in the Load balancing considerations section of https://coder.com/docs/install/kubernetes#azure, we have a note re Azure

@dahr outlined a better set of steps in google doc and slack. I'm putting it all together here

• [google doc] is more of a guidance doc on deploying with AKS than it is about load balancing
• the App Gateway we currently mention in our docs is a load balancer with an ingress controller.
• do we want to include the entire process here, or just what is applicable to the load balancing service?

For more information

• What is Azure Kubernetes Service (AKS)?
• Tutorial: Enable application gateway ingress controller add-on for an existing AKS cluster with an existing application gateway - the steps below are borrowed from this link

after the --- break, the 20 steps feels a bit long and out of place in the "Install Kubernetes" doc, and might be better on its own, maybe /docs/install/kubernetes/azure.md?

Azure

In certain enterprise environments, the Azure Application Gateway is required.

These steps serve as a proof of concept so that you can get Coder running with Kubernetes on Azure. Your deployment might require a separate Postgres server or signed certificates.

The Application Gateway supports:

• Websocket traffic (required for workspace connections)
• TLS termination

Refer to Microsoft's documentation on how to enable application gateway ingress controller add-on for an existing AKS cluster with an existing application gateway. The steps here follow the Microsoft tutorial for a Coder deployment.

Deploy Coder on Azure with an Application Gateway

1. Create Azure resource group:

   az group create --name myResourceGroup --location eastus

2. Create AKS cluster:

   az aks create --name myCluster --resource-group myResourceGroup --network-plugin azure --enable-managed-identity --generate-ssh-keys

3. Create public IP:

   az network public-ip create --name myPublicIp --resource-group myResourceGroup --allocation-method Static --sku Standard

4. Create Vnet & subnet:

   az network vnet create --name myVnet --resource-group myResourceGroup --address-prefix 10.0.0.0/16 --subnet-name mySubnet --subnet-prefix 10.0.0.0/24

5. Create Azure application gateway, attach Vnet & subnet and public IP:

   az network application-gateway create --name myApplicationGateway --resource-group myResourceGroup --sku Standard_v2 --public-ip-address myPublicIp --vnet-name myVnet --subnet mySubnet --priority 100

6. Get app gateway ID:

   appgwId=$(az network application-gateway show --name myApplicationGateway --resource-group myResourceGroup -o tsv --query "id")

7. Enable app gateway ingress to AKS cluster:

   az aks enable-addons --name myCluster --resource-group myResourceGroup --addon ingress-appgw --appgw-id $appgwId

8. Get AKS node resource group:

   nodeResourceGroup=$(az aks show --name myCluster --resource-group myResourceGroup -o tsv --query "nodeResourceGroup")

9. Get AKS Vnet name:

   aksVnetName=$(az network vnet list --resource-group $nodeResourceGroup -o tsv --query "[0].name")

10. Get AKS Vnet ID:

    aksVnetId=$(az network vnet show --name $aksVnetName --resource-group $nodeResourceGroup -o tsv --query "id")

11. Peer Vnet to AKS Vnet:

    az network vnet peering create --name AppGWtoAKSVnetPeering --resource-group myResourceGroup --vnet-name myVnet --remote-vnet $aksVnetId --allow-vnet-access

12. Get app gateway Vnet ID:

    appGWVnetId=$(az network vnet show --name myVnet --resource-group myResourceGroup -o tsv --query "id")

13. Peer AKS Vnet to app gateway Vnet:

    az network vnet peering create --name AKStoAppGWVnetPeering --resource-group $nodeResourceGroup --vnet-name $aksVnetName --remote-vnet $appGWVnetId --allow-vnet-access

14. Get AKS credentials:

    az aks get-credentials --name myCluster --resource-group myResourceGroup

15. Create Coder namespace:

    kubectl create ns coder

16. Deploy non-production PostgreSQL instance to AKS cluster:

    helm repo add bitnami https://charts.bitnami.com/bitnami
    helm install coder-db bitnami/postgresql \
    --namespace coder \
    --set auth.username=coder \
    --set auth.password=coder \
    --set auth.database=coder \
    --set persistence.size=10Gi

17. Deploy Coder to AKS cluster:

    helm repo add coder-v2 https://helm.coder.com/v2
    helm install coder coder-v2/coder \
    	--namespace coder \
     --values values.yaml \
     --version 2.17.2

18. Clean up Azure resources:

    az group delete --name myResourceGroup
    az group delete --name MC_myResourceGroup_myCluster_eastus

19. Deploy the gateway - this needs clarification

20. After you deploy the gateway, add the following entries to Helm's values.yaml file before you deploy Coder:

      service:
        enable: true
        type: ClusterIP
        sessionAffinity: None
        externalTrafficPolicy: Cluster
        loadBalancerIP: ""
        annotations: {}
        httpNodePort: ""
        httpsNodePort: ""
    
      ingress:
        enable: true
        className: "azure-application-gateway"
        host: ""
        wildcardHost: ""
        annotations: {}
        tls:
          enable: false
          secretName: ""
          wildcardSecretName: ""