Skip to content
Snippets Groups Projects
Unverified Commit 06abb3db authored by Théo Zimmermann's avatar Théo Zimmermann
Browse files

Document skipping the load balancer.

parent ec5c811a
No related branches found
No related tags found
No related merge requests found
......@@ -210,18 +210,24 @@ helm repo add coder-v2 https://helm.coder.com/v2
helm install coder coder-v2/coder --namespace coder --values /tmp/coder-values.yml --version 2.13.5 # Latest stable version
```
A public IP is created for the Coder load balancer, but it won't be useful, as the reverse proxy will be used to access Coder via HTTPS. Thus, we can remove the public IP.
A public IP is created for the Coder load balancer, but it won't be useful, as the reverse proxy will be used to access Coder via HTTPS. Thus, we can release the public IP in the OpenStack dashboard.
### Install the reverse proxy
Retrieve the private IP of the Coder load balancer.
We have to set up a reverse proxy so that Coder can be accessed via HTTPS. Since this adds a new server on the path to Coder, the load balancer becomes less useful, even more so because there is only one Coder instance and thus no need for load balancing. Furthermore, the load balancer does not know where the Coder pod is located, so it redirects its traffic to all nodes, which can add further latency.
Locate the node where the Coder pod is running and which nodePort it is bound to, by running the following command (still on the master node):
```bash
openstack loadbalancer list -f json | jq -r \
'.[] | select(.name | contains("coder")) | .vip_address'
kubectl get pods -n coder -o wide # get the node name
kubectl get svc -n coder # get the nodePort to which the Coder load balancer binds its port 80
```
(This can also be done via the OpenStack dashboard. And it is also possible to remove the public IP there.)
Get the private IP of the node in the `inf110` network, by running the following command (from where `openstack` is available):
```bash
openstack server list
```
Install the reverse proxy on the reverse proxy VM.
......@@ -237,7 +243,7 @@ Edit the `/etc/nginx/sites-available/default` file (`vim /etc/nginx/sites-availa
```nginx
location / {
proxy_pass http://10.0.0.XXX;
proxy_pass http://10.0.0.XXX:XXXXX;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
......@@ -245,7 +251,7 @@ Edit the `/etc/nginx/sites-available/default` file (`vim /etc/nginx/sites-availa
}
```
where `10.0.0.XXX` was replaced with the private IP of the Coder load balancer.
where `10.0.0.XXX:XXXXX` was replaced with the private IP of the node and the nodePort of the Coder service.
Restart the Nginx service.
......@@ -253,6 +259,28 @@ Restart the Nginx service.
systemctl restart nginx
```
Note that the reverse proxy redirects its traffic to a specific node and nodePort.
If the Coder pod is rescheduled to another node, the reverse proxy will keep working because Kubernetes redirects traffic on a nodePort to the correct pod, but the performance will decrease.
However, if the nodePort changed or the initial node was deleted, the reverse proxy configuration would need to be updated.
Ideally, we should rather set up certbot directly on the load balancer and apply the following patch to `coder-values.yml`:
```diff
diff --git a/coder-values.yml b/coder-values.yml
index 362ac36..d69952f 100644
--- a/coder-values.yml
+++ b/coder-values.yml
@@ -1,4 +1,6 @@
coder:
+ service:
+ externalTrafficPolicy: Local
env:
- name: CODER_PG_CONNECTION_URL
valueFrom:
```
This would allow the load balancer to always directly redirect traffic to the correct node.
## Coder management
Access Coder via the reverse proxy (https://tp-inf110.r2.enst.fr) and create the admin user.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment