HomeInstallKubernetesDeploy Coder on Azure with an Application Gateway

Deploy Coder on Azure with an Application Gateway

In certain enterprise environments, the Azure Application Gateway is required.

These steps serve as a proof-of-concept example so that you can get Coder running with Kubernetes on Azure. Your deployment might require a separate Postgres server or signed certificates.

The Application Gateway supports:

  • Websocket traffic (required for workspace connections)
  • TLS termination

Refer to Microsoft's documentation on how to enable application gateway ingress controller add-on for an existing AKS cluster with an existing application gateway. The steps here follow the Microsoft tutorial for a Coder deployment.

Deploy Coder on Azure with an Application Gateway

  1. Create Azure resource group:

    az group create --name myResourceGroup --location eastus
  2. Create AKS cluster:

    az aks create --name myCluster --resource-group myResourceGroup --network-plugin azure --enable-managed-identity --generate-ssh-keys
  3. Create public IP:

    az network public-ip create --name myPublicIp --resource-group myResourceGroup --allocation-method Static --sku Standard
  4. Create VNet and subnet:

    az network vnet create --name myVnet --resource-group myResourceGroup --address-prefix 10.0.0.0/16 --subnet-name mySubnet --subnet-prefix 10.0.0.0/24
  5. Create Azure application gateway, attach VNet, subnet and public IP:

    az network application-gateway create --name myApplicationGateway --resource-group myResourceGroup --sku Standard_v2 --public-ip-address myPublicIp --vnet-name myVnet --subnet mySubnet --priority 100
  6. Get app gateway ID:

    appgwId=$(az network application-gateway show --name myApplicationGateway --resource-group myResourceGroup -o tsv --query "id")
  7. Enable app gateway ingress to AKS cluster:

    az aks enable-addons --name myCluster --resource-group myResourceGroup --addon ingress-appgw --appgw-id $appgwId
  8. Get AKS node resource group:

    nodeResourceGroup=$(az aks show --name myCluster --resource-group myResourceGroup -o tsv --query "nodeResourceGroup")
  9. Get AKS VNet name:

    aksVnetName=$(az network vnet list --resource-group $nodeResourceGroup -o tsv --query "[0].name")
  10. Get AKS VNet ID:

    aksVnetId=$(az network vnet show --name $aksVnetName --resource-group $nodeResourceGroup -o tsv --query "id")
  11. Peer VNet to AKS VNet:

    az network vnet peering create --name AppGWtoAKSVnetPeering --resource-group myResourceGroup --vnet-name myVnet --remote-vnet $aksVnetId --allow-vnet-access
  12. Get app gateway VNet ID:

    appGWVnetId=$(az network vnet show --name myVnet --resource-group myResourceGroup -o tsv --query "id")
  13. Peer AKS VNet to app gateway VNet:

    az network vnet peering create --name AKStoAppGWVnetPeering --resource-group $nodeResourceGroup --vnet-name $aksVnetName --remote-vnet $appGWVnetId --allow-vnet-access
  14. Get AKS credentials:

    az aks get-credentials --name myCluster --resource-group myResourceGroup
  15. Create Coder namespace:

    kubectl create ns coder
  16. Deploy non-production PostgreSQL instance to AKS cluster:

    helm repo add bitnami https://charts.bitnami.com/bitnami helm install coder-db bitnami/postgresql \ --namespace coder \ --set auth.username=coder \ --set auth.password=coder \ --set auth.database=coder \ --set persistence.size=10Gi
  17. Create the PostgreSQL secret:

    kubectl create secret generic coder-db-url -n coder --from-literal=url="postgres://coder:[email protected]:5432/coder?sslmode=disable"
  18. Deploy Coder to AKS cluster:

    helm repo add coder-v2 https://helm.coder.com/v2 helm install coder coder-v2/coder \ --namespace coder \ --values values.yaml \ --version 2.18.5
  19. Clean up Azure resources:

    az group delete --name myResourceGroup az group delete --name MC_myResourceGroup_myCluster_eastus
  20. Deploy the gateway - this needs clarification

  21. After you deploy the gateway, add the following entries to Helm's values.yaml file before you deploy Coder:

    service: enable: true type: ClusterIP sessionAffinity: None externalTrafficPolicy: Cluster loadBalancerIP: "" annotations: {} httpNodePort: "" httpsNodePort: "" ingress: enable: true className: "azure-application-gateway" host: "" wildcardHost: "" annotations: {} tls: enable: false secretName: "" wildcardSecretName: ""