Document skipping the load balancer.

README.md

@@ -210,18 +210,24 @@ helm repo add coder-v2 https://helm.coder.com/v2
 helm install coder coder-v2/coder --namespace coder --values /tmp/coder-values.yml --version 2.13.5 # Latest stable version
 ```
 
-A public IP is created for the Coder load balancer, but it won't be useful, as the reverse proxy will be used to access Coder via HTTPS. Thus, we can remove the public IP.
+A public IP is created for the Coder load balancer, but it won't be useful, as the reverse proxy will be used to access Coder via HTTPS. Thus, we can release the public IP in the OpenStack dashboard.
 
 ### Install the reverse proxy
 
-Retrieve the private IP of the Coder load balancer.
+We have to set up a reverse proxy so that Coder can be accessed via HTTPS. Since this adds a new server on the path to Coder, the load balancer becomes less useful, even more so because there is only one Coder instance and thus no need for load balancing. Furthermore, the load balancer does not know where the Coder pod is located, so it redirects its traffic to all nodes, which can add further latency.
+
+Locate the node where the Coder pod is running and which nodePort it is bound to, by running the following command (still on the master node):
 
 ```bash
-openstack loadbalancer list -f json | jq -r \
-    '.[] | select(.name | contains("coder")) | .vip_address'
+kubectl get pods -n coder -o wide # get the node name
+kubectl get svc -n coder # get the nodePort to which the Coder load balancer binds its port 80
 ```
 
-(This can also be done via the OpenStack dashboard. And it is also possible to remove the public IP there.)
+Get the private IP of the node in the `inf110` network, by running the following command (from where `openstack` is available):
+
+```bash
+openstack server list
+```
 
 Install the reverse proxy on the reverse proxy VM.
 
@@ -237,7 +243,7 @@ Edit the `/etc/nginx/sites-available/default` file (`vim /etc/nginx/sites-availa
 
 ```nginx
         location / {
-                proxy_pass http://10.0.0.XXX;
+                proxy_pass http://10.0.0.XXX:XXXXX;
                 proxy_http_version 1.1;
                 proxy_set_header Upgrade $http_upgrade;
                 proxy_set_header Connection "upgrade";
@@ -245,7 +251,7 @@ Edit the `/etc/nginx/sites-available/default` file (`vim /etc/nginx/sites-availa
         }
 ```
 
-where `10.0.0.XXX` was replaced with the private IP of the Coder load balancer.
+where `10.0.0.XXX:XXXXX` was replaced with the private IP of the node and the nodePort of the Coder service.
 
 Restart the Nginx service.
 
@@ -253,6 +259,28 @@ Restart the Nginx service.
 systemctl restart nginx
 ```
 
+Note that the reverse proxy redirects its traffic to a specific node and nodePort.
+If the Coder pod is rescheduled to another node, the reverse proxy will keep working because Kubernetes redirects traffic on a nodePort to the correct pod, but the performance will decrease.
+However, if the nodePort changed or the initial node was deleted, the reverse proxy configuration would need to be updated.
+
+Ideally, we should rather set up certbot directly on the load balancer and apply the following patch to `coder-values.yml`:
+
+```diff
+diff --git a/coder-values.yml b/coder-values.yml
+index 362ac36..d69952f 100644
+--- a/coder-values.yml
++++ b/coder-values.yml
+@@ -1,4 +1,6 @@
+ coder:
++  service:
++    externalTrafficPolicy: Local
+   env:
+     - name: CODER_PG_CONNECTION_URL
+       valueFrom:
+```
+
+This would allow the load balancer to always directly redirect traffic to the correct node.
+
 ## Coder management
 
 Access Coder via the reverse proxy (https://tp-inf110.r2.enst.fr) and create the admin user.