122.1K
Skip to main content
HomeInstallKubernetesDeploy Coder on Azure with an Application Gateway

Deploy Coder on Azure with an Application Gateway

In certain enterprise environments, the Azure Application Gateway is required.

These steps serve as a proof-of-concept example so that you can get Coder running with Kubernetes on Azure. Your deployment might require a separate Postgres server or signed certificates.

The Application Gateway supports:

  • Websocket traffic (required for workspace connections)
  • TLS termination

Refer to Microsoft's documentation on how to enable application gateway ingress controller add-on for an existing AKS cluster with an existing application gateway. The steps here follow the Microsoft tutorial for a Coder deployment.

Deploy Coder on Azure with an Application Gateway

  1. Create Azure resource group:

    az group create --name myResourceGroup --location eastus

  2. Create AKS cluster:

    az aks create --name myCluster --resource-group myResourceGroup --network-plugin azure --enable-managed-identity --generate-ssh-keys

  3. Create public IP:

    az network public-ip create --name myPublicIp --resource-group myResourceGroup --allocation-method Static --sku Standard

  4. Create VNet and subnet:

    az network vnet create --name myVnet --resource-group myResourceGroup --address-prefix 10.0.0.0/16 --subnet-name mySubnet --subnet-prefix 10.0.0.0/24

  5. Create Azure application gateway, attach VNet, subnet and public IP:

    az network application-gateway create --name myApplicationGateway --resource-group myResourceGroup --sku Standard_v2 --public-ip-address myPublicIp --vnet-name myVnet --subnet mySubnet --priority 100

  6. Get app gateway ID:

    appgwId=$(az network application-gateway show --name myApplicationGateway --resource-group myResourceGroup -o tsv --query "id")

  7. Enable app gateway ingress to AKS cluster:

    az aks enable-addons --name myCluster --resource-group myResourceGroup --addon ingress-appgw --appgw-id $appgwId

  8. Get AKS node resource group:

    nodeResourceGroup=$(az aks show --name myCluster --resource-group myResourceGroup -o tsv --query "nodeResourceGroup")

  9. Get AKS VNet name:

    aksVnetName=$(az network vnet list --resource-group $nodeResourceGroup -o tsv --query "[0].name")

  10. Get AKS VNet ID:

    aksVnetId=$(az network vnet show --name $aksVnetName --resource-group $nodeResourceGroup -o tsv --query "id")

  11. Peer VNet to AKS VNet:

    az network vnet peering create --name AppGWtoAKSVnetPeering --resource-group myResourceGroup --vnet-name myVnet --remote-vnet $aksVnetId --allow-vnet-access

  12. Get app gateway VNet ID:

    appGWVnetId=$(az network vnet show --name myVnet --resource-group myResourceGroup -o tsv --query "id")

  13. Peer AKS VNet to app gateway VNet:

    az network vnet peering create --name AKStoAppGWVnetPeering --resource-group $nodeResourceGroup --vnet-name $aksVnetName --remote-vnet $appGWVnetId --allow-vnet-access

  14. Get AKS credentials:

    az aks get-credentials --name myCluster --resource-group myResourceGroup

  15. Create Coder namespace:

    kubectl create ns coder

  16. Deploy non-production PostgreSQL instance to AKS cluster:

    helm repo add bitnami https://charts.bitnami.com/bitnami helm install coder-db bitnami/postgresql \ --namespace coder \ --set auth.username=coder \ --set auth.password=coder \ --set auth.database=coder \ --set persistence.size=10Gi

  17. Create the PostgreSQL secret:

    kubectl create secret generic coder-db-url -n coder --from-literal=url="postgres://coder:[email protected]:5432/coder?sslmode=disable"

  18. Deploy Coder to AKS cluster:

    helm repo add coder-v2 https://helm.coder.com/v2 helm install coder coder-v2/coder \ --namespace coder \ --values values.yaml \ --version 2.18.5

  19. Clean up Azure resources:

    az group delete --name myResourceGroup az group delete --name MC_myResourceGroup_myCluster_eastus

  20. Deploy the gateway - this needs clarification

  21. After you deploy the gateway, add the following entries to Helm's values.yaml file before you deploy Coder:

    service: enable: true type: ClusterIP sessionAffinity: None externalTrafficPolicy: Cluster loadBalancerIP: "" annotations: {} httpNodePort: "" httpsNodePort: "" ingress: enable: true className: "azure-application-gateway" host: "" wildcardHost: "" annotations: {} tls: enable: false secretName: "" wildcardSecretName: ""