1 +
# Deploy Coder on Azure with an Application Gateway
2 + 3 +
In certain enterprise environments, the [Azure Application Gateway](https://learn.microsoft.com/en-us/azure/application-gateway/ingress-controller-overview) is required.
4 + 5 +
These steps serve as a proof-of-concept example so that you can get Coder running with Kubernetes on Azure. Your deployment might require a separate Postgres server or signed certificates.
6 + 7 +
The Application Gateway supports:
8 + 9 +
- Websocket traffic (required for workspace connections)
10 +
- TLS termination
11 + 12 +
Refer to Microsoft's documentation on how to [enable application gateway ingress controller add-on for an existing AKS cluster with an existing application gateway](https://learn.microsoft.com/en-us/azure/application-gateway/tutorial-ingress-controller-add-on-existing).
13 +
The steps here follow the Microsoft tutorial for a Coder deployment.
14 + 15 +
## Deploy Coder on Azure with an Application Gateway
16 + 17 +
1. Create Azure resource group:
18 + 19 +
```sql
20 +
az group create --name myResourceGroup --location eastus
21 +
```
22 + 23 +
1. Create AKS cluster:
24 + 25 +
```sql
26 +
az aks create --name myCluster --resource-group myResourceGroup --network-plugin azure --enable-managed-identity --generate-ssh-keys
27 +
```
28 + 29 +
1. Create public IP:
30 + 31 +
```sql
32 +
az network public-ip create --name myPublicIp --resource-group myResourceGroup --allocation-method Static --sku Standard
33 +
```
34 + 35 +
1. Create VNet and subnet:
36 + 37 +
```sql
38 +
az network vnet create --name myVnet --resource-group myResourceGroup --address-prefix 10.0.0.0/16 --subnet-name mySubnet --subnet-prefix 10.0.0.0/24
39 +
```
40 + 41 +
1. Create Azure application gateway, attach VNet, subnet and public IP:
42 + 43 +
```sql
44 +
az network application-gateway create --name myApplicationGateway --resource-group myResourceGroup --sku Standard_v2 --public-ip-address myPublicIp --vnet-name myVnet --subnet mySubnet --priority 100
45 +
```
46 + 47 +
1. Get app gateway ID:
48 + 49 +
```sql
50 +
appgwId=$(az network application-gateway show --name myApplicationGateway --resource-group myResourceGroup -o tsv --query "id")
51 +
```
52 + 53 +
1. Enable app gateway ingress to AKS cluster:
54 + 55 +
```sql
56 +
az aks enable-addons --name myCluster --resource-group myResourceGroup --addon ingress-appgw --appgw-id $appgwId
57 +
```
58 + 59 +
1. Get AKS node resource group:
60 + 61 +
```sql
62 +
nodeResourceGroup=$(az aks show --name myCluster --resource-group myResourceGroup -o tsv --query "nodeResourceGroup")
63 +
```
64 + 65 +
1. Get AKS VNet name:
66 + 67 +
```sql
68 +
aksVnetName=$(az network vnet list --resource-group $nodeResourceGroup -o tsv --query "[0].name")
69 +
```
70 + 71 +
1. Get AKS VNet ID:
72 + 73 +
```sql
74 +
aksVnetId=$(az network vnet show --name $aksVnetName --resource-group $nodeResourceGroup -o tsv --query "id")
75 +
```
76 + 77 +
1. Peer VNet to AKS VNet:
78 + 79 +
```sql
80 +
az network vnet peering create --name AppGWtoAKSVnetPeering --resource-group myResourceGroup --vnet-name myVnet --remote-vnet $aksVnetId --allow-vnet-access
81 +
```
82 + 83 +
1. Get app gateway VNet ID:
84 + 85 +
```sql
86 +
appGWVnetId=$(az network vnet show --name myVnet --resource-group myResourceGroup -o tsv --query "id")
87 +
```
88 + 89 +
1. Peer AKS VNet to app gateway VNet:
90 + 91 +
```sql
92 +
az network vnet peering create --name AKStoAppGWVnetPeering --resource-group $nodeResourceGroup --vnet-name $aksVnetName --remote-vnet $appGWVnetId --allow-vnet-access
93 +
```
94 + 95 +
1. Get AKS credentials:
96 + 97 +
```sql
98 +
az aks get-credentials --name myCluster --resource-group myResourceGroup
99 +
```
100 + 101 +
1. Create Coder namespace:
102 + 103 +
```shell
104 +
kubectl create ns coder
105 +
```
106 + 107 +
1. Deploy non-production PostgreSQL instance to AKS cluster:
108 + 109 +
```shell
110 +
helm repo add bitnami https://charts.bitnami.com/bitnami
111 +
helm install coder-db bitnami/postgresql \
112 +
--namespace coder \
113 +
--set auth.username=coder \
114 +
--set auth.password=coder \
115 +
--set auth.database=coder \
116 +
--set persistence.size=10Gi
117 +
```
118 + 119 +
1. Create the PostgreSQL secret:
120 + 121 +
```shell
122 +
kubectl create secret generic coder-db-url -n coder --from-literal=url="postgres://coder:coder@coder-db-postgresql.coder.svc.cluster.local:5432/coder?sslmode=disable"
123 +
```
124 + 125 +
1. Deploy Coder to AKS cluster:
126 + 127 +
```shell
128 +
helm repo add coder-v2 https://helm.coder.com/v2
129 +
helm install coder coder-v2/coder \
130 +
--namespace coder \
131 +
--values values.yaml \
132 +
--version 2.18.5
133 +
```
134 + 135 +
1. Clean up Azure resources:
136 + 137 +
```sql
138 +
az group delete --name myResourceGroup
139 +
az group delete --name MC_myResourceGroup_myCluster_eastus
140 +
```
141 + 142 +
1. Deploy the gateway - this needs clarification
143 + 144 +
1. After you deploy the gateway, add the following entries to Helm's `values.yaml` file before you deploy Coder:
145 + 146 +
```yaml
147 +
service:
148 +
enable: true
149 +
type: ClusterIP
150 +
sessionAffinity: None
151 +
externalTrafficPolicy: Cluster
152 +
loadBalancerIP: ""
153 +
annotations: {}
154 +
httpNodePort: ""
155 +
httpsNodePort: ""
156 + 157 +
ingress:
158 +
enable: true
159 +
className: "azure-application-gateway"
160 +
host: ""
161 +
wildcardHost: ""
162 +
annotations: {}
163 +
tls:
164 +
enable: false
165 +
secretName: ""
166 +
wildcardSecretName: ""
167 +
```
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4