Access to workspaces via ssh when coder is install on kubernetes

[travis373]

I've been experimenting with installing coder on kubernetes. It's unclear to me what the expectation is for setting CODER_ACCESS_URL to allow users to ssh into workspace pods.

If I install coder via the helm chart and set no CODER_ACCESS_URL then I can get to the UI via the external IP of the load balancer service and successfully start simple workspaces. I can also use the CLI against that external IP. However, when I try to ssh into the workspaces using the coder ssh config the ssh command simply hangs. Looking at the workspace pods I can see they connect to the coder server via the load balancer service local cluster name, which makes sense to me.

I can only manage to ssh into the workspace pods if I upgrade the helm deployment with CODER_ACCESS_URL set to the load balancer external IP so that the worker pods are also using that IP to connect to the coder server.

It confuses me if this is intentional or not? What am I supposed to do if the external load balancer IP isn't accessible by the pods? For example, If I create a private kubernetes cluster with public access only via a bastion host, the pods will have to connect to the coder server via the local service name, which just causes ssh connections to hang.

[matifali]

https://coder.com/docs/v2/latest/admin/configure#access-url
As per docs, it should be the external IP or a domain pointing to that.

[travis373]

I understand that, but what about the case where you are using a private cluster where the workspace don't have access to the external IP? My understanding is that isn't an uncommon setup. Why can't the workspaces access the url via the internal cluster service and the users access it via the external IP?

In the case of a private cluster, do we need to setup the internal service name to be the same as the externally accessible CODER_ACCESS_URL?

[bpmct]

You can use an internal service name for specific templates. Here are the docs. However, each workspace will need some way to reach the Coder dashboard URL.