Installing coder in EKS
Hello, I'm trying to install Coder and I'm having some difficulty connecting everything.
1. I created an NLB with Ingress Nginx (basic config: ports 80 and 443). The certificate is from ACM.
2. In the Helm chart for Coder, I configured Cognito, set the URL with my NLB DNS, and enabled ClusterIP.
3. I created an Ingress (not in the Coder Helm chart) to point to port 80.
Question 1: Is this the correct way to expose Coder outside of EKS? For now, I enter the NLB DNS name, but it looks like I can't redirect to Coder.
Question 2: Has anyone successfully used Cognito to retrieve the email and create the account at login? I'm using the Authorization Code Grant, and even with the secret key, it looks like Coder can't decode the token.
Thanks
Solution:Jump to solution
Yes 🙂 in the config i missed "internet-facing" x_x thanks to GPT haha, but i wonder if the team who code the template file for the load balancer parameter to check if they can add the security group option 🙂
26 Replies
<#1350085949635428424>
Category
Help needed
Product
Coder (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
Bonjour :-)
Question 1: Is this the correct way to expose Coder outside of EKS? For now, I enter the NLB DNS name, but it looks like I can't redirect to Coder.yes, this should be one of the correct ways to expose it, I've always used the Ingress from the chart though, so I'm not sure how it'll work in your case
Question 2: Has anyone successfully used Cognito to retrieve the email and create the account at login? I'm using the Authorization Code Grant, and even with the secret key, it looks like Coder can't decode the token.I assume you're trying to use Cognito via OAuth, are you met with any error messages?
Hi 🙂 , for cognito i try oidc and i have the field email not found in the paylaod.
by default, Coder looks for the email in the
email OIDC claim, it sounds like it has a different name with Cognito
you can set the CODER_OIDC_EMAIL_FIELD environment variable to whatever Cognito uses
if you can't find it, you can set CODER_VERBOSE=true to find all the claims in the debug log
see https://coder.com/docs/admin/users/oidc-auth#oidc-claims for more infoThanks 🙂 , il have a really good question. I try to use rstudio image and for now just lunch vs code. I read the doc and i dont find any explication about why the agent want to start. And the think is that i need to install my agent in the dockerfile. I saw in the logs that the downlaod URL is my domain(aws alb) but can't not be contacted. Is there a way to force the init script to use my url ? I added in the pod env but the script dont use it i think.
hey, the agent install script uses
CODER_ACCESS_URL, you should change that if possible
if it's not possible, then all you can do is a find-and-replace on the agent's init_scriptIt was hard but i found in the doc that we can setup manualy the value 🙂
In the terraform template
i don't remember this being possible, would you be able to show me how you've done it?
provider "coder" { url = "http://coder.default.svc.cluster.local" }
Its need to be tested in other context to check if its realy working
I found something Nice. You can create an alb in the config. But by défaut its http. Do you know if its possible to use the acm certificate, so with the arn ? And dose it mean i neeed to enable tls in the coder config ? Cause you can not downlaod an acm keys
My réflexion is i neeed to setup nlb, ingress and clusterip
nice, i didn't know about this!
which config are you talking about? the Helm chart's config?
if you enable tls in the Coder config, Coder will serve as https, but not the ingress/load balancer in front of it, so i'd advise to keep Coder in http and just set up SSL for what's in front of it
Yes well the main goal is to redirect https to http 80 to coder, but what annotations i neeed to have ? And with the chart i need to have ingress also ? The flow between nlb and coder is still gray for me to understand
If you have any config of an nlp and coder config that work with acm certificate ( only set in the nlb) it would be Nice 😮
@Phorcys hello, do you know if there is a way to have multiples annotations and configure https ? Without the use of the tls (certificat in acm). Why in the doc annoation:{ annotation }.
sorry for not answering earlier, I only have experience with using regular K8S and don't really know the specifics about AWS AKS
could you show me how you would do it with another app's helm chart maybe? this way it would be easier for me to find a Coder-specific response
from my POV, you're trying to achieve this:
NLB (with HTTP/S cert from ACM) <-> Coder
I think you'd want to edit
coder.service to use the NLB? by default coder.service.type is set to LoadBalancer, but that is the generic K8S approach, maybe AWS needs this to be set to something differentcoder 2.20.2 · coder/coder-v2
Remote development environments on your infrastructure
Yes so the objectif was to set the nlb with the type loadbalancer but after my tests what il found is the first deployment create the alb the correct target group but with no sg . So when il delete the svc and redeploy now 2sg are creates but the target group is now set to 8080 🫠. If coder is design to be deploy in the cloud, aws but be have a special config
And i do exactly what the doc seed. Only the lines for the nlb
since i'm not really sure, i will attempt setting up Coder in AWS via the Helm chart to see
will you be at KubeCon EU next week? we could meet up there if you want
Well im in Canada Montréal
Thanks 🙂 maybe i miss a key point
Somewhat related but what is the recommended amount of CPU/RAM for the nodes running coder workspaces?
It's subjective and depends what you want to run in your workspace.
. @Phorcys did you have time to install coder in aws ? 🙂
The challange is to attach a security group with the nlb . Dont know why is so hard to do
hey, sorry, not yet, this is lower priority than the other issues we have since it's not a coder-specific question but rather coder-in-aws
given i don't really have the AWS knowledge needed to give you a proper answer at the moment, i need to dig deeper but it takes time :-)
No problem 🙂 , i continue to debug on my side and if i find something i will let you know
hey! were you able to figure this out?
Solution
Yes 🙂 in the config i missed "internet-facing" x_x thanks to GPT haha, but i wonder if the team who code the template file for the load balancer parameter to check if they can add the security group option 🙂
i will check it out, thanks for following up!
Hello, I jumped in this chat because I have a similar setup in EKS except my cluster has cert-manager and external DNS. So I'm able to get a TLS cert from Venafi and create a record in Route 53 to access the dashboard. The problem that I'm facing is that my EKS Cluster is private and does not have access to the internet. So I tried 2 approaches and they yield similar results.
Problems I'm seeing with my setup
1. When I try to use a K8s Deployment template I see error in the logs that says, "failed to query provider from registry.coder.com".
2. 1. When I try to use a K8s Devcontainer template I see error in the logs that says, "failed to query provider from artifactory.my-company.com"
I don't know why 2 templates are creating 2 different errors
Steps I took to try to solve my problem
1. In my helm chart, I have an initcontainer that "supposedly" pull a different Terraform binary to use, pull the terraformrc file from the initcontainer image, and also the credentials.tfrc.json file as well. Since my cluster doesn't have access to the internet but it does have access to Artifactory. I thought doing this would remedy my issue.
2. log into the server with the coder CLI and update the templates. This didn't work because when I try to push the template I get a error stating, "Websocket protocol violation: Connection header "close" does not contain Upgrade".
I'll get back to you soon with a more detailed answer but the current TL;DR is that we don't support the module registry well with air-gapped deployments and you should download the individual modules from https://github.com/coder/modules and install them from a local source (git repo) instead
GitHub
GitHub - coder/modules: A collection of Terraform Modules to extend...
A collection of Terraform Modules to extend Coder templates. - coder/modules