coder
diff --git a/‎admin/access-control/manage.md
Lines changed: 8 additions & 12 deletions b/‎admin/access-control/manage.md
Lines changed: 8 additions & 12 deletions
diff --git a/‎admin/workspace-management/cvms/management.md
Lines changed: 84 additions & 3 deletions b/‎admin/workspace-management/cvms/management.md
Lines changed: 84 additions & 3 deletions
diff --git a/‎admin/workspace-management/tun-device.md
Lines changed: 0 additions & 38 deletions b/‎admin/workspace-management/tun-device.md
Lines changed: 0 additions & 38 deletions
diff --git a/‎assets/admin/cached-cvms.png
-186 KB b/‎assets/admin/cached-cvms.png
-186 KB
diff --git a/‎assets/admin/cvm-settings.png
133 KB b/‎assets/admin/cvm-settings.png
133 KB
diff --git a/‎assets/admin/tun.png
-17.9 KB b/‎assets/admin/tun.png
-17.9 KB
diff --git a/‎changelog/1.29.0.md
Lines changed: 70 additions & 0 deletions b/‎changelog/1.29.0.md
Lines changed: 70 additions & 0 deletions
diff --git a/‎changelog/index.md
Lines changed: 8 additions & 5 deletions b/‎changelog/index.md
Lines changed: 8 additions & 5 deletions
diff --git a/‎guides/admin/wp-cli.md
Lines changed: 76 additions & 0 deletions b/‎guides/admin/wp-cli.md
Lines changed: 76 additions & 0 deletions
diff --git a/‎manifest.json
Lines changed: 7 additions & 3 deletions b/‎manifest.json
Lines changed: 7 additions & 3 deletions
@@ -22,9 +22,9 @@ domain name for the OIDC token callback; use
 `https://coder.my-company.com/oidc/callback`.
 
 Once you've registered a Coder application with your OIDC provider, you'll need
-to return to Coder and complete the setup process. Under **Admin** > **Manage** >
-**Authentication**, ensure that you've selected **OpenID Connect** as the
-authentication type. Then, provide the following parameters:
+to return to Coder and complete the setup process. Under **Admin** >
+**Manage** > **Authentication**, ensure that you've selected **OpenID Connect**
+as the authentication type. Then, provide the following parameters:
 
 - **Client ID**: The client ID for the Coder application you registered with the
   OIDC provider
@@ -43,9 +43,9 @@ you:
   tokens from `https://<yourDomain>/api/v0/users/me/oidc-access-token`
 - **Additional Scopes:** Specify any scopes (beyond the default) that you would
   like Coder to request from the authentication provider. By default, Coder
-requests the scopes `openid`, `email`, and `profile`. Consult your
-authentication provider's documentation for information on which scopes they
-support.
+  requests the scopes `openid`, `email`, and `profile`. Consult your
+  authentication provider's documentation for information on which scopes they
+  support.
 - **Disable built-in authentication:** Choose whether Coder removes the ability
   to log in with an email/password option when you've enabled OIDC
   authentication
@@ -62,9 +62,5 @@ To do so, navigate to **Manage** > **Admin** > **Authentication**. Then, toggle
 **Disable built-in authentication** to **On** and click **Save preferences**.
 
 [Site managers](users/user-roles#site-manager-permissions) can still use
-built-in authentication. To view this option on the login page, add the
-following query parameter to the URL you use to access your Coder deployment:
-
-```text
-/login?showAllAuthenticationTypes=1
-```
+built-in authentication. The **Admin Login** option will be visible on the login
+page if built-in authentication is disabled.
@@ -9,7 +9,14 @@ a site manager must enable CVMs. To do so:
 1. Go to **Manage > Admin > Infrastructure**.
 1. Toggle the **Enable Container-Based Virtual Machines** option to **Enable**.
 
-## Cached CVMs
+This section also describes the customization features that Coder offers for
+CVMs:
+
+![CVM Settings](../../../assets/admin/cvm-settings.png)
+
+These settings will apply to workspaces **after** they have been rebuilt.
+
+## Caching
 
 > Cached CVMs are currently an **alpha** feature.
 
@@ -18,7 +25,7 @@ To improve the startup time for CVM-based workspaces, you can enable caching.
 Cached CVMs require the `shiftfs` kernel to be present on the node. Some
 distributions (such as Ubuntu) include `shiftfs`. If you're unsure if `shiftfs`
 is present on your nodes, you can check by running `modinfo shiftfs`. If no
-output is returned, then you do not have `shiftfs` installed.
+output is returned, you do not have `shiftfs` installed.
 
 If you don't want to install `shiftfs` yourself, you can have Coder install the
 module automatically for you. **It is important that you do not have secure boot
@@ -27,4 +34,78 @@ install `shiftfs` on your behalf.**
 
 > GPUs are not supported with cached CVMs at this time.
 
-![Cached CVMs](../../../assets/admin/cached-cvms.png)
+## Self-contained workspace builds
+
+> Self-contained workspace builds are currently an **alpha** feature.
+
+By default, Coder initializes workspaces by running commands inside the
+container. Workspaces, however, control the initialization sequence instead when
+you enable [self-contained workspace builds]. This enables cluster operations
+that restrict command execution inside containers using the Kubernetes API, such
+as the `kubectl exec` command.
+
+[self-contained workspace builds]: ../self-contained-builds.md
+
+## Workspace process logging
+
+> Workspace process logging is currently an **alpha** feature.
+
+[Workspace process logging] enables auditing of commands executed inside the
+workspace container.
+
+[workspace process logging]: ../process-logging.md
+
+## TUN device
+
+> TUN devices currently an **alpha** feature.
+
+Coder allows the creation of custom network interfaces using the Linux TUN
+device. When using the **Enable TUN device** setting, Coder workspaces will have
+a `/dev/net/tun` device mounted into the workspace at build time. VPN usage
+often requires a TUN device.
+
+Users may need root (or `sudo`) access within their workspace to use the TUN
+device and start a VPN client.
+
+> At this time, Coder does not support TUN devices for non-Kubernetes workspace
+> types, such as EC2 or Docker.
+>
+> If you're working with EC2 workspaces, we recommend enabling privileged mode
+> in the workspace provider settings, which will allow users to create their own
+> TUN device.
+
+We've tested this feature using the [Tailscale](https://tailscale.com/) VPN
+within Coder. Remember that you may have to change your VPN settings to keep any
+persistent files (such as configuration/identity) files in your home volume, as
+any data outside the home volume is cleared when the workspace is rebuilt.
+
+## FUSE device
+
+> FUSE devices are currently an **alpha** feature.
+
+Coder allows the creation of custom filesystems using the Linux FUSE userspace
+filesystem device. By enabling the **Enable FUSE device** setting, Coder
+workspaces will have a `/dev/fuse` device mounted into the workspace at build
+time. These devices are often used to mount specialized filesystems, such as
+Google Cloud Storage buckets, to your workspace.
+
+Users may need root (or `sudo`) access within their workspace to use the FUSE
+device and start a FUSE filesystem.
+
+> At this time, Coder does not support FUSE devices for non-Kubernetes workspace
+> types, such as EC2 or Docker.
+>
+> If you're working with EC2 workspaces, we recommend enabling privileged mode
+> in the workspace provider settings, which will allow users to create their own
+> FUSE device.
+
+For example, you can mount a directory from a remote SSH server using `sshfs`:
+
+```console
+mkdir /tmp/mnt
+sshfs user@host:/ /tmp/mnt
+```
+
+Then, in a second terminal, run `ls /tmp/mnt` to list the files from the remote
+host. You should also be able to see a `fuse.sshfs` entry in the output from the
+`mount` command.
@@ -0,0 +1,70 @@
+---
+title: "1.29.0"
+description: "Released on 03/23/2022"
+---
+
+### Breaking changes ❗
+
+There are no breaking changes in 1.29.0.
+
+### Features ✨
+
+- web: added admin login form that appears when OIDC login is enabled and
+  built-in authentication is disabled.
+- C4D: added support for SSH to Docker workspace providers.
+- C4D: added support for access URLs other than `localhost`.
+- cli: added ability to
+  [create workspace providers via CLI](../guides/admin/wp-cli.md).
+- infra: added support for AWS’ IAM Roles for Service Accounts (IRSA) to
+  CVM-enabled workspaces.
+- infra: added support for
+  [FUSE devices in CVM-enabled workspaces](../admin/workspace-management/cvms/management.md#fuse-device).
+- infra: updated code-server version to `4.1.0` (features VS Code `1.63.0`).
+- infra: updated Kubernetes libraries to `1.21`.
+- api: added ability for users to set preferred ICE protocol (e.g., `TURN` or
+  `STUN`).
+
+### Bug fixes 🐛
+
+- web: fixed issue where usernames in dev URLs were case-sensitive.
+- web: fixed issue where resource quota changes were audit logged incorrectly.
+- web: fixed issue where deleting a workspace caused a “Failed to fetch
+  applications!” error.
+- web: fixed issue where the Dashboard showed a “workspace available”
+  notification even though the build failed.
+- web: fixed issue with the Create/Edit a Workspace form not displaying errors
+  if users provided non-unique workspace names.
+- web: fixed issue with code copy buttons in the UI.
+- web: fixed issue where users aren’t logged out correctly after changing the
+  password.
+- C4D: fixed issue with Docker workspace provider form throwing “Failed to
+  create/update workspace provider!” errors.
+- C4D: fixed “Resource Load Unknown” errors that occurred during the workspace
+  build process.
+- infra: fixed issue where the API call issued by Coder while loading the
+  workspaces page returns the image and information on all workspaces using that
+  image, leading to degraded performance.
+- infra: fixed issue with workspace build jobs scheduled multiple times.
+- infra: fixed memory leak when a client connects to a workspace.
+- infra: fixed issue where dev URL access settings weren’t enforced after
+  changes made by site managers.
+- infra: fixed issue regarding mTLS not working with Git providers and Docker
+  registries.
+- infra: fixed issue with `coderd` intermittently crashing.
+- infra: fixed issue with satellites unable to build workspaces when the
+  self-contained workspace feature was enabled.
+
+### Security updates 🔐
+
+infra: upgraded from Go boring 1.17.5b7 to 1.17.8b7 to fix CVEs.
+
+### Known issues 🔧
+
+- web: the service banner (if enabled) reappears for all users, even if they've
+  previously dismissed it.
+- web: using the web terminal in Coder can occasionally result in the connection
+  being reset and needing to be restarted.
+- web: the **Switch workspace** drop-down menu shows a workspace's status as
+  **Building** even though the build process is completed.
+- web: users installing v1.24 (or later) into an air-gapped environment cannot
+  upload their license when prompted.
@@ -1,7 +1,7 @@
 ---
 title: "Changelog"
 description:
-  "Coder releases annotated with breaking changes, new features and fixes."
+  "Coder releases annotated with breaking changes, new features, and fixes."
 icon:
   "<svg viewBox=\"0 0 24 24\" xmlns=\"http://www.w3.org/2000/svg\">\n<path
   d=\"M14 2H6c-1.1 0-1.99.9-1.99 2L4 20c0 1.1.89 2 1.99 2H18c1.1 0 2-.9
@@ -10,15 +10,18 @@ icon:
 
 ## Release schedule
 
-[Coder release calendar (iCal file)](https://coder.com/release-calendar.ical)
+[Coder release calendar (iCal file)](https://calendar.google.com/calendar/ical/c_sdmrh87t5voc4u5rrjvktcrpko%40group.calendar.google.com/public/basic.ics)
 
-- Release _candidates_ begin appearing on the **second Wednesday** of each month
-  (Coder may create multiple release candidates prior to the actual release)
+- We typically issue release _candidates_ on the **third Wednesday** of each
+  month, though this is subject to change. Check the
+  [release calendar](https://calendar.google.com/calendar/ical/c_sdmrh87t5voc4u5rrjvktcrpko%40group.calendar.google.com/public/basic.ics)
+  for up-to-date information (Coder may create multiple release candidates prior
+  to the actual release)
   - We do not provide documentation for release candidates, and you should not
     use them unless you've been instructed to do so by Coder. You can identify
     release candidates by the presence of `-rc` in the version number (e.g.,
     `1.16.0-rc.1`).
-- Releases are available on the **third Wednesday** of each month
+- Releases are available a week after we issue a release candidate
 - _Patch_ releases become available as needed
 
 ## Changelogs
 
@@ -0,0 +1,76 @@
+---
+title: Workspace provider provisioning via CLI
+description: Learn how to provision a workspace provider using the Coder CLI.
+---
+
+1. Install and authenticate the Coder CLI.
+
+1. Run the following to provision a new **Kubernetes** workspace provider (be
+   sure to replace the placeholders as necessary):
+
+   ```console
+   coder providers create kubernetes [name] --namespace=[namespace] --cluster-address=[clusterAddress]
+   ```
+
+    <!-- markdownlint-disable -->
+
+   | **Parameter**     | **Description**                                                                |
+   | ----------------- | ------------------------------------------------------------------------------ |
+   | `name`            | The name for the workspace provider you'd like provisioned                     |
+   | `namespace`       | The namespace in which to provision workspaces.                                |
+   | `cluster-address` | The address of the Kubernetes control plane; find using `kubectl cluster-info` |
+
+    <!-- markdownlint-restore -->
+
+   Example usage:
+
+   ```console
+   coder providers create kubernetes my-provider --namespace=my-namespace --cluster-address=https://255.255.255.255`
+   ```
+
+   To create a new **EC2** workspace provider:
+
+   ```console
+   coder providers create ec2 [name] --access-key-id=[access-key-id] --secret-access-key=[secret-access-key]
+   ```
+
+   <!-- markdownlint-disable -->
+
+   | **Parameter**       | **Description**                                            |
+   | ------------------- | ---------------------------------------------------------- |
+   | `name`              | The name for the workspace provider you'd like provisioned |
+   | `access-key-id`     | The AWS access key associated with your account.           |
+   | `secret-access-key` | The AWS region where the EC2 instances should be created.  |
+
+    <!-- markdownlint-restore -->
+
+   ```console
+   coder providers create ec2 my-provider --access-key-id=AKIAIOSFODNN7EXAMPLE --secret-access-key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+   ```
+
+1. Once you've provisioned the workspace provider, deploy it to your
+   [Kubernetes](../../admin/workspace-providers/deployment/kubernetes.md) or
+   [EC2](../../admin/workspace-providers/deployment/ec2.md) cluster.
+
+   Ensure that you're connected to the cluster you're deploying to, and run the
+   provided `helm upgrade` command; it should look something like the following,
+   but with the placeholders filled with values appropriate to your deployment:
+
+   helm upgrade coder-workspace-provider coder/workspace-provider \
+    --version=<version> \
+    --atomic \
+    --install \
+    --force \
+    --set envproxy.token=<token> \
+    --set envproxy.accessURL=<envproxyAccessURL> \
+    --set ingress.host=<ingressHostName> \
+    --set envproxy.clusterAddress=<clusterAddress> \
+    --set cemanager.accessURL=<cemanagerAccessUrl>
+
+   > WARNING: The 'envproxy.token' is a secret value that authenticates the
+   > workspace provider; make sure that you don't share this token or make it
+   > public.
+
+   You can set
+   [additional values of the Helm Chart](https://github.com/cdr/enterprise-helm/blob/workspace-providers-envproxy-only/README.md)
+   to customize the deployment further.
@@ -1,5 +1,6 @@
 {
   "versions": [
+    "v1.29",
     "v1.28",
     "v1.27",
     "v1.26",
@@ -321,9 +322,6 @@
             {
               "path": "./admin/workspace-management/ssh-access.md"
             },
-            {
-              "path": "./admin/workspace-management/tun-device.md"
-            },
             {
               "path": "./admin/workspace-management/process-logging.md"
             }
@@ -431,6 +429,9 @@
             },
             {
               "path": "./guides/admin/usage-monitoring.md"
+            },
+            {
+              "path": "./guides/admin/wp-cli.md"
             }
           ]
         },
@@ -552,6 +553,9 @@
     {
       "path": "./changelog/index.md",
       "children": [
+        {
+          "path": "./changelog/1.29.0.md"
+        },
         {
           "path": "./changelog/1.28.0.md",
           "children": [
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"versions": [`
	`3`	`+ "v1.29",`
`3`	`4`	`"v1.28",`
`4`	`5`	`"v1.27",`
`5`	`6`	`"v1.26",`
`@@ -321,9 +322,6 @@`
`321`	`322`	`{`
`322`	`323`	`"path": "./admin/workspace-management/ssh-access.md"`
`323`	`324`	`},`
`324`		`- {`
`325`		`- "path": "./admin/workspace-management/tun-device.md"`
`326`		`- },`
`327`	`325`	`{`
`328`	`326`	`"path": "./admin/workspace-management/process-logging.md"`
`329`	`327`	`}`
`@@ -431,6 +429,9 @@`
`431`	`429`	`},`
`432`	`430`	`{`
`433`	`431`	`"path": "./guides/admin/usage-monitoring.md"`
	`432`	`+ },`
	`433`	`+ {`
	`434`	`+ "path": "./guides/admin/wp-cli.md"`
`434`	`435`	`}`
`435`	`436`	`]`
`436`	`437`	`},`
`@@ -552,6 +553,9 @@`
`552`	`553`	`{`
`553`	`554`	`"path": "./changelog/index.md",`
`554`	`555`	`"children": [`
	`556`	`+ {`
	`557`	`+ "path": "./changelog/1.29.0.md"`
	`558`	`+ },`
`555`	`559`	`{`
`556`	`560`	`"path": "./changelog/1.28.0.md",`
`557`	`561`	`"children": [`