coder
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/ci.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/about/architecture.md
Lines changed: 157 additions & 0 deletions b/‎docs/about/architecture.md
Lines changed: 157 additions & 0 deletions
diff --git a/‎docs/changelogs/images/support-bundle.png
188 KB b/‎docs/changelogs/images/support-bundle.png
188 KB
diff --git a/‎docs/changelogs/v2.10.0.md
Lines changed: 130 additions & 0 deletions b/‎docs/changelogs/v2.10.0.md
Lines changed: 130 additions & 0 deletions
@@ -485,6 +485,7 @@ jobs:
           CODER_E2E_ENTERPRISE_LICENSE: ${{ secrets.CODER_E2E_ENTERPRISE_LICENSE }}
           CODER_E2E_REQUIRE_ENTERPRISE_TESTS: "1"
         working-directory: site
+        continue-on-error: true
 
       - name: Upload Playwright Failed Tests
         if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
 
@@ -162,3 +162,160 @@ offer the fastest developer experience.
 - Session persistence (sticky sessions) can be disabled as _coderd_ instances
   are stateless.
 - WebSocket and long-lived connections must be supported.
+
+### Multi-cloud architecture
+
+By distributing Coder workspaces across different cloud providers, organizations
+can mitigate the risk of downtime caused by provider-specific outages or
+disruptions. Additionally, multi-cloud deployment enables organizations to
+leverage the unique features and capabilities offered by each cloud provider,
+such as region availability and pricing models.
+
+![Architecture Diagram](../images/architecture-multi-cloud.png)
+
+#### Components
+
+The deployment model comprises:
+
+- `coderd` instances deployed within a single region of the same cloud provider,
+  with replicas strategically distributed across availability zones.
+- Workspace provisioners deployed in each cloud, communicating with `coderd`
+  instances.
+- Workspace proxies running in the same locations as provisioners to optimize
+  user connections to workspaces for maximum speed.
+
+Due to the relatively large overhead of cross-regional communication, it is not
+advised to set up multi-cloud control planes. It is recommended to keep coderd
+replicas and the database within the same cloud-provider and region.
+
+Note: The _multi-cloud architecture_ follows the deployment principles outlined
+in the _multi-region architecture_. However, it adapts component selection based
+on the specific cloud provider. Developers can initiate workspaces based on the
+nearest region and technical specifications provided by the cloud providers.
+
+##### Workload resources
+
+**Workspace provisioner**
+
+- _Security recommendation_: Create a long, random pre-shared key (PSK) and add
+  it to the regional secret store, so that local _provisionerd_ can access it.
+  Remember to distribute it using safe, encrypted communication channel. The PSK
+  must also be added to the _coderd_ configuration.
+
+**Workspace proxy**
+
+- _Security recommendation_: Use `coder` CLI to create
+  [authentication tokens for every workspace proxy](../admin/workspace-proxies.md#requirements),
+  and keep them in regional secret stores. Remember to distribute them using
+  safe, encrypted communication channel.
+
+**Managed database**
+
+- For AWS: _Amazon RDS for PostgreSQL_
+- For Azure: _Azure Database for PostgreSQL - Flexible Server_
+- For GCP: _Cloud SQL for PostgreSQL_
+
+##### Workload supporting resources
+
+**Kubernetes platform (optional)**
+
+- For AWS: _Amazon Elastic Kubernetes Service_
+- For Azure: _Azure Kubernetes Service_
+- For GCP: _Google Kubernetes Engine_
+
+See how to deploy
+[Coder on Azure Kubernetes Service](https://github.com/ericpaulsen/coder-aks).
+
+Learn more about [security requirements](../install/kubernetes.md) for deploying
+Coder on Kubernetes.
+
+**Load balancer**
+
+- For AWS:
+  - _AWS Network Load Balancer_
+    - Level 4 load balancing
+    - For Kubernetes deployment: annotate service with
+      `service.beta.kubernetes.io/aws-load-balancer-type: "nlb"`, preserve the
+      client source IP with `externalTrafficPolicy: Local`
+  - _AWS Classic Load Balancer_
+    - Level 7 load balancing
+    - For Kubernetes deployment: set `sessionAffinity` to `None`
+- For Azure:
+  - _Azure Load Balancer_
+    - Level 7 load balancing
+  - Azure Application Gateway
+    - Deploy Azure Application Gateway when more advanced traffic routing
+      policies are needed for Kubernetes applications.
+    - Take advantage of features such as WebSocket support and TLS termination
+      provided by Azure Application Gateway, enhancing the capabilities of
+      Kubernetes deployments on Azure.
+- For GCP:
+  - _Cloud Load Balancing_ with SSL load balancer:
+    - Layer 4 load balancing, SSL enabled
+  - _Cloud Load Balancing_ with HTTPS load balancer:
+    - Layer 7 load balancing
+    - For Kubernetes deployment: annotate service (with ingress enabled) with
+      `kubernetes.io/ingress.class: "gce"`, leverage the `NodePort` service
+      type.
+    - Note: HTTP load balancer rejects DERP upgrade, Coder will fallback to
+      WebSockets
+
+**Single sign-on**
+
+- For AWS:
+  [AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html)
+- For Azure:
+  [Microsoft Entra ID Sign-On](https://learn.microsoft.com/en-us/entra/identity/app-proxy/)
+- For GCP:
+  [Google Cloud Identity Platform](https://cloud.google.com/architecture/identity/single-sign-on)
+
+### Dev Container
+
+Note: _Dev containers_ are at early stage and considered experimental at the
+moment.
+
+This architecture enhances a Coder workspace with a
+[development container](https://containers.dev/) setup built using the
+[envbuilder](https://github.com/coder/envbuilder) project. Workspace users have
+the flexibility to extend generic, base developer environments with custom,
+project-oriented [features](https://containers.dev/features) without requiring
+platform administrators to push altered Docker images.
+
+Learn more about
+[Dev containers support](https://coder.com/docs/v2/latest/templates/devcontainers)
+in Coder.
+
+![Architecture Diagram](../images/architecture-devcontainers.png)
+
+#### Components
+
+The deployment model includes:
+
+- _Workspace_ built using Coder template with _envbuilder_ enabled to set up the
+  developer environment accordingly to the dev container spec.
+- _Container Registry_ for Docker images used by _envbuilder_, maintained by
+  Coder platform engineers or developer productivity engineers.
+
+Since this model is strictly focused on workspace nodes, it does not affect the
+setup of regional infrastructure. It can be deployed alongside other deployment
+models, in multiple regions, or across various cloud platforms.
+
+##### Workload resources
+
+**Workspace**
+
+- Docker and Kubernetes based templates are supported.
+- The `docker_container` resource uses `ghcr.io/coder/envbuilder` as the base
+  image.
+
+_Envbuilder_ checks out the base Docker image from the container registry and
+installs selected features as specified in the `devcontainer.json` on top.
+Eventually, it starts the container with the developer environment.
+
+##### Workload supporting resources
+
+**Container Registry (optional)**
+
+- Workspace nodes need access to the Container Registry to check out images. To
+  shorten the provisioning time, it is recommended to deploy registry mirrors in
+  the same region as the workspace nodes.
@@ -0,0 +1,130 @@
+## Changelog
+
+> [!NOTE]
+> This is a mainline Coder release. We advise enterprise customers without a staging environment to install our [latest stable release](https://github.com/coder/coder/releases/latest) while we refine this version. Learn more about our [Release Schedule](../install/releases.md).
+
+### BREAKING CHANGES
+
+- Removed `max_ttl` from templates (#12644) (@Emyrk)
+  > Maximum Workspace Lifetime, or `MAX_TTL`, has been removed from the product in favor of Autostop Requirement. Max Lifetime was designed to automate workspace shutdowns to enable security policy enforcement, enforce routine updates, and reduce idle resource costs.
+  >
+  > If you use Maximum Lifetime in your templates, workspaces will no longer stop at the end of this timer. Instead, we advise migrating to Autostop Requirement.
+  >
+  > Autostop Requirement shares the benefits of `MAX_TTL`, but also respects user-configured quiet hours to avoid forcing shutdowns while developers are connected.
+  >
+  > We only completely deprecate features after a 2-month heads up in the UI.
+
+### Features
+
+- Make agent stats' cardinality configurable (#12535) (@dannykopping)
+- Upgrade tailscale fork to set TCP options for performance (#12574) (@spikecurtis)
+- Add AWS IAM RDS Database auth driver (#12566) (@f0ssel)
+- Support Windows containers in bootstrap script (#12662) (@kylecarbs)
+- Add `workspace_id` to `workspace_build` audit logs (#12718) (@sreya)
+- Make OAuth2 provider not enterprise-only (#12732) (@code-asher)
+- Allow number options with monotonic validation (#12726) (@dannykopping)
+- Expose workspace statuses (with details) as a prometheus metric (#12762) (@dannykopping)
+- Agent: Support adjusting child process OOM scores (#12655) (@sreya)
+  > This opt-in configuration protects the Agent process from crashing via OOM. To prevent the agent from being killed in most scenarios, set `CODER_PROC_PRIO_MGMT=1` on your container.
+- Expose HTTP debug server over tailnet API (#12582) (@johnstcn)
+- Show queue position during workspace builds (#12606) (@dannykopping)
+- Unhide support bundle command (#12745) (@johnstcn)
+  > The Coder support bundle grabs a variety of deployment health information to improve and expedite the debugging experience.
+  > ![Coder Support Bundle](https://raw.githubusercontent.com/coder/coder/main/docs/changelogs/images/support-bundle.png)
+- Add golden tests for errors (#11588) (#12698) (@elasticspoon)
+- Enforce confirmation before creating bundle (#12684) (@johnstcn)
+- Add enabled experiments to telemetry (#12656) (@dannykopping)
+- Export metric indicating each experiment's status (#12657) (@dannykopping)
+- Add sftp to insights apps (#12675) (@mafredri)
+- Add `template_usage_stats` table and rollup query (#12664) (@mafredri)
+- Add `dbrollup` service to rollup insights (#12665) (@mafredri)
+- Use `template_usage_stats` in `GetTemplateInsights` query (#12666) (@mafredri)
+- Use `template_usage_stats` in `GetTemplateInsightsByInterval` query (#12667) (@mafredri)
+- Use `template_usage_stats` in `GetTemplateAppInsights` query (#12669) (@mafredri)
+- Use `template_usage_stats` in `GetUserLatencyInsights` query (#12671) (@mafredri)
+- Use `template_usage_stats` in `GetUserActivityInsights` query (#12672) (@mafredri)
+- Use `template_usage_stats` in `*ByTemplate` insights queries (#12668) (@mafredri)
+- Add debug handlers for logs, manifest, and token to agent (#12593) (@johnstcn)
+- Add linting to all examples (#12595) (@mafredri)
+- Add C++ icon (#12572) (@michaelbrewer)
+- Add support for `--mainline` (default) and `--stable` (#12858) (@mafredri)
+- Make listening ports scrollable (#12660) (@BrunoQuaresma)
+- Fetch agent network info over tailnet (#12577) (@johnstcn)
+- Add client magicsock and agent prometheus metrics to support bundle (#12604) (@johnstcn)
+
+### Bug fixes
+
+- Server: Fix data race in TestLabelsAggregation tests (#12578) (@dannykopping)
+- Dashboard: Hide actions and notifications from deleted workspaces (#12563) (@aslilac)
+- VSCode: Importing api into vscode-coder (#12570) (@code-asher)
+- CLI: Clean template destination path for `pull` (#12559) (@dannykopping)
+- Agent: Ensure agent token is from latest build in middleware (#12443) (@f0ssel)
+- CLI: Handle CLI default organization when none exists in <v2.9.0 coderd (#12594) (@Emyrk)
+- Server: Separate signals for passive, active, and forced shutdown (#12358) (@kylecarbs)
+- Docs: Correct typo error about minTerraformVersion (#12621) (@garylavayou)
+- Docs: Correct troubleshooting links (#12608) (@dannykopping)
+- Server: Prevent single replica proxies from staying unhealthy (#12641) (@deansheather)
+- Database: Implicit schema in dump (#12646) (@mtojek)
+- Server: Disable workspace auto-create if external auth requirements aren't met (#12538) (@aslilac)
+- Server: Allow proxy version mismatch (with warning) (#12433) (@deansheather)
+- Server: Disable relay if built-in DERP is disabled (#12654) (@coadler)
+- Dashboard: Create workspace with optional auth providers (#12729) (@aslilac)
+- Always use bash when executing web terminal tests (#12755) (@aslilac)
+- Server: Nil ptr dereference when removing a license (#12785) (@coadler)
+- Use latest coder/tailscale (@spikecurtis)
+- Agent: remove unused token debug handler (#12602) (@johnstcn)
+- CLI: Show error/hide help for unsupported subcommands (#10760) (#12624) (@elasticspoon)
+- CLI: Port-forward: update workspace last_used_at (#12659) (@johnstcn)
+- CLI: Fix newline escape sequence in support blurb (#12749) (@johnstcn)
+- Server: Skip logging error for cancelled query in agent report stats (#12730) (@mafredri)
+- Server: Add timeout to websocket waitgroup on shutdown (#12754) (@coadler)
+- Server: Use insights for DAUs, simplify metricscache (#12775) (@mafredri)
+- API: always write agent stats when provided (#12699) (@mafredri)
+- Database: Improve data exclusion in `UpsertTemplateUsageStats` (#12764) (@mafredri)
+- Database: Improve query performance of `GetTemplateAppInsights` (#12767) (@mafredri)
+- Database: Improve performance of `GetTemplateInsightsByInterval` (#12773) (@mafredri)
+- Database: Add FK index for `workspace_agent_scripts` (#12791) (@mafredri)
+- API: Abort in-progress writes/reads when closing websocket (#12650) (@ammario)
+- Update base image in lima/coder.yaml example, remove usage of deprecated LIMA_CIDATA (#12613) (@johnstcn)
+- Removed hardcoded public (#12620) (@95gabor)
+- API: change test to use bash script instead of binary echo (#12759) (@spikecurtis)
+- Dashboard: Display not found page when pagination page is invalid (#12611) (@BrunoQuaresma)
+- Dashboard: Fix and improve pending state on template editor UI (#12766) (@BrunoQuaresma)
+- Also sanitize agent environment (#12615) (@johnstcn)
+- Sanitize manifest for tests (#12711) (@johnstcn)
+
+### Documentation
+
+- Add updated architecture diagrams (#12584) (@ericpaulsen)
+- Describe reference architectures (#12609) (@mtojek)
+- Use scale testing utility (#12643) (@mtojek)
+- Describe Coder's operational readiness (#12723) (@mtojek)
+- Add guide for JFrog Xray integration (#12629) (@matifali)
+- Document how to run workspace-proxy as a system service (#12810) (@michaelbrewer)
+- Describe mutually exclusive create workspace template fields (#12834) (@Emyrk)
+- Describe single region and multi-region deployments (#12779) (@mtojek)
+- Fix coder-logstream-kube typo in deployment-logs.md (#12845) (@toshikish)
+- Remove phone number, we do not offer phone support yet (#12658) (@bpmct)
+
+### Performance improvements
+
+- Optimize `GetWorkspaceAgentAndLatestBuildByAuthToken` query (#12809) (@mafredri)
+
+### Tests
+
+- Apptest was accidently choosing ports in use (#12580) (@Emyrk)
+- Ensure `RequireActiveVersion` is actually set when testing with AGPL store (#12843) (@aslilac)
+- Add an E2E test for removing a group (#12844) (@aslilac)
+- Enable `dbrollup` service for insights tests (#12673) (@mafredri)
+- Fix TODO for increased accuracy in insights test (#12727) (@mafredri)
+- Fix template name too long in TestPatchTemplateMeta (#12781) (@mafredri)
+
+Compare: [`v2.9.0...v2.10.0`](https://github.com/coder/coder/compare/v2.9.0...v2.10.0)
+
+## Container image
+
+- `docker pull ghcr.io/coder/coder:v2.10.0`
+
+## Install/upgrade
+
+Refer to our docs to [install](https://coder.com/docs/v2/latest/install) or [upgrade](https://coder.com/docs/v2/latest/admin/upgrade) Coder, or use a release asset below.