SSH in k8s install not working
Hi,
I've gotten coder working in my k8s cluster, which is an experimental cluster on a number of VPSes. I can connect to it/ log in via the access URL I've created (i.e. coder.atsomedomain.com) and via the CLI I have installed locally. I've uploaded a template and can create a workspace. However, the port forward URL and SSH aren't working. The SSH connection times out it seems. I've read through a ton of issues and threads here and I believe this might be an issue with how I have ingress set up.
My initial question is, can someone explain how the connectivity is supposed to happen between the client/ user and the workspace via SSH? Is port 22 necessary by chance? From what I was reading, it isn't. Yet, SSH isn't working. Any tips on how to trouble shoot this problem would be greatly appreciated.
38 Replies
Ok. I reread the Architecture section of the docs and the agents in the workspaces are tunnelled via Tailscale/Wireguard. I'm guessing that is how the SSH is happening. What I'm not understanding is how that connection can happen. No service(s) is/are set up for the workspace pod(s). 🤔
so,
coder ssh is not "real SSH", it's SSH over WebSocket on the client side, on the workspace side, your template should install the coder agent and that agent communicates with the server using DERP (lirc), could you show me your template? usually, the issue either comes from there or some k8s conf
but I don't have much experience using k8s
could you check if your coder workspace can communicate with the server using some kubernetes cli (i'm thinking of a feature like docker exec where you could run a ping/curl to see if traffic goes through)Hey. Thanks for replying. The template I used is the example one here: https://github.com/coder/coder/tree/main/examples/templates/kubernetes
I can exec into the workspace and server pods.
I can also share the logs each pod puts out.
that could come in handy yeah
The only change I made was upping the version to the newest in the coder_agent resource.
that shouldn't cause issues at all
That is what I thought too.
alright, I'll have to go in a bit for some hours, I'll check when I come back
What I'm uncertain about is how do the workspace agents get a line of communication to the outside world? From my understanding, for the code-server, it goes through the actual code server. But, the agents and SSH, how should they connect?
I appreciate any help I can get. Thanks! and CU! 🙂
This is the output from the workspace pod.
I've been reading about Tailscale. Can I assume correctly that a Tailscale server is built into the coder server v2? I noticed in the Tailscale docs, that to use coder as a client would need a Tailscale registration (which would be ridiculous). Maybe their docs are very outdated?
Oh. Ok. I'm getting things mixed up. The Tailscale docs speak about code-server, not coder.
What I'm missing, conceptually, is how this part of the communication is supposed to happen between the client and the coder agent.
Cause, according to Tailscale, there are a couple of methods to get the Tailnet going in k8s. However, it seems none of them are happening with the k8s Terraform example template i.e. no service being exposed. No sidecar being added. No Proxy pod being added. etc.
AFAIK
coder client <-> coder server <-> coder agent on workspace
although I am not sure when tailscale comes into play
btw agent and SSH are the same thing (SSH is built in to the agent)
@Phorcys
coder client <-> coder server <-> coder agent on workspaceCurrently that is the only way it can happen, if that's what is what happens. LOL! 😄 That would also mean the diagram above is conceptually incorrect.
btw agent and SSH are the same thing (SSH is built in to the agent)That is what I understand too, but is it peer to peer to the user? Or is the SSH tunnel proxied by coderd?