From 64bbbec13e7c1d5d1c4cf8877ca8847ec128e13e Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 14 Jun 2023 15:52:20 +0000 Subject: [PATCH 1/4] docs: add steps for configuring trusted headers & origins in Helm chart --- docs/install/kubernetes.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/install/kubernetes.md b/docs/install/kubernetes.md index 662ed11e4d3a2..9bff1f8610f94 100644 --- a/docs/install/kubernetes.md +++ b/docs/install/kubernetes.md @@ -133,6 +133,21 @@ to log in and manage templates. } ``` + By default, Coder will set the `externalTrafficPolicy` to `Cluster` which will + mask client IP addresses in the Audit log. To preserve the source IP, you can either + set this value to `Local`, or pass through the client IP via the X-Forwarded-For + header. To configure the latter, set the following environment + variables: + + ```yaml + coder: + env: + - name: CODER_PROXY_TRUSTED_HEADERS + value: X-Forwarded-For + - name: CODER_PROXY_TRUSTED_ORIGINS + value: 10.0.0.1/8 # this will be the CIDR range of your Load Balancer IP address + ``` + 1. Run the following command to install the chart in your cluster. ```console From b567823fbf2699ce1029398a42beaab40b61b4e7 Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 14 Jun 2023 15:58:06 +0000 Subject: [PATCH 2/4] make: fmt --- docs/install/kubernetes.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/install/kubernetes.md b/docs/install/kubernetes.md index 9bff1f8610f94..6d4f9f6bbf5f9 100644 --- a/docs/install/kubernetes.md +++ b/docs/install/kubernetes.md @@ -139,14 +139,14 @@ to log in and manage templates. header. To configure the latter, set the following environment variables: - ```yaml - coder: - env: +```yaml +coder: + env: - name: CODER_PROXY_TRUSTED_HEADERS value: X-Forwarded-For - name: CODER_PROXY_TRUSTED_ORIGINS value: 10.0.0.1/8 # this will be the CIDR range of your Load Balancer IP address - ``` +``` 1. Run the following command to install the chart in your cluster. From 6c572878cc453704fe1f4ad89e4d131966323b7c Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 14 Jun 2023 17:52:01 +0000 Subject: [PATCH 3/4] add: lb considerations header --- docs/install/kubernetes.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/install/kubernetes.md b/docs/install/kubernetes.md index 6d4f9f6bbf5f9..a048e7a47173b 100644 --- a/docs/install/kubernetes.md +++ b/docs/install/kubernetes.md @@ -121,6 +121,8 @@ to log in and manage templates. sessionAffinity: None ``` +### Load balancing considerations + AWS however recommends a Network load balancer in lieu of the Classic load balancer. Use the following `values.yaml` settings to request a Network load balancer: ```yaml From b32145f4cb8a9b642762aa79c7f602636bbc2f0a Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 14 Jun 2023 18:00:12 +0000 Subject: [PATCH 4/4] make: fmt --- docs/install/kubernetes.md | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/install/kubernetes.md b/docs/install/kubernetes.md index a048e7a47173b..1e2deed0c4260 100644 --- a/docs/install/kubernetes.md +++ b/docs/install/kubernetes.md @@ -123,23 +123,23 @@ to log in and manage templates. ### Load balancing considerations - AWS however recommends a Network load balancer in lieu of the Classic load balancer. Use the following `values.yaml` settings to request a Network load balancer: +AWS however recommends a Network load balancer in lieu of the Classic load balancer. Use the following `values.yaml` settings to request a Network load balancer: - ```yaml - coder: - service: - externalTrafficPolicy: Local - sessionAffinity: None - annotations: { - service.beta.kubernetes.io/aws-load-balancer-type: "nlb" - } - ``` +```yaml +coder: + service: + externalTrafficPolicy: Local + sessionAffinity: None + annotations: { + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + } +``` - By default, Coder will set the `externalTrafficPolicy` to `Cluster` which will - mask client IP addresses in the Audit log. To preserve the source IP, you can either - set this value to `Local`, or pass through the client IP via the X-Forwarded-For - header. To configure the latter, set the following environment - variables: +By default, Coder will set the `externalTrafficPolicy` to `Cluster` which will +mask client IP addresses in the Audit log. To preserve the source IP, you can either +set this value to `Local`, or pass through the client IP via the X-Forwarded-For +header. To configure the latter, set the following environment +variables: ```yaml coder: