From a7d44150a819fca8f05ef39f1ab508d1a343bb8e Mon Sep 17 00:00:00 2001 From: Stephen Kirby <58410745+stirby@users.noreply.github.com> Date: Wed, 2 Oct 2024 16:14:40 -0500 Subject: [PATCH 1/9] docs: bump stable version to v2.15.1 (#14927) This PR was automatically created by the [release script](https://github.com/coder/coder/blob/main/scripts/release.sh). Please review the changes and merge if they look good and the release is complete. You can follow the release progress [here](https://github.com/coder/coder/actions/workflows/release.yaml) and view the published release [here](https://github.com/coder/coder/releases/tag/v2.15.1) (once complete). --- docs/contributing/feature-stages.md | 6 +++--- docs/install/kubernetes.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/contributing/feature-stages.md b/docs/contributing/feature-stages.md index 4489c212e25e0..92d879de3ea90 100644 --- a/docs/contributing/feature-stages.md +++ b/docs/contributing/feature-stages.md @@ -45,9 +45,9 @@ coder server --experiments=feature1,feature2 -| Feature | Description | Available in | -| --------------- | ------------------------------------------------------------------- | ---------------- | -| `notifications` | Sends notifications via SMTP and webhooks following certain events. | mainline, stable | +| Feature | Description | Available in | +| --------------- | ------------------------------------------------------------------- | ------------ | +| `notifications` | Sends notifications via SMTP and webhooks following certain events. | stable | diff --git a/docs/install/kubernetes.md b/docs/install/kubernetes.md index 3d173a5a041e3..89c4cceb355e0 100644 --- a/docs/install/kubernetes.md +++ b/docs/install/kubernetes.md @@ -145,7 +145,7 @@ locally in order to log in and manage templates. helm install coder coder-v2/coder \ --namespace coder \ --values values.yaml \ - --version 2.15.0 + --version 2.15.1 ``` You can watch Coder start up by running `kubectl get pods -n coder`. Once From 3a48ba798dbe1c2695936c4852416600236997a0 Mon Sep 17 00:00:00 2001 From: Stephen Kirby <58410745+stirby@users.noreply.github.com> Date: Wed, 2 Oct 2024 16:43:24 -0500 Subject: [PATCH 2/9] chore: set 2.13.x to "Not Supported" in release calendar (#14936) --- docs/install/releases.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/install/releases.md b/docs/install/releases.md index dc6f080759383..f94f9d97e5a4a 100644 --- a/docs/install/releases.md +++ b/docs/install/releases.md @@ -55,7 +55,7 @@ return from the Holiday season. | ------------ | ------------------ | ---------------- | | 2.11.x | May 07, 2024 | Not Supported | | 2.12.x | June 04, 2024 | Not Supported | -| 2.13.x | July 02, 2024 | Security Support | +| 2.13.x | July 02, 2024 | Not Supported | | 2.14.x | August 06, 2024 | Security Support | | 2.15.x | September 03, 2024 | Stable | | 2.16.x | October 01, 2024 | Mainline | From b4f26a8c782dcc1088a9a8945cdeb63aa3ee1565 Mon Sep 17 00:00:00 2001 From: Roger Chao Date: Wed, 2 Oct 2024 14:50:08 -0700 Subject: [PATCH 3/9] docs: fix to provisioners.md to add a missing character (#14937) Changed yaml example references from provisioneraemon: to provisionerDaemon: --- docs/admin/provisioners.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/admin/provisioners.md b/docs/admin/provisioners.md index 31e7001843e61..394b33319b6ac 100644 --- a/docs/admin/provisioners.md +++ b/docs/admin/provisioners.md @@ -267,7 +267,7 @@ will use in concert with the Helm chart for deploying the Coder server. 1. Modify your Coder `values.yaml` to include ```yaml - provisioneraemon: + provisionerDaemon: pskSecretName: "coder-provisioner-psk" ``` @@ -290,7 +290,7 @@ will use in concert with the Helm chart for deploying the Coder server. - name: CODER_URL value: "https://coder.example.com" replicaCount: 10 - provisioneraemon: + provisionerDaemon: pskSecretName: "coder-provisioner-psk" tags: location: auh From 6accd686d6fd74b5bea782f9bbb89e291ddca94d Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 3 Oct 2024 11:57:28 +0000 Subject: [PATCH 4/9] Refactor CryptoKey schema and update premium features - Replace `wsproxysdk.CryptoKey` schema with `codersdk.CryptoKey` and update corresponding references to unify schema management. - Adjust manifest to reflect new organizational and quota state labels as "premium" indicating extended features. - Include new CLI option for token creation, allowing admins to specify users. --- docs/install/kubernetes.md | 12 ++-- docs/manifest.json | 8 +-- docs/reference/api/schemas.md | 86 ++++++++++++++--------------- docs/reference/cli/tokens_create.md | 9 +++ 4 files changed, 62 insertions(+), 53 deletions(-) diff --git a/docs/install/kubernetes.md b/docs/install/kubernetes.md index 6ce6168d73ac2..286c9b890af1d 100644 --- a/docs/install/kubernetes.md +++ b/docs/install/kubernetes.md @@ -136,12 +136,12 @@ helm install coder coder-v2/coder \ - ```shell - helm install coder coder-v2/coder \ - --namespace coder \ - --values values.yaml \ - --version 2.15.1 - ``` +```shell +helm install coder coder-v2/coder \ + --namespace coder \ + --values values.yaml \ + --version 2.15.1 +``` You can watch Coder start up by running `kubectl get pods -n coder`. Once Coder has started, the `coder-*` pods should enter the `Running` state. diff --git a/docs/manifest.json b/docs/manifest.json index 69881f4968e86..a60c831d91bc9 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -240,12 +240,12 @@ { "title": "Organizations", "path": "./admin/users/organizations.md", - "state": "enterprise" + "state": ["premium"] }, { "title": "Quotas", "path": "./admin/users/quotas.md", - "state": "enterprise" + "state": ["enterprise", "premium"] }, { "title": "Sessions \u0026 API Tokens", @@ -492,13 +492,13 @@ "title": "Slack Notifications", "description": "Learn how to setup Slack notifications", "path": "./admin/monitoring/notifications/slack.md", - "state": "beta" + "state": ["beta"] }, { "title": "Microsoft Teams Notifications", "description": "Learn how to setup Microsoft Teams notifications", "path": "./admin/monitoring/notifications/teams.md", - "state": "beta" + "state": ["beta"] } ] } diff --git a/docs/reference/api/schemas.md b/docs/reference/api/schemas.md index 00004bb83e74b..bb756d1a7ea8f 100644 --- a/docs/reference/api/schemas.md +++ b/docs/reference/api/schemas.md @@ -1406,6 +1406,44 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o | `template_version_id` | string | false | | Template version ID can be used to specify a specific version of a template for creating the workspace. | | `ttl_ms` | integer | false | | | +## codersdk.CryptoKey + +```json +{ + "deletes_at": "2019-08-24T14:15:22Z", + "feature": "workspace_apps", + "secret": "string", + "sequence": 0, + "starts_at": "2019-08-24T14:15:22Z" +} +``` + +### Properties + +| Name | Type | Required | Restrictions | Description | +| ------------ | ------------------------------------------------------ | -------- | ------------ | ----------- | +| `deletes_at` | string | false | | | +| `feature` | [codersdk.CryptoKeyFeature](#codersdkcryptokeyfeature) | false | | | +| `secret` | string | false | | | +| `sequence` | integer | false | | | +| `starts_at` | string | false | | | + +## codersdk.CryptoKeyFeature + +```json +"workspace_apps" +``` + +### Properties + +#### Enumerated Values + +| Value | +| ---------------- | +| `workspace_apps` | +| `oidc_convert` | +| `tailnet_resume` | + ## codersdk.CustomRoleRequest ```json @@ -9780,55 +9818,17 @@ _None_ | `derp_map` | [tailcfg.DERPMap](#tailcfgderpmap) | false | | | | `disable_direct_connections` | boolean | false | | | -## wsproxysdk.CryptoKey - -```json -{ - "deletes_at": "string", - "feature": "workspace_apps", - "secret": "string", - "sequence": 0, - "starts_at": "string" -} -``` - -### Properties - -| Name | Type | Required | Restrictions | Description | -| ------------ | ---------------------------------------------------------- | -------- | ------------ | ----------- | -| `deletes_at` | string | false | | | -| `feature` | [wsproxysdk.CryptoKeyFeature](#wsproxysdkcryptokeyfeature) | false | | | -| `secret` | string | false | | | -| `sequence` | integer | false | | | -| `starts_at` | string | false | | | - -## wsproxysdk.CryptoKeyFeature - -```json -"workspace_apps" -``` - -### Properties - -#### Enumerated Values - -| Value | -| ---------------- | -| `workspace_apps` | -| `oidc_convert` | -| `tailnet_resume` | - ## wsproxysdk.CryptoKeysResponse ```json { "crypto_keys": [ { - "deletes_at": "string", + "deletes_at": "2019-08-24T14:15:22Z", "feature": "workspace_apps", "secret": "string", "sequence": 0, - "starts_at": "string" + "starts_at": "2019-08-24T14:15:22Z" } ] } @@ -9836,9 +9836,9 @@ _None_ ### Properties -| Name | Type | Required | Restrictions | Description | -| ------------- | ----------------------------------------------------- | -------- | ------------ | ----------- | -| `crypto_keys` | array of [wsproxysdk.CryptoKey](#wsproxysdkcryptokey) | false | | | +| Name | Type | Required | Restrictions | Description | +| ------------- | ------------------------------------------------- | -------- | ------------ | ----------- | +| `crypto_keys` | array of [codersdk.CryptoKey](#codersdkcryptokey) | false | | | ## wsproxysdk.DeregisterWorkspaceProxyRequest diff --git a/docs/reference/cli/tokens_create.md b/docs/reference/cli/tokens_create.md index e6b613fa0090a..09a4a5d200ea5 100644 --- a/docs/reference/cli/tokens_create.md +++ b/docs/reference/cli/tokens_create.md @@ -30,3 +30,12 @@ Specify a duration for the lifetime of the token. | Environment | $CODER_TOKEN_NAME | Specify a human-readable name. + +### -u, --user + +| | | +| ----------- | ------------------------------ | +| Type | string | +| Environment | $CODER_TOKEN_USER | + +Specify the user to create the token for (Only works if logged in user is admin). From 3e5699be53ed2c6f27a7a3b490f5421f0b1364c0 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 3 Oct 2024 17:07:46 +0500 Subject: [PATCH 5/9] Delete docs/architecture/architecture.md --- docs/architecture/architecture.md | 393 ------------------------------ 1 file changed, 393 deletions(-) delete mode 100644 docs/architecture/architecture.md diff --git a/docs/architecture/architecture.md b/docs/architecture/architecture.md deleted file mode 100644 index c0e076ce2546d..0000000000000 --- a/docs/architecture/architecture.md +++ /dev/null @@ -1,393 +0,0 @@ -# Architecture - -The Coder deployment model is flexible and offers various components that -platform administrators can deploy and scale depending on their use case. This -page describes possible deployments, challenges, and risks associated with them. - -## Primary components - -### coderd - -_coderd_ is the service created by running `coder server`. It is a thin API that -connects workspaces, provisioners and users. _coderd_ stores its state in -Postgres and is the only service that communicates with Postgres. - -It offers: - -- Dashboard (UI) -- HTTP API -- Dev URLs (HTTP reverse proxy to workspaces) -- Workspace Web Applications (e.g for easy access to `code-server`) -- Agent registration - -### provisionerd - -_provisionerd_ is the execution context for infrastructure modifying providers. -At the moment, the only provider is Terraform (running `terraform`). - -By default, the Coder server runs multiple provisioner daemons. -[External provisioners](../admin/provisioners.md) can be added for security or -scalability purposes. - -### Agents - -An agent is the Coder service that runs within a user's remote workspace. It -provides a consistent interface for coderd and clients to communicate with -workspaces regardless of operating system, architecture, or cloud. - -It offers the following services along with much more: - -- SSH -- Port forwarding -- Liveness checks -- `startup_script` automation - -Templates are responsible for -[creating and running agents](../templates/index.md#coder-agent) within -workspaces. - -### Service Bundling - -While _coderd_ and Postgres can be orchestrated independently, our default -installation paths bundle them all together into one system service. It's -perfectly fine to run a production deployment this way, but there are certain -situations that necessitate decomposition: - -- Reducing global client latency (distribute coderd and centralize database) -- Achieving greater availability and efficiency (horizontally scale individual - services) - -### Workspaces - -At the highest level, a workspace is a set of cloud resources. These resources -can be VMs, Kubernetes clusters, storage buckets, or whatever else Terraform -lets you dream up. - -The resources that run the agent are described as _computational resources_, -while those that don't are called _peripheral resources_. - -Each resource may also be _persistent_ or _ephemeral_ depending on whether -they're destroyed on workspace stop. - -## Deployment models - -### Single region architecture - -![Architecture Diagram](../images/architecture-single-region.png) - -#### Components - -This architecture consists of a single load balancer, several _coderd_ replicas, -and _Coder workspaces_ deployed in the same region. - -##### Workload resources - -- Deploy at least one _coderd_ replica per availability zone with _coderd_ - instances and provisioners. High availability is recommended but not essential - for small deployments. -- Single replica deployment is a special case that can address a - tiny/small/proof-of-concept installation on a single virtual machine. If you - are serving more than 100 users/workspaces, you should add more replicas. - -**Coder workspace** - -- For small deployments consider a lightweight workspace runtime like the - [Sysbox](https://github.com/nestybox/sysbox) container runtime. Learn more how - to enable - [docker-in-docker using Sysbox](https://asciinema.org/a/kkTmOxl8DhEZiM2fLZNFlYzbo?speed=2). - -**HA Database** - -- Monitor node status and resource utilization metrics. -- Implement robust backup and disaster recovery strategies to protect against - data loss. - -##### Workload supporting resources - -**Load balancer** - -- Distributes and load balances traffic from agents and clients to _Coder - Server_ replicas across availability zones. -- Layer 7 load balancing. The load balancer can decrypt SSL traffic, and - re-encrypt using an internal certificate. -- Session persistence (sticky sessions) can be disabled as _coderd_ instances - are stateless. -- WebSocket and long-lived connections must be supported. - -**Single sign-on** - -- Integrate with existing Single Sign-On (SSO) solutions used within the - organization via the supported OAuth 2.0 or OpenID Connect standards. -- Learn more about [Authentication in Coder](../admin/auth.md). - -### Multi-region architecture - -![Architecture Diagram](../images/architecture-multi-region.png) - -#### Components - -This architecture is for globally distributed developer teams using Coder -workspaces on daily basis. It features a single load balancer with regionally -deployed _Workspace Proxies_, several _coderd_ replicas, and _Coder workspaces_ -provisioned in different regions. - -Note: The _multi-region architecture_ assumes the same deployment principles as -the _single region architecture_, but it extends them to multi region deployment -with workspace proxies. Proxies are deployed in regions closest to developers to -offer the fastest developer experience. - -##### Workload resources - -**Workspace proxy** - -- Workspace proxy offers developers the option to establish a fast relay - connection when accessing their workspace via SSH, a workspace application, or - port forwarding. -- Dashboard connections, API calls (e.g. _list workspaces_) are not served over - proxies. -- Proxies do not establish connections to the database. -- Proxy instances do not share authentication tokens between one another. - -##### Workload supporting resources - -**Proxy load balancer** - -- Distributes and load balances workspace relay traffic in a single region - across availability zones. -- Layer 7 load balancing. The load balancer can decrypt SSL traffic, and - re-encrypt using internal certificate. -- Session persistence (sticky sessions) can be disabled as _coderd_ instances - are stateless. -- WebSocket and long-lived connections must be supported. - -### Multi-cloud architecture - -By distributing Coder workspaces across different cloud providers, organizations -can mitigate the risk of downtime caused by provider-specific outages or -disruptions. Additionally, multi-cloud deployment enables organizations to -leverage the unique features and capabilities offered by each cloud provider, -such as region availability and pricing models. - -![Architecture Diagram](../images/architecture-multi-cloud.png) - -#### Components - -The deployment model comprises: - -- `coderd` instances deployed within a single region of the same cloud provider, - with replicas strategically distributed across availability zones. -- Workspace provisioners deployed in each cloud, communicating with `coderd` - instances. -- Workspace proxies running in the same locations as provisioners to optimize - user connections to workspaces for maximum speed. - -Due to the relatively large overhead of cross-regional communication, it is not -advised to set up multi-cloud control planes. It is recommended to keep coderd -replicas and the database within the same cloud-provider and region. - -Note: The _multi-cloud architecture_ follows the deployment principles outlined -in the _multi-region architecture_. However, it adapts component selection based -on the specific cloud provider. Developers can initiate workspaces based on the -nearest region and technical specifications provided by the cloud providers. - -##### Workload resources - -**Workspace provisioner** - -- _Security recommendation_: Create a long, random pre-shared key (PSK) and add - it to the regional secret store, so that local _provisionerd_ can access it. - Remember to distribute it using safe, encrypted communication channel. The PSK - must also be added to the _coderd_ configuration. - -**Workspace proxy** - -- _Security recommendation_: Use `coder` CLI to create - [authentication tokens for every workspace proxy](../admin/workspace-proxies.md#requirements), - and keep them in regional secret stores. Remember to distribute them using - safe, encrypted communication channel. - -**Managed database** - -- For AWS: _Amazon RDS for PostgreSQL_ -- For Azure: _Azure Database for PostgreSQL - Flexible Server_ -- For GCP: _Cloud SQL for PostgreSQL_ - -##### Workload supporting resources - -**Kubernetes platform (optional)** - -- For AWS: _Amazon Elastic Kubernetes Service_ -- For Azure: _Azure Kubernetes Service_ -- For GCP: _Google Kubernetes Engine_ - -See here for an example deployment of -[Coder on Azure Kubernetes Service](https://github.com/ericpaulsen/coder-aks). - -Learn more about [security requirements](../install/kubernetes.md) for deploying -Coder on Kubernetes. - -**Load balancer** - -- For AWS: - - _AWS Network Load Balancer_ - - Level 4 load balancing - - For Kubernetes deployment: annotate service with - `service.beta.kubernetes.io/aws-load-balancer-type: "nlb"`, preserve the - client source IP with `externalTrafficPolicy: Local` - - _AWS Classic Load Balancer_ - - Level 7 load balancing - - For Kubernetes deployment: set `sessionAffinity` to `None` -- For Azure: - - _Azure Load Balancer_ - - Level 7 load balancing - - Azure Application Gateway - - Deploy Azure Application Gateway when more advanced traffic routing - policies are needed for Kubernetes applications. - - Take advantage of features such as WebSocket support and TLS termination - provided by Azure Application Gateway, enhancing the capabilities of - Kubernetes deployments on Azure. -- For GCP: - - _Cloud Load Balancing_ with SSL load balancer: - - Layer 4 load balancing, SSL enabled - - _Cloud Load Balancing_ with HTTPS load balancer: - - Layer 7 load balancing - - For Kubernetes deployment: annotate service (with ingress enabled) with - `kubernetes.io/ingress.class: "gce"`, leverage the `NodePort` service - type. - - Note: HTTP load balancer rejects DERP upgrade, Coder will fallback to - WebSockets - -**Single sign-on** - -- For AWS: - [AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) -- For Azure: - [Microsoft Entra ID Sign-On](https://learn.microsoft.com/en-us/entra/identity/app-proxy/) -- For GCP: - [Google Cloud Identity Platform](https://cloud.google.com/architecture/identity/single-sign-on) - -### Air-gapped architecture - -The air-gapped deployment model refers to the setup of Coder's development -environment within a restricted network environment that lacks internet -connectivity. This deployment model is often required for organizations with -strict security policies or those operating in isolated environments, such as -government agencies or certain enterprise setups. - -The key features of the air-gapped architecture include: - -- _Offline installation_: Deploy workspaces without relying on an external - internet connection. -- _Isolated package/plugin repositories_: Depend on local repositories for - software installation, updates, and security patches. -- _Secure data transfer_: Enable encrypted communication channels and robust - access controls to safeguard sensitive information. - -Learn more about [offline deployments](../install/offline.md) of Coder. - -![Architecture Diagram](../images/architecture-air-gapped.png) - -#### Components - -The deployment model includes: - -- _Workspace provisioners_ with direct access to self-hosted package and plugin - repositories and restricted internet access. -- _Mirror of Terraform Registry_ with multiple versions of Terraform plugins. -- _Certificate Authority_ with all TLS certificates to build secure - communication channels. - -The model is compatible with various infrastructure models, enabling deployment -across multiple regions and diverse cloud platforms. - -##### Workload resources - -**Workspace provisioner** - -- Includes Terraform binary in the container or system image. -- Checks out Terraform plugins from self-hosted _Registry_ mirror. -- Deploys workspace images stored in the self-hosted _Container Registry_. - -**Coder server** - -- Update checks are disabled (`CODER_UPDATE_CHECK=false`). -- Telemetry data is not collected (`CODER_TELEMETRY_ENABLE=false`). -- Direct connections are not possible, workspace traffic is relayed through - control plane's DERP proxy. - -##### Workload supporting resources - -**Self-hosted Database** - -- In the air-gapped deployment model, _Coderd_ instance is unable to download - Postgres binaries from the internet, so external database must be provided. - -**Container Registry** - -- Since the _Registry_ is isolated from the internet, platform engineers are - responsible for maintaining Workspace container images and conducting periodic - updates of base Docker images. -- It is recommended to keep [Dev Containers](../templates/dev-containers.md) up - to date with the latest released - [Envbuilder](https://github.com/coder/envbuilder) runtime. - -**Mirror of Terraform Registry** - -- Stores all necessary Terraform plugin dependencies, ensuring successful - workspace provisioning and maintenance without internet access. -- Platform engineers are responsible for periodically updating the mirrored - Terraform plugins, including - [terraform-provider-coder](https://github.com/coder/terraform-provider-coder). - -**Certificate Authority** - -- Manages and issues TLS certificates to facilitate secure communication - channels within the infrastructure. - -### Dev Containers - -This architecture enhances a Coder workspace with a -[development container](https://containers.dev/) setup built using the -[envbuilder](https://github.com/coder/envbuilder) project. Workspace users have -the flexibility to extend generic, base developer environments with custom, -project-oriented [features](https://containers.dev/features) without requiring -platform administrators to push altered Docker images. - -Learn more about -[Dev containers support](https://coder.com/docs/templates/dev-containers) in -Coder. - -![Architecture Diagram](../images/architecture-devcontainers.png) - -#### Components - -The deployment model includes: - -- _Workspace_ built using Coder template with _envbuilder_ enabled to set up the - developer environment accordingly to the dev container spec. -- _Container Registry_ for Docker images used by _envbuilder_, maintained by - Coder platform engineers or developer productivity engineers. - -Since this model is strictly focused on workspace nodes, it does not affect the -setup of regional infrastructure. It can be deployed alongside other deployment -models, in multiple regions, or across various cloud platforms. - -##### Workload resources - -**Coder workspace** - -- Docker and Kubernetes based templates are supported. -- The `docker_container` resource uses `ghcr.io/coder/envbuilder` as the base - image. - -_Envbuilder_ checks out the base Docker image from the container registry and -installs selected features as specified in the `devcontainer.json` on top. -Eventually, it starts the container with the developer environment. - -##### Workload supporting resources - -**Container Registry (optional)** - -- Workspace nodes need access to the Container Registry to check out images. To - shorten the provisioning time, it is recommended to deploy registry mirrors in - the same region as the workspace nodes. From a117b095f56a229b0c1b27b190728914aea34acb Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 3 Oct 2024 12:16:54 +0000 Subject: [PATCH 6/9] Correct broken links and formatting in changelogs - Update links for OIDC Role Sync and server log filtering - Change code block language from `hcl` to `tf` for clarity - Fix JetBrains gateway reference in documentation paths --- docs/changelogs/v2.0.0.md | 4 ++-- docs/changelogs/v2.1.5.md | 4 ++-- docs/changelogs/v2.9.0.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/changelogs/v2.0.0.md b/docs/changelogs/v2.0.0.md index d245e70819056..39dbb1522bcb5 100644 --- a/docs/changelogs/v2.0.0.md +++ b/docs/changelogs/v2.0.0.md @@ -64,7 +64,7 @@ ben@coder.com! Stream Kubernetes event logs to the Coder agent logs to reveal Kuernetes-level issues such as ResourceQuota limitations, invalid images, etc. ![Kubernetes quota](https://raw.githubusercontent.com/coder/coder/main/docs/platforms/kubernetes/coder-logstream-kube-logs-quota-exceeded.png) -- [OIDC Role Sync](https://coder.com/docs/admin/auth#group-sync-enterprise-premium) +- [OIDC Role Sync](https://coder.com/docs/admin/users/oidc-auth.md#group-sync-enterprise-premium) (Enterprise): Sync roles from your OIDC provider to Coder roles (e.g. `Template Admin`) (#8595) (@Emyrk) - Users can convert their accounts from username/password authentication to SSO @@ -82,7 +82,7 @@ ben@coder.com! - CLI: Added `--var` shorthand for `--variable` in `coder templates ` CLI (#8710) (@ammario) - Sever logs: Added fine-grained - [filtering](https://coder.com/docs/cli/server#-l---log-filter) with + [filtering](https://coder.com/docs/reference/cli/server#-l---log-filter) with Regex (#8748) (@ammario) - d3991fac2 feat(coderd): add parameter insights to template insights (#8656) (@mafredri) diff --git a/docs/changelogs/v2.1.5.md b/docs/changelogs/v2.1.5.md index 508bfc68fd0d2..30a1fb8d6d4f8 100644 --- a/docs/changelogs/v2.1.5.md +++ b/docs/changelogs/v2.1.5.md @@ -17,7 +17,7 @@ [display apps](https://registry.terraform.io/providers/coder/coder/latest/docs/resources/agent#nested-schema-for-display_apps) in your template, such as VS Code (Insiders), web terminal, SSH, etc. (#9100) (@sreya) To add VS Code insiders into your template, you can set: - ```hcl + ```tf display_apps { vscode_insiders = true } @@ -52,7 +52,7 @@ ### Documentation - Add - [JetBrains Gateway Offline Mode](https://coder.com/docs/ides/gateway#jetbrains-gateway-in-an-offline-environment) + [JetBrains Gateway Offline Mode](https://coder.com/docs/user-guides/workspace-access/jetbrains.md#jetbrains-gateway-in-an-offline-environment) config steps (#9388) (@ericpaulsen) - Describe [dynamic options and locals for parameters](https://github.com/coder/coder/tree/main/examples/parameters-dynamic-options) diff --git a/docs/changelogs/v2.9.0.md b/docs/changelogs/v2.9.0.md index 4c3a5b3fe42d3..55bfb33cf1fcf 100644 --- a/docs/changelogs/v2.9.0.md +++ b/docs/changelogs/v2.9.0.md @@ -133,7 +133,7 @@ The following features are hidden or disabled by default as we don't guarantee s ### Documentation - Fix /audit & /insights params (#12043) (@ericpaulsen) -- Fix jetbrains reconnect faq (#12073) (@ericpaulsen) +- Fix JetBrains gateway reconnect faq (#12073) (@ericpaulsen) - Update modules documentation (#11911) (@matifali) - Add kubevirt coder template in list of community templates (#12113) (@sulo1337) - Describe resource ordering in UI (#12185) (@mtojek) From c86742398f6cc7f938684b5028b8662b8b20fcd9 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 3 Oct 2024 12:20:08 +0000 Subject: [PATCH 7/9] Rename and remove JetBrains Fleet docs --- .../0001_user_apikeys_invalidation.md | 0 docs/ides/fleet.md | 25 ------------------- 2 files changed, 25 deletions(-) rename docs/{ => admin}/security/0001_user_apikeys_invalidation.md (100%) delete mode 100644 docs/ides/fleet.md diff --git a/docs/security/0001_user_apikeys_invalidation.md b/docs/admin/security/0001_user_apikeys_invalidation.md similarity index 100% rename from docs/security/0001_user_apikeys_invalidation.md rename to docs/admin/security/0001_user_apikeys_invalidation.md diff --git a/docs/ides/fleet.md b/docs/ides/fleet.md deleted file mode 100644 index a248b581a2fe2..0000000000000 --- a/docs/ides/fleet.md +++ /dev/null @@ -1,25 +0,0 @@ -# JetBrains Fleet - -JetBrains Fleet is a code editor and lightweight IDE designed to support various -programming languages and development environments. - -[See JetBrains' website to learn about Fleet](https://www.jetbrains.com/fleet/) - -Fleet can connect to a Coder workspace by following these steps. - -1. [Install Fleet](https://www.jetbrains.com/fleet/download) -2. Install Coder CLI - ```shell - curl -L https://coder.com/install.sh | sh - ``` -3. Login and configure Coder SSH. - ```shell - coder login coder.example.com - coder config-ssh - ``` -4. Connect via SSH with the Host set to `coder.workspace-name` - ![Fleet Connect to Coder](../images/fleet/ssh-connect-to-coder.png) - -> If you experience problems, please -> [create a GitHub issue](https://github.com/coder/coder/issues) or share in -> [our Discord channel](https://discord.gg/coder). From 1cd6188c3511009fefe43990fff9f96c06e820fd Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 3 Oct 2024 12:43:00 +0000 Subject: [PATCH 8/9] Add premium state to relevant docs in manifest Extend the manifest.json file to include an indicator for features that are available to enterprise or premium users. This change aims to clearly differentiate documentation sections that require premium access, thus improving user navigation and understanding of feature availability. --- docs/manifest.json | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/docs/manifest.json b/docs/manifest.json index a60c831d91bc9..61dda55e0e847 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -235,7 +235,8 @@ }, { "title": "Groups \u0026 Roles", - "path": "./admin/users/groups-roles.md" + "path": "./admin/users/groups-roles.md", + "state": ["enterprise", "premium"] }, { "title": "Organizations", @@ -365,7 +366,8 @@ "title": "Provisioners", "description": "Learn how to run external provisioners with Coder", "path": "./admin/provisioners.md", - "icon_path": "./images/icons/key.svg" + "icon_path": "./images/icons/key.svg", + "state": ["enterprise", "premium"] }, { "title": "External Auth", @@ -448,12 +450,14 @@ { "title": "Workspace Proxies", "description": "Run geo distributed workspace proxies", - "path": "./admin/networking/workspace-proxies.md" + "path": "./admin/networking/workspace-proxies.md", + "state": ["enterprise", "premium"] }, { "title": "High Availability", "description": "Learn how to configure Coder for High Availability", - "path": "./admin/high-availability.md" + "path": "./admin/networking/high-availability.md", + "state": ["enterprise", "premium"] }, { "title": "Troubleshooting", @@ -513,7 +517,8 @@ { "title": "Audit Logs", "description": "Audit actions taken inside Coder", - "path": "./admin/security/audit-logs.md" + "path": "./admin/security/audit-logs.md", + "state": ["enterprise", "premium"] }, { "title": "Secrets", @@ -523,7 +528,8 @@ { "title": "Database Encryption", "description": "Encrypt the database to prevent unauthorized access", - "path": "./admin/security/database-encryption.md" + "path": "./admin/security/database-encryption.md", + "state": ["enterprise", "premium"] } ] } From 2eae6ca599d5d416a768ee528ea097910cab81d1 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 3 Oct 2024 14:08:29 +0000 Subject: [PATCH 9/9] Use `tf` for syntax highlighting in examples --- examples/examples.gen.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/examples.gen.json b/examples/examples.gen.json index a6b5247a89e63..b59c5daa2b57e 100644 --- a/examples/examples.gen.json +++ b/examples/examples.gen.json @@ -155,7 +155,7 @@ "nomad", "container" ], - "markdown": "\n# Remote Development on Nomad\n\nProvision Nomad Jobs as [Coder workspaces](https://coder.com/docs/workspaces) with this example template. This example shows how to use Nomad service tasks to be used as a development environment using docker and host csi volumes.\n\n\u003c!-- TODO: Add screenshot --\u003e\n\n\u003e **Note**\n\u003e This template is designed to be a starting point! Edit the Terraform to extend the template to support your use case.\n\n## Prerequisites\n\n- [Nomad](https://www.nomadproject.io/downloads)\n- [Docker](https://docs.docker.com/get-docker/)\n\n## Setup\n\n### 1. Start the CSI Host Volume Plugin\n\nThe CSI Host Volume plugin is used to mount host volumes into Nomad tasks. This is useful for development environments where you want to mount persistent volumes into your container workspace.\n\n1. Login to the Nomad server using SSH.\n\n2. Append the following stanza to your Nomad server configuration file and restart the nomad service.\n\n ```hcl\n plugin \"docker\" {\n config {\n allow_privileged = true\n }\n }\n ```\n\n ```shell\n sudo systemctl restart nomad\n ```\n\n3. Create a file `hostpath.nomad` with following content:\n\n ```hcl\n job \"hostpath-csi-plugin\" {\n datacenters = [\"dc1\"]\n type = \"system\"\n\n group \"csi\" {\n task \"plugin\" {\n driver = \"docker\"\n\n config {\n image = \"registry.k8s.io/sig-storage/hostpathplugin:v1.10.0\"\n\n args = [\n \"--drivername=csi-hostpath\",\n \"--v=5\",\n \"--endpoint=${CSI_ENDPOINT}\",\n \"--nodeid=node-${NOMAD_ALLOC_INDEX}\",\n ]\n\n privileged = true\n }\n\n csi_plugin {\n id = \"hostpath\"\n type = \"monolith\"\n mount_dir = \"/csi\"\n }\n\n resources {\n cpu = 256\n memory = 128\n }\n }\n }\n }\n ```\n\n4. Run the job:\n\n ```shell\n nomad job run hostpath.nomad\n ```\n\n### 2. Setup the Nomad Template\n\n1. Create the template by running the following command:\n\n ```shell\n coder template init nomad-docker\n cd nomad-docker\n coder template push\n ```\n\n2. Set up Nomad server address and optional authentication:\n\n3. Create a new workspace and start developing.\n" + "markdown": "\n# Remote Development on Nomad\n\nProvision Nomad Jobs as [Coder workspaces](https://coder.com/docs/workspaces) with this example template. This example shows how to use Nomad service tasks to be used as a development environment using docker and host csi volumes.\n\n\u003c!-- TODO: Add screenshot --\u003e\n\n\u003e **Note**\n\u003e This template is designed to be a starting point! Edit the Terraform to extend the template to support your use case.\n\n## Prerequisites\n\n- [Nomad](https://www.nomadproject.io/downloads)\n- [Docker](https://docs.docker.com/get-docker/)\n\n## Setup\n\n### 1. Start the CSI Host Volume Plugin\n\nThe CSI Host Volume plugin is used to mount host volumes into Nomad tasks. This is useful for development environments where you want to mount persistent volumes into your container workspace.\n\n1. Login to the Nomad server using SSH.\n\n2. Append the following stanza to your Nomad server configuration file and restart the nomad service.\n\n ```tf\n plugin \"docker\" {\n config {\n allow_privileged = true\n }\n }\n ```\n\n ```shell\n sudo systemctl restart nomad\n ```\n\n3. Create a file `hostpath.nomad` with following content:\n\n ```tf\n job \"hostpath-csi-plugin\" {\n datacenters = [\"dc1\"]\n type = \"system\"\n\n group \"csi\" {\n task \"plugin\" {\n driver = \"docker\"\n\n config {\n image = \"registry.k8s.io/sig-storage/hostpathplugin:v1.10.0\"\n\n args = [\n \"--drivername=csi-hostpath\",\n \"--v=5\",\n \"--endpoint=${CSI_ENDPOINT}\",\n \"--nodeid=node-${NOMAD_ALLOC_INDEX}\",\n ]\n\n privileged = true\n }\n\n csi_plugin {\n id = \"hostpath\"\n type = \"monolith\"\n mount_dir = \"/csi\"\n }\n\n resources {\n cpu = 256\n memory = 128\n }\n }\n }\n }\n ```\n\n4. Run the job:\n\n ```shell\n nomad job run hostpath.nomad\n ```\n\n### 2. Setup the Nomad Template\n\n1. Create the template by running the following command:\n\n ```shell\n coder template init nomad-docker\n cd nomad-docker\n coder template push\n ```\n\n2. Set up Nomad server address and optional authentication:\n\n3. Create a new workspace and start developing.\n" }, { "id": "scratch",