add .sharing.io/init and helm chart

.sharing.io/destroy

@@ -0,0 +1,8 @@
+#!/bin/env bash
+set -x
+kubectl delete -f .sharingio/ingress.yaml
+helm delete coder --namespace coder
+helm delete postgres --namespace coder
+kubectl delete namespace coder
+# TODO : populate ii or pair as an admin user without logging in
+# TODO : upload / update the kubernetes template

.sharing.io/helm/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+Makefile

.sharing.io/helm/Chart.yaml

@@ -0,0 +1,29 @@
+apiVersion: v2
+name: coder
+description: Remote development environments on your infrastructure
+home: https://github.com/coder/coder
+
+# version and appVersion are injected at release and will always be shown as
+# 0.1.0 in the repository.
+#
+# If you're installing the Helm chart directly from git it will have this
+# version, which means the auto-generated image URI will be invalid. You can set
+# "coder.image.tag" to the desired tag manually.
+type: application
+version: "0.1.0"
+appVersion: "0.1.0"
+
+# Coder has a hard requirement on Kubernetes 1.19, as this version introduced
+# the networking.k8s.io/v1 API.
+kubeVersion: ">= 1.19.0-0"
+
+keywords:
+  - coder
+  - terraform
+sources:
+  - https://github.com/coder/coder/tree/main/helm
+icon: https://helm.coder.com/coder_logo_black.png
+maintainers:
+  - name: Coder Technologies, Inc.
+    email: [email protected]
+    url: https://coder.com/contact

.sharing.io/helm/Makefile

@@ -0,0 +1,18 @@
+# Use a single bash shell for each job, and immediately exit on failure
+SHELL := bash
+.SHELLFLAGS = -ceu
+.ONESHELL:
+
+# This doesn't work on directories.
+# See https://stackoverflow.com/questions/25752543/make-delete-on-error-for-directory-targets
+.DELETE_ON_ERROR:
+
+all: lint
+.PHONY: all
+
+lint: lint/helm
+.PHONY: lint
+
+lint/helm:
+	helm lint --strict --set coder.image.tag=v0.0.1 .
+.PHONY: lint/helm

.sharing.io/helm/README.md

@@ -0,0 +1,59 @@
+# Coder Helm Chart
+
+This directory contains the Helm chart used to deploy Coder onto a Kubernetes
+cluster. It contains the minimum required components to run Coder on Kubernetes,
+and notably (compared to Coder Classic) does not include a database server.
+
+## Getting Started
+
+> **Warning**: The main branch in this repository does not represent the
+> latest release of Coder. Please reference our installation docs for
+> instructions on a tagged release.
+
+View
+[our docs](https://coder.com/docs/coder-oss/latest/install/kubernetes)
+for detailed installation instructions.
+
+## Values
+
+Please refer to [values.yaml](values.yaml) for available Helm values and their
+defaults.
+
+A good starting point for your values file is:
+
+```yaml
+coder:
+  # You can specify any environment variables you'd like to pass to Coder
+  # here. Coder consumes environment variables listed in
+  # `coder server --help`, and these environment variables are also passed
+  # to the workspace provisioner (so you can consume them in your Terraform
+  # templates for auth keys etc.).
+  #
+  # Please keep in mind that you should not set `CODER_ADDRESS`,
+  # `CODER_TLS_ENABLE`, `CODER_TLS_CERT_FILE` or `CODER_TLS_KEY_FILE` as
+  # they are already set by the Helm chart and will cause conflicts.
+  env:
+    - name: CODER_ACCESS_URL
+      value: "https://coder.example.com"
+    - name: CODER_PG_CONNECTION_URL
+      valueFrom:
+        secretKeyRef:
+          # You'll need to create a secret called coder-db-url with your
+          # Postgres connection URL like:
+          # postgres://coder:password@postgres:5432/coder?sslmode=disable
+          name: coder-db-url
+          key: url
+
+    # This env variable controls whether or not to auto-import the "kubernetes"
+    # template on first startup. This will not work unless
+    # coder.serviceAccount.workspacePerms is true.
+    - name: CODER_AUTO_IMPORT_TEMPLATES
+      value: "kubernetes"
+
+    # This env enables the Prometheus metrics endpoint.
+    - name: CODER_PROMETHEUS_ADDRESS
+      value: "0.0.0.0:2112"
+  tls:
+    secretNames:
+      - my-tls-secret-name
+```

.sharing.io/helm/templates/NOTES.txt

@@ -0,0 +1,8 @@
+{{- if .Values.coder.tls.secretName }}
+
+WARN: coder.tls.secretName is deprecated and will be removed in a future
+      release. Please use coder.tls.secretNames instead.
+{{- end }}
+
+Enjoy Coder! Please create an issue at https://github.com/coder/coder if you run
+into any problems! :)

.sharing.io/helm/templates/_helpers.tpl

@@ -0,0 +1,171 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "coder.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "coder.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "coder.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "coder.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "coder.labels" -}}
+helm.sh/chart: {{ include "coder.chart" . }}
+{{ include "coder.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Coder Docker image URI
+*/}}
+{{- define "coder.image" -}}
+{{- if and (eq .Values.coder.image.tag "") (eq .Chart.AppVersion "0.1.0") -}}
+{{ fail "You must specify the coder.image.tag value if you're installing the Helm chart directly from Git." }}
+{{- end -}}
+{{ .Values.coder.image.repo }}:{{ .Values.coder.image.tag | default (printf "v%v" .Chart.AppVersion) }}
+{{- end }}
+
+{{/*
+Coder listen port (must be > 1024)
+*/}}
+{{- define "coder.port" }}
+{{- if or .Values.coder.tls.secretNames .Values.coder.tls.secretName -}}
+8443
+{{- else -}}
+8080
+{{- end -}}
+{{- end }}
+
+{{/*
+Coder service port
+*/}}
+{{- define "coder.servicePort" }}
+{{- if or .Values.coder.tls.secretNames .Values.coder.tls.secretName -}}
+443
+{{- else -}}
+80
+{{- end -}}
+{{- end }}
+
+{{/*
+Port name
+*/}}
+{{- define "coder.portName" }}
+{{- if or .Values.coder.tls.secretNames .Values.coder.tls.secretName -}}
+https
+{{- else -}}
+http
+{{- end -}}
+{{- end }}
+
+{{/*
+Scheme
+*/}}
+{{- define "coder.scheme" }}
+{{- include "coder.portName" . | upper -}}
+{{- end }}
+
+{{/*
+Coder volume definitions.
+*/}}
+{{- define "coder.volumes" }}
+{{- if or .Values.coder.tls.secretNames .Values.coder.tls.secretName }}
+volumes:
+{{ range $secretName := .Values.coder.tls.secretNames -}}
+- name: "tls-{{ $secretName }}"
+  secret:
+    secretName: {{ $secretName | quote }}
+{{ end -}}
+{{- if .Values.coder.tls.secretName -}}
+- name: "tls-{{ .Values.coder.tls.secretName }}"
+  secret:
+    secretName: {{ .Values.coder.tls.secretName | quote }}
+{{- end }}
+{{- else }}
+volumes: {{ if and (not .Values.coder.tls.secretNames) (not .Values.coder.tls.secretName) }}[]{{ end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Coder volume mounts.
+*/}}
+{{- define "coder.volumeMounts" }}
+{{- if or .Values.coder.tls.secretNames .Values.coder.tls.secretName }}
+volumeMounts:
+{{ range $secretName := .Values.coder.tls.secretNames -}}
+- name: "tls-{{ $secretName }}"
+  mountPath: "/etc/ssl/certs/coder/{{ $secretName }}"
+  readOnly: true
+{{ end }}
+{{- if .Values.coder.tls.secretName -}}
+- name: "tls-{{ .Values.coder.tls.secretName }}"
+  mountPath: "/etc/ssl/certs/coder/{{ .Values.coder.tls.secretName }}"
+  readOnly: true
+{{- end }}
+{{- else }}
+volumeMounts: []
+{{- end }}
+{{- end }}
+
+{{/*
+Coder TLS environment variables.
+*/}}
+{{- define "coder.tlsEnv" }}
+{{- if or .Values.coder.tls.secretNames .Values.coder.tls.secretName }}
+- name: CODER_TLS_ENABLE
+  value: "true"
+- name: CODER_TLS_CERT_FILE
+  value: "{{ range $idx, $secretName := .Values.coder.tls.secretNames -}}{{ if $idx }},{{ end }}/etc/ssl/certs/coder/{{ $secretName }}/tls.crt{{- end }}{{ if .Values.coder.tls.secretName -}}/etc/ssl/certs/coder/{{ .Values.coder.tls.secretName }}/tls.crt{{- end }}"
+- name: CODER_TLS_KEY_FILE
+  value: "{{ range $idx, $secretName := .Values.coder.tls.secretNames -}}{{ if $idx }},{{ end }}/etc/ssl/certs/coder/{{ $secretName }}/tls.key{{- end }}{{ if .Values.coder.tls.secretName -}}/etc/ssl/certs/coder/{{ .Values.coder.tls.secretName }}/tls.key{{- end }}"
+{{- end }}
+{{- end }}
+
+{{/*
+Coder ingress wildcard hostname with the wildcard suffix stripped.
+*/}}
+{{- define "coder.ingressWildcardHost" -}}
+{{/* This regex replace is required as the original input including the suffix
+   * is not a legal ingress host. We need to remove the suffix and keep the
+   * wildcard '*'.
+   *
+   *   - '\\*'     Starts with '*'
+   *   - '[^.]*'   Suffix is 0 or more characters, '-suffix'
+   *   - '('       Start domain capture group
+   *   -   '\\.'     The domain should be separated with a '.' from the subdomain
+   *   -   '.*'      Rest of the domain.
+   *   - ')'       $1 is the ''.example.com'
+   */}}
+{{- regexReplaceAll "\\*[^.]*(\\..*)" .Values.coder.ingress.wildcardHost "*${1}" -}}
+{{- end }}
+
+{{/*
+Fail on fully deprecated values or deprecated value combinations. This is
+included at the top of coder.yaml.
+*/}}
+{{- define "coder.verifyDeprecated" }}
+{{/*
+Deprecated value coder.tls.secretName should not be used alongside new value
+coder.tls.secretName.
+*/}}
+{{- if and .Values.coder.tls.secretName .Values.coder.tls.secretNames }}
+{{ fail "You must specify either coder.tls.secretName or coder.tls.secretNames, not both." }}
+{{- end }}
+{{- end }}