Merge branch 'feat/desktop-setup'

klauserber · Dec 3, 2023 · 945d3cf · 945d3cf
2 parents 5ef603b + cc25be5
commit 945d3cf
Show file tree

Hide file tree

Showing 51 changed files with 755 additions and 215 deletions.
diff --git a/.github/workflows/destroy.yml b/.github/workflows/destroy.yml
@@ -47,9 +47,9 @@ jobs:
       - name: credentials
         run: >
           mkdir -p config &&
-          echo ${GOOGLE_CODER_AUTOMATION} > config/google-coder-automation.json &&
-          echo ${GOOGLE_CODER_DNS} > config/google-coder-dns.json &&
-          echo ${GOOGLE_CODER_STORAGE} > config/google-coder-storage.json
+          echo ${GOOGLE_CODER_AUTOMATION} > config_default/google-coder-automation.json &&
+          echo ${GOOGLE_CODER_DNS} > config_default/google-coder-dns.json &&
+          echo ${GOOGLE_CODER_STORAGE} > config_default/google-coder-storage.json
         shell: bash
       - name: run
         run: "docker run -v $(pwd)/config:/app/config -e TERRAFORM_OPTIONS=-auto-approve --entrypoint /app/run_destroy.sh isi006/coder-development-cluster:latest ${GCLOUD_PROJECT} ${CLUSTER_NAME} ${UNINSTALL_APPS} ${REMOVE_BACKUPS}"

diff --git a/.github/workflows/run.yml b/.github/workflows/run.yml
@@ -30,9 +30,9 @@ jobs:
       - name: credentials
         run: >
           mkdir -p config &&
-          echo ${GOOGLE_CODER_AUTOMATION} > config/google-coder-automation.json &&
-          echo ${GOOGLE_CODER_DNS} > config/google-coder-dns.json &&
-          echo ${GOOGLE_CODER_STORAGE} > config/google-coder-storage.json
+          echo ${GOOGLE_CODER_AUTOMATION} > config_default/google-coder-automation.json &&
+          echo ${GOOGLE_CODER_DNS} > config_default/google-coder-dns.json &&
+          echo ${GOOGLE_CODER_STORAGE} > config_default/google-coder-storage.json
         shell: bash
       - name: run
         run: "docker run -v $(pwd)/config:/app/config -e TERRAFORM_OPTIONS=-auto-approve isi006/coder-development-cluster:latest ${GCLOUD_PROJECT} ${CLUSTER_NAME}"

diff --git a/README.md b/README.md
@@ -8,19 +8,21 @@ The core features are:
 
 - Web based IDEs for developers (VSCode, see https://github.com/coder/code-server), no need to install anything on local machines
 - Integration of local installations of different IDEs like VSCode, IntelliJ etc.
+- Support for provisioning whole desktops via KasmVNC (see https://kasmweb.com/kasmvnc).
 - Self registration via OIDC and Keycloak with email verification.
 - Integrated file browser for the developer home directories to exchange data with the local machine.
 - Fully functional development environment with plugin installations, docker builds, ports forwarding etc.
 - Use es many images for different developer environments as you want.
 - Out of the box Backup and Restore to and from Google Storage via continues WAL archiving for Postgres and Restic Backup of developer home directories.
-- Works fine with cluster autoscaling.
+- Works fine with cluster autoscaling. Using different autoscaled node pools for the base system and coder workspaces.
 - Automatic TLS certificate generation via cert-manager and Let's Encrypt.
-- Single YAML file to configure everything.
+- Simple YAML configuration files to configure everything.
 - and more...
 
 ## Dokumentation
 
 * [Architecture](docs/Architecture.md)
+* [Cloud cost optimization](docs/cloud_cost_optimization.md)
 * [Bootstrap a Google Cloud Project](docs/bootstrap.md)
 * [Deploy the cluster](docs/deploy.md)
 * [Development](docs/development.md)

diff --git a/activate_service_account.sh b/activate_service_account.sh
@@ -9,4 +9,4 @@ if [ -z "${GCLOUD_PROJECT}" ]; then
   exit 1
 fi
 
-gcloud auth activate-service-account --project ${GCLOUD_PROJECT} --key-file=${SCRIPT_DIR}/config/google-coder-automation.json
+gcloud auth activate-service-account --project ${GCLOUD_PROJECT} --key-file=${SCRIPT_DIR}/config_default/google-coder-automation.json
diff --git a/automate/bootstrap_google_project.yml b/automate/bootstrap_google_project.yml
@@ -2,6 +2,6 @@
   hosts: localhost
   gather_facts: false
   vars_files:
-    - "{{ config_dir }}/app_config.yml"
+    - "{{ default_config_dir }}/app_config.yml"
   roles:
     - role: bootstrap_google_project
diff --git a/automate/deploy.yml b/automate/deploy.yml
@@ -4,6 +4,7 @@
   gather_facts: false
   connection: local
   vars_files:
+    - "{{ default_config_dir }}/app_config.yml"
     - "{{ config_dir }}/app_config.yml"
   roles:
     - role: cert_manager

diff --git a/automate/destroy.yml b/automate/destroy.yml
@@ -4,6 +4,7 @@
   gather_facts: false
   connection: local
   vars_files:
+    - "{{ default_config_dir }}/app_config.yml"
     - "{{ config_dir }}/app_config.yml"
   roles:
     - role: kube_prometheus_stack

diff --git a/automate/group_vars/all.yml b/automate/group_vars/all.yml
@@ -12,10 +12,11 @@ cluster_public_domain: "{{ cluster_name }}.{{ domain_name }}"
 kubeconfig: "{{ playbook_dir }}/../config/{{ cluster_name }}_kubeconfig"
 
 config_dir: "{{ playbook_dir }}/../config"
+default_config_dir: "{{ playbook_dir }}/../config_default"
 cluster_backup_dir: "{{ config_dir }}/cache/{{ cluster_name }}"
 
-google_coder_dns_credentials_path: "{{ config_dir }}/google-coder-dns.json"
-google_coder_storage_credentials_path: "{{ config_dir }}/google-coder-storage.json"
+google_coder_dns_credentials_path: "{{ default_config_dir }}/google-coder-dns.json"
+google_coder_storage_credentials_path: "{{ default_config_dir }}/google-coder-storage.json"
 
 nginx_backup_remote_storage_provider: "{{ storage_provider }}"
 nginx_backup_remote_storage_bucket: "{{ bucket_name }}"

diff --git a/automate/part.yml b/automate/part.yml
@@ -4,6 +4,7 @@
   gather_facts: false
   connection: local
   vars_files:
+    - "{{ default_config_dir }}/app_config.yml"
     - "{{ config_dir }}/app_config.yml"
   roles:
     - role: coder
diff --git a/automate/remove_backups.yml b/automate/remove_backups.yml
@@ -4,6 +4,7 @@
   gather_facts: false
   connection: local
   vars_files:
+    - "{{ default_config_dir }}/app_config.yml"
     - "{{ config_dir }}/app_config.yml"
   roles:
     - role: remove_backups
diff --git a/automate/roles/bootstrap_google_project/tasks/create_service_account.yml b/automate/roles/bootstrap_google_project/tasks/create_service_account.yml
@@ -35,12 +35,12 @@
 
 - name: check key file
   stat:
-    path: "{{ config_dir }}/google-{{ item.name }}.json"
+    path: "{{ default_config_dir }}/google-{{ item.name }}.json"
   register: keyfile
 
 - name: create a service account key
   shell: |
-    gcloud iam service-accounts keys create {{ config_dir }}/google-{{ item.name }}.json \
+    gcloud iam service-accounts keys create {{ default_config_dir }}/google-{{ item.name }}.json \
     --iam-account {{ serviceAccountFullName }} \
     --project {{ project_id }}
   when: not keyfile.stat.exists
diff --git a/automate/roles/coder/coder_templates/devbox/code.tf b/automate/roles/coder/coder_templates/devbox/code.tf
@@ -0,0 +1,60 @@
+
+data "coder_parameter" "vscode_extension_spring" {
+  name = "vscode_extensions_spring"
+  display_name = "VS Code Extension Spring tools"
+  type = "bool"
+  default = false
+  mutable = true
+}
+data "coder_parameter" "vscode_extension_k8s" {
+  name = "vscode_extensions_k8s"
+  display_name = "VS Code Extension Kubernetes"
+  type = "bool"
+  icon = "/icon/k8s.png"
+  default = false
+  mutable = true
+}
+data "coder_parameter" "vscode_extension_docker" {
+  name = "vscode_extensions_docker"
+  display_name = "VS Code Extension Docker"
+  type = "bool"
+  icon = "/icon/docker.png"
+  default = false
+  mutable = true
+}
+
+module "code-server" {
+  source          = "https://registry.coder.com/modules/code-server"
+  agent_id        = coder_agent.devbox.id
+  install_version = "4.18.0"
+  extensions = setunion(
+    toset( data.coder_parameter.vscode_extension_docker.value ? ["ms-azuretools.vscode-docker"] : []),
+    toset( data.coder_parameter.vscode_extension_spring.value ? ["vmware.vscode-boot-dev-pack"] : []),
+    toset( data.coder_parameter.vscode_extension_k8s.value ? ["ms-kubernetes-tools.vscode-kubernetes-tools"] : [])
+  )
+}
+
+resource "coder_script" "vscode_desktop_extensions" {
+  count = var.desktop_setup ? 1 : 0
+  agent_id = coder_agent.devbox.id
+  run_on_start = true
+  display_name = "Install VS Code Desktop Extensions"
+  icon = "/icon/code.svg"
+  script = <<-EOF
+  #!/bin/bash
+  set -e
+  if [[ "${data.coder_parameter.vscode_extension_spring.value}" == "true" ]]; then
+    echo "Install VS Code Spring tools"
+    code --force --install-extension vmware.vscode-boot-dev-pack 2> /dev/null
+  fi
+  if [[ "${data.coder_parameter.vscode_extension_k8s.value}" == "true" ]]; then
+    echo "Install VS Code Kubernetes tools"
+    code --force --install-extension ms-kubernetes-tools.vscode-kubernetes-tools 2> /dev/null
+  fi
+  if [[ "${data.coder_parameter.vscode_extension_docker.value}" == "true" ]]; then
+    echo "Install VS Code Docker tools"
+    code --force --install-extension ms-azuretools.vscode-docker 2> /dev/null
+  fi
+  EOF
+}
+
diff --git a/automate/roles/coder/coder_templates/devbox/coder.tf b/automate/roles/coder/coder_templates/devbox/coder.tf
@@ -12,6 +12,9 @@ resource "coder_agent" "devbox" {
   # if you don't want to display any information.
   # For basic resources, you can use the `coder stat` command.
   # If you need more control, you can write your own script.
+
+  # Theses two metadata blocks are not working when running in privileged mode?
+  #
   metadata {
     display_name = "CPU Usage"
     key          = "0_cpu_usage"

diff --git a/automate/roles/coder/coder_templates/devbox/coder_modules.tf b/automate/roles/coder/coder_templates/devbox/coder_modules.tf
@@ -6,12 +6,6 @@ module "filebrowser" {
   database_path = ".config/filebrowser.db"
 }
 
-module "code-server" {
-  source          = "https://registry.coder.com/modules/code-server"
-  agent_id        = coder_agent.devbox.id
-  install_version = "4.18.0"
-}
-
 module "jetbrains_gateway" {
   count          = var.jetbrains_module ? 1 : 0
   source         = "https://registry.coder.com/modules/jetbrains-gateway"

diff --git a/automate/roles/coder/coder_templates/devbox/deployment.tf b/automate/roles/coder/coder_templates/devbox/deployment.tf
@@ -47,6 +47,34 @@ resource "kubernetes_deployment" "main" {
         }
       }
       spec {
+        affinity {
+          node_affinity {
+            required_during_scheduling_ignored_during_execution {
+              node_selector_term {
+                match_expressions {
+                  key      = "coder-development-cluster/workspace"
+                  operator = "In"
+                  values   = [ "true" ]
+                }
+              }
+            }
+            preferred_during_scheduling_ignored_during_execution {
+              weight = 1
+              preference {
+                match_expressions {
+                  key      = "cloud.google.com/gke-spot"
+                  operator = "In"
+                  values   = [ "true" ]
+                }
+              }
+            }
+          }
+        }
+        toleration {
+          key      = "coder-development-cluster/workspace"
+          operator = "Exists"
+          effect   = "NoSchedule"
+        }
         dynamic "volume" {
           for_each = toset( var.restic_storage_type == "gs" ? ["1"] : [])
           content {
@@ -57,6 +85,16 @@ resource "kubernetes_deployment" "main" {
             }
           }
         }
+        dynamic "volume" {
+          for_each = toset( var.desktop_setup ? ["1"] : [])
+          content {
+            name = "dshm"
+            empty_dir {
+              medium = "Memory"
+            }
+
+          }
+        }
         volume {
           name = "k8s-config"
           secret {
@@ -164,7 +202,10 @@ resource "kubernetes_deployment" "main" {
           command = ["sh", "-c", var.devmode ? "sleep infinity" : coder_agent.devbox.init_script]
           security_context {
             run_as_user = "1000"
-            privileged  = false
+            # privileged  = true
+            capabilities {
+              add = ["SYS_ADMIN"]
+            }
           }
           env {
             name  = "CODER_AGENT_TOKEN"
@@ -190,14 +231,21 @@ resource "kubernetes_deployment" "main" {
               memory = "${var.devbox_mem_limit}M"
             }
             requests = {
-              memory = "${var.devbox_mem_limit * 0.25}M"
+              memory = "${var.devbox_mem_limit * 0.75}M"
             }
           }
           volume_mount {
             mount_path = "/home/coder"
             name       = "data"
             sub_path   = "home"
           }
+          dynamic "volume_mount" {
+            for_each = toset( var.desktop_setup ? ["1"] : [])
+            content {
+              mount_path = "/dev/shm"
+              name       = "dshm"
+            }
+          }
         }
         dynamic "container" {
           for_each = toset( var.docker_service ? ["1"] : [])
@@ -221,7 +269,7 @@ resource "kubernetes_deployment" "main" {
                 memory = "${var.docker_mem_limit}M"
               }
               requests = {
-                memory = "${var.docker_mem_limit * 0.25}M"
+                memory = "${var.docker_mem_limit * 0.5}M"
               }
             }
             volume_mount {
@@ -282,7 +330,7 @@ resource "kubernetes_deployment" "main" {
                 memory = "${var.backup_mem_limit}M"
               }
               requests = {
-                memory = "${var.backup_mem_limit * 0.25}M"
+                memory = "${var.backup_mem_limit * 0.5}M"
               }
             }
             volume_mount {

diff --git a/automate/roles/coder/coder_templates/devbox/intellij_c.tf b/automate/roles/coder/coder_templates/devbox/intellij_c.tf
@@ -0,0 +1,74 @@
+
+data "coder_parameter" "intellij_c" {
+  count        = var.desktop_setup ? 1 : 0
+  name         = "intellij-c"
+  type         = "bool"
+  default      = false
+  display_name = "Intellij Community"
+  mutable      = true
+  icon         = "/icon/intellij.svg"
+}
+
+# https://www.jetbrains.com/idea/download/#section=linux
+resource "coder_script" "intellij_c" {
+  count = var.desktop_setup && try(data.coder_parameter.intellij_c.0.value, false) ? 1 : 0
+  agent_id = coder_agent.devbox.id
+  run_on_start = true
+  display_name = "Intellij Community"
+  icon = "/icon/intellij.svg"
+  script = <<-EOF
+  #!/bin/bash
+  set -e
+  if [[ ! -d ~/apps/intellij-c ]]; then
+    echo "Setup Intellij Community"
+    mkdir -p ~/apps
+    mkdir -p /tmp/idea-c
+    cd /tmp/idea-c
+    echo "Downloading Intellij Community"
+    wget -qO idea.tar.gz https://download.jetbrains.com/idea/ideaIC-2023.2.5.tar.gz
+    echo "Extracting Intellij Community"
+    tar xzf idea.tar.gz
+    mv idea-* ~/apps/intellij-c; \
+    rm -rf /tmp/idea-c
+
+    echo "Create desktop launcher for Intellij Ultimate"
+    echo "[Desktop Entry]
+    Comment[en_US]=
+    Comment=
+    Exec=~/apps/intellij-c/bin/idea.sh
+    GenericName[en_US]=
+    GenericName=
+    Icon=/home/coder/apps/intellij-c/bin/idea.svg
+    MimeType=
+    Name[en_US]=IntelliJ Community
+    Name=IDEA IntelliJ Community
+    Path=
+    StartupNotify=true
+    Terminal=false
+    TerminalOptions=
+    Type=Application
+    X-KDE-SubstituteUID=false
+    X-KDE-Username=" > ~/Desktop/intellij-c.desktop
+  else
+    echo "Intellij Community is already installed"
+  fi
+
+  EOF
+}
+
+resource "coder_script" "intellij_c_uninstall" {
+  count = var.desktop_setup && try(data.coder_parameter.intellij_c.0.value, false) ? 0 : 1
+  agent_id = coder_agent.devbox.id
+  run_on_start = true
+  display_name = "Intellij Community Uninstall"
+  icon = "/icon/intellij.svg"
+  script = <<-EOF
+  #!/bin/bash
+  set -e
+  if [[ -d ~/apps/intellij-c ]]; then
+    echo "Uninstall Intellij Community"
+    rm -rf ~/apps/intellij-c
+    rm -f ~/Desktop/intellij-c.desktop
+  fi
+  EOF
+}