From 3ba3ba1db16e94b914343c676ac7c8d989b21d55 Mon Sep 17 00:00:00 2001 From: EdwardAngert Date: Tue, 21 Jan 2025 20:53:24 +0000 Subject: [PATCH 1/6] add kubernetes azure app gateway doc --- .../kubernetes-azure-app-gateway.md | 161 ++++++++++++++++++ docs/manifest.json | 9 +- 2 files changed, 169 insertions(+), 1 deletion(-) create mode 100644 docs/install/kubernetes/kubernetes-azure-app-gateway.md diff --git a/docs/install/kubernetes/kubernetes-azure-app-gateway.md b/docs/install/kubernetes/kubernetes-azure-app-gateway.md new file mode 100644 index 0000000000000..b1a574e47cd94 --- /dev/null +++ b/docs/install/kubernetes/kubernetes-azure-app-gateway.md @@ -0,0 +1,161 @@ +# Deploy Coder on Azure with an Application Gateway + +In certain enterprise environments, the [Azure Application Gateway](https://learn.microsoft.com/en-us/azure/application-gateway/ingress-controller-overview) is required. + +These steps serve as a proof-of-concept example so that you can get Coder running with Kubernetes on Azure. Your deployment might require a separate Postgres server or signed certificates. + +The Application Gateway supports: + +- Websocket traffic (required for workspace connections) +- TLS termination + +Refer to Microsoft's documentation on how to [enable application gateway ingress controller add-on for an existing AKS cluster with an existing application gateway](https://learn.microsoft.com/en-us/azure/application-gateway/tutorial-ingress-controller-add-on-existing). +The steps here follow the Microsoft tutorial for a Coder deployment. + +## Deploy Coder on Azure with an Application Gateway + +1. Create Azure resource group: + + ```sql + az group create --name myResourceGroup --location eastus + ``` + +1. Create AKS cluster: + + ```sql + az aks create --name myCluster --resource-group myResourceGroup --network-plugin azure --enable-managed-identity --generate-ssh-keys + ``` + +1. Create public IP: + + ```sql + az network public-ip create --name myPublicIp --resource-group myResourceGroup --allocation-method Static --sku Standard + ``` + +1. Create VNet and subnet: + + ```sql + az network vnet create --name myVnet --resource-group myResourceGroup --address-prefix 10.0.0.0/16 --subnet-name mySubnet --subnet-prefix 10.0.0.0/24 + ``` + +1. Create Azure application gateway, attach VNet, subnet and public IP: + + ```sql + az network application-gateway create --name myApplicationGateway --resource-group myResourceGroup --sku Standard_v2 --public-ip-address myPublicIp --vnet-name myVnet --subnet mySubnet --priority 100 + ``` + +1. Get app gateway ID: + + ```sql + appgwId=$(az network application-gateway show --name myApplicationGateway --resource-group myResourceGroup -o tsv --query "id") + ``` + +1. Enable app gateway ingress to AKS cluster: + + ```sql + az aks enable-addons --name myCluster --resource-group myResourceGroup --addon ingress-appgw --appgw-id $appgwId + ``` + +1. Get AKS node resource group: + + ```sql + nodeResourceGroup=$(az aks show --name myCluster --resource-group myResourceGroup -o tsv --query "nodeResourceGroup") + ``` + +1. Get AKS VNet name: + + ```sql + aksVnetName=$(az network vnet list --resource-group $nodeResourceGroup -o tsv --query "[0].name") + ``` + +1. Get AKS VNet ID: + + ```sql + aksVnetId=$(az network vnet show --name $aksVnetName --resource-group $nodeResourceGroup -o tsv --query "id") + ``` + +1. Peer VNet to AKS VNet: + + ```sql + az network vnet peering create --name AppGWtoAKSVnetPeering --resource-group myResourceGroup --vnet-name myVnet --remote-vnet $aksVnetId --allow-vnet-access + ``` + +1. Get app gateway VNet ID: + + ```sql + appGWVnetId=$(az network vnet show --name myVnet --resource-group myResourceGroup -o tsv --query "id") + ``` + +1. Peer AKS VNet to app gateway VNet: + + ```sql + az network vnet peering create --name AKStoAppGWVnetPeering --resource-group $nodeResourceGroup --vnet-name $aksVnetName --remote-vnet $appGWVnetId --allow-vnet-access + ``` + +1. Get AKS credentials: + + ```sql + az aks get-credentials --name myCluster --resource-group myResourceGroup + ``` + +1. Create Coder namespace: + + ```shell + kubectl create ns coder + ``` + +1. Deploy non-production PostgreSQL instance to AKS cluster: + + ```shell + helm repo add bitnami https://charts.bitnami.com/bitnami + helm install coder-db bitnami/postgresql \ + --namespace coder \ + --set auth.username=coder \ + --set auth.password=coder \ + --set auth.database=coder \ + --set persistence.size=10Gi + ``` + +1. Deploy Coder to AKS cluster: + + ```shell + helm repo add coder-v2 https://helm.coder.com/v2 + helm install coder coder-v2/coder \ + --namespace coder \ + --values values.yaml \ + --version 2.17.2 + ``` + +1. Clean up Azure resources: + + ```sql + az group delete --name myResourceGroup + az group delete --name MC_myResourceGroup_myCluster_eastus + ``` + +1. Deploy the gateway - this needs clarification + +1. After you deploy the gateway, add the following entries to Helm's `values.yaml` file before you deploy Coder: + + ```yaml + service: + enable: true + type: ClusterIP + sessionAffinity: None + externalTrafficPolicy: Cluster + loadBalancerIP: "" + annotations: {} + httpNodePort: "" + httpsNodePort: "" + + ingress: + enable: true + className: "azure-application-gateway" + host: "" + wildcardHost: "" + annotations: {} + tls: + enable: false + secretName: "" + wildcardSecretName: "" + ``` diff --git a/docs/manifest.json b/docs/manifest.json index a21d7583cc357..b033e3259c23e 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -41,7 +41,14 @@ "title": "Kubernetes", "description": "Install Coder on Kubernetes", "path": "./install/kubernetes.md", - "icon_path": "./images/icons/kubernetes.svg" + "icon_path": "./images/icons/kubernetes.svg", + "children": [ + { + "title": "Deploy Coder on Azure with an Application Gateway", + "description": "Deploy Coder on Azure with an Application Gateway", + "path": "./install/kubernetes/kubernetes-azure-app-gateway.md" + } + ] }, { "title": "OpenShift", From 63954f181d1bbcb2cf61ea37566f7a258a86d855 Mon Sep 17 00:00:00 2001 From: EdwardAngert Date: Tue, 21 Jan 2025 20:59:25 +0000 Subject: [PATCH 2/6] link to k8s-azure-app-gateway --- docs/install/kubernetes.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/install/kubernetes.md b/docs/install/kubernetes.md index 7ca8670767b35..da0bbaee9e9bc 100644 --- a/docs/install/kubernetes.md +++ b/docs/install/kubernetes.md @@ -280,13 +280,17 @@ coder: ### Azure -In certain enterprise environments, the -[Azure Application Gateway](https://learn.microsoft.com/en-us/azure/application-gateway/ingress-controller-overview) -was needed. The Application Gateway supports: +Certain enterprise environments require the +[Azure Application Gateway](https://learn.microsoft.com/en-us/azure/application-gateway/ingress-controller-overview). +The Application Gateway supports: - Websocket traffic (required for workspace connections) - TLS termination +Follow our doc on +[how to deploy Coder on Azure with an Application Gateway](./kubernetes/kubernetes-azure-app-gateway.md) +for an example. + ## Troubleshooting You can view Coder's logs by getting the pod name from `kubectl get pods` and From ffc10932d58450ccdd6cacf1000ac7796fc1d3a4 Mon Sep 17 00:00:00 2001 From: Edward Angert Date: Wed, 12 Feb 2025 12:37:55 -0500 Subject: [PATCH 3/6] Update docs/install/kubernetes/kubernetes-azure-app-gateway.md Co-authored-by: M Atif Ali --- docs/install/kubernetes/kubernetes-azure-app-gateway.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/install/kubernetes/kubernetes-azure-app-gateway.md b/docs/install/kubernetes/kubernetes-azure-app-gateway.md index b1a574e47cd94..f83a7f075b951 100644 --- a/docs/install/kubernetes/kubernetes-azure-app-gateway.md +++ b/docs/install/kubernetes/kubernetes-azure-app-gateway.md @@ -123,7 +123,7 @@ The steps here follow the Microsoft tutorial for a Coder deployment. helm install coder coder-v2/coder \ --namespace coder \ --values values.yaml \ - --version 2.17.2 + --version 2.18.3 ``` 1. Clean up Azure resources: From 315b07f915beb659080bcd1aea255620cf352291 Mon Sep 17 00:00:00 2001 From: EdwardAngert Date: Wed, 19 Feb 2025 21:35:56 +0000 Subject: [PATCH 4/6] add step to create postgresql secret --- docs/install/kubernetes/kubernetes-azure-app-gateway.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/install/kubernetes/kubernetes-azure-app-gateway.md b/docs/install/kubernetes/kubernetes-azure-app-gateway.md index f83a7f075b951..4c3dcb6e070d6 100644 --- a/docs/install/kubernetes/kubernetes-azure-app-gateway.md +++ b/docs/install/kubernetes/kubernetes-azure-app-gateway.md @@ -116,6 +116,12 @@ The steps here follow the Microsoft tutorial for a Coder deployment. --set persistence.size=10Gi ``` +1. Create the PostgreSQL secret: + + ```shell + kubectl create secret generic coder-db-url -n coder --from-literal=url="postgres://coder:coder@coder-db-postgresql.coder.svc.cluster.local:5432/coder?sslmode=disable" + ``` + 1. Deploy Coder to AKS cluster: ```shell From f2206b63f62d9977a5f65bdda8d4ff01bc6c5f68 Mon Sep 17 00:00:00 2001 From: EdwardAngert Date: Wed, 19 Feb 2025 21:40:23 +0000 Subject: [PATCH 5/6] version bump --- docs/install/kubernetes/kubernetes-azure-app-gateway.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/install/kubernetes/kubernetes-azure-app-gateway.md b/docs/install/kubernetes/kubernetes-azure-app-gateway.md index 4c3dcb6e070d6..99923ca9e2105 100644 --- a/docs/install/kubernetes/kubernetes-azure-app-gateway.md +++ b/docs/install/kubernetes/kubernetes-azure-app-gateway.md @@ -129,7 +129,7 @@ The steps here follow the Microsoft tutorial for a Coder deployment. helm install coder coder-v2/coder \ --namespace coder \ --values values.yaml \ - --version 2.18.3 + --version 2.18.5 ``` 1. Clean up Azure resources: From f793f24e22219a4b17c7f7a5bc53b9372a7b95a0 Mon Sep 17 00:00:00 2001 From: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com> Date: Wed, 11 Jun 2025 16:57:05 +0000 Subject: [PATCH 6/6] add link from tutorials --- docs/manifest.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/manifest.json b/docs/manifest.json index 9c2427c0df444..545f67bfd91d6 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -926,6 +926,11 @@ "description": "Federating Coder to Azure", "path": "./tutorials/azure-federation.md" }, + { + "title": "Deploy Coder on Azure with an Application Gateway", + "description": "Deploy Coder on Azure with an Application Gateway", + "path": "./install/kubernetes/kubernetes-azure-app-gateway.md" + }, { "title": "Scanning Workspaces with JFrog Xray", "description": "Integrate Coder with JFrog Xray",