmin":{"passwordSecret":{"key":"password","name":""}},"tls":{"devurlsHostSecretName":"","hostSecretName":""},"trustProxyIP":false}` |
+| coderd | object | Primary service responsible for all things Coder! | `{"builtinProviderServiceAccount":{"annotations":{},"labels":{}},"devurlsHost":"","image":"","oidc":{"enableRefresh":false,"redirectOptions":{}},"podSecurityContext":{"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"replicas":1,"resources":{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"512Mi"}},"satellite":{"accessURL":"","enable":false,"primaryURL":""},"securityContext":{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}},"serviceAnnotations":{},"serviceNodePorts":{"http":30080,"https":30443},"serviceSpec":{"externalTrafficPolicy":"Local","loadBalancerIP":"","loadBalancerSourceRanges":[],"type":"LoadBalancer"},"superAdmin":{"passwordSecret":{"key":"password","name":""}},"tls":{"devurlsHostSecretName":"","hostSecretName":""},"trustProxyIP":false}` |
 | coderd.builtinProviderServiceAccount | object | Customize the built-in Kubernetes provider service account. | `{"annotations":{},"labels":{}}` |
 | coderd.builtinProviderServiceAccount.annotations | object | A KV mapping of annotations. See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | `{}` |
 | coderd.builtinProviderServiceAccount.labels | object | Add labels to the service account used for the built-in provider. | `{}` |
@@ -46,6 +46,9 @@ View [our docs](https://coder.com/docs/setup/installation) for detailed installa
 | coderd.securityContext.readOnlyRootFilesystem | bool | Mounts the container's root filesystem as read-only. It is recommended to leave this setting enabled in production. This will override the same setting in the pod | `true` |
 | coderd.securityContext.seccompProfile | object | Sets the seccomp profile for the migration and runtime containers. | `{"type":"RuntimeDefault"}` |
 | coderd.serviceAnnotations | object | Extra annotations to apply to the coderd service. | `{}` |
+| coderd.serviceNodePorts | object | Allows manually setting static node ports for the coderd service. This is only helpful if static ports are required, and usually should be left alone. By default these are dynamically chosen. | `{"http":30080,"https":30443}` |
+| coderd.serviceNodePorts.http | int | Sets a static 'coderd' service non-TLS nodePort. This should usually be omitted. | `30080` |
+| coderd.serviceNodePorts.https | int | Sets a static 'coderd' service TLS nodePort This should usually be omitted. | `30443` |
 | coderd.serviceSpec | object | Specification to inject for the coderd service. See: https://kubernetes.io/docs/concepts/services-networking/service/ | `{"externalTrafficPolicy":"Local","loadBalancerIP":"","loadBalancerSourceRanges":[],"type":"LoadBalancer"}` |
 | coderd.serviceSpec.externalTrafficPolicy | string | Set the traffic policy for the service. See: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | `"Local"` |
 | coderd.serviceSpec.loadBalancerIP | string | Set the external IP address of the Ingress service. | `""` |
diff --git a/templates/coderd.yaml b/templates/coderd.yaml
@@ -254,10 +254,16 @@ spec:
       port: 80
       targetPort: 8080
       protocol: TCP
+      {{ if .Values.coderd.serviceNodePorts.http }}
+      nodePort: {{  .Values.coderd.serviceNodePorts.http  }}
+      {{ end }}
     - name: tcp-{{ include "coder.serviceName" . }}-https
       port: 443
       targetPort: 8443
       protocol: TCP
+      {{ if .Values.coderd.serviceNodePorts.https }}
+      nodePort: {{ .Values.coderd.serviceNodePorts.https }}
+      {{ end }}
 {{- else }}
 ---
 apiVersion: v1
diff --git a/values.yaml b/values.yaml
@@ -21,6 +21,18 @@ coderd:
     # will be restricted to the specified client IPs. This field will be ignored if
     # the cloud provider does not support this feature.
     loadBalancerSourceRanges: []
+
+  # coderd.serviceNodePorts -- Allows manually setting static node ports for the coderd service.
+  # This is only helpful if static ports are required, and usually should be left alone.
+  # By default these are dynamically chosen.
+  serviceNodePorts:
+    # coderd.serviceNodePorts.http -- Sets a static 'coderd' service non-TLS nodePort.
+    # This should usually be omitted.
+    http: null
+    # coderd.serviceNodePorts.https -- Sets a static 'coderd' service TLS nodePort
+    # This should usually be omitted.
+    https: null
+
   # coderd.serviceAnnotations -- Extra annotations to apply to the coderd service.
   serviceAnnotations: {}
 
