Skip to content

docs: add organizations, provisioners, and premium license docs #14778

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 33 commits into from
Oct 1, 2024
Merged

docs: add organizations, provisioners, and premium license docs #14778

Changes from 1 commit
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
69d4f75
Add documentation for managing organizations
bpmct Sep 24, 2024
4c8a165
Update icon path in organizations guide
bpmct Sep 24, 2024
1595a72
Update RBAC documentation state in manifest
bpmct Sep 24, 2024
6cf30a7
Add beta notice to organizations documentation
bpmct Sep 24, 2024
5bc2c2e
Remove references to enterprise page
bpmct Sep 25, 2024
abc156e
Update provisioners documentation for clarity
bpmct Sep 25, 2024
0d76ed0
Update documentation to "premium" edition
bpmct Sep 25, 2024
13f0a0e
Add documentation for licensing and group sync
bpmct Sep 26, 2024
fe895cd
chore(docs): outline new feature stages (#14786)
EdwardAngert Sep 26, 2024
d8de325
progress
bpmct Sep 29, 2024
f48f21c
Merge branch 'main' into orgs-licenses
bpmct Sep 29, 2024
67199d2
Add instructions for fetching role mappings
bpmct Sep 29, 2024
941d9c2
Update role sync documentation for clarity
bpmct Sep 29, 2024
ff7a8e2
Update organization sync troubleshooting links
bpmct Sep 29, 2024
05369f6
Add org sync setup instructions to documentation
bpmct Sep 29, 2024
f08be61
Fix sync link text order in organizations guide
bpmct Sep 29, 2024
67ce5d4
Add section on custom roles to users guide
bpmct Sep 29, 2024
841fa65
Update links to include premium in sync docs
bpmct Sep 29, 2024
4473b2a
Update provisioners documentation for clarity
bpmct Sep 29, 2024
2f0e14e
Update create organization page description
bpmct Sep 29, 2024
10354d4
Remove subproject directories and update JSON format
bpmct Sep 29, 2024
30e291f
fix(docs): correct license link path in org guide
bpmct Sep 29, 2024
15efb35
Update organization documentation link paths
bpmct Sep 30, 2024
6c2d6b2
Update paywall links to licensing doc
bpmct Sep 30, 2024
e100b55
Update documentation for Premium license references
bpmct Sep 30, 2024
821d9f2
Update licensing documentation for Premium plan
bpmct Oct 1, 2024
5b41d99
fix(docs): improve clarity in licensing intro
bpmct Oct 1, 2024
ee69767
Suppress link checker for licensing doc update
bpmct Oct 1, 2024
6610084
Update manifest to improve readability and rename icon
bpmct Oct 1, 2024
c26db48
Refactor manifest state to use consistent arrays
bpmct Oct 1, 2024
f9c4202
fmt
bpmct Oct 1, 2024
e3b34ff
Refactor route state field to support multiple states
bpmct Oct 1, 2024
eb71bfa
fix: paywall doc link
jaaydenh Oct 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update provisioners documentation for clarity 
Clarify that `coder provisioner start` replaces deprecated `coderd start` command.
Streamline instructions for starting provisioners in various environments.
Enhance guidance on tagging and organization-scoping.
  • Loading branch information
@bpmct
bpmct committed Sep 29, 2024
commit 4473b2a46db905be999d28e600ed7ba642d17d7a
64 changes: 25 additions & 39 deletions docs/admin/provisioners.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,14 @@ are often benefits to running external provisioner daemons:
[Scaling Coder](scaling/scale-utility.md#recent-scale-tests) for more details.

Each provisioner runs a single
[concurrent workspace build](scaling/scale-testing.md#control-plane-provisionerd).
[concurrent workspace build](scaling/scale-testing.md#control-plane-provisioner).
For example, running 30 provisioner containers will allow 30 users to start
workspaces at the same time.

Provisioners are started with the
[coder provisionerd start](../reference/cli/provisioner_start.md) command.
[`coder provisioner start`](../reference/cli/provisioner_start.md) command in
the [full Coder binary](https://github.com/coder/coder/releases). Keep reading
to learn how to start provisioners via Docker, Kubernetes, Systemd, etc.

## Authentication

Expand All @@ -41,29 +43,13 @@ running for each organization.
We recommend creating finely-scoped keys for provisioners. Keys are scoped to an
organization.

Provisioners can broadly be categorized by scope: `organization` or `user`. The
scope of a provisioner can be specified with
[`-tag=scope=<scope>`](../reference/cli/provisioner_start.md#t---tag) when
starting the provisioner daemon. Only users with at least the
[Template Admin](../admin/users.md#roles) role or higher may create
organization-scoped provisioner daemons.

Successfully created provisioner key my-key! Save this authentication token, it
will not be shown again.

- [Built-in provisioners](../reference/cli/server.md#provisioner-daemons) are
always organization-scoped.
- External provisioners started using a
[pre-shared key (PSK)](../reference/cli/provisioner_start.md#psk) are always
organization-scoped.

### Organization-Scoped Provisioners
```sh
coder provisioner keys create my-key \
--org default

**Organization-scoped Provisioners** can pick up build jobs created by any user.
These provisioners always have the implicit tags `scope=organization owner=""`.
Successfully created provisioner key my-key! Save this authentication token, it will not be shown again.

```shell
coder provisionerd start --org <organization_name>
<key omitted>
```

Or, restrict the provisioner to jobs with specific tags
Expand All @@ -83,7 +69,7 @@ To start the provisioner:
```sh
export CODER_URL=https://<your-coder-url>
export CODER_PROVISIONER_DAEMON_KEY=<key>
coder provisionerd start
coder provisioner start
```

Keep reading to see instructions for running provisioners on
Expand All @@ -97,14 +83,14 @@ via [automation](./automation.md).

```sh
coder login https://<your-coder-url>
coder provisionerd start
coder provisioner start
```

To start a provisioner with specific tags:

```sh
coder login https://<your-coder-url>
coder provisionerd start \
coder provisioner start \
--tag environment=kubernetes
```

Expand All @@ -123,7 +109,7 @@ on the Coder server.
Next, start the provisioner:

```sh
coder provisionerd start --psk <your-psk>
coder provisioner start --psk <your-psk>
```

</div>
Expand All @@ -146,7 +132,7 @@ For example:
```sh
# Start a provisioner with the explicit tags
# environment=on_prem and datacenter=chicago
coder provisionerd start \
coder provisioner start \
--tag environment=on_prem \
--tag datacenter=chicago

Expand Down Expand Up @@ -213,14 +199,14 @@ This is illustrated in the below table:
> copy the output:
>
> ```
> go test -v -count=1 ./coderd/provisionerdserver/ -test.run='^TestAcquirer_MatchTags/GenTable$'
> go test -v -count=1 ./coderd/provisionerserver/ -test.run='^TestAcquirer_MatchTags/GenTable$'
> ```

## Types of provisioners

Provisioners can broadly be categorized by scope: `organization` or `user`. The
scope of a provisioner can be specified with
[`-tag=scope=<scope>`](../reference/cli/provisionerd_start.md#t---tag) when
[`-tag=scope=<scope>`](../reference/cli/provisioner_start.md#t---tag) when
starting the provisioner daemon. Only users with at least the
[Template Admin](../admin/users.md#roles) role or higher may create
organization-scoped provisioner daemons.
Expand All @@ -230,7 +216,7 @@ There are two exceptions:
- [Built-in provisioners](../reference/cli/server.md#provisioner-daemons) are
always organization-scoped.
- External provisioners started using a
[pre-shared key (PSK)](../reference/cli/provisionerd_start.md#psk) are always
[pre-shared key (PSK)](../reference/cli/provisioner_start.md#psk) are always
organization-scoped.

### Organization-Scoped Provisioners
Expand All @@ -239,14 +225,14 @@ There are two exceptions:
These provisioners always have the implicit tags `scope=organization owner=""`.

```sh
coder provisionerd start --org <organization_name>
coder provisioner start --org <organization_name>
```

If you omit the `--org` argument, the provisioner will be assigned to the
default organization.

```sh
coder provisionerd start
coder provisioner start
```

### User-scoped Provisioners
Expand All @@ -257,7 +243,7 @@ run user provisioners, but they have no impact unless there exists at least one
template with the `scope=user` provisioner tag.

```sh
coder provisionerd start \
coder provisioner start \
--tag scope=user

# In another terminal, create/push
Expand All @@ -281,7 +267,7 @@ will use in concert with the Helm chart for deploying the Coder server.
1. Modify your Coder `values.yaml` to include

```yaml
provisionerDaemon:
provisioneraemon:
pskSecretName: "coder-provisioner-psk"
```

Expand All @@ -304,7 +290,7 @@ will use in concert with the Helm chart for deploying the Coder server.
- name: CODER_URL
value: "https://coder.example.com"
replicaCount: 10
provisionerDaemon:
provisioneraemon:
pskSecretName: "coder-provisioner-psk"
tags:
location: auh
Expand All @@ -331,15 +317,15 @@ will use in concert with the Helm chart for deploying the Coder server.

You can verify that your provisioner daemons have successfully connected to
Coderd by looking for a debug log message that says
`provisionerd: successfully connected to coderd` from each Pod.
`provisioner: successfully connected to coderd` from each Pod.

## Example: Running an external provisioner on a VM

```sh
curl -L https://coder.com/install.sh | sh
export CODER_URL=https://coder.example.com
export CODER_SESSION_TOKEN=your_token
coder provisionerd start
coder provisioner start
```

## Example: Running an external provisioner via Docker
Expand All @@ -350,7 +336,7 @@ docker run --rm -it \
-e CODER_SESSION_TOKEN=your_token \
--entrypoint /opt/coder \
ghcr.io/coder/coder:latest \
provisionerd start
provisioner start
```

## Disable built-in provisioners
Expand Down
Loading