Summary

This PR upgrades coder-k8s from a placeholder controller into a functional operator for two resource types:

• CoderControlPlane (coder.com/v1alpha1)
• WorkspaceProxy (coder.com/v1alpha1)

It reconciles control-plane and workspace-proxy Deployments/Services, supports optional proxy bootstrap token creation through the Coder SDK, and updates generated manifests/codegen/output accordingly.

Background

coder-k8s previously scaffolded API types and controller wiring, but reconciliation was intentionally no-op. We need a usable operator path for deploying and managing:

• the Coder control plane, and
• external workspace proxies

through CRDs stored in etcd and managed with standard Kubernetes workflows.

Implementation

• Expanded CoderControlPlane API:
  • richer spec (image, replicas, service, extraArgs, extraEnv, imagePullSecrets)
  • richer status (observedGeneration, readyReplicas, url, phase, conditions)
• Added shared API helpers in api/v1alpha1/types_shared.go.
• Added WorkspaceProxy API (workspaceproxy_types.go) with:
  • direct token mode (primaryAccessURL + proxySessionTokenSecretRef)
  • optional bootstrap mode (bootstrap.coderURL, credentials secret, generated token secret)
• Replaced placeholder control-plane reconcile loop with real reconciliation:
  • manages Deployment + Service
  • updates status based on observed workload state
• Added WorkspaceProxyReconciler:
  • manages Deployment + Service
  • manages token Secret when bootstrap mode is enabled
  • updates proxy status fields
• Added SDK bootstrap integration in internal/coderbootstrap/client.go:
  • uses github.com/coder/coder/v2/codersdk as-is
  • creates/updates workspace proxy in Coder and regenerates tokens when needed
• Wired both reconcilers in controller app startup.
• Added/updated tests:
  • control-plane reconcile coverage
  • workspace-proxy reconcile coverage
  • SDK bootstrap client tests
• Regenerated and updated:
  • deepcopy code
  • CRD manifests
  • RBAC manifests
  • sample manifests
  • go.mod/go.sum/vendor.

Validation

• make codegen
• make manifests
• make test
• make build
• make verify-vendor

Risks

• Dependency footprint / churn (medium): adding codersdk currently pulls in a large transitive dependency graph and causes substantial vendor churn.
• Bootstrap semantics (medium): bootstrap mode assumes valid Coder credentials and expected workspace-proxy API behavior; misconfigured secrets will block readiness.
• Image/feature compatibility (medium): workspace proxy reconciliation assumes a Coder image that supports wsproxy server.

Generated with mux • Model: openai:gpt-5.3-codex • Thinking: xhigh • Cost: $0.54

Latest updates (February 10, 2026)

• Rebased the branch onto main (806142a).

• Addressed Codex feedback to avoid unnecessary bootstrap credential reads:

  • WorkspaceProxyReconciler.resolveProxyCredentials now checks for an existing generated proxy token Secret before reading bootstrap credentials.
  • This allows steady-state reconciliation to continue even after bootstrap credentials are removed/rotated, as long as the generated proxy token Secret is present.

• Added regression coverage:

  • TestWorkspaceProxyReconcile_WithBootstrap_UsesExistingTokenWithoutCredentials verifies reconcile succeeds with an existing token secret and no bootstrap credential secret.

• Re-synced go.mod, go.sum, and vendor/ after the rebase so vendored dependencies and module metadata remain consistent.

• Bounded app.kubernetes.io/instance label values for WorkspaceProxy children to 63 characters with deterministic hash suffixing to avoid reconciliation failures on long CR names; added TestWorkspaceProxyReconcile_TruncatesLongInstanceLabelValue coverage.