From 01b322e603c0a7faf97b2e8feeee504f21c7e61f Mon Sep 17 00:00:00 2001 From: Spike Curtis Date: Fri, 11 Aug 2023 13:11:09 +0000 Subject: [PATCH 1/4] Add provisioner chart to release and docs Signed-off-by: Spike Curtis --- .github/workflows/release.yaml | 5 +- Makefile | 8 +- docs/admin/provisioners.md | 84 ++++++++++++++++++--- helm/coder/charts/libcoder-0.1.0.tgz | Bin 2999 -> 2998 bytes helm/provisioner/README.md | 36 +++++++++ helm/provisioner/charts/libcoder-0.1.0.tgz | Bin 2994 -> 2999 bytes scripts/helm.sh | 39 +++++----- 7 files changed, 139 insertions(+), 33 deletions(-) create mode 100644 helm/provisioner/README.md diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ab27aa12d117c..4314a41f985e1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -141,7 +141,8 @@ jobs: build/coder_"$version"_linux_{amd64,armv7,arm64}.{tar.gz,apk,deb,rpm} \ build/coder_"$version"_{darwin,windows}_{amd64,arm64}.zip \ build/coder_"$version"_windows_amd64_installer.exe \ - build/coder_helm_"$version".tgz + build/coder_helm_"$version".tgz \ + build/provisioner_helm_"$version".tgz env: CODER_SIGN_DARWIN: "1" AC_CERTIFICATE_FILE: /tmp/apple_cert.p12 @@ -295,9 +296,11 @@ jobs: version="$(./scripts/version.sh)" mkdir -p build/helm cp "build/coder_helm_${version}.tgz" build/helm + cp "build/provisioner_helm_${version}.tgz" build/helm gsutil cp gs://helm.coder.com/v2/index.yaml build/helm/index.yaml helm repo index build/helm --url https://helm.coder.com/v2 --merge build/helm/index.yaml gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/coder_helm_${version}.tgz gs://helm.coder.com/v2 + gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/provisioner_helm_${version}.tgz gs://helm.coder.com/v2 gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/index.yaml gs://helm.coder.com/v2 gsutil -h "Cache-Control:no-cache,max-age=0" cp helm/artifacthub-repo.yml gs://helm.coder.com/v2 diff --git a/Makefile b/Makefile index 8bb681c9d4020..4ec4157cd79ff 100644 --- a/Makefile +++ b/Makefile @@ -344,15 +344,19 @@ push/$(CODER_MAIN_IMAGE): $(CODER_MAIN_IMAGE) docker manifest push "$$image_tag" .PHONY: push/$(CODER_MAIN_IMAGE) +# Helm charts that are available +charts = coder provisioner + # Shortcut for Helm chart package. -build/coder_helm.tgz: build/coder_helm_$(VERSION).tgz +$(foreach chart,$(charts),build/$(chart)_helm.tgz): build/%_helm.tgz: build/%_helm_$(VERSION).tgz rm -f "$@" ln "$<" "$@" # Helm chart package. -build/coder_helm_$(VERSION).tgz: +$(foreach chart,$(charts),build/$(chart)_helm_$(VERSION).tgz): build/%_helm_$(VERSION).tgz: ./scripts/helm.sh \ --version "$(VERSION)" \ + --chart $* \ --output "$@" site/out/index.html: site/package.json $(shell find ./site $(FIND_EXCLUSIONS) -type f \( -name '*.ts' -o -name '*.tsx' \)) diff --git a/docs/admin/provisioners.md b/docs/admin/provisioners.md index 6843a4e3efaad..a1f71bf9db73b 100644 --- a/docs/admin/provisioners.md +++ b/docs/admin/provisioners.md @@ -10,22 +10,23 @@ By default, the Coder server runs [built-in provisioner daemons](../cli/server.m - **Reduce server load**: External provisioners reduce load and build queue times from the Coder server. See [Scaling Coder](./scale.md#concurrent-workspace-builds) for more details. -> External provisioners are in an [alpha state](../contributing/feature-stages.md#alpha-features) and the behavior is subject to change. Use [GitHub issues](https://github.com/coder/coder) to leave feedback. - -## Running external provisioners - Each provisioner can run a single [concurrent workspace build](./scale.md#concurrent-workspace-builds). For example, running 30 provisioner containers will allow 30 users to start workspaces at the same time. Provisioners are started with the [coder provisionerd start](../cli/provisionerd_start.md) command. -### Authentication +## Authentication + +The provisioner daemon must authenticate with your Coder deployment. -The provisioner server must authenticate with your Coder deployment. There are two authentication methods: +Set a [provisioner daemon PSK](../cli/server#--provisioner-daemon-psk) on the Coder server and start the provisioner with +`coder provisionerd start --psk `. If you are [installing with Helm](../install/kubernetes#install-coder-with-helm), +see the [Helm example](#example-running-an-external-provisioner-with-helm) below. -- PSK: Set a [provisioner daemon PSK](../cli/server#--provisioner-daemon-psk) on the Coder server and start the provisioner with `coder provisionerd start --psk ` -- User token: [Authenticate](../cli.md#--token) the Coder CLI as a user with the Template Admin or Owner role. +> Coder still supports authenticating the provisioner daemon with a [token](../cli.md#--token) from a user with the +> Template Admin or Owner role. This method is deprecated in favor of the PSK, which only has permission to access +> provisioner daemon APIs. We recommend migrating to the PSK as soon as practical. -### Types of provisioners +## Types of provisioners - **Generic provisioners** can pick up any build job from templates without provisioner tags. @@ -65,7 +66,68 @@ The provisioner server must authenticate with your Coder deployment. There are t --provisioner-tag scope=user ``` -### Example: Running an external provisioner on a VM +## Example: Running an external provisioner with Helm + +Coder provides a Helm chart for running external provisioner daemons, which you will use in concert with the Helm chart +for deploying the Coder server. + +1. Create a long, random PSK and store it in a Kubernetes secret + + ```shell + kubectl create secret generic coder-provisioner-psk --from-literal=psk=`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 26` + ``` + +1. Modify your Coder `values.yaml` to include + + ```yaml + provisionerDaemon: + pskSecretName: "coder-provisioner-psk" + ``` + +1. Redeploy Coder with the new `values.yaml` to roll out the PSK. You can omit `--version ` to also upgrade + Coder to the latest version. + + ```shell + helm upgrade coder coder-v2/coder \ + --namespace coder \ + --version \ + --values values.yaml + ``` + +1. Create a `provisioner-values.yaml` file for the provisioner daemons Helm chart. For example + + ```yaml + coder: + env: + - name: CODER_URL + value: "https://coder.example.com" + replicaCount: 10 + provisionerDaemon: + pskSecretName: "coder-provisioner-psk" + tags: + location: auh + kind: k8s + ``` + + This example creates a deployment of 10 provisioner daemons (for 10 concurrent builds) with the listed tags. For + generic provisioners, remove the tags. + + > Refer to the [values.yaml](https://github.com/coder/coder/blob/main/helm/provisioner/values.yaml) file for the + > coder-provisioner chart for information on what values can be specified. + +1. Install the provisioner daemon chart + + ```shell + helm install coder-provisioner coder-v2/coder-provisioner \ + --namespace coder \ + --version \ + --values provisioner-values.yaml + ``` + + You can verify that your provisioner daemons have successfully connected to Coderd by looking for a log with message + `provisionerd successfully connected to coderd` from each Pod. + +## Example: Running an external provisioner on a VM ```sh curl -L https://coder.com/install.sh | sh @@ -74,7 +136,7 @@ export CODER_SESSION_TOKEN=your_token coder provisionerd start ``` -### Example: Running an external provisioner via Docker +## Example: Running an external provisioner via Docker ```sh docker run --rm -it \ diff --git a/helm/coder/charts/libcoder-0.1.0.tgz b/helm/coder/charts/libcoder-0.1.0.tgz index b799de7d008196ae4c4a948df1db26d2c5cd4cf5..baae560bb8310ac0d4377c369e40269ea51b9b42 100644 GIT binary patch delta 2952 zcmV;33wQLl7q%CWOn-T{FtEU7lWe!xY+E?#E{b-qpsBIV3ni)~<<^(_yC3+_!?NtS zZP4!Rg#{X!ni7s1kTls&1QO3Wb`SIy}ML!OZ*@09~?B||7h>%;6DDp z#kjfYK#U`nB7}u6L@{Pu%o0p>q%$5uXFd<=iGpOA>Q489YnH}+I4hxp1T~3?CjByy zZ*G94l;<%*=!l#75Tf}!0N`YZTp4Hp!$||wy$&IQPk)fIG{#iJAy`ZY|AFZVM86ZB zql)S{1&{;N;x$S5YBHF{?k7o8p^3?L%CcS{F04=ksuP^g1C=2)!br?Gqr}lzME0*v zMV@N6rb3QX3+c3w5KSi+HMO)Vrog#qQP8m?Tg0;`TQiIqd|`!+mH(vD>lzbeBED!? zVT~nPXn&UWFr#jhpp8~@?UPpfJb{8_VI}*Fa>^*4P-+bFyl~k?nu|czf#DOp&xOW{ zO^GIv=$C>sI_tv;|3GFcSgR+NkTFJC&iN%$iMpmQ`|4%&roY~spDgbst?D#^-Pk{h^0)=Y6kH$Uw^^VinX-hD81z>{;SEmUojOiUix6F zfa|l>ns>CM(cP&iPD3@5FU)`Wvb3TBZ~k1JL#Be~3AQDVf@H@(uh}2M5~!qJLgkwA zC_y>K5VlE{8IsZJU1p~wRjl2ebs^1F%VFS-H-kelt1JdetVLv|!Ayai(Rj*wmkVb|*f&w;p)Pv(DwhR?vRl`OM8@ zqccZ?%8DZheAS`qR%0z{>T9gkqVr{QeShzx@&CkVtN$j*GnC4h?A^{hcV-?KToZy^gCT3zBmUk?SLxlXRKF z4CIR`O37lA`?Snc3daZbktLV;Xv983*a_=N$ffJk{(lJJyYRDRDNmX%2M59b znE_`n;Q5OyI5|6mljpDDw-^kRws(G}dZBkt8B5L|(xz zudz8no(WzO>tUeR@mPD|Q#W_pI7W^0FiI3=* zNu-+3U?fEXPnnLwnl&?5=BO^wb}v*7987k?dYQ--F1#NR zuCP%@)){LcRN&2{;!1@~nG~rh@nA|MGqS7o>Y0YMu*3JT-H6S)4x=3ijffVdQ`{W9 zI6EJ_ySli1cmDk3r;GCdoS*eQYzyGY+1cRy^0Efmi|oJtlf%PnX425e;=+9X=;p@jw2PW{mEv8BQY(L_a&xmlem?IS zf>i3t7HwSrdj9$^$MiMM>P*+1X@y@Eu}UaKrQp@zVwFF6$P)|rYH;yIo@F;AtuqxY z1caGdNI&IWRC7;M8Go@kJ5o~`QJyPpwmU%yUnQZdqn$9!)_5yJ#(`cirR&1ol1vPg zH~Qz8yB1@HR%gkcp>1ZH30HeoFYP{72VU3;+cHVzmkw*0J?mPYL6`MP?kMS)w>1u3 z*}W-?OGWwuk4D2|4ci>k21~x9wgbHaw6&J^V5@~+b_NAAl7Fl|(w42f$_LD8bjii* z?h?5j+oSe_l^sG4UNKq3K!FNx{#@!Etaj_f_J?i}#Ws;X!>wC9X5$>Tfmd6eUlKj( zL%3OP3+*isiC?6A)_42xH+S?kTrVS--NQylK6EHGkZYVRwyf4kc3XJ3{@`XY;$S}~ zP`rC>5-vrfa(|n zTzhR4XL-kn$+^1*Hx(KPa2#83Cyx;$fl zB0J^g0Xnet_U-PLJ-A+KBDHe*+1lNzfxP)=^rr>#l{-_=10f+1(sdIE)hN{?*y=bQ z>d4z${v2)TLo5=)QlKQ$xkMOCk!KY&7=9v$aW%mLT1`aGV;CYR%!ni!W5*|ft!T^D zJ5B>bhkvm^G4cY!0F^GE_uX0~Ym zM!_pZ#@KIZtVm1Z$^(Y54Kbq{LQAmniHzt;q(!7B=%x(5y+R7%p)H|T7^F$RQ6lSE zhJVi#geIA#;}9YzNUfZ;mth$%-b8*`XjZf>DBB+Ali!YZ+OZdv`**mcXzTyWA)$Bq zCFm{Rf9>xd95?#^hmVhs@B9DXVzgfLSqCUDLR&Lh<3jR-kk_`-eTg!0wPL5UaD{4V zl3Y)OWdF8VJi313x~9eD>OgS((ks>Zynj>j(8&xFfy}wPWA6aT*i*9|n?qI@x{o5N zYj}7QW+GO8eu{GFZ%;cw?d^mA5hKUO4=OlEYNYYgW7PhMGgUlhMAM0X&a=3p_`$!} zghQi9r7_j+&`3F9$@k-V6Q^+f(CYI*|FKJ5SWlB=nQDk!vRq<+M@fC+|3aVsiGQW$ zAbba33#fefFQnRgb?YYy_WPwTA}$5T0gepq!a!?83;=3T`?az9H{D(T`lD_Cw_k63 zyZyiS`0;-8{=awd_|nuB}P9|XKU`R$@C6qK#TMXpV;Zz?Z| zD(Bjiowhd9Em`BC&0(vVFA8(ilHN1baJ{#!mg7 y(H2fSwKXz+3zhxbsrW|Pwli3bKSTch^Q!xCKki3!{3iea|NkVlGFbpR0098wzuWu( delta 2953 zcmV;43wHFj7q=IXOn*t-q%g3+d6R56*lbfc=`Ml9tBA#@;)Y!LKzC0Dl>JgT?H5&3L<6@YM1dQJjNbOluBi<-5ygl$%aA57pnkYgO z6td^F0AoT~4`i06T&RB-7>(lrBt(<53teG2NjT$Uit-tpC1KzJWP+8;6`1XiCyIp1 zv-r7Nduo>2pMRQTZ@MVk_g4O2U=;DMFisg!DBB;bQXeiA+!O!L_YV$g@&A19aPKkx zzs0z_Ye9q~njrYOF9Z>$jL%|BRG?DkLu)?ws)>T6sccX8yla|7Jvb?#y%-gVh$6ir zkniq*CLzlr1m6TCBK?ehY1lDU=4Gm0qbi!N-g% zEZG#O6N!4w84YJW=(8I#lipfA(U^=eNHfMRF%+mO`ZBLxmv4IOz4^tWzc1)dp@?Z> z^zl-V5MQI9Ji5e?Cz0&IVP`#)WHh1)RkMmg+<(kh@U&tr#Tg1`xsv~K^5IuZc!ZZO zm`dR4Y`NwGEva>P%=6Pw#pDa~U%qTu(tvk=uFfG-&axPrl1EOm<(}8<4}JkuP%oe| zMOhG|7^4r{BuzERVD&DuQ;^EnZeF~UFU7FjpX_#H4}B(jn)V*^!b)6(ZxL#F=q|;7 z8Gol1L}P_Kj!6<}Gp)=;4yK~seT^zm@=Sy%*CH2Cb#z8Y7|ue5Ytaj+I=aL#6I9K# ztKqF$z0K7C>vWctYaQx0ogf6=yqKa8G}5_Gi7W}>@W4FM_%a)f=q>myznX+>x^C}!#{!9RyjboutFDm)M1Mji zF@oW&+F z&-*_;;N${cU0gx`$MUL|F{LbN+t8eC^X6bUMn0e|J~dunuOM52jQBnjPSH$a9&qSaWV0eKwrBo}!F zyR5?I1X&!&N!u8zi92V(p!pcGTpKq^krJU=d~}cWW_ugup3pD4qs=sn_M%qI5=v#) zuPAAmN=yX_QbkAIB^Uq!~? z`#bjil2pEFr54*aj0k1mzvUUknN+6OrXv@fHKJ3!mR^0vvn_#O9E&lUj1BlN$YK}K z5fvCJHiMDiF}$QI@Rv_4jm!&7In3w16|XfLpNizQohO6o4^w|x)}1w~zdFAJOvsR7 zv@-K3CQmJh)qQb58^MIgUw?77$RhYE4~a?%gnOzNY$K-0aD6>!km39DryleqAH zM3}@{9a&|phERgnkBTc5GNpniy2OJi5md`A*Q;mhSHccI!geh-t2zvJz}F%glvaLo zaB*@v_;7W8`Qh|c|EKd)53HZ{9Bcz%|KwzFdU;ua>;&dt??tzJ(0_z+d^))L@blRM z^}9O|BpD+-rP1v(cv>0-dOzN8G@XV<1{db@XLol_r)^YWTT0drQ7Gx|RPOE;$j|3( zO)wOyv_%uwzn;GR%Q1b8vntaSXIkM`d90E!L@D9T;Cz)oImo^Nd^0%zBF{1#l2WPk z76L*~Eu^2~E~>sK%72uYoE^w%7=$d7N^f^OBy5$0wvM*KP*dZr3>gc0PNk{}cTY0W zP|oO|W9~|fXpnABKu9km_kz^cim5;4vHLunoN0@cf#n zNe}$Za+_~%fk-C)s`BVf%xd#fXLd zoIr8zwMn?-jep9GVy5Dd3xQ*atcji~;;ImGL^g~gnv8|s`EDqSLLwrVaH)(H&1Hi= zITx>_tw*I2G)>o>OdZWX9NsTn78P=P7p^8$g1|A}78S6W_?S_Fk*>k@qFm51O$Y;; zq?vNs$j|bY5uI~)HEzNc5MVeq;8q?jMgV^xB#03x4u1k;KE(>UsZy>HQ$1&C6_Rf4 zZUtt_&I7by>;3!PEpu?aR75Cg^|Q6RRRMYT&)`o3S5jJ^5!{B=Q7C8DleuFclaY(apJ3 zY75jSA>{GU-DAqY`XrT}3%Ur1GIA-NYCV*nuz#%10x0Ncc2X?kGC_OSJ6T?OdGE00 zt#;%gnjTbTp?iuns8-620901wf2PSd@*qvgj3f%`{iY?24={;PNFYumH6bd$D%7)i z`#133NHWG=Lt{l45?2n;hi!;xsK7S_OP@%IngogmYJzr3OS`Wzr|?0=raybT!c1ewAzK_4Hws@(tV90wzXobwQz-M zXp&4#xS;Ld=chc9Zhnel=x$G25SrTu_aj1vwI3m83_~rAn;xTbPmId^F(oRTxaTa5N{Tn` z#U>nTMM{N24|E^9RE2dkNt()<$OX#<_IH%jCH^n;>3^SS zq7T9k@U?)Y^hLx4XE?x-rkxvTjffsVC2GGmR{y5E>tBB~?f>TM zjc>RAcaDzs>-Ybi?(@g}|62?lZEamNH+;LJt7``KQQdHO+yCvnC={fr#(Ac6v9BvH zfih!Cmz}0IQ{>vf01<-BY;7tKU4Mm_XYjmabBFEftXpT{iv;ezB9O2hp;WFM+_?{J zNF>6x-C1^)%a6v-mhzL&Q_WuQM;K8dRi%gXwB$v<6+AX=tfGCiO_K<3A%MLdLu03U z&u9v#oyr<1yNAmD{Zw2dZQB~G!k;Gp_<7aicpQ(TKK>H`0RR7_XeR6cIsyOy60EH3 diff --git a/helm/provisioner/README.md b/helm/provisioner/README.md new file mode 100644 index 0000000000000..d1f8b6727fa11 --- /dev/null +++ b/helm/provisioner/README.md @@ -0,0 +1,36 @@ +# Coder Helm Chart + +This directory contains the Helm chart used to deploy Coder provisioner daemons onto a Kubernetes +cluster. + +External provisioner daemons are an Enterprise feature. Contact sales@coder.com. + +## Getting Started + +> **Warning**: The main branch in this repository does not represent the +> latest release of Coder. Please reference our installation docs for +> instructions on a tagged release. + +View +[our docs](https://coder.com/docs/v2/latest/admin/provisioners) +for detailed installation instructions. + +## Values + +Please refer to [values.yaml](values.yaml) for available Helm values and their +defaults. + +A good starting point for your values file is: + +```yaml +coder: + env: + - name: CODER_URL + value: "https://coder.example.com" + # This env enables the Prometheus metrics endpoint. + - name: CODER_PROMETHEUS_ADDRESS + value: "0.0.0.0:2112" + replicaCount: 10 +provisionerDaemon: + pskSecretName: "coder-provisioner-psk" +``` diff --git a/helm/provisioner/charts/libcoder-0.1.0.tgz b/helm/provisioner/charts/libcoder-0.1.0.tgz index 638d50f976a7eb18335f26a15c12769a83e9f412..094e3f64207ad433f067378e1ee47af184460445 100644 GIT binary patch delta 2706 zcmV;D3T^eW7q=IXegh_FD3O6Df8)cwgWlfWgWlf$lcU}P=-oLdEhAT&$OpZzUaKkG zf5{*j`yHiXBJIO;KOk9F{_I72Q7?#5QOPoGr%sHk0B1u<{h$Mw5XSqU@+=cl|HHxlVrBMKoOI|HkVs@!WHK96i_=Q^sdX~ALhT~wmDBJf|{$F5}@vkw-IMJxO@10Wb zE*0Do|Bv?%4jS?Qc<=D&KK{SOxVh;-j3bsJgoQ6eF=kxM5=?cZGaf=`J`d`Nf@GQM zPWOT9mj#O(*9ywX`axf516!QP7biTg0;` zTQiIqd|`!+mH)KT>lzbeB0g_eVT~nPXqNUcqi&O+jaGB*<5v4Tg@R;ZCHstW$|xRF zY7FwCaM?wgi$K%%esNMQ(iozuudlF8cd|fBrPegr!y=&m^Jv3MCWq1yYg5st-rK^-Pk{h^0)=Y6kH$U%}Ig zwY1ah_+YAl>$BCGceJF@-H9kpLp75x%zyc^w4woT|6H9zrh?}Q zwk3~(WXC_R*&o6ZsH9#(<(ly*K{>_{wn>&5lF{m2W~U@of2`fUcqLzkwA!ECcH<6x zHhS9j9{a*cT!wEMYDMTS#eWs24#Z$lkt8IIjhR;FA`eqj@4i8ms6;L)sTRw8*rcQ6qq z6QA8%4?N{rf9GOhD`-FOeCFn{(V3$`WyKK$zUokQtFaa}^)=RN(fP8uzW34ie`2)N ze-q>xN@dJ)Cu^*)|MvDD_j=9x@8Iz8zW)0b%emjGAt zZDA_LGs#jtg762``N3qxI{)t3?*j12)^&s;g#RBx_&)q>S;~`>as)tsR)}s#%c84% zh%!ZuDq^C0ON|b#NGw&Fq||SA1LQ~)I*qj&P$Y>+3z1i_%WG^-kSCFvbgiMD>ILO=IYFWINg^Av=K~* z`W0u3EJCP@kf;@Lqh`&_l{u+k#)uz2o-qqsJK!g zQzk`fN<5en$&Bo3y?Ul$E$r|EY&T-FuES^tLL;I@=@d5yFHg?~?=R0U-k-fV{^|TI z0Ox0Y58DEGe0n;6IJ>y0LG~j1umAM$@SqLjK@T(M%c|SzMUUAKlz|opw>vu2Q^9QEKJyRBmn-$j|3pLy$^c*`kf>U(eqB<(R(0 zS)J*cGp+EeB322ds1&>&oUigH4|!|>Uk}c|$g}K*q;;l$f`x!EQw!;*yo+k?i7F#D zXGdyEBg%87&2}d!;j1Kcb+i+P*&1(U$T-k*rgUAnTat-^@<#t0bJt?b(CRGNGqlZY zGvR8_>ZRSs>c9(IVOu7t{L*19vu9n)Gw8Bj$sHvf^R~vJE4w#kaj8gO;L&J!tYMpD z+F;3d)OMghSAe$G@*Zrp@XOAiU`CSFN7}NLSNVWBjV`%(-CZKLV|&zou(Ctw!7C<< z7${KT?Vn4%gVk=G*#6KhqSz*rYzH5IZXf>Uj=qNLWdyT(*yzZI4y6Wig|o$$)jG*; z3lG;H+$=^M?B@iEcdt#trD#-c6f-r4TnHRTWKHzc5m$wfC$eE2v2-lW&i9e=m=YPo zL?~^oXfGSg$+>)`Ts^9^WLdW6Wa?@D;qiVEs;rQ^yKp&S3M7v4x~zch#D|;|NsLVm zZWa}ijaf=Kur$lH*G6%clO6~m0hNxCv#E2p2W-K`qP+kZxXS|DG!GX*^m z5)vU@H-S)%QaysLj^m+@yuIbm(Uv~MA|WgVN-~{Ggs~KPRzZW|Cvq5<6D*+BMC3e% zA%en;NTM-zd=l7-wp_jAG%$1+3lt+SAPi9HqHW{gq8g(+1)~r5jD!YgYb(NQl4O4z zBPtRnRpA@f)B|VfW6mLb_iooJYWv;0DB9f#mu|GI1*4BO_knQt;mzJWZ1?1!O_3;4 z80DPLAjV80wW8Z|sWKL5P68Fl(BEUK$oV8wfe*SEh_-TRkr_QypRlaX0w~#Nc3Lju zGeLJZI9*buabqJDr6qR7;cOdLktIx6R_w)l=6sEiP9Fg5#H7sm|w}l7~)am3I78bvCNsdk4($_Y!pAJ3aOh3kh_p9lJnUFyPmnk36qL*$a> z68k$!>J$GL`t(mMH3#84_*y{a!+#;w-m6b5H zjn%*D?)ujsZTr9ddgI&e|Gg(q_M7+ry@UPx{r_7G6K!2nG`D=aW2$Qo?oodf@aFip z^RiG-wi*|?HpRZFyd|S%^$Ywvwoe0FA{|R zia^13j7s}*aOXC(AyHxo+iqvsSuQ_XKU*qJJ`W9h{U2e(q|&t>&cliq^Hz$)wz10g z(KbtCyoLz&b}WsZ`aPp9oOWt!Wc(H?`?pi^jkIlNuo{1c{Qc)u_v3!tkLLJK00030 M|EJLC$N)M30H9n@`2YX_ delta 2704 zcmV;B3UBqd7qS0Za(veNcIp390{KVGK?HkP<`AEp&-=f07C=#thXX zc%ITI0LUe;mMby4RHT|v9XR~Ltph#F+)u-CFkO`Gdn^AhFv|GXm}H!2RNePZsdtwO zZi)ZL`v(V&_rp);Qc^+Z9kOm(Mw z!4*s6KAe`&L4umZM3a6Qf5#OBGDNNnG=Slx0qS0d5Wy!% zSsG)i;SemQga63%1ft&w&rwBnoC3&!Y4L_6d^H(NWA~G!snEpaI%Qce5EoXc0o4i4 z=Yh(Q8et@6oKfOvEF$|?Cn8U^TT>xNs)ck~NQkDB^O{;(6;t4xf43;;$dN7L*^{jq z#tgo&!p6#fTIqF-2{I9%H>|M65-l`KdzewTNzg{Cx%P3ZeV#%=vaphUMmc2^k0~_< zc~Q9RBF#l0>%i~{KIB4U#im4)Nc1bg8J+dvn13WQ6|B`0OUM|bEa&_JsYG4VmwolB zdedL;%}*EoeL;U3e`Uf_tB+@rP<(}wiTDDkNMqH9quzQZ$!Nq8oMe;2Rh%aB&}$(0+o>9f(( zR(tFVCvh3RWvCUQyA=OboH`JLMMaX3G&W{hnTtG3O}+aDRiYBPq^Q;+mrzY~&PGUQ zl;c|T5~_)=kmi! zk#9)^>sXw#bZo(YL7w=Cj+sQN`3y!n71_!UE94Wi%U)V0*^++V-4FJ(*{faL~RFpKLu!OFYm!t3%~3P z3T7l(y`?RW@+u!NyU`^Vue(d+Dz-=M2P;nqJ$S`r5d#G(y!~_O>|nK9C-!{k7E$aW zlWzwff36OHb4Opp^)iB~9yU7ip+l*GT;Xi-$ZDNrw}pp0AKWZP9PH-=ig&L~!lgK< z+$d&h4!ICGj>wwmsUxlmAx~t(IAZBon#%W)@t6`B!$c@;t!OVB%+9%drCdL%v}9Sf zW@qYY{^9X{5vuHvySs2XVG1OU@w)7Q?Zk(i6iJLt4{jC}l8sqPIIuL!wbw?mmy;m~ zA%B;0g_xN+N2`={Yj-QMQ*Iuh16%Lj?QYqP>xCv#E2p2W-K`qP+kZxXS|H!KGX*^m z5)vWZX#$}drFsNg9mhi*d3($6qb+@iMM78#lw>-W2xBSotbzu^PvkHzCs;tMiO6{j zLj;8xkwjzc_$06uZMlBOX<+Cu7AQtuKz|sZ(#5fjgNtg6?i7qZ+%pmypslS4uSt?| zjHpPQRE2L?QxBY_k2#0%-Md|@sO@*}qG)#~T)NS+7K}dD+y}zlhc|oku-%h?Hcg^P zVU%+|gBUZ3)QWERrOH^KISEuGLw}E{BIlD#1wQCvAlk~MMP~F+eZsOj3!r49*?(!d zjL!t!-QaY2>E+tt+FRquL$qg5wS{hJ(xBccw*oL#lmC$+-^zosEi;lhYMwVOX?%cb zj8XydBIyay#Z{r1EslSq;I$%S?6(}ONK4|<1BS2-F{2tnOR(~ZjOaO zvHCZyu7CZ}R{!nS8{e+}_nti2U#kC)_wVcfw-_ecx~6Gv`F6*2*BsoV{wUzh@o(p4 zqo8azE^=*}ebaeKR5{nC?X%;7cHCLY Date: Mon, 14 Aug 2023 09:19:29 +0400 Subject: [PATCH 2/4] Update docs/admin/provisioners.md Co-authored-by: Muhammad Atif Ali --- docs/admin/provisioners.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/admin/provisioners.md b/docs/admin/provisioners.md index a1f71bf9db73b..7562bf68cad01 100644 --- a/docs/admin/provisioners.md +++ b/docs/admin/provisioners.md @@ -18,7 +18,7 @@ Provisioners are started with the [coder provisionerd start](../cli/provisionerd The provisioner daemon must authenticate with your Coder deployment. -Set a [provisioner daemon PSK](../cli/server#--provisioner-daemon-psk) on the Coder server and start the provisioner with +Set a [provisioner daemon PSK](../cli/server.md#--provisioner-daemon-psk) on the Coder server and start the provisioner with `coder provisionerd start --psk `. If you are [installing with Helm](../install/kubernetes#install-coder-with-helm), see the [Helm example](#example-running-an-external-provisioner-with-helm) below. From c0347cd7cd988ab3a6342759eab67cbe1f59ac6c Mon Sep 17 00:00:00 2001 From: Spike Curtis Date: Tue, 15 Aug 2023 07:05:57 +0000 Subject: [PATCH 3/4] Prettier Signed-off-by: Spike Curtis --- docs/admin/provisioners.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/admin/provisioners.md b/docs/admin/provisioners.md index 7562bf68cad01..8244e0becb470 100644 --- a/docs/admin/provisioners.md +++ b/docs/admin/provisioners.md @@ -19,12 +19,12 @@ Provisioners are started with the [coder provisionerd start](../cli/provisionerd The provisioner daemon must authenticate with your Coder deployment. Set a [provisioner daemon PSK](../cli/server.md#--provisioner-daemon-psk) on the Coder server and start the provisioner with -`coder provisionerd start --psk `. If you are [installing with Helm](../install/kubernetes#install-coder-with-helm), +`coder provisionerd start --psk `. If you are [installing with Helm](../install/kubernetes#install-coder-with-helm), see the [Helm example](#example-running-an-external-provisioner-with-helm) below. > Coder still supports authenticating the provisioner daemon with a [token](../cli.md#--token) from a user with the > Template Admin or Owner role. This method is deprecated in favor of the PSK, which only has permission to access -> provisioner daemon APIs. We recommend migrating to the PSK as soon as practical. +> provisioner daemon APIs. We recommend migrating to the PSK as soon as practical. ## Types of provisioners @@ -84,7 +84,7 @@ for deploying the Coder server. pskSecretName: "coder-provisioner-psk" ``` -1. Redeploy Coder with the new `values.yaml` to roll out the PSK. You can omit `--version ` to also upgrade +1. Redeploy Coder with the new `values.yaml` to roll out the PSK. You can omit `--version ` to also upgrade Coder to the latest version. ```shell @@ -94,7 +94,7 @@ for deploying the Coder server. --values values.yaml ``` -1. Create a `provisioner-values.yaml` file for the provisioner daemons Helm chart. For example +1. Create a `provisioner-values.yaml` file for the provisioner daemons Helm chart. For example ```yaml coder: @@ -109,7 +109,7 @@ for deploying the Coder server. kind: k8s ``` - This example creates a deployment of 10 provisioner daemons (for 10 concurrent builds) with the listed tags. For + This example creates a deployment of 10 provisioner daemons (for 10 concurrent builds) with the listed tags. For generic provisioners, remove the tags. > Refer to the [values.yaml](https://github.com/coder/coder/blob/main/helm/provisioner/values.yaml) file for the From df8c6a9e2d5cb7f2eb4a4b9de4003c93e6e18274 Mon Sep 17 00:00:00 2001 From: Spike Curtis Date: Tue, 15 Aug 2023 14:39:01 +0400 Subject: [PATCH 4/4] spell out PSK first time per section Co-authored-by: Cian Johnston --- docs/admin/provisioners.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/admin/provisioners.md b/docs/admin/provisioners.md index 8244e0becb470..ac0e17078c0bb 100644 --- a/docs/admin/provisioners.md +++ b/docs/admin/provisioners.md @@ -18,7 +18,7 @@ Provisioners are started with the [coder provisionerd start](../cli/provisionerd The provisioner daemon must authenticate with your Coder deployment. -Set a [provisioner daemon PSK](../cli/server.md#--provisioner-daemon-psk) on the Coder server and start the provisioner with +Set a [provisioner daemon pre-shared key (PSK)](../cli/server.md#--provisioner-daemon-psk) on the Coder server and start the provisioner with `coder provisionerd start --psk `. If you are [installing with Helm](../install/kubernetes#install-coder-with-helm), see the [Helm example](#example-running-an-external-provisioner-with-helm) below. @@ -71,7 +71,7 @@ see the [Helm example](#example-running-an-external-provisioner-with-helm) below Coder provides a Helm chart for running external provisioner daemons, which you will use in concert with the Helm chart for deploying the Coder server. -1. Create a long, random PSK and store it in a Kubernetes secret +1. Create a long, random pre-shared key (PSK) and store it in a Kubernetes secret ```shell kubectl create secret generic coder-provisioner-psk --from-literal=psk=`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 26`