(fix) Coder now configured and installed as part of initial deploy

Author: pacphi

CLAUDE.md

@@ -47,9 +47,12 @@ This is a **Terraform-based Infrastructure as Code (IaC)** project that deploys
 # Deploy development environment with specific template
 ./scripts/lifecycle/setup.sh --env=dev --template=python-django-crewai
 
-# Deploy production with monitoring and HA
+# Deploy production with monitoring and HA (template optional)
 ./scripts/lifecycle/setup.sh --env=prod --enable-monitoring --enable-ha
 
+# Deploy Coder without templates (templates can be added later)
+./scripts/lifecycle/setup.sh --env=dev
+
 # Dry run to preview changes
 ./scripts/lifecycle/setup.sh --env=staging --dry-run
 

README.md

@@ -189,10 +189,12 @@ gh run watch
 
 ### What Happens Next?
 - **Infrastructure Creation**: Kubernetes cluster, database, and networking (~10 min)
-- **Coder Installation**: Platform deployment and configuration (~5 min)
-- **Template Deployment**: Your selected workspace template (if specified)
+- **Coder Installation**: Platform deployment and configuration (~5 min) - **Automatic**
+- **Template Deployment**: Your selected workspace template (if specified) - **Optional**
 - **Access Details**: URLs and credentials will be displayed upon completion
 
+> **Note**: Coder is automatically deployed and ready to use regardless of whether you specify a template. Templates are optional and can be added later if not specified during initial deployment.
+
 ## 🏗️ Multi-Environment Architecture
 
 | Environment | Monthly Cost | Use Case | Resources |

docs/TEMPLATES.md

@@ -2,6 +2,16 @@
 
 This document provides a comprehensive listing of all available Coder workspace templates in this project. These templates can be used with the `--template` parameter in deployment scripts and GitHub Actions.
 
+## Template Deployment Behavior
+
+**Important**: Templates are **optional** during deployment. The system behavior is:
+
+- **With Template**: Deploys Coder + automatically installs the specified template
+- **Without Template**: Deploys Coder ready for use, templates can be added later
+- **Result**: You always get a fully functional Coder environment regardless of template selection
+
+Templates are workspace blueprints that define the development environment (languages, tools, IDE configuration) for users to create workspaces from.
+
 ## Overview
 
 The project includes **21 workspace templates** organized into **6 categories**, providing development environments for modern web development, AI-enhanced workflows, data science, mobile development, and DevOps practices.
@@ -60,12 +70,14 @@ on:
         type: choice
         options: [dev, staging, prod]
       template:
-        description: 'Template to deploy'
-        required: true
-        type: choice
-        options: [
-          'claude-flow-base', 'claude-flow-enterprise', 'dotnet-core', 'go-fiber', 'java-spring', 'php-symfony-neuron', 'python-django-crewai', 'ruby-rails', 'rust-actix', 'jupyter-python', 'r-studio', 'docker-compose', 'kubernetes-helm', 'terraform-ansible', 'angular', 'react-typescript', 'svelte-kit', 'vue-nuxt', 'flutter', 'ionic', 'react-native'
-        ]
+        description: 'Template to deploy (optional - leave blank to deploy Coder without templates)'
+        required: false
+        type: string
+        # Alternative: Use choice with empty option
+        # type: choice
+        # options: [
+        #   '', 'claude-flow-base', 'claude-flow-enterprise', 'dotnet-core', 'go-fiber', 'java-spring', 'php-symfony-neuron', 'python-django-crewai', 'ruby-rails', 'rust-actix', 'jupyter-python', 'r-studio', 'docker-compose', 'kubernetes-helm', 'terraform-ansible', 'angular', 'react-typescript', 'svelte-kit', 'vue-nuxt', 'flutter', 'ionic', 'react-native'
+        # ]
 
 jobs:
   deploy:

docs/USAGE.md

@@ -68,6 +68,45 @@ Deploy your first development environment:
 # 🎉 Environment ready at: https://coder-dev.your-domain.com
 ```
 
+### Understanding the Deployment Process
+
+The deployment system automatically handles both infrastructure and application deployment:
+
+#### **What Gets Deployed Automatically**
+- ✅ **Kubernetes Cluster** - Fully configured with auto-scaling
+- ✅ **PostgreSQL Database** - Managed database with backups
+- ✅ **Coder Application** - Ready-to-use development platform
+- ✅ **Networking & Security** - Load balancer, ingress, SSL certificates
+- ✅ **Admin User** - Automatically created with secure credentials
+
+#### **Template Deployment Behavior**
+
+**With Template Specified** (`--template=template-name`):
+```bash
+./scripts/lifecycle/setup.sh --env=dev --template=python-django-crewai
+# Result: Coder + Python Django CrewAI template ready for workspace creation
+```
+
+**Without Template** (template left blank or omitted):
+```bash
+./scripts/lifecycle/setup.sh --env=dev
+# Result: Coder deployed and ready, templates can be added later
+```
+
+#### **Adding Templates Later**
+If you deployed without a template, you can add them anytime:
+
+```bash
+# Add a specific template after deployment
+./scripts/lifecycle/setup.sh --env=dev --template=react-typescript --auto-approve
+
+# Or manually via Coder CLI
+export KUBECONFIG=<(terraform output -raw kubeconfig)
+coder templates create my-template --directory=./templates/frontend/react-typescript
+```
+
+> **Key Point**: Your Coder environment is fully functional immediately after deployment, regardless of whether you specify a template. Templates are workspace blueprints that can be managed independently.
+
 ## Environment Management
 
 ### Development Environment

environments/dev/main.tf

@@ -143,6 +143,58 @@ module "security" {
   depends_on = [module.scaleway_cluster]
 }
 
+# Coder Deployment Module
+module "coder_deployment" {
+  source = "../../modules/coder-deployment"
+
+  namespace            = "coder"
+  environment          = local.environment
+  coder_version        = "2.6.0"
+  database_url         = module.postgresql.connection_string
+  access_url           = module.networking.access_url
+  wildcard_access_url  = module.networking.wildcard_access_url
+  service_account_name = "coder"
+
+  # Development-specific resource limits
+  resources = {
+    limits = {
+      cpu    = "1000m"
+      memory = "2Gi"
+    }
+    requests = {
+      cpu    = "250m"
+      memory = "512Mi"
+    }
+  }
+
+  # Storage configuration
+  storage_class = "scw-bssd"
+  storage_size  = "5Gi"
+
+  # Enable monitoring for development
+  monitoring_enabled = local.monitoring_config.enable_monitoring
+
+  # Workspace configuration
+  workspace_traffic_policy = "subdomain"
+  enable_terraform         = true
+
+  # Ingress configuration based on domain setup
+  ingress_enabled = local.domain_name != ""
+  ingress_class   = "nginx"
+  tls_enabled     = local.domain_name != ""
+
+  tags = merge(var.tags, {
+    Environment = local.environment
+  })
+
+  depends_on = [
+    module.scaleway_cluster,
+    module.postgresql,
+    module.networking,
+    module.security
+  ]
+}
+
 # Import variables from shared configuration
 variable "scaleway_zone" {
   description = "Scaleway zone"

environments/dev/outputs.tf

@@ -66,9 +66,10 @@ output "cost_estimation" {
 output "quick_setup_commands" {
   description = "Commands to complete the setup"
   value = {
-    get_kubeconfig = "export KUBECONFIG=<(terraform output -raw kubeconfig)"
-    install_coder  = "./scripts/install-coder.sh --env=dev"
-    access_url     = module.networking.access_url != null ? module.networking.access_url : "https://${module.networking.load_balancer_ip}"
+    get_kubeconfig   = "export KUBECONFIG=<(terraform output -raw kubeconfig)"
+    deploy_templates = "./scripts/lifecycle/setup.sh --env=dev --template=<template-name> --auto-approve"
+    access_url       = module.networking.access_url != null ? module.networking.access_url : "https://${module.networking.load_balancer_ip}"
+    coder_admin_info = "Coder is deployed and running. Access admin credentials from Kubernetes secrets."
   }
 }
 
@@ -77,4 +78,20 @@ output "kubeconfig" {
   description = "Kubeconfig for accessing the cluster"
   value       = module.scaleway_cluster.kubeconfig
   sensitive   = true
+}
+
+# Direct outputs for GitHub Actions workflow
+output "load_balancer_ip" {
+  description = "Load balancer IP address"
+  value       = module.networking.load_balancer_ip
+}
+
+output "access_url" {
+  description = "Main access URL for Coder"
+  value       = module.networking.access_url
+}
+
+output "admin_username" {
+  description = "Coder admin username"
+  value       = "admin" # Default admin username
 }

environments/prod/main.tf

@@ -229,6 +229,124 @@ module "security" {
   depends_on = [module.scaleway_cluster]
 }
 
+# Coder Deployment Module - Production Configuration
+module "coder_deployment" {
+  source = "../../modules/coder-deployment"
+
+  namespace            = "coder"
+  environment          = local.environment
+  coder_version        = "2.6.0"
+  database_url         = module.postgresql.connection_string
+  access_url           = module.networking.access_url
+  wildcard_access_url  = module.networking.wildcard_access_url
+  service_account_name = "coder"
+
+  # Production-grade resource limits
+  resources = {
+    limits = {
+      cpu    = "4000m"
+      memory = "8Gi"
+    }
+    requests = {
+      cpu    = "1000m"
+      memory = "2Gi"
+    }
+  }
+
+  # High availability configuration
+  replica_count = 2
+
+  # Storage configuration
+  storage_class = "scw-bssd"
+  storage_size  = "50Gi"
+
+  # Enable monitoring for production
+  monitoring_enabled = local.monitoring_config.enable_monitoring
+
+  # Workspace configuration
+  workspace_traffic_policy = "subdomain"
+  enable_terraform         = true
+
+  # Production security settings (restricted)
+  pod_security_context = {
+    run_as_non_root = true
+    run_as_user     = 1000
+    run_as_group    = 1000
+    fs_group        = 1000
+  }
+
+  security_context = {
+    allow_privilege_escalation = false
+    run_as_non_root            = true
+    run_as_user                = 1000
+    capabilities = {
+      drop = ["ALL"]
+    }
+    read_only_root_filesystem = true
+  }
+
+  # Enhanced health checks for production
+  health_check_config = {
+    liveness_probe = {
+      initial_delay_seconds = 120
+      period_seconds        = 30
+      timeout_seconds       = 10
+      failure_threshold     = 3
+    }
+    readiness_probe = {
+      initial_delay_seconds = 30
+      period_seconds        = 10
+      timeout_seconds       = 5
+      failure_threshold     = 5
+    }
+  }
+
+  # Ingress configuration based on domain setup
+  ingress_enabled = local.domain_name != ""
+  ingress_class   = "nginx"
+  tls_enabled     = local.domain_name != ""
+
+  # Production ingress annotations with security and performance optimizations
+  ingress_annotations = {
+    "nginx.ingress.kubernetes.io/proxy-body-size"         = "0"
+    "nginx.ingress.kubernetes.io/proxy-read-timeout"      = "86400"
+    "nginx.ingress.kubernetes.io/proxy-send-timeout"      = "86400"
+    "nginx.ingress.kubernetes.io/ssl-redirect"            = "true"
+    "nginx.ingress.kubernetes.io/force-ssl-redirect"      = "true"
+    "nginx.ingress.kubernetes.io/rate-limit"              = "200"
+    "nginx.ingress.kubernetes.io/rate-limit-window"       = "1m"
+    "nginx.ingress.kubernetes.io/rate-limit-rps"          = "5"
+    "cert-manager.io/cluster-issuer"                      = "letsencrypt-prod"
+    "nginx.ingress.kubernetes.io/proxy-buffer-size"       = "16k"
+    "nginx.ingress.kubernetes.io/proxy-buffers"           = "8 16k"
+    "nginx.ingress.kubernetes.io/enable-modsecurity"      = "true"
+    "nginx.ingress.kubernetes.io/enable-owasp-core-rules" = "true"
+  }
+
+  # Production environment variables
+  environment_variables = {
+    "CODER_PROMETHEUS_ENABLE"              = "true"
+    "CODER_PPROF_ENABLE"                   = "true"
+    "CODER_VERBOSE"                        = "false"
+    "CODER_SWAGGER_ENABLE"                 = "false"
+    "CODER_RATE_LIMIT_API"                 = "512"
+    "CODER_EXPERIMENTS"                    = "workspace_batch_actions,deployment_health_page"
+    "CODER_MAX_SESSION_EXPIRY"             = "168h" # 7 days
+    "CODER_DISABLE_SESSION_EXPIRY_REFRESH" = "false"
+  }
+
+  tags = merge(var.tags, {
+    Environment = local.environment
+  })
+
+  depends_on = [
+    module.scaleway_cluster,
+    module.postgresql,
+    module.networking,
+    module.security
+  ]
+}
+
 # Import variables from shared configuration
 variable "scaleway_zone" {
   description = "Scaleway zone"

environments/prod/outputs.tf

@@ -95,9 +95,10 @@ output "production_checklist" {
 output "quick_setup_commands" {
   description = "Commands to complete the setup"
   value = {
-    get_kubeconfig = "export KUBECONFIG=<(terraform output -raw kubeconfig)"
-    install_coder  = "./scripts/install-coder.sh --env=prod"
-    access_url     = module.networking.access_url != null ? module.networking.access_url : "https://${module.networking.load_balancer_ip}"
+    get_kubeconfig   = "export KUBECONFIG=<(terraform output -raw kubeconfig)"
+    deploy_templates = "./scripts/lifecycle/setup.sh --env=prod --template=<template-name> --auto-approve"
+    access_url       = module.networking.access_url != null ? module.networking.access_url : "https://${module.networking.load_balancer_ip}"
+    coder_admin_info = "Coder is deployed and running. Access admin credentials from Kubernetes secrets."
   }
 }
 
@@ -106,4 +107,20 @@ output "kubeconfig" {
   description = "Kubeconfig for accessing the cluster"
   value       = module.scaleway_cluster.kubeconfig
   sensitive   = true
+}
+
+# Direct outputs for GitHub Actions workflow
+output "load_balancer_ip" {
+  description = "Load balancer IP address"
+  value       = module.networking.load_balancer_ip
+}
+
+output "access_url" {
+  description = "Main access URL for Coder"
+  value       = module.networking.access_url
+}
+
+output "admin_username" {
+  description = "Coder admin username"
+  value       = "admin" # Default admin username
 }