From cbcde572d7f683000977f170d6d4a85145c785b4 Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Thu, 14 Nov 2024 12:48:11 -0500
Subject: [PATCH 01/11] docs: improve admonition for need to add useHttpPath
---
docs/admin/external-auth.md | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/docs/admin/external-auth.md b/docs/admin/external-auth.md
index 51f11f53d2754..2116beb3046e1 100644
--- a/docs/admin/external-auth.md
+++ b/docs/admin/external-auth.md
@@ -185,6 +185,17 @@ Multiple providers are an Enterprise feature.
[Learn more](https://coder.com/pricing#compare-plans). Below is an example
configuration with multiple providers.
+
+
+**Note:** To support regex matching for paths (e.g. github\.com/org), you'll
+need to add this to the [Coder agent startup script][agent_startup]:
+
+```shell
+git config --global credential.useHttpPath true
+```
+
+
+
```env
# Provider 1) github.com
CODER_EXTERNAL_AUTH_0_ID=primary-github
@@ -204,10 +215,4 @@ CODER_EXTERNAL_AUTH_1_TOKEN_URL="https://github.example.com/login/oauth/access_t
CODER_EXTERNAL_AUTH_1_VALIDATE_URL="https://github.example.com/api/v3/user"
```
-To support regex matching for paths (e.g. github\.com/org), you'll need to add
-this to the
-[Coder agent startup script](https://registry.terraform.io/providers/coder/coder/latest/docs/resources/agent#startup_script):
-
-```shell
-git config --global credential.useHttpPath true
-```
+[agent_startup]: https://registry.terraform.io/providers/coder/coder/latest/docs/resources/agent#startup_script
From 2145ffaaab3e719173853dbc14c18831a06f041f Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Thu, 14 Nov 2024 12:49:23 -0500
Subject: [PATCH 02/11] docs: fix list item nesting
---
docs/admin/integrations/island.md | 149 ++++++++++++++++--------------
1 file changed, 80 insertions(+), 69 deletions(-)
diff --git a/docs/admin/integrations/island.md b/docs/admin/integrations/island.md
index 74cd449f4257f..ed6d7d6cd7392 100644
--- a/docs/admin/integrations/island.md
+++ b/docs/admin/integrations/island.md
@@ -10,13 +10,12 @@ April 24, 2024
---
-[Island](https://www.island.io/) is an enterprise-grade browser, offering a
-Chromium-based experience similar to popular web browsers like Chrome and Edge.
-It includes built-in security features for corporate applications and data,
-aiming to bridge the gap between consumer-focused browsers and the security
-needs of the enterprise.
+[Island][] is an enterprise-grade browser, offering a Chromium-based experience
+similar to popular web browsers like Chrome and Edge. It includes built-in
+security features for corporate applications and data, aiming to bridge the gap
+between consumer-focused browsers and the security needs of the enterprise.
-Coder natively integrates with Island's feature set, which include data loss
+Coder natively integrates with Island’s feature set, which include data loss
protection (DLP), application awareness, browser session recording, and single
sign-on (SSO). This guide intends to document these feature categories and how
they apply to your Coder deployment.
@@ -29,98 +28,95 @@ We recommend creating an Application Group specific to Coder in the Island
Management console. This Application Group object will be referenced when
creating browser policies.
-[See the Island documentation for creating an Application Group](https://documentation.island.io/docs/create-and-configure-an-application-group-object).
+[See the Island documentation for creating an Application Group][app-group].
## Advanced Data Loss Protection
-Integrate Island's advanced data loss prevention (DLP) capabilities with Coder's
-cloud development environment (CDE), enabling you to control the “last mile”
-between developers’ CDE and their local devices, ensuring that sensitive IP
-remains in your centralized environment.
+Integrate Island’s advanced data loss prevention (DLP) capabilities with
+Coder’s cloud development environment (CDE), enabling you to control the
+“last mile” between developers’ CDE and their local devices,
+ensuring that sensitive IP remains in your centralized environment.
### Block cut, copy, paste, printing, screen share
-1. [Create a Data Sandbox Profile](https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile)
+1. [Create a Data Sandbox Profile][data-sandbox].
1. Configure the following actions to allow/block (based on your security
- requirements):
+ requirements).
-- Screenshot and Screen Share
-- Printing
-- Save Page
-- Clipboard Limitations
+ - Screenshot and Screen Share
+ - Printing
+ - Save Page
+ - Clipboard Limitations
-1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general)
- to apply the Data Sandbox Profile
+1. [Create a Policy Rule][policy-rule] to apply the Data Sandbox Profile.
-1. Define the Coder Application group as the Destination Object
+1. Define the Coder Application group as the Destination Object.
1. Define the Data Sandbox Profile as the Action in the Last Mile Protection
- section
+ section.
-### Conditionally allow copy on Coder's CLI authentication page
+### Conditionally allow copy on Coder’s CLI authentication page
-1. [Create a URL Object](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general)
- with the following configuration:
+1. [Create a URL Object][policy-rule] with the following configuration.
-- **Include**
-- **URL type**: Wildcard
-- **URL address**: `coder.example.com/cli-auth`
-- **Casing**: Insensitive
+ - **Include**
+ - **URL type**: Wildcard
+ - **URL address**: `coder.example.com/cli-auth`
+ - **Casing**: Insensitive
-1. [Create a Data Sandbox Profile](https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile)
+1. [Create a Data Sandbox Profile][data-sandbox].
-1. Configure action to allow copy/paste
+1. Configure action to allow copy/paste.
-1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general)
- to apply the Data Sandbox Profile
+1. [Create a Policy Rule][policy-rule] to apply the Data Sandbox Profile.
-1. Define the URL Object you created as the Destination Object
+1. Define the URL Object you created as the Destination Object.
1. Define the Data Sandbox Profile as the Action in the Last Mile Protection
- section
+ section.
### Prevent file upload/download from the browser
-1. Create a Protection Profiles for both upload/download
+1. Create a Protection Profiles for both upload/download.
-- [Upload documentation](https://documentation.island.io/docs/create-and-configure-an-upload-protection-profile)
-- [Download documentation](https://documentation.island.io/v1/docs/en/create-and-configure-a-download-protection-profile)
+ - [Upload documentation][upload-docs]
+ - [Download documentation][download-docs]
-1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general)
- to apply the Protection Profiles
+1. [Create a Policy Rule][policy-rule] to apply the Protection Profiles.
-1. Define the Coder Application group as the Destination Object
+1. Define the Coder Application group as the Destination Object.
1. Define the applicable Protection Profile as the Action in the Data Protection
- section
+ section.
### Scan files for sensitive data
-1. [Create a Data Loss Prevention scanner](https://documentation.island.io/docs/create-a-data-loss-prevention-scanner)
+1. [Create a Data Loss Prevention scanner][dlp-scanner].
-1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general)
- to apply the DLP Scanner
+1. [Create a Policy Rule][policy-rule] to apply the DLP Scanner.
-1. Define the Coder Application group as the Destination Object
+1. Define the Coder Application group as the Destination Object.
-1. Define the DLP Scanner as the Action in the Data Protection section
+1. Define the DLP Scanner as the Action in the Data Protection section.
## Application Awareness and Boundaries
Ensure that Coder is only accessed through the Island browser, guaranteeing that
-your browser-level DLP policies are always enforced, and developers can’t
+your browser-level DLP policies are always enforced, and developers can’t
sidestep such policies simply by using another browser.
### Configure browser enforcement, conditional access policies
1. Create a conditional access policy for your configured identity provider.
-> Note: the configured IdP must be the same for both Coder and Island
+
+ The configured IdP must be the same for both Coder and Island
+
-- [Azure Active Directory/Entra ID](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy)
-- [Okta](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta)
-- [Google](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-google-enterprise)
+ - [Azure Active Directory/Entra ID][island-entra]
+ - [Okta][island-okta]
+ - [Google][island-google]
## Browser Activity Logging
@@ -129,35 +125,50 @@ screenshots, mouse clicks, and keystrokes.
### Activity Logging Module
-1. [Create an Activity Logging Profile](https://documentation.island.io/docs/create-and-configure-an-activity-logging-profile)
+1. [Create an Activity Logging Profile][logging-profile]. Supported browser events
+ include:
-Supported browser events include:
+ - Web Navigation
+ - File Download
+ - File Upload
+ - Clipboard/Drag & Drop
+ - Print
+ - Save As
+ - Screenshots
+ - Mouse Clicks
+ - Keystrokes
-- Web Navigation
-- File Download
-- File Upload
-- Clipboard/Drag & Drop
-- Print
-- Save As
-- Screenshots
-- Mouse Clicks
-- Keystrokes
+1. [Create a Policy Rule][policy-rule] to apply the Activity Logging Profile.
-1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general)
- to apply the Activity Logging Profile
-
-1. Define the Coder Application group as the Destination Object
+1. Define the Coder Application group as the Destination Object.
1. Define the Activity Logging Profile as the Action in the Security &
- Visibility section
+ Visibility section.
## Identity-aware logins (SSO)
-Integrate Island's identity management system with Coder's authentication
+Integrate Island’s identity management system with Coder’s authentication
mechanisms to enable identity-aware logins.
### Configure single sign-on (SSO) seamless authentication between Coder and Island
Configure the same identity provider (IdP) for both your Island and Coder
-deployment. Upon initial login to the Island browser, the user's session token
+deployment. Upon initial login to the Island browser, the user’s session token
will automatically be passed to Coder and authenticate their Coder session.
+
+
+
+
+[island]: https://www.island.io/
+[app-group]: https://documentation.island.io/docs/create-and-configure-an-application-group-object
+[data-sandbox]: https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile
+[policy-rule]: https://documentation.island.io/docs/create-and-configure-a-policy-rule-general
+[url-object]: https://documentation.island.io/docs/create-and-configure-a-policy-rule-general
+[logging-profile]: https://documentation.island.io/docs/create-and-configure-an-activity-logging-profile
+[dlp-scanner]: https://documentation.island.io/docs/create-a-data-loss-prevention-scanner
+[upload-docs]: https://documentation.island.io/docs/create-and-configure-an-upload-protection-profile
+[download-docs]: https://documentation.island.io/v1/docs/en/create-and-configure-a-download-protection-profile
+
+[island-entra]: https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy
+[island-okta]: https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta
+[island-google]: https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-google-enterprise
From 004ab1a76b5c64c07f68d5b66d1dc971b3ac7827 Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Thu, 14 Nov 2024 12:51:40 -0500
Subject: [PATCH 03/11] docs: fix list item nesting
---
docs/admin/integrations/jfrog-artifactory.md | 197 ++++++++++---------
1 file changed, 102 insertions(+), 95 deletions(-)
diff --git a/docs/admin/integrations/jfrog-artifactory.md b/docs/admin/integrations/jfrog-artifactory.md
index 89a8ac99cf52e..5e41e63e2f71a 100644
--- a/docs/admin/integrations/jfrog-artifactory.md
+++ b/docs/admin/integrations/jfrog-artifactory.md
@@ -37,7 +37,7 @@ two type of modules that automate the JFrog Artifactory and Coder integration.
This module is usable by JFrog self-hosted (on-premises) Artifactory as it
requires configuring a custom integration. This integration benefits from
-Coder's [external-auth](https://coder.com/docs/admin/external-auth) feature and
+Coder's [external-auth][] feature and
allows each user to authenticate with Artifactory using an OAuth flow and issues
user-scoped tokens to each user.
@@ -45,75 +45,76 @@ To set this up, follow these steps:
1. Modify your Helm chart `values.yaml` for JFrog Artifactory to add,
-```yaml
-artifactory:
- enabled: true
- frontend:
- extraEnvironmentVariables:
- - name: JF_FRONTEND_FEATURETOGGLER_ACCESSINTEGRATION
- value: "true"
- access:
- accessConfig:
- integrations-enabled: true
- integration-templates:
- - id: "1"
- name: "CODER"
- redirect-uri: "https://CODER_URL/external-auth/jfrog/callback"
- scope: "applied-permissions/user"
-```
-
-> Note Replace `CODER_URL` with your Coder deployment URL, e.g.,
->
+ ```yaml
+ artifactory:
+ enabled: true
+ frontend:
+ extraEnvironmentVariables:
+ - name: JF_FRONTEND_FEATURETOGGLER_ACCESSINTEGRATION
+ value: "true"
+ access:
+ accessConfig:
+ integrations-enabled: true
+ integration-templates:
+ - id: "1"
+ name: "CODER"
+ redirect-uri: "https://CODER_URL/external-auth/jfrog/callback"
+ scope: "applied-permissions/user"
+ ```
+
+
+ Replace `CODER_URL` with your JFrog Artifactory base URL; for example, `coder.mycompany.com`.
+
+
2. Create a new Application Integration by going to
and select the
Application Type as the integration you created in step 1.
-
-
-3. Add a new
- [external authentication](https://coder.com/docs/admin/external-auth) to
- Coder by setting these env variables,
-
-```env
-# JFrog Artifactory External Auth
-CODER_EXTERNAL_AUTH_1_ID="jfrog"
-CODER_EXTERNAL_AUTH_1_TYPE="jfrog"
-CODER_EXTERNAL_AUTH_1_CLIENT_ID="YYYYYYYYYYYYYYY"
-CODER_EXTERNAL_AUTH_1_CLIENT_SECRET="XXXXXXXXXXXXXXXXXXX"
-CODER_EXTERNAL_AUTH_1_DISPLAY_NAME="JFrog Artifactory"
-CODER_EXTERNAL_AUTH_1_DISPLAY_ICON="/icon/jfrog.svg"
-CODER_EXTERNAL_AUTH_1_AUTH_URL="https://JFROG_URL/ui/authorization"
-CODER_EXTERNAL_AUTH_1_SCOPES="applied-permissions/user"
-```
-
-> Note Replace `JFROG_URL` with your JFrog Artifactory base URL, e.g.,
->
-
-4. Create or edit a Coder template and use the
- [JFrog-OAuth](https://registry.coder.com/modules/jfrog-oauth) module to
+ 
+
+3. Add a new [external authentication][external-auth] to Coder by setting these
+ environment variables in a manner consistent with your Coder deployment.
+
+ ```env
+ # JFrog Artifactory External Auth
+ CODER_EXTERNAL_AUTH_1_ID="jfrog"
+ CODER_EXTERNAL_AUTH_1_TYPE="jfrog"
+ CODER_EXTERNAL_AUTH_1_CLIENT_ID="YYYYYYYYYYYYYYY"
+ CODER_EXTERNAL_AUTH_1_CLIENT_SECRET="XXXXXXXXXXXXXXXXXXX"
+ CODER_EXTERNAL_AUTH_1_DISPLAY_NAME="JFrog Artifactory"
+ CODER_EXTERNAL_AUTH_1_DISPLAY_ICON="/icon/jfrog.svg"
+ CODER_EXTERNAL_AUTH_1_AUTH_URL="https://JFROG_URL/ui/authorization"
+ CODER_EXTERNAL_AUTH_1_SCOPES="applied-permissions/user"
+ ```
+
+
+ Replace `JFROG_URL` with your JFrog Artifactory base URL; for example, `my-company.jfrog.io`.
+
+
+
+4. Create or edit a Coder template and use the [JFrog-OAuth][] module to
configure the integration.
-```tf
-module "jfrog" {
- source = "registry.coder.com/modules/jfrog-oauth/coder"
- version = "1.0.0"
- agent_id = coder_agent.example.id
- jfrog_url = "https://jfrog.example.com"
- configure_code_server = true # this depends on the code-server
- username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
- package_managers = {
- "npm": "npm",
- "go": "go",
- "pypi": "pypi"
- }
-}
-```
+ ```tf
+ module "jfrog" {
+ source = "registry.coder.com/modules/jfrog-oauth/coder"
+ version = "1.0.0"
+ agent_id = coder_agent.example.id
+ jfrog_url = "https://jfrog.example.com"
+ configure_code_server = true # this depends on the code-server
+ username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
+ package_managers = {
+ "npm": "npm",
+ "go": "go",
+ "pypi": "pypi"
+ }
+ }
+ ```
### JFrog-Token
-This module makes use of the
-[Artifactory terraform provider](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs)
+This module makes use of the [Artifactory terraform provider][artifactory-tf-provider]
and an admin-scoped token to create user-scoped tokens for each user by matching
their Coder email or username with Artifactory. This can be used for both SaaS
and self-hosted(on-premises) Artifactory instances.
@@ -121,55 +122,61 @@ and self-hosted(on-premises) Artifactory instances.
To set this up, follow these steps:
1. Get a JFrog access token from your Artifactory instance. The token must be an
- [admin token](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token)
- with scope `applied-permissions/admin`.
-2. Create or edit a Coder template and use the
- [JFrog-Token](https://registry.coder.com/modules/jfrog-token) module to
+ [admin token] with scope `applied-permissions/admin`.
+
+2. Create or edit a Coder template and use the [JFrog-Token][] module to
configure the integration and pass the admin token. It is recommended to
store the token in a sensitive terraform variable to prevent it from being
displayed in plain text in the terraform state.
-```tf
-variable "artifactory_access_token" {
- type = string
- sensitive = true
-}
-
-module "jfrog" {
- source = "registry.coder.com/modules/jfrog-token/coder"
- version = "1.0.0"
- agent_id = coder_agent.example.id
- jfrog_url = "https://example.jfrog.io"
- configure_code_server = true # this depends on the code-server
- artifactory_access_token = var.artifactory_access_token
- package_managers = {
- "npm": "npm",
- "go": "go",
- "pypi": "pypi"
- }
-}
-```
+ ```tf
+ variable "artifactory_access_token" {
+ type = string
+ sensitive = true
+ }
+
+ module "jfrog" {
+ source = "registry.coder.com/modules/jfrog-token/coder"
+ version = "1.0.0"
+ agent_id = coder_agent.example.id
+ jfrog_url = "https://example.jfrog.io"
+ configure_code_server = true # this depends on the code-server
+ artifactory_access_token = var.artifactory_access_token
+ package_managers = {
+ "npm": "npm",
+ "go": "go",
+ "pypi": "pypi"
+ }
+ }
+ ```
The admin-level access token is used to provision user tokens and is never exposed to
developers or stored in workspaces.
-If you do not want to use the official modules, you can check example template
-that uses Docker as the underlying compute
-[here](https://github.com/coder/coder/tree/main/examples/jfrog/docker). The same
-concepts apply to all compute types.
+If you don't want to use the official modules, you can read through the
+[example template][docker-template], which uses Docker as the underlying compute.
+The same concepts apply to all compute types.
## Offline Deployments
-See the
-[offline deployments](../templates/extending-templates/modules.md#offline-installations)
-section for instructions on how to use coder-modules in an offline environment
-with Artifactory.
+See the [offline deployments][] section for instructions on how to use
+coder-modules in an offline environment with Artifactory.
## More reading
-- See the full example template
- [here](https://github.com/coder/coder/tree/main/examples/jfrog/docker).
+- See the [full example Docker template][docker-template].
+
- To serve extensions from your own VS Code Marketplace, check out
- [code-marketplace](https://github.com/coder/code-marketplace#artifactory-storage).
+ [code-marketplace][cm-artifactory].
+
+
+[jfrog-oauth]: https://registry.coder.com/modules/jfrog-oauth
+[jfrog-token]: https://registry.coder.com/modules/jfrog-token
+[cm-artifactory]:https://github.com/coder/code-marketplace#artifactory-storage
+[offline deployments]: ../templates/extending-templates/modules.md#offline-installations
+[docker-template]: https://github.com/coder/coder/tree/main/examples/jfrog/docker
+[admin token]: https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token
+[artifactory-tf-provider]: https://registry.terraform.io/providers/jfrog/artifactory/latest/docs
+[external-auth]: https://coder.com/docs/admin/external-auth
From aea696720c39855243794a967751642d2ffcfdb9 Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Thu, 14 Nov 2024 12:52:34 -0500
Subject: [PATCH 04/11] docs: improve admonition for authentication
---
docs/admin/integrations/jfrog-xray.md | 86 ++++++++++++++++-----------
1 file changed, 51 insertions(+), 35 deletions(-)
diff --git a/docs/admin/integrations/jfrog-xray.md b/docs/admin/integrations/jfrog-xray.md
index 933bf2e475edd..39bfbd6248b44 100644
--- a/docs/admin/integrations/jfrog-xray.md
+++ b/docs/admin/integrations/jfrog-xray.md
@@ -10,61 +10,77 @@ March 17, 2024
---
-This guide will walk you through the process of adding
-[JFrog Xray](https://jfrog.com/xray/) integration to Coder Kubernetes workspaces
-using Coder's [JFrog Xray Integration](https://github.com/coder/coder-xray).
+
+This guide describes the process of integrating [JFrog Xray][] to Coder
+Kubernetes-backed workspaces using Coder’s [JFrog Xray Integration][`coder-xray`].
## Prerequisites
- A self-hosted JFrog Platform instance.
- Kubernetes workspaces running on Coder.
-## Deploying the Coder - JFrog Xray Integration
-1. Create a JFrog Platform
- [Access Token](https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens)
- with a user that has the read
- [permission](https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions)
- for the repositories you want to scan.
-1. Create a Coder [token](../../reference/cli/tokens_create.md#tokens-create)
- with a user that has the [`owner`](../users/index.md#roles) role.
+## Deploy the **Coder - JFrog Xray** Integration
+
+1. Create a JFrog Platform [Access Token][] with a user that has the `read`
+ [permission][] for the repositories you want to scan.
+
+1. Create a Coder [token][] with a user that has the [`owner`][roles] role.
+
1. Create Kubernetes secrets for the JFrog Xray and Coder tokens.
```bash
- kubectl create secret generic coder-token --from-literal=coder-token=''
- kubectl create secret generic jfrog-token --from-literal=user='' --from-literal=token=''
+ kubectl create secret generic coder-token \
+ --from-literal=coder-token=''
+ ```
+
+ ```bash
+ kubectl create secret generic jfrog-token \
+ --from-literal=user='' \
+ --from-literal=token=''
```
-1. Deploy the Coder - JFrog Xray integration.
+1. Deploy the **Coder - JFrog Xray** integration.
```bash
helm repo add coder-xray https://helm.coder.com/coder-xray
+ ```
+ ```bash
helm upgrade --install coder-xray coder-xray/coder-xray \
- --namespace coder-xray \
- --create-namespace \
- --set namespace="" \ # Replace with your Coder workspaces namespace
- --set coder.url="https://" \
- --set coder.secretName="coder-token" \
- --set artifactory.url="https://" \
- --set artifactory.secretName="jfrog-token"
+ --namespace coder-xray \
+ --create-namespace \
+ --set namespace="" \
+ --set coder.url="https://" \
+ --set coder.secretName="coder-token" \
+ --set artifactory.url="https://" \
+ --set artifactory.secretName="jfrog-token"
```
-### Updating the Coder template
+
+
+ **Note**: To authenticate with the Artifactory registry, you may need to
+ create a [Docker config][docker-advanced-topics] and use it in the
+ `imagePullSecrets` field of the Kubernetes Pod. See the
+ [**Defining ImagePullSecrets for Coder workspaces**][image-pull-secret]
+ guide for more information.
+
+
-[`coder-xray`](https://github.com/coder/coder-xray) will scan all kubernetes
-workspaces in the specified namespace. It depends on the `image` available in
-Artifactory and indexed by Xray. To ensure that the images are available in
-Artifactory, update the Coder template to use the Artifactory registry.
+## Validate your installation
-```tf
-image = "//:"
-```
+Once installed, configured workspaces will now have a banner appear on any
+workspace with vulnerabilities reported by JFrog Xray.
-> **Note**: To authenticate with the Artifactory registry, you may need to
-> create a
-> [Docker config](https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics)
-> and use it in the `imagePullSecrets` field of the kubernetes pod. See this
-> [guide](../../tutorials/image-pull-secret.md) for more information.
+
-
+
+[JFrog Xray]: https://jfrog.com/xray/
+[JFrog Xray Integration]: https://github.com/coder/coder-xray
+[`coder-xray`]: https://github.com/coder/coder-xray
+[docker-advanced-topics]: https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics
+[image-pull-secret]: ../../tutorials/image-pull-secret.md
+[token]: ../../reference/cli/tokens_create.md#tokens-create
+[roles]: ../users#roles
+[permission]: https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions
+[access token]: https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
From dfbe02b41d9fdf6d0b1f4f4002eda618588d691a Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Thu, 14 Nov 2024 12:53:18 -0500
Subject: [PATCH 05/11] docs: tidy and update vault guide
---
docs/admin/integrations/vault.md | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/docs/admin/integrations/vault.md b/docs/admin/integrations/vault.md
index 4a75008f221cd..b362a977f4f2c 100644
--- a/docs/admin/integrations/vault.md
+++ b/docs/admin/integrations/vault.md
@@ -10,22 +10,20 @@ August 05, 2024
---
-This guide will walk you through the process of adding
-[HashiCorp Vault](https://www.vaultproject.io/) integration to Coder workspaces.
+This guide describes the process of integrating [HashiCorp Vault][] into Coder
+workspaces.
Coder makes it easy to integrate HashiCorp Vault with your workspaces by
-providing official terraform modules to integrate Vault with Coder. This guide
+providing official Terraform modules to integrate Vault with Coder. This guide
will show you how to use these modules to integrate HashiCorp Vault with Coder.
-## `vault-github`
+## The `vault-github` module
-[`vault-github`](https://registry.coder.com/modules/vault-github) is a terraform
-module that allows you to authenticate with Vault using a GitHub token. This
-modules uses the existing GitHub [external authentication](../external-auth.md)
-to get the token and authenticate with Vault.
+The [`vault-github`][] module is a Terraform module that allows you to
+authenticate with Vault using a GitHub token. This module uses the existing
+GitHub [external authentication][] to get the token and authenticate with Vault.
-To use this module, you need to add the following code to your terraform
-configuration:
+To use this module, add the following code to your Terraform configuration.
```tf
module "vault" {
@@ -37,12 +35,16 @@ module "vault" {
}
```
-This module will install and authenticate the `vault` CLI in your Coder
-workspace.
+This module installs and authenticates the `vault` CLI in your Coder workspace.
-Users then can use the `vault` CLI to interact with the vault, e.g., to het a kv
-secret,
+Users then can use the `vault` CLI to interact with Vault; for example, to fetch
+a secret stored in the KV backend.
```shell
vault kv get -namespace=YOUR_NAMESPACE -mount=MOUNT_NAME SECRET_NAME
```
+
+
+[HashiCorp Vault]: https://www.vaultproject.io/
+[external authentication]: ../external-auth.md
+[`vault-github`]: https://registry.coder.com/modules/vault-github
From 8db635c2174eefd69864bb4b053f6cddee12833d Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Thu, 14 Nov 2024 12:54:30 -0500
Subject: [PATCH 06/11] docs: improve admonitions
---
docs/admin/monitoring/health-check.md | 44 +++++++++++++++++----------
1 file changed, 28 insertions(+), 16 deletions(-)
diff --git a/docs/admin/monitoring/health-check.md b/docs/admin/monitoring/health-check.md
index 51c0e8082afff..a019d4f697fd8 100644
--- a/docs/admin/monitoring/health-check.md
+++ b/docs/admin/monitoring/health-check.md
@@ -117,14 +117,14 @@ Coder's current activity and usage. It may be necessary to increase the
resources allocated to Coder's database. Alternatively, you can raise the
configured threshold to a higher value (this will not address the root cause).
-> [!TIP]
->
-> - You can enable
-> [detailed database metrics](../../reference/cli/server.md#--prometheus-collect-db-metrics)
-> in Coder's Prometheus endpoint.
-> - If you have [tracing enabled](../../reference/cli/server.md#--trace), these
-> traces may also contain useful information regarding Coder's database
-> activity.
+
+
+You can enable
+ [detailed database metrics](../../reference/cli/server.md#--prometheus-collect-db-metrics)
+ in Coder's Prometheus endpoint.
+If you have [tracing enabled](../../reference/cli/server.md#--trace), these
+traces may also contain useful information regarding Coder's database activity.
+
## DERP
@@ -149,8 +149,11 @@ This is not necessarily a fatal error, but a possible indication of a
misconfigured reverse HTTP proxy. Additionally, while workspace users should
still be able to reach their workspaces, connection performance may be degraded.
-> **Note:** This may also be shown if you have
-> [forced websocket connections for DERP](../../reference/cli/server.md#--derp-force-websockets).
+
+
+**Note:** This may also be shown if you have
+[forced websocket connections for DERP](../../reference/cli/server.md#--derp-force-websockets).
+
**Solution:** ensure that any proxies you use allow connection upgrade with the
`Upgrade: derp` header.
@@ -300,8 +303,11 @@ that they are able to successfully connect to Coder. Otherwise, ensure
[`--provisioner-daemons`](../../reference/cli/server.md#--provisioner-daemons)
is set to a value greater than 0.
-> Note: This may be a transient issue if you are currently in the process of
-> updating your deployment.
+
+
+**Note:** This may be a transient issue if you are currently in the process of
+updating your deployment.
+
### EPD02
@@ -315,8 +321,11 @@ of API incompatibility.
**Solution:** Update the provisioner daemon to match the currently running
version of Coder.
-> Note: This may be a transient issue if you are currently in the process of
-> updating your deployment.
+
+
+**Note:** This may be a transient issue if you are currently in the process of
+updating your deployment.
+
### EPD03
@@ -330,8 +339,11 @@ connect to Coder.
**Solution:** Update the provisioner daemon to match the currently running
version of Coder.
-> Note: This may be a transient issue if you are currently in the process of
-> updating your deployment.
+
+
+**Note:** This may be a transient issue if you are currently in the process of
+updating your deployment.
+
## EUNKNOWN
From 93b6a5b1705717469c773a5cd519df1ef0c15c3c Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Thu, 14 Nov 2024 12:55:18 -0500
Subject: [PATCH 07/11] docs: improve admonitions
---
docs/contributing/frontend.md | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/docs/contributing/frontend.md b/docs/contributing/frontend.md
index c9d972711bce3..990f67b8c8759 100644
--- a/docs/contributing/frontend.md
+++ b/docs/contributing/frontend.md
@@ -23,14 +23,15 @@ You can run the UI and access the Coder dashboard in two ways:
In both cases, you can access the dashboard on `http://localhost:8080`. If using
`./scripts/develop.sh` you can log in with the default credentials.
-> [!TIP]
->
-> **Default Credentials:** `admin@coder.com` and `SomeSecurePassword!`.
+
+
+**Default Credentials:** `admin@coder.com` and `SomeSecurePassword!`.
+
## Tech Stack Overview
-All our dependencies are described in `site/package.json` but the following are
-the most important:
+All our dependencies are described in `site/package.json`, but the following are
+the most important.
- [React](https://reactjs.org/) for the UI framework
- [Typescript](https://www.typescriptlang.org/) to keep our sanity
From 504d4267664e4c5247ab15bc52b23877c3348bc2 Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Thu, 14 Nov 2024 12:55:55 -0500
Subject: [PATCH 08/11] docs: content edits, reference links to make copy
easier to read
---
docs/admin/integrations/prometheus.md | 35 +++++++++++++++------------
1 file changed, 19 insertions(+), 16 deletions(-)
diff --git a/docs/admin/integrations/prometheus.md b/docs/admin/integrations/prometheus.md
index 059e19da126cc..5c299d73feeee 100644
--- a/docs/admin/integrations/prometheus.md
+++ b/docs/admin/integrations/prometheus.md
@@ -3,9 +3,8 @@
Coder exposes many metrics which can be consumed by a Prometheus server, and
give insight into the current state of a live Coder deployment.
-If you don't have an Prometheus server installed, you can follow the Prometheus
-[Getting started](https://prometheus.io/docs/prometheus/latest/getting_started/)
-guide.
+If you don't have a Prometheus server installed, you can follow the Prometheus
+[Getting started][prom-get-started] guide.
## Enable Prometheus metrics
@@ -19,7 +18,7 @@ use either the environment variable `CODER_PROMETHEUS_ADDRESS` or the flag
address.
If `coder server --prometheus-enable` is started locally, you can preview the
-metrics endpoint in your browser or by using curl:
+metrics endpoint in your browser or by using curl.
```console
$ curl http://localhost:2112/
@@ -31,13 +30,12 @@ coderd_api_active_users_duration_hour 0
### Kubernetes deployment
-The Prometheus endpoint can be enabled in the
-[Helm chart's](https://github.com/coder/coder/tree/main/helm) `values.yml` by
-setting the environment variable `CODER_PROMETHEUS_ADDRESS` to `0.0.0.0:2112`.
-The environment variable `CODER_PROMETHEUS_ENABLE` will be enabled
-automatically. A Service Endpoint will not be exposed; if you need to expose the
-Prometheus port on a Service, (for example, to use a `ServiceMonitor`), create a
-separate headless service instead:
+The Prometheus endpoint can be enabled in the [Helm chart's][coder-helm]
+`values.yml` by setting the environment variable `CODER_PROMETHEUS_ADDRESS` to
+`0.0.0.0:2112`. The environment variable `CODER_PROMETHEUS_ENABLE` will be
+enabled automatically. A Service Endpoint will not be exposed; if you need to
+expose the Prometheus port on a Service, (for example, to use a `ServiceMonitor`),
+create a separate headless service instead.
```yaml
apiVersion: v1
@@ -62,21 +60,22 @@ spec:
To allow Prometheus to scrape the Coder metrics, you will need to create a
`scape_config` in your `prometheus.yml` file, or in the Prometheus Helm chart
-values. Below is an example `scrape_config`:
+values. The following is an example `scrape_config`.
```yaml
scrape_configs:
- job_name: "coder"
scheme: "http"
static_configs:
- - targets: [":2112"] # replace with the the IP address of the Coder pod or server
+ # replace with the the IP address of the Coder pod or server
+ - targets: [":2112"]
labels:
apps: "coder"
```
To use the Kubernetes Prometheus operator to scrape metrics, you will need to
-create a `ServiceMonitor` in your Coder deployment namespace. Below is an
-example `ServiceMonitor`:
+create a `ServiceMonitor` in your Coder deployment namespace. The following is
+an example `ServiceMonitor`.
```yaml
apiVersion: monitoring.coreos.com/v1
@@ -96,11 +95,15 @@ spec:
## Available metrics
-`coderd_agentstats_*` metrics must first be enabled with the flag
+You must first enable `coderd_agentstats_*` with the flag
`--prometheus-collect-agent-stats`, or the environment variable
`CODER_PROMETHEUS_COLLECT_AGENT_STATS` before they can be retrieved from the
deployment. They will always be available from the agent.
+
+[prom-get-started]: https://prometheus.io/docs/prometheus/latest/getting_started/
+[coder-helm]: https://github.com/coder/coder/tree/main/helm
+
| Name | Type | Description | Labels |
From 63c5136350af58743a53f4e7a176eef21e263593 Mon Sep 17 00:00:00 2001
From: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Date: Mon, 18 Nov 2024 16:54:28 +0000
Subject: [PATCH 09/11] make fmt
---
docs/admin/external-auth.md | 3 +-
docs/admin/integrations/island.md | 82 +++++----
docs/admin/integrations/jfrog-artifactory.md | 183 ++++++++++---------
docs/admin/integrations/jfrog-xray.md | 38 ++--
docs/admin/integrations/prometheus.md | 8 +-
docs/admin/integrations/vault.md | 4 +-
docs/admin/monitoring/health-check.md | 13 +-
docs/contributing/frontend.md | 1 +
8 files changed, 181 insertions(+), 151 deletions(-)
diff --git a/docs/admin/external-auth.md b/docs/admin/external-auth.md
index 2116beb3046e1..471e976b31db8 100644
--- a/docs/admin/external-auth.md
+++ b/docs/admin/external-auth.md
@@ -215,4 +215,5 @@ CODER_EXTERNAL_AUTH_1_TOKEN_URL="https://github.example.com/login/oauth/access_t
CODER_EXTERNAL_AUTH_1_VALIDATE_URL="https://github.example.com/api/v3/user"
```
-[agent_startup]: https://registry.terraform.io/providers/coder/coder/latest/docs/resources/agent#startup_script
+[agent_startup]:
+ https://registry.terraform.io/providers/coder/coder/latest/docs/resources/agent#startup_script
diff --git a/docs/admin/integrations/island.md b/docs/admin/integrations/island.md
index ed6d7d6cd7392..5d7dea6adc391 100644
--- a/docs/admin/integrations/island.md
+++ b/docs/admin/integrations/island.md
@@ -15,10 +15,10 @@ similar to popular web browsers like Chrome and Edge. It includes built-in
security features for corporate applications and data, aiming to bridge the gap
between consumer-focused browsers and the security needs of the enterprise.
-Coder natively integrates with Island’s feature set, which include data loss
-protection (DLP), application awareness, browser session recording, and single
-sign-on (SSO). This guide intends to document these feature categories and how
-they apply to your Coder deployment.
+Coder natively integrates with Island’s feature set, which include data
+loss protection (DLP), application awareness, browser session recording, and
+single sign-on (SSO). This guide intends to document these feature categories
+and how they apply to your Coder deployment.
## General Configuration
@@ -60,10 +60,10 @@ ensuring that sensitive IP remains in your centralized environment.
1. [Create a URL Object][policy-rule] with the following configuration.
- - **Include**
- - **URL type**: Wildcard
- - **URL address**: `coder.example.com/cli-auth`
- - **Casing**: Insensitive
+ - **Include**
+ - **URL type**: Wildcard
+ - **URL address**: `coder.example.com/cli-auth`
+ - **Casing**: Insensitive
1. [Create a Data Sandbox Profile][data-sandbox].
@@ -80,8 +80,8 @@ ensuring that sensitive IP remains in your centralized environment.
1. Create a Protection Profiles for both upload/download.
- - [Upload documentation][upload-docs]
- - [Download documentation][download-docs]
+ - [Upload documentation][upload-docs]
+ - [Download documentation][download-docs]
1. [Create a Policy Rule][policy-rule] to apply the Protection Profiles.
@@ -110,13 +110,13 @@ sidestep such policies simply by using another browser.
1. Create a conditional access policy for your configured identity provider.
-
- The configured IdP must be the same for both Coder and Island
-
+
+ The configured IdP must be the same for both Coder and Island
+
- - [Azure Active Directory/Entra ID][island-entra]
- - [Okta][island-okta]
- - [Google][island-google]
+ - [Azure Active Directory/Entra ID][island-entra]
+ - [Okta][island-okta]
+ - [Google][island-google]
## Browser Activity Logging
@@ -125,8 +125,8 @@ screenshots, mouse clicks, and keystrokes.
### Activity Logging Module
-1. [Create an Activity Logging Profile][logging-profile]. Supported browser events
- include:
+1. [Create an Activity Logging Profile][logging-profile]. Supported browser
+ events include:
- Web Navigation
- File Download
@@ -147,28 +147,38 @@ screenshots, mouse clicks, and keystrokes.
## Identity-aware logins (SSO)
-Integrate Island’s identity management system with Coder’s authentication
-mechanisms to enable identity-aware logins.
+Integrate Island’s identity management system with Coder’s
+authentication mechanisms to enable identity-aware logins.
### Configure single sign-on (SSO) seamless authentication between Coder and Island
Configure the same identity provider (IdP) for both your Island and Coder
-deployment. Upon initial login to the Island browser, the user’s session token
-will automatically be passed to Coder and authenticate their Coder session.
-
-
+deployment. Upon initial login to the Island browser, the user’s session
+token will automatically be passed to Coder and authenticate their Coder
+session.
+
[island]: https://www.island.io/
-[app-group]: https://documentation.island.io/docs/create-and-configure-an-application-group-object
-[data-sandbox]: https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile
-[policy-rule]: https://documentation.island.io/docs/create-and-configure-a-policy-rule-general
-[url-object]: https://documentation.island.io/docs/create-and-configure-a-policy-rule-general
-[logging-profile]: https://documentation.island.io/docs/create-and-configure-an-activity-logging-profile
-[dlp-scanner]: https://documentation.island.io/docs/create-a-data-loss-prevention-scanner
-[upload-docs]: https://documentation.island.io/docs/create-and-configure-an-upload-protection-profile
-[download-docs]: https://documentation.island.io/v1/docs/en/create-and-configure-a-download-protection-profile
-
-[island-entra]: https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy
-[island-okta]: https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta
-[island-google]: https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-google-enterprise
+[app-group]:
+ https://documentation.island.io/docs/create-and-configure-an-application-group-object
+[data-sandbox]:
+ https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile
+[policy-rule]:
+ https://documentation.island.io/docs/create-and-configure-a-policy-rule-general
+[url-object]:
+ https://documentation.island.io/docs/create-and-configure-a-policy-rule-general
+[logging-profile]:
+ https://documentation.island.io/docs/create-and-configure-an-activity-logging-profile
+[dlp-scanner]:
+ https://documentation.island.io/docs/create-a-data-loss-prevention-scanner
+[upload-docs]:
+ https://documentation.island.io/docs/create-and-configure-an-upload-protection-profile
+[download-docs]:
+ https://documentation.island.io/v1/docs/en/create-and-configure-a-download-protection-profile
+[island-entra]:
+ https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy
+[island-okta]:
+ https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta
+[island-google]:
+ https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-google-enterprise
diff --git a/docs/admin/integrations/jfrog-artifactory.md b/docs/admin/integrations/jfrog-artifactory.md
index 5e41e63e2f71a..61e1469898114 100644
--- a/docs/admin/integrations/jfrog-artifactory.md
+++ b/docs/admin/integrations/jfrog-artifactory.md
@@ -37,35 +37,36 @@ two type of modules that automate the JFrog Artifactory and Coder integration.
This module is usable by JFrog self-hosted (on-premises) Artifactory as it
requires configuring a custom integration. This integration benefits from
-Coder's [external-auth][] feature and
-allows each user to authenticate with Artifactory using an OAuth flow and issues
-user-scoped tokens to each user.
+Coder's [external-auth][] feature and allows each user to authenticate with
+Artifactory using an OAuth flow and issues user-scoped tokens to each user.
To set this up, follow these steps:
1. Modify your Helm chart `values.yaml` for JFrog Artifactory to add,
- ```yaml
- artifactory:
- enabled: true
- frontend:
- extraEnvironmentVariables:
- - name: JF_FRONTEND_FEATURETOGGLER_ACCESSINTEGRATION
- value: "true"
- access:
- accessConfig:
- integrations-enabled: true
- integration-templates:
- - id: "1"
- name: "CODER"
- redirect-uri: "https://CODER_URL/external-auth/jfrog/callback"
- scope: "applied-permissions/user"
- ```
-
-
- Replace `CODER_URL` with your JFrog Artifactory base URL; for example, `coder.mycompany.com`.
-
-
+ ```yaml
+ artifactory:
+ enabled: true
+ frontend:
+ extraEnvironmentVariables:
+ - name: JF_FRONTEND_FEATURETOGGLER_ACCESSINTEGRATION
+ value: "true"
+ access:
+ accessConfig:
+ integrations-enabled: true
+ integration-templates:
+ - id: "1"
+ name: "CODER"
+ redirect-uri: "https://CODER_URL/external-auth/jfrog/callback"
+ scope: "applied-permissions/user"
+ ```
+
+
+
+ Replace `CODER_URL` with your JFrog Artifactory base URL; for example,
+ `coder.mycompany.com`.
+
+
2. Create a new Application Integration by going to
and select the
@@ -76,48 +77,51 @@ To set this up, follow these steps:
3. Add a new [external authentication][external-auth] to Coder by setting these
environment variables in a manner consistent with your Coder deployment.
- ```env
- # JFrog Artifactory External Auth
- CODER_EXTERNAL_AUTH_1_ID="jfrog"
- CODER_EXTERNAL_AUTH_1_TYPE="jfrog"
- CODER_EXTERNAL_AUTH_1_CLIENT_ID="YYYYYYYYYYYYYYY"
- CODER_EXTERNAL_AUTH_1_CLIENT_SECRET="XXXXXXXXXXXXXXXXXXX"
- CODER_EXTERNAL_AUTH_1_DISPLAY_NAME="JFrog Artifactory"
- CODER_EXTERNAL_AUTH_1_DISPLAY_ICON="/icon/jfrog.svg"
- CODER_EXTERNAL_AUTH_1_AUTH_URL="https://JFROG_URL/ui/authorization"
- CODER_EXTERNAL_AUTH_1_SCOPES="applied-permissions/user"
- ```
-
+ ```env
+ # JFrog Artifactory External Auth
+ CODER_EXTERNAL_AUTH_1_ID="jfrog"
+ CODER_EXTERNAL_AUTH_1_TYPE="jfrog"
+ CODER_EXTERNAL_AUTH_1_CLIENT_ID="YYYYYYYYYYYYYYY"
+ CODER_EXTERNAL_AUTH_1_CLIENT_SECRET="XXXXXXXXXXXXXXXXXXX"
+ CODER_EXTERNAL_AUTH_1_DISPLAY_NAME="JFrog Artifactory"
+ CODER_EXTERNAL_AUTH_1_DISPLAY_ICON="/icon/jfrog.svg"
+ CODER_EXTERNAL_AUTH_1_AUTH_URL="https://JFROG_URL/ui/authorization"
+ CODER_EXTERNAL_AUTH_1_SCOPES="applied-permissions/user"
+ ```
- Replace `JFROG_URL` with your JFrog Artifactory base URL; for example, `my-company.jfrog.io`.
+
-
+ Replace `JFROG_URL` with your JFrog Artifactory base URL; for example,
+ `my-company.jfrog.io`.
+
+
4. Create or edit a Coder template and use the [JFrog-OAuth][] module to
configure the integration.
- ```tf
- module "jfrog" {
- source = "registry.coder.com/modules/jfrog-oauth/coder"
- version = "1.0.0"
- agent_id = coder_agent.example.id
- jfrog_url = "https://jfrog.example.com"
- configure_code_server = true # this depends on the code-server
- username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
- package_managers = {
- "npm": "npm",
- "go": "go",
- "pypi": "pypi"
- }
- }
- ```
+ ```tf
+ module "jfrog" {
+ source = "registry.coder.com/modules/jfrog-oauth/coder"
+ version = "1.0.0"
+ agent_id = coder_agent.example.id
+ jfrog_url = "https://jfrog.example.com"
+ configure_code_server = true # this depends on the code-server
+ username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
+ package_managers = {
+ "npm": "npm",
+ "go": "go",
+ "pypi": "pypi"
+ }
+ }
+ ```
### JFrog-Token
-This module makes use of the [Artifactory terraform provider][artifactory-tf-provider]
-and an admin-scoped token to create user-scoped tokens for each user by matching
-their Coder email or username with Artifactory. This can be used for both SaaS
-and self-hosted(on-premises) Artifactory instances.
+This module makes use of the [Artifactory terraform
+provider][artifactory-tf-provider] and an admin-scoped token to create
+user-scoped tokens for each user by matching their Coder email or username with
+Artifactory. This can be used for both SaaS and self-hosted(on-premises)
+Artifactory instances.
To set this up, follow these steps:
@@ -129,40 +133,40 @@ To set this up, follow these steps:
store the token in a sensitive terraform variable to prevent it from being
displayed in plain text in the terraform state.
- ```tf
- variable "artifactory_access_token" {
- type = string
- sensitive = true
- }
-
- module "jfrog" {
- source = "registry.coder.com/modules/jfrog-token/coder"
- version = "1.0.0"
- agent_id = coder_agent.example.id
- jfrog_url = "https://example.jfrog.io"
- configure_code_server = true # this depends on the code-server
- artifactory_access_token = var.artifactory_access_token
- package_managers = {
- "npm": "npm",
- "go": "go",
- "pypi": "pypi"
- }
- }
- ```
+ ```tf
+ variable "artifactory_access_token" {
+ type = string
+ sensitive = true
+ }
+
+ module "jfrog" {
+ source = "registry.coder.com/modules/jfrog-token/coder"
+ version = "1.0.0"
+ agent_id = coder_agent.example.id
+ jfrog_url = "https://example.jfrog.io"
+ configure_code_server = true # this depends on the code-server
+ artifactory_access_token = var.artifactory_access_token
+ package_managers = {
+ "npm": "npm",
+ "go": "go",
+ "pypi": "pypi"
+ }
+ }
+ ```
The admin-level access token is used to provision user tokens and is never exposed to
developers or stored in workspaces.
-If you don't want to use the official modules, you can read through the
-[example template][docker-template], which uses Docker as the underlying compute.
-The same concepts apply to all compute types.
+If you don't want to use the official modules, you can read through the [example
+template][docker-template], which uses Docker as the underlying compute. The
+same concepts apply to all compute types.
## Offline Deployments
-See the [offline deployments][] section for instructions on how to use
-coder-modules in an offline environment with Artifactory.
+See the [offline deployments][] section for instructions on how to use coder-modules
+in an offline environment with Artifactory.
## More reading
@@ -172,11 +176,16 @@ coder-modules in an offline environment with Artifactory.
[code-marketplace][cm-artifactory].
+
[jfrog-oauth]: https://registry.coder.com/modules/jfrog-oauth
[jfrog-token]: https://registry.coder.com/modules/jfrog-token
-[cm-artifactory]:https://github.com/coder/code-marketplace#artifactory-storage
-[offline deployments]: ../templates/extending-templates/modules.md#offline-installations
-[docker-template]: https://github.com/coder/coder/tree/main/examples/jfrog/docker
-[admin token]: https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token
-[artifactory-tf-provider]: https://registry.terraform.io/providers/jfrog/artifactory/latest/docs
+[cm-artifactory]: https://github.com/coder/code-marketplace#artifactory-storage
+[offline deployments]:
+ ../templates/extending-templates/modules.md#offline-installations
+[docker-template]:
+ https://github.com/coder/coder/tree/main/examples/jfrog/docker
+[admin token]:
+ https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token
+[artifactory-tf-provider]:
+ https://registry.terraform.io/providers/jfrog/artifactory/latest/docs
[external-auth]: https://coder.com/docs/admin/external-auth
diff --git a/docs/admin/integrations/jfrog-xray.md b/docs/admin/integrations/jfrog-xray.md
index 39bfbd6248b44..65974def647b3 100644
--- a/docs/admin/integrations/jfrog-xray.md
+++ b/docs/admin/integrations/jfrog-xray.md
@@ -10,20 +10,18 @@ March 17, 2024
---
-
-This guide describes the process of integrating [JFrog Xray][] to Coder
-Kubernetes-backed workspaces using Coder’s [JFrog Xray Integration][`coder-xray`].
+This guide describes the process of integrating [JFrog Xray][] to Coder Kubernetes-backed
+workspaces using Coder’s [JFrog Xray Integration][`coder-xray`].
## Prerequisites
- A self-hosted JFrog Platform instance.
- Kubernetes workspaces running on Coder.
-
## Deploy the **Coder - JFrog Xray** Integration
-1. Create a JFrog Platform [Access Token][] with a user that has the `read`
- [permission][] for the repositories you want to scan.
+1. Create a JFrog Platform [Access Token][] with a user that has the `read` [permission][]
+ for the repositories you want to scan.
1. Create a Coder [token][] with a user that has the [`owner`][roles] role.
@@ -31,13 +29,13 @@ Kubernetes-backed workspaces using Coder’s [JFrog Xray Integration][`coder
```bash
kubectl create secret generic coder-token \
- --from-literal=coder-token=''
- ```
+ --from-literal=coder-token=''
+ ```
- ```bash
+ ```bash
kubectl create secret generic jfrog-token \
- --from-literal=user='' \
- --from-literal=token=''
+ --from-literal=user='' \
+ --from-literal=token=''
```
1. Deploy the **Coder - JFrog Xray** integration.
@@ -46,7 +44,7 @@ Kubernetes-backed workspaces using Coder’s [JFrog Xray Integration][`coder
helm repo add coder-xray https://helm.coder.com/coder-xray
```
- ```bash
+ ```bash
helm upgrade --install coder-xray coder-xray/coder-xray \
--namespace coder-xray \
--create-namespace \
@@ -61,9 +59,9 @@ Kubernetes-backed workspaces using Coder’s [JFrog Xray Integration][`coder
**Note**: To authenticate with the Artifactory registry, you may need to
create a [Docker config][docker-advanced-topics] and use it in the
- `imagePullSecrets` field of the Kubernetes Pod. See the
- [**Defining ImagePullSecrets for Coder workspaces**][image-pull-secret]
- guide for more information.
+ `imagePullSecrets` field of the Kubernetes Pod. See the [**Defining
+ ImagePullSecrets for Coder workspaces**][image-pull-secret] guide for more
+ information.
@@ -75,12 +73,16 @@ workspace with vulnerabilities reported by JFrog Xray.
+
[JFrog Xray]: https://jfrog.com/xray/
[JFrog Xray Integration]: https://github.com/coder/coder-xray
[`coder-xray`]: https://github.com/coder/coder-xray
-[docker-advanced-topics]: https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics
+[docker-advanced-topics]:
+ https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics
[image-pull-secret]: ../../tutorials/image-pull-secret.md
[token]: ../../reference/cli/tokens_create.md#tokens-create
[roles]: ../users#roles
-[permission]: https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions
-[access token]: https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
+[permission]:
+ https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions
+[access token]:
+ https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
diff --git a/docs/admin/integrations/prometheus.md b/docs/admin/integrations/prometheus.md
index 5c299d73feeee..e951332453b42 100644
--- a/docs/admin/integrations/prometheus.md
+++ b/docs/admin/integrations/prometheus.md
@@ -34,8 +34,8 @@ The Prometheus endpoint can be enabled in the [Helm chart's][coder-helm]
`values.yml` by setting the environment variable `CODER_PROMETHEUS_ADDRESS` to
`0.0.0.0:2112`. The environment variable `CODER_PROMETHEUS_ENABLE` will be
enabled automatically. A Service Endpoint will not be exposed; if you need to
-expose the Prometheus port on a Service, (for example, to use a `ServiceMonitor`),
-create a separate headless service instead.
+expose the Prometheus port on a Service, (for example, to use a
+`ServiceMonitor`), create a separate headless service instead.
```yaml
apiVersion: v1
@@ -101,7 +101,9 @@ You must first enable `coderd_agentstats_*` with the flag
deployment. They will always be available from the agent.
-[prom-get-started]: https://prometheus.io/docs/prometheus/latest/getting_started/
+
+[prom-get-started]:
+ https://prometheus.io/docs/prometheus/latest/getting_started/
[coder-helm]: https://github.com/coder/coder/tree/main/helm
diff --git a/docs/admin/integrations/vault.md b/docs/admin/integrations/vault.md
index b362a977f4f2c..6436d01b34959 100644
--- a/docs/admin/integrations/vault.md
+++ b/docs/admin/integrations/vault.md
@@ -10,8 +10,7 @@ August 05, 2024
---
-This guide describes the process of integrating [HashiCorp Vault][] into Coder
-workspaces.
+This guide describes the process of integrating [HashiCorp Vault][] into Coder workspaces.
Coder makes it easy to integrate HashiCorp Vault with your workspaces by
providing official Terraform modules to integrate Vault with Coder. This guide
@@ -45,6 +44,7 @@ vault kv get -namespace=YOUR_NAMESPACE -mount=MOUNT_NAME SECRET_NAME
```
+
[HashiCorp Vault]: https://www.vaultproject.io/
[external authentication]: ../external-auth.md
[`vault-github`]: https://registry.coder.com/modules/vault-github
diff --git a/docs/admin/monitoring/health-check.md b/docs/admin/monitoring/health-check.md
index a019d4f697fd8..4f50735819fff 100644
--- a/docs/admin/monitoring/health-check.md
+++ b/docs/admin/monitoring/health-check.md
@@ -120,10 +120,11 @@ configured threshold to a higher value (this will not address the root cause).
You can enable
- [detailed database metrics](../../reference/cli/server.md#--prometheus-collect-db-metrics)
- in Coder's Prometheus endpoint.
-If you have [tracing enabled](../../reference/cli/server.md#--trace), these
-traces may also contain useful information regarding Coder's database activity.
+[detailed database metrics](../../reference/cli/server.md#--prometheus-collect-db-metrics)
+in Coder's Prometheus endpoint. If you have
+[tracing enabled](../../reference/cli/server.md#--trace), these traces may also
+contain useful information regarding Coder's database activity.
+
## DERP
@@ -153,6 +154,7 @@ still be able to reach their workspaces, connection performance may be degraded.
**Note:** This may also be shown if you have
[forced websocket connections for DERP](../../reference/cli/server.md#--derp-force-websockets).
+
**Solution:** ensure that any proxies you use allow connection upgrade with the
@@ -307,6 +309,7 @@ is set to a value greater than 0.
**Note:** This may be a transient issue if you are currently in the process of
updating your deployment.
+
### EPD02
@@ -325,6 +328,7 @@ version of Coder.
**Note:** This may be a transient issue if you are currently in the process of
updating your deployment.
+
### EPD03
@@ -343,6 +347,7 @@ version of Coder.
**Note:** This may be a transient issue if you are currently in the process of
updating your deployment.
+
## EUNKNOWN
diff --git a/docs/contributing/frontend.md b/docs/contributing/frontend.md
index 990f67b8c8759..0869bb6ac0879 100644
--- a/docs/contributing/frontend.md
+++ b/docs/contributing/frontend.md
@@ -26,6 +26,7 @@ In both cases, you can access the dashboard on `http://localhost:8080`. If using
**Default Credentials:** `admin@coder.com` and `SomeSecurePassword!`.
+
## Tech Stack Overview
From b5b2e918aefa37e37b14573022cc76682d3ed9a9 Mon Sep 17 00:00:00 2001
From: EdwardAngert
Date: Fri, 3 Jan 2025 18:36:08 +0000
Subject: [PATCH 10/11] use new linter
---
docs/admin/integrations/island.md | 76 +++++++-------------
docs/admin/integrations/jfrog-artifactory.md | 2 +-
docs/admin/integrations/jfrog-xray.md | 30 ++------
docs/admin/integrations/prometheus.md | 12 +---
docs/admin/integrations/vault.md | 12 +---
5 files changed, 39 insertions(+), 93 deletions(-)
diff --git a/docs/admin/integrations/island.md b/docs/admin/integrations/island.md
index 38abe08622885..7799016f77e92 100644
--- a/docs/admin/integrations/island.md
+++ b/docs/admin/integrations/island.md
@@ -10,12 +10,12 @@ April 24, 2024
---
-[Island][] is an enterprise-grade browser, offering a Chromium-based experience
+[Island](https://www.island.io/) is an enterprise-grade browser, offering a Chromium-based experience
similar to popular web browsers like Chrome and Edge. It includes built-in
security features for corporate applications and data, aiming to bridge the gap
between consumer-focused browsers and the security needs of the enterprise.
-Coder natively integrates with Island’s feature set, which include data
+Coder natively integrates with Island's feature set, which include data
loss protection (DLP), application awareness, browser session recording, and
single sign-on (SSO). This guide intends to document these feature categories
and how they apply to your Coder deployment.
@@ -28,18 +28,18 @@ We recommend creating an Application Group specific to Coder in the Island
Management console. This Application Group object will be referenced when
creating browser policies.
-[See the Island documentation for creating an Application Group][app-group].
+[See the Island documentation for creating an Application Group](https://documentation.island.io/docs/create-and-configure-an-application-group-object).
## Advanced Data Loss Protection
-Integrate Island’s advanced data loss prevention (DLP) capabilities with
-Coder’s cloud development environment (CDE), enabling you to control the
-“last mile” between developers’ CDE and their local devices,
+Integrate Island's advanced data loss prevention (DLP) capabilities with
+Coder's cloud development environment (CDE), enabling you to control the
+"last mile" between developers' CDE and their local devices,
ensuring that sensitive IP remains in your centralized environment.
### Block cut, copy, paste, printing, screen share
-1. [Create a Data Sandbox Profile][data-sandbox].
+1. [Create a Data Sandbox Profile](https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile).
1. Configure the following actions to allow/block (based on your security
requirements).
@@ -49,27 +49,27 @@ ensuring that sensitive IP remains in your centralized environment.
- Save Page
- Clipboard Limitations
-1. [Create a Policy Rule][policy-rule] to apply the Data Sandbox Profile.
+1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general) to apply the Data Sandbox Profile.
1. Define the Coder Application group as the Destination Object.
1. Define the Data Sandbox Profile as the Action in the Last Mile Protection
section.
-### Conditionally allow copy on Coder’s CLI authentication page
+### Conditionally allow copy on Coder's CLI authentication page
-1. [Create a URL Object][policy-rule] with the following configuration.
+1. [Create a URL Object](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general) with the following configuration.
- **Include**
- **URL type**: Wildcard
- **URL address**: `coder.example.com/cli-auth`
- **Casing**: Insensitive
-1. [Create a Data Sandbox Profile][data-sandbox].
+1. [Create a Data Sandbox Profile](https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile).
1. Configure action to allow copy/paste.
-1. [Create a Policy Rule][policy-rule] to apply the Data Sandbox Profile.
+1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general) to apply the Data Sandbox Profile.
1. Define the URL Object you created as the Destination Object.
@@ -80,10 +80,10 @@ ensuring that sensitive IP remains in your centralized environment.
1. Create a Protection Profiles for both upload/download.
- - [Upload documentation][upload-docs]
- - [Download documentation][download-docs]
+ - [Upload documentation](https://documentation.island.io/docs/create-and-configure-an-upload-protection-profile)
+ - [Download documentation](https://documentation.island.io/v1/docs/en/create-and-configure-a-download-protection-profile)
-1. [Create a Policy Rule][policy-rule] to apply the Protection Profiles.
+1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general) to apply the Protection Profiles.
1. Define the Coder Application group as the Destination Object.
@@ -92,9 +92,9 @@ ensuring that sensitive IP remains in your centralized environment.
### Scan files for sensitive data
-1. [Create a Data Loss Prevention scanner][dlp-scanner].
+1. [Create a Data Loss Prevention scanner](https://documentation.island.io/docs/create-a-data-loss-prevention-scanner).
-1. [Create a Policy Rule][policy-rule] to apply the DLP Scanner.
+1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general) to apply the DLP Scanner.
1. Define the Coder Application group as the Destination Object.
@@ -103,7 +103,7 @@ ensuring that sensitive IP remains in your centralized environment.
## Application Awareness and Boundaries
Ensure that Coder is only accessed through the Island browser, guaranteeing that
-your browser-level DLP policies are always enforced, and developers can’t
+your browser-level DLP policies are always enforced, and developers can't
sidestep such policies simply by using another browser.
### Configure browser enforcement, conditional access policies
@@ -114,9 +114,9 @@ sidestep such policies simply by using another browser.
The configured IdP must be the same for both Coder and Island
- - [Azure Active Directory/Entra ID][island-entra]
- - [Okta][island-okta]
- - [Google][island-google]
+ - [Azure Active Directory/Entra ID](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy)
+ - [Okta](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta)
+ - [Google](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-google-enterprise)
## Browser Activity Logging
@@ -125,7 +125,7 @@ screenshots, mouse clicks, and keystrokes.
### Activity Logging Module
-1. [Create an Activity Logging Profile][logging-profile]. Supported browser
+1. [Create an Activity Logging Profile](https://documentation.island.io/docs/create-and-configure-an-activity-logging-profile). Supported browser
events include:
- Web Navigation
@@ -138,7 +138,7 @@ screenshots, mouse clicks, and keystrokes.
- Mouse Clicks
- Keystrokes
-1. [Create a Policy Rule][policy-rule] to apply the Activity Logging Profile.
+1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general) to apply the Activity Logging Profile.
1. Define the Coder Application group as the Destination Object.
@@ -147,38 +147,12 @@ screenshots, mouse clicks, and keystrokes.
## Identity-aware logins (SSO)
-Integrate Island’s identity management system with Coder’s
+Integrate Island's identity management system with Coder's
authentication mechanisms to enable identity-aware logins.
### Configure single sign-on (SSO) seamless authentication between Coder and Island
Configure the same identity provider (IdP) for both your Island and Coder
-deployment. Upon initial login to the Island browser, the user’s session
+deployment. Upon initial login to the Island browser, the user's session
token will automatically be passed to Coder and authenticate their Coder
session.
-
-
-
-[island]: https://www.island.io/
-[app-group]:
- https://documentation.island.io/docs/create-and-configure-an-application-group-object
-[data-sandbox]:
- https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile
-[policy-rule]:
- https://documentation.island.io/docs/create-and-configure-a-policy-rule-general
-[url-object]:
- https://documentation.island.io/docs/create-and-configure-a-policy-rule-general
-[logging-profile]:
- https://documentation.island.io/docs/create-and-configure-an-activity-logging-profile
-[dlp-scanner]:
- https://documentation.island.io/docs/create-a-data-loss-prevention-scanner
-[upload-docs]:
- https://documentation.island.io/docs/create-and-configure-an-upload-protection-profile
-[download-docs]:
- https://documentation.island.io/v1/docs/en/create-and-configure-a-download-protection-profile
-[island-entra]:
- https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy
-[island-okta]:
- https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta
-[island-google]:
- https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-google-enterprise
diff --git a/docs/admin/integrations/jfrog-artifactory.md b/docs/admin/integrations/jfrog-artifactory.md
index 5ec7c685f50a8..a71d58d6ea3c0 100644
--- a/docs/admin/integrations/jfrog-artifactory.md
+++ b/docs/admin/integrations/jfrog-artifactory.md
@@ -134,7 +134,7 @@ To set this up, follow these steps:
The admin-level access token is used to provision user tokens and is never exposed to developers or stored in workspaces.
-
+
If you don't want to use the official modules, you can read through the [example
diff --git a/docs/admin/integrations/jfrog-xray.md b/docs/admin/integrations/jfrog-xray.md
index e7016fc739485..bb1b9db106611 100644
--- a/docs/admin/integrations/jfrog-xray.md
+++ b/docs/admin/integrations/jfrog-xray.md
@@ -11,8 +11,8 @@ March 17, 2024
---
-This guide describes the process of integrating [JFrog Xray][] to Coder Kubernetes-backed
-workspaces using Coder’s [JFrog Xray Integration][`coder-xray`].
+This guide describes the process of integrating [JFrog Xray](https://jfrog.com/xray/) to Coder Kubernetes-backed
+workspaces using Coder's [JFrog Xray Integration](https://github.com/coder/coder-xray).
## Prerequisites
@@ -21,10 +21,10 @@ workspaces using Coder’s [JFrog Xray Integration][`coder-xray`].
## Deploy the **Coder - JFrog Xray** Integration
-1. Create a JFrog Platform [Access Token][] with a user that has the `read` [permission][]
+1. Create a JFrog Platform [Access Token](https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens) with a user that has the `read` [permission](https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions)
for the repositories you want to scan.
-1. Create a Coder [token][] with a user that has the [`owner`][roles] role.
+1. Create a Coder [token](../../reference/cli/tokens_create.md#tokens-create) with a user that has the [`owner`](../users#roles) role.
1. Create Kubernetes secrets for the JFrog Xray and Coder tokens.
@@ -58,10 +58,9 @@ workspaces using Coder’s [JFrog Xray Integration][`coder-xray`].
- **Note**: To authenticate with the Artifactory registry, you may need to
- create a [Docker config][docker-advanced-topics] and use it in the
- `imagePullSecrets` field of the Kubernetes Pod. See the [**Defining
- ImagePullSecrets for Coder workspaces**][image-pull-secret] guide for more
+ To authenticate with the Artifactory registry, you may need to
+ create a [Docker config](https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics) and use it in the
+ `imagePullSecrets` field of the Kubernetes Pod. See the [Defining ImagePullSecrets for Coder workspaces](../../tutorials/image-pull-secret.md) guide for more
information.
@@ -72,18 +71,3 @@ Once installed, configured workspaces will now have a banner appear on any
workspace with vulnerabilities reported by JFrog Xray.
-
-
-
-[JFrog Xray]: https://jfrog.com/xray/
-[JFrog Xray Integration]: https://github.com/coder/coder-xray
-[`coder-xray`]: https://github.com/coder/coder-xray
-[docker-advanced-topics]:
- https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics
-[image-pull-secret]: ../../tutorials/image-pull-secret.md
-[token]: ../../reference/cli/tokens_create.md#tokens-create
-[roles]: ../users#roles
-[permission]:
- https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions
-[access token]:
- https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
diff --git a/docs/admin/integrations/prometheus.md b/docs/admin/integrations/prometheus.md
index 8330b99a2e266..9440d90a19bd0 100644
--- a/docs/admin/integrations/prometheus.md
+++ b/docs/admin/integrations/prometheus.md
@@ -4,7 +4,7 @@ Coder exposes many metrics which can be consumed by a Prometheus server, and
give insight into the current state of a live Coder deployment.
If you don't have a Prometheus server installed, you can follow the Prometheus
-[Getting started][prom-get-started] guide.
+[Getting started](https://prometheus.io/docs/prometheus/latest/getting_started/) guide.
## Enable Prometheus metrics
@@ -18,7 +18,7 @@ use either the environment variable `CODER_PROMETHEUS_ADDRESS` or the flag
address.
If `coder server --prometheus-enable` is started locally, you can preview the
-metrics endpoint in your browser or by using curl.
+metrics endpoint in your browser or with `curl`:
```console
$ curl http://localhost:2112/
@@ -30,7 +30,7 @@ coderd_api_active_users_duration_hour 0
### Kubernetes deployment
-The Prometheus endpoint can be enabled in the [Helm chart's][coder-helm]
+The Prometheus endpoint can be enabled in the [Helm chart's](https://github.com/coder/coder/tree/main/helm)
`values.yml` by setting the environment variable `CODER_PROMETHEUS_ADDRESS` to
`0.0.0.0:2112`. The environment variable `CODER_PROMETHEUS_ENABLE` will be
enabled automatically. A Service Endpoint will not be exposed; if you need to
@@ -100,12 +100,6 @@ You must first enable `coderd_agentstats_*` with the flag
`CODER_PROMETHEUS_COLLECT_AGENT_STATS` before they can be retrieved from the
deployment. They will always be available from the agent.
-
-
-[prom-get-started]:
- https://prometheus.io/docs/prometheus/latest/getting_started/
-[coder-helm]: https://github.com/coder/coder/tree/main/helm
-
| Name | Type | Description | Labels |
diff --git a/docs/admin/integrations/vault.md b/docs/admin/integrations/vault.md
index 11c4b95827e49..4894a7ebda0a1 100644
--- a/docs/admin/integrations/vault.md
+++ b/docs/admin/integrations/vault.md
@@ -11,7 +11,7 @@ August 05, 2024
---
-This guide describes the process of integrating [HashiCorp Vault][] into Coder workspaces.
+This guide describes the process of integrating [HashiCorp Vault](https://www.vaultproject.io/) into Coder workspaces.
Coder makes it easy to integrate HashiCorp Vault with your workspaces by
providing official Terraform modules to integrate Vault with Coder. This guide
@@ -19,9 +19,9 @@ will show you how to use these modules to integrate HashiCorp Vault with Coder.
## The `vault-github` module
-The [`vault-github`][] module is a Terraform module that allows you to
+The [`vault-github`](https://registry.coder.com/modules/vault-github) module is a Terraform module that allows you to
authenticate with Vault using a GitHub token. This module uses the existing
-GitHub [external authentication][] to get the token and authenticate with Vault.
+GitHub [external authentication](../external-auth.md) to get the token and authenticate with Vault.
To use this module, add the following code to your Terraform configuration.
@@ -43,9 +43,3 @@ a secret stored in the KV backend.
```shell
vault kv get -namespace=YOUR_NAMESPACE -mount=MOUNT_NAME SECRET_NAME
```
-
-
-
-[HashiCorp Vault]: https://www.vaultproject.io/
-[external authentication]: ../external-auth.md
-[`vault-github`]: https://registry.coder.com/modules/vault-github
From f059ab3dd1958df0db1f46b1d2d2756a35582031 Mon Sep 17 00:00:00 2001
From: EdwardAngert
Date: Fri, 3 Jan 2025 18:51:53 +0000
Subject: [PATCH 11/11] fix links
---
docs/admin/external-auth.md | 3 +--
docs/admin/integrations/island.md | 12 +++++-------
docs/admin/integrations/jfrog-artifactory.md | 3 +--
3 files changed, 7 insertions(+), 11 deletions(-)
diff --git a/docs/admin/external-auth.md b/docs/admin/external-auth.md
index 222f18d3bc311..bbb479ecf2d00 100644
--- a/docs/admin/external-auth.md
+++ b/docs/admin/external-auth.md
@@ -168,8 +168,7 @@ CODER_EXTERNAL_AUTH_0_REGEX=github\.company\.org
## JFrog Artifactory
-See [this](../admin/integrations/jfrog-artifactory.md) guide on instructions on
-how to set up for JFrog Artifactory.
+Visit the [JFrog Artifactory](../admin/integrations/jfrog-artifactory.md) guide for instructions on how to set up for JFrog Artifactory.
## Custom scopes
diff --git a/docs/admin/integrations/island.md b/docs/admin/integrations/island.md
index 7799016f77e92..d5159e9e28868 100644
--- a/docs/admin/integrations/island.md
+++ b/docs/admin/integrations/island.md
@@ -108,15 +108,13 @@ sidestep such policies simply by using another browser.
### Configure browser enforcement, conditional access policies
-1. Create a conditional access policy for your configured identity provider.
+Create a conditional access policy for your configured identity provider.
-
- The configured IdP must be the same for both Coder and Island
-
+Note that the configured IdP must be the same for both Coder and Island.
- - [Azure Active Directory/Entra ID](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy)
- - [Okta](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta)
- - [Google](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-google-enterprise)
+- [Azure Active Directory/Entra ID](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy)
+- [Okta](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta)
+- [Google](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-google-enterprise)
## Browser Activity Logging
diff --git a/docs/admin/integrations/jfrog-artifactory.md b/docs/admin/integrations/jfrog-artifactory.md
index a71d58d6ea3c0..afc94d6158b94 100644
--- a/docs/admin/integrations/jfrog-artifactory.md
+++ b/docs/admin/integrations/jfrog-artifactory.md
@@ -137,8 +137,7 @@ To set this up, follow these steps:
-If you don't want to use the official modules, you can read through the [example
-template][docker-template], which uses Docker as the underlying compute. The
+If you don't want to use the official modules, you can read through the [example template](https://github.com/coder/coder/tree/main/examples/jfrog/docker), which uses Docker as the underlying compute. The
same concepts apply to all compute types.
## Offline Deployments