Custom Relay Servers
A relay server is a component that acts as an intermediary between the IDE client on the developer's local machine and the IDE backend running in a remote environment. It enables secure communication when inbound connections to dev environments are restricted by firewalls or other security policies. By default, CodeCanvas deploys the relay server in the CodeCanvas application cluster.
Deploying a relay server in a custom location (a separate Kubernetes cluster) may be needed for multi-region support. If your dev environment cluster is hosted in a different region from the CodeCanvas application cluster, deploying a relay server closer to the dev environment cluster can significantly reduce latency.
Prerequisites
A Kubernetes cluster where you want to deploy the relay server (we'll refer to it as the relay cluster). It is possible to deploy the relay server in the dev environment cluster itself.
The relay cluster is network-accessible from the CodeCanvas application cluster and the dev environment cluster.
The relay cluster must have an ingress controller installed and configured.
You have a domain name for the relay server (e.g.,
relay.example.com) that resolves within the relay cluster.A cert-manager must be installed in the relay cluster. Ensure the cert-manager is properly configured to issue certificates for your relay server's domain.
Deploy custom relay server
In CodeCanvas, select Administration in the header navigation, then in the sidebar menu, select Relay Servers.
Click New connection.
Specify a relay server Name and a Relay server URL (e.g.,
wss://relay.example.com), then click Save. The server will be added to the list of relay servers in the Inactive state.Open the newly added relay server and copy the Connection snippet (a Kubernetes secret manifest). The snippet looks like this:
apiVersion: v1 kind: Secret metadata: name: codecanvas-relay-secret type: Opaque data: JWT_PUBLIC_KEY: <encoded-public-key>Here,
metadata.nameis the name of the secret. In our example, it iscodecanvas-relay-secret.Create a Kubernetes secret file (e.g.,
relay-secret.yaml) and paste the snippet.Apply the secret to the relay cluster:
kubectl -n RELAY_NAMESPACE_PLACEHOLDER apply -f relay-secret.yamlHere
RELAY_NAMESPACE_PLACEHOLDERis the Kubernetes namespace where the relay server is deployed.Create a
relay.values.yamlfile with the following content:application: ingress: ingressClassName: "INGRESS_CLASS_PLACEHOLDER" hostname: "gateway.RELAY_DOMAIN_PLACEHOLDER" annotations: "cert-manager.io/cluster-issuer": "CERT_MANAGER_NAME_PLACEHOLDER" tls: - hosts: - "gateway.RELAY_DOMAIN_PLACEHOLDER" secretName: gateway-tls secret: existingSecretName: "SECRET_NAME_PLACEHOLDER" ## Alternatively to secret, you can provide the not-encoded public key value # relayJwtPublicKey: GATEWAY_PUBLIC_KEY_PLACEHOLDERHere,
codecanvas-relay-secretis the name of the secret created in the relay cluster.Here:
INGRESS_CLASS_PLACEHOLDER– an ingress class name in the relay cluster.RELAY_DOMAIN_PLACEHOLDER– a domain name reserved for the relay server, e.g.,relay.example.com.CERT_MANAGER_NAME_PLACEHOLDER– a name of the cert-manager issuer in the relay cluster.SECRET_NAME_PLACEHOLDER– a name of the relay server secret. In our example, it iscodecanvas-relay-secret.GATEWAY_PUBLIC_KEY_PLACEHOLDER– alternatively to providing a secret name, you can provide the not-encoded public key value directly. You can copy it from the relay server page in CodeCanvas from the Public key field.
Apply the changes to the relay cluster:
helm upgrade -n RELAY_NAMESPACE_PLACEHOLDER --wait --install \ -f relay.values.yaml \ codecanvas-relay \ oci://public.registry.jetbrains.space/p/codecanvas/release-charts/codecanvas-relay \ --version 2024.3.1Replace
RELAY_NAMESPACE_PLACEHOLDERwith the Kubernetes namespace where the relay server is deployed.In CodeCanvas, open the relay server page and ensure that the server is in the Active state.
The custom relay server is now ready for use. When configuring a computing platform, select the custom relay server from the Relay server dropdown.