A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://www.coder.com/docs/install/kubernetes below:

Install Coder on Kubernetes with Helm

You can install Coder on Kubernetes (K8s) using Helm. We run on most Kubernetes distributions, including OpenShift.

Requirements 1. Create a namespace

Create a namespace for the Coder control plane. In this tutorial, we'll call it coder.

kubectl create namespace coder

2. Create a PostgreSQL instance

Coder does not manage a database server for you. This is required for storing data about your Coder deployment and resources.

Managed PostgreSQL (recommended)

If you're in a public cloud such as Google Cloud, AWS, Azure, or DigitalOcean, you can use the managed PostgreSQL offerings they provide. Make sure that the PostgreSQL service is running and accessible from your cluster. It should be in the same network, same project, etc.

In-Cluster PostgreSQL (for proof of concepts)

You can install Postgres manually on your cluster using the Bitnami PostgreSQL Helm chart. There are some helpful guides on the internet that explain sensible configurations for this chart. Example:

# Install PostgreSQL helm repo add bitnami https://charts.bitnami.com/bitnami helm install postgresql bitnami/postgresql \ --namespace coder \ --set auth.username=coder \ --set auth.password=coder \ --set auth.database=coder \ --set primary.persistence.size=10Gi

The cluster-internal DB URL for the above database is:

You can optionally use the Postgres operator to manage PostgreSQL deployments on your Kubernetes cluster.

3. Create the PostgreSQL secret

Create a secret with the PostgreSQL database URL string. In the case of the self-managed PostgreSQL, the address will be:

kubectl create secret generic coder-db-url -n coder \ --from-literal=url="postgres://coder:[email protected]:5432/coder?sslmode=disable" 4. Install Coder with Helm

helm repo add coder-v2 https://helm.coder.com/v2

Create a values.yaml with the configuration settings you'd like for your deployment. For example:

coder: # You can specify any environment variables you'd like to pass to Coder # here. Coder consumes environment variables listed in # `coder server --help`, and these environment variables are also passed # to the workspace provisioner (so you can consume them in your Terraform # templates for auth keys etc.). # # Please keep in mind that you should not set `CODER_HTTP_ADDRESS`, # `CODER_TLS_ENABLE`, `CODER_TLS_CERT_FILE` or `CODER_TLS_KEY_FILE` as # they are already set by the Helm chart and will cause conflicts. env: - name: CODER_PG_CONNECTION_URL valueFrom: secretKeyRef: # You'll need to create a secret called coder-db-url with your # Postgres connection URL like: # postgres://coder:password@postgres:5432/coder?sslmode=disable name: coder-db-url key: url # For production deployments, we recommend configuring your own GitHub # OAuth2 provider and disabling the default one. - name: CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER_ENABLE value: "false" # (Optional) For production deployments the access URL should be set. # If you're just trying Coder, access the dashboard via the service IP. # - name: CODER_ACCESS_URL # value: "https://coder.example.com" #tls: # secretNames: # - my-tls-secret-name

You can view our Helm README for details on the values that are available, or you can view the values.yaml file directly.

We support two release channels: mainline and stable - read the Releases page to learn more about which best suits your team.

You can watch Coder start up by running kubectl get pods -n coder. Once Coder has started, the coder-* pods should enter the Running state.

5. Log in to Coder 🎉

Use kubectl get svc -n coder to get the IP address of the LoadBalancer. Visit this in the browser to set up your first account.

If you do not have a domain, you should set CODER_ACCESS_URL to this URL in the Helm chart and upgrade Coder (see below). This allows workspaces to connect to the proper Coder URL.

Upgrading Coder via Helm

To upgrade Coder in the future or change values, you can run the following command:

helm repo update helm upgrade coder coder-v2/coder \ --namespace coder \ -f values.yaml

Coder Observability Chart

Use the Observability Helm chart for a pre-built set of dashboards to monitor your control plane over time. It includes Grafana, Prometheus, Loki, and Alert Manager out-of-the-box, and can be deployed on your existing Grafana instance.

We recommend that all administrators deploying on Kubernetes set the observability bundle up with the control plane from the start. For installation instructions, visit the observability repository.

Kubernetes Security Reference

Below are common requirements we see from our enterprise customers when deploying an application in Kubernetes. This is intended to serve as a reference, and not all security requirements may apply to your business.

  1. All container images must be sourced from an internal container registry.

  2. All containers must run as non-root user

  3. Containers cannot run privileged

  4. Containers cannot mount host filesystems

  5. Containers cannot attach to host network

  6. All Kubernetes objects must define resource requests/limits

  7. All Kubernetes objects must define liveness and readiness probes

Load balancing considerations AWS

If you are deploying Coder on AWS EKS and service is set to LoadBalancer, AWS will default to the Classic load balancer. The load balancer external IP will be stuck in a pending status unless sessionAffinity is set to None.

coder: service: type: LoadBalancer sessionAffinity: None

AWS recommends a Network load balancer in lieu of the Classic load balancer. Use the following values.yaml settings to request a Network load balancer:

coder: service: externalTrafficPolicy: Local sessionAffinity: None annotations: { service.beta.kubernetes.io/aws-load-balancer-type: "nlb" }

By default, Coder will set the externalTrafficPolicy to Cluster which will mask client IP addresses in the Audit log. To preserve the source IP, you can either set this value to Local, or pass through the client IP via the X-Forwarded-For header. To configure the latter, set the following environment variables:

coder: env: - name: CODER_PROXY_TRUSTED_HEADERS value: X-Forwarded-For - name: CODER_PROXY_TRUSTED_ORIGINS value: 10.0.0.1/8 # this will be the CIDR range of your Load Balancer IP address

Azure

Certain enterprise environments require the Azure Application Gateway. The Application Gateway supports:

Follow our doc on how to deploy Coder on Azure with an Application Gateway for an example.

Troubleshooting

You can view Coder's logs by getting the pod name from kubectl get pods and then running kubectl logs <pod name>. You can also view these logs in your Cloud's log management system if you are using managed Kubernetes.

Kubernetes-based workspace is stuck in "Connecting..."

Ensure you have an externally-reachable CODER_ACCESS_URL set in your helm chart. If you do not have a domain set up, this should be the IP address of Coder's LoadBalancer (kubectl get svc -n coder).

See troubleshooting templates for more steps.

Next steps

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4