Supported Network configurations
I'm trying to configure a coder setup on Kubernetes that is on a locked down cloud provider managed cluster. The configuration has a totally private K8s nodes with only private vpc IPs. The k8s nodes can access the open internet via a NAT with a static IP. The coder server is deployed on kubernetes via helm and I've got the load balancer set as cluster-IP and I've created my own ingress service to route to that. There are security rules specifying that the ingress service is only available to the NAT static IP and a range of CIDRs for a sepcific network.
I can access the the UI and I can spin up workspaces fine. I can also terminal access from the UI into workspaces. But I can't ssh from the coder command line tools to the workspaces, which is crucial to what I'm setting up. When I try to test the connection using coder -v speedtest I get errors like below trying to connect to the ingress service IP:
"derp_forced_websockets": {"999": "GET failed with status code 400 (a proxy could be disallowing the use of 'Upgrade: derp'): html head meta http-equiv="content-type" content="text/html;charset=utf-8" title 400 Bad Request /title /head body text=#000000 bgcolor=#ffffff h1 Error: Bad Request /h1 h2 Your client has issued a malformed or illegal request.
I'm pretty sure that this is mostly because I'm using http ingress and the connection is defaulting to https that I don't have. So I'm looking at fixing that. But what confuses me was that before when I had a fully public cluster the coder command line ssh did work. So what was different in that case? Did the command line ssh connection open a websocket direct to the workspace pod agent?
I can access the the UI and I can spin up workspaces fine. I can also terminal access from the UI into workspaces. But I can't ssh from the coder command line tools to the workspaces, which is crucial to what I'm setting up. When I try to test the connection using coder -v speedtest I get errors like below trying to connect to the ingress service IP:
"derp_forced_websockets": {"999": "GET failed with status code 400 (a proxy could be disallowing the use of 'Upgrade: derp'): html head meta http-equiv="content-type" content="text/html;charset=utf-8" title 400 Bad Request /title /head body text=#000000 bgcolor=#ffffff h1 Error: Bad Request /h1 h2 Your client has issued a malformed or illegal request.
I'm pretty sure that this is mostly because I'm using http ingress and the connection is defaulting to https that I don't have. So I'm looking at fixing that. But what confuses me was that before when I had a fully public cluster the coder command line ssh did work. So what was different in that case? Did the command line ssh connection open a websocket direct to the workspace pod agent?
