Coder logo

Deploy Coder on Azure with an Application Gateway

Deploy Coder on Azure with an Application Gateway

In certain enterprise environments, the Azure Application Gateway is required.

These steps serve as a proof-of-concept example so that you can get Coder running with Kubernetes on Azure. Your deployment might require a separate Postgres server or signed certificates.

The Application Gateway supports:

  • Websocket traffic (required for workspace connections)
  • TLS termination

Refer to Microsoft's documentation on how to enable application gateway ingress controller add-on for an existing AKS cluster with an existing application gateway. The steps here follow the Microsoft tutorial for a Coder deployment.

Deploy Coder on Azure with an Application Gateway

  1. Create Azure resource group:

    az group create --name myResourceGroup --location eastus
    
  2. Create AKS cluster:

    az aks create --name myCluster --resource-group myResourceGroup --network-plugin azure --enable-managed-identity --generate-ssh-keys
    
  3. Create public IP:

    az network public-ip create --name myPublicIp --resource-group myResourceGroup --allocation-method Static --sku Standard
    
  4. Create VNet and subnet:

    az network vnet create --name myVnet --resource-group myResourceGroup --address-prefix 10.0.0.0/16 --subnet-name mySubnet --subnet-prefix 10.0.0.0/24
    
  5. Create Azure application gateway, attach VNet, subnet and public IP:

    az network application-gateway create --name myApplicationGateway --resource-group myResourceGroup --sku Standard_v2 --public-ip-address myPublicIp --vnet-name myVnet --subnet mySubnet --priority 100
    
  6. Get app gateway ID:

    appgwId=$(az network application-gateway show --name myApplicationGateway --resource-group myResourceGroup -o tsv --query "id")
    
  7. Enable app gateway ingress to AKS cluster:

    az aks enable-addons --name myCluster --resource-group myResourceGroup --addon ingress-appgw --appgw-id $appgwId
    
  8. Get AKS node resource group:

    nodeResourceGroup=$(az aks show --name myCluster --resource-group myResourceGroup -o tsv --query "nodeResourceGroup")
    
  9. Get AKS VNet name:

    aksVnetName=$(az network vnet list --resource-group $nodeResourceGroup -o tsv --query "[0].name")
    
  10. Get AKS VNet ID:

    aksVnetId=$(az network vnet show --name $aksVnetName --resource-group $nodeResourceGroup -o tsv --query "id")
    
  11. Peer VNet to AKS VNet:

    az network vnet peering create --name AppGWtoAKSVnetPeering --resource-group myResourceGroup --vnet-name myVnet --remote-vnet $aksVnetId --allow-vnet-access
    
  12. Get app gateway VNet ID:

    appGWVnetId=$(az network vnet show --name myVnet --resource-group myResourceGroup -o tsv --query "id")
    
  13. Peer AKS VNet to app gateway VNet:

    az network vnet peering create --name AKStoAppGWVnetPeering --resource-group $nodeResourceGroup --vnet-name $aksVnetName --remote-vnet $appGWVnetId --allow-vnet-access
    
  14. Get AKS credentials:

    az aks get-credentials --name myCluster --resource-group myResourceGroup
    
  15. Create Coder namespace:

    kubectl create ns coder
    
  16. Deploy non-production PostgreSQL instance to AKS cluster:

    helm repo add bitnami https://charts.bitnami.com/bitnami
    helm install coder-db bitnami/postgresql \
    --set image.repository=bitnamilegacy/postgresql \
    --namespace coder \
    --set auth.username=coder \
    --set auth.password=coder \
    --set auth.database=coder \
    --set persistence.size=10Gi
    
  17. Create the PostgreSQL secret:

    kubectl create secret generic coder-db-url -n coder --from-literal=url="postgres://coder:[email protected]:5432/coder?sslmode=disable"
    
  18. Deploy Coder to AKS cluster:

    helm repo add coder-v2 https://helm.coder.com/v2
    helm install coder coder-v2/coder \
        --namespace coder \
     --values values.yaml \
     --version 2.25.2
    
  19. Clean up Azure resources:

    az group delete --name myResourceGroup
    az group delete --name MC_myResourceGroup_myCluster_eastus
    
  20. Deploy the gateway - this needs clarification

  21. After you deploy the gateway, add the following entries to Helm's values.yaml file before you deploy Coder:

      service:
        enable: true
        type: ClusterIP
        sessionAffinity: None
        externalTrafficPolicy: Cluster
        loadBalancerIP: ""
        annotations: {}
        httpNodePort: ""
        httpsNodePort: ""
    
      ingress:
        enable: true
        className: "azure-application-gateway"
        host: ""
        wildcardHost: ""
        annotations: {}
        tls:
          enable: false
          secretName: ""
          wildcardSecretName: ""