coder
diff --git a/‎admin/access-control/manage.md
+17-1 b/‎admin/access-control/manage.md
+17-1
diff --git a/‎admin/git.md
+21-6 b/‎admin/git.md
+21-6
diff --git a/‎admin/workspace-management/cvms/management.md
+16-2 b/‎admin/workspace-management/cvms/management.md
+16-2
diff --git a/‎admin/workspace-management/limits.md
+16 b/‎admin/workspace-management/limits.md
+16
diff --git a/‎admin/workspace-management/self-contained-builds.md
+20-12 b/‎admin/workspace-management/self-contained-builds.md
+20-12
diff --git a/‎assets/guides/admin/file-download.png
113 KB b/‎assets/guides/admin/file-download.png
113 KB
diff --git a/‎changelog/1.30.0.md
+87 b/‎changelog/1.30.0.md
+87
diff --git a/‎changelog/1.26.0.md renamed to ‎changelog/archive/1.26.0.md b/‎changelog/1.26.0.md renamed to ‎changelog/archive/1.26.0.md
diff --git a/‎changelog/1.26.1.md renamed to ‎changelog/archive/1.26.1.md b/‎changelog/1.26.1.md renamed to ‎changelog/archive/1.26.1.md
diff --git a/‎changelog/1.26.2.md renamed to ‎changelog/archive/1.26.2.md b/‎changelog/1.26.2.md renamed to ‎changelog/archive/1.26.2.md
diff --git a/‎changelog/1.26.3.md renamed to ‎changelog/archive/1.26.3.md b/‎changelog/1.26.3.md renamed to ‎changelog/archive/1.26.3.md
diff --git a/‎changelog/1.26.4.md renamed to ‎changelog/archive/1.26.4.md b/‎changelog/1.26.4.md renamed to ‎changelog/archive/1.26.4.md
diff --git a/‎guides/admin/disable-downloads.md
+22 b/‎guides/admin/disable-downloads.md
+22
diff --git a/‎guides/tls-certificates/azureDNS.md
+1-1 b/‎guides/tls-certificates/azureDNS.md
+1-1
diff --git a/‎guides/tls-certificates/cloudDNS.md
+1-1 b/‎guides/tls-certificates/cloudDNS.md
+1-1
diff --git a/‎guides/tls-certificates/cloudflare.md
+1-1 b/‎guides/tls-certificates/cloudflare.md
+1-1
diff --git a/‎guides/tls-certificates/route53.md
+1-1 b/‎guides/tls-certificates/route53.md
+1-1
@@ -16,7 +16,8 @@ article.
 
 ## Coder's OIDC claims
 
-Coder expects the following [OIDC claims](https://developer.okta.com/blog/2017/07/25/oidc-primer-part-1#whats-a-claim)
+Coder expects the following
+[OIDC claims](https://developer.okta.com/blog/2017/07/25/oidc-primer-part-1#whats-a-claim)
 from your OIDC provider:
 
 - `email` (required)
@@ -65,6 +66,21 @@ you:
   to log in with an email/password option when you've enabled OIDC
   authentication
 
+### Logging
+
+If you're having issues with your OIDC configuration, you can enable additional
+logging of OIDC tokens to aid in troubleshooting.
+
+To do so, [update your Helm chart](../../guides/admin/helm-charts.md) and set
+the `OIDC_DEBUG` environment variable to `true`:
+
+```yaml
+coderd:
+  extraEnvs:
+    - name: "OIDC_DEBUG"
+      value: "true"
+```
+
 ### Disable built-in authentication
 
 You can disable built-in authentication as an option for accessing Coder if you
 
@@ -26,8 +26,8 @@ Coder integrates with the following service providers for authentication and
 
 Linking your Coder account with a git service provider is _not_ required.
 Instead, you can use Visual Studio Code with git, the command-line tool, and we
-expect that this combination will work with most hosting software or services.
-However, Coder doesn't test these and cannot provide recommendations or support.
+expect this combination to work with most hosting software or services. However,
+Coder doesn't test these and cannot provide recommendations or support.
 
 > Ensure that your Git provider supports the keygen algorithm that Coder uses;
 > you can choose the algorithm in **Manage** > **Admin** > **Security** >
@@ -38,8 +38,16 @@ However, Coder doesn't test these and cannot provide recommendations or support.
 ## Configuring OAuth
 
 Before developers can link their accounts, you (or another site manager) must
-create an OAuth application with the appropriate providers. When registering,
-you'll be asked for the following details related to your Coder deployment.
+create an OAuth application with the appropriate providers. You can create as
+many OAuth applications as necessary.
+
+1. Log into Coder as a site manager, and go to **Manage** > **Admin** > **Git
+   OAuth**.
+1. Click **Add provider**.
+1. Select your **Provider** (e.g., GitHub, GitLab, or Bitbucket Server).
+1. Create an OAuth application with your Git provider and provide Coder with the
+   requested details (the parameters required vary based on your Git provider).
+   See the following sections for additional guidance.
 
 ### GitHub
 
@@ -54,7 +62,9 @@ ask you for the following Coder parameters:
   `[your-coder-domain]/oauth/callback` (e.g.
   `https://coder.domain.com/oauth/callback`)
 
-Then, provide your **Client ID** and **Client Secret** to Coder.
+Then, in Coder, provide a **Name** for your app, your **URL**, **Client ID**,
+and **Client Secret** to Coder. You can also provide an optional
+**Description**.
 
 When done, click **Save**.
 
@@ -73,7 +83,9 @@ enabled the following:
 - **Confidential**: Check this option
 - **API** (scope): Check this option
 
-Then, provide your **Client ID** and **Client Secret** to Coder.
+Then, in Coder, provide a **Name** for your app, your **URL**, **Application
+ID**, and **Client Secret** to Coder. You can also provide an optional
+**Description**.
 
 When done, click **Save**.
 
@@ -93,4 +105,7 @@ For your newly created Application Link, provide the following values as your
 - **Public Key**: Your public key (available from the Coder Admin Configuration
   page)
 
+Then, in Coder, provide a **Name** for your app, your **URL**, and, optionally,
+a **Description**.
+
 When done, click **Save**.
@@ -9,13 +9,27 @@ a site manager must enable CVMs. To do so:
 1. Go to **Manage > Admin > Infrastructure**.
 1. Toggle the **Enable Container-Based Virtual Machines** option to **Enable**.
 
-This section also describes the customization features that Coder offers for
-CVMs:
+## Customization
+
+Once you've enabled CVMs, you can customize the behavior of your deployment and
+workspaces.
 
 ![CVM Settings](../../../assets/admin/cvm-settings.png)
 
 These settings will apply to workspaces **after** they have been rebuilt.
 
+## Default workspaces to CVMs
+
+Once you've enabled CVMs, you can control whether all new workspaces should be
+built as a CVM or not.
+
+If you would like all newly created workspaces to be CVMs, toggle **Default to
+container-based virtual machines** to **On**.
+
+> While this toggle changes the default workspace creation setting, users can still
+> override this setting. For example, if you enable CVMS and set them as the
+> default, a user can still create non-CVM workspaces (and vice versa).
+
 ## Caching
 
 > Cached CVMs are currently an **alpha** feature.
 
@@ -0,0 +1,16 @@
+---
+title: "Workspace limits"
+description: Learn how to limit the number of workspaces users can create.
+---
+
+You can set the maximum number of workspaces that each user can create. To do
+so, [update your Helm chart](../../guides/admin/helm-charts.md) and set the
+`CODER_MAX_WORKSPACES_PER_USER` parameter to the maximum allowable number:
+
+```yaml
+# Allow each user to create no more than 100 workspaces
+coderd:
+  extraEnvs:
+    - name: CODER_MAX_WORKSPACES_PER_USER
+      value: 100
+```
@@ -1,27 +1,35 @@
 ---
 title: "Self-contained workspace builds"
-description: Learn how to enable self-contained workspace builds.
-state: alpha
+description: Learn how to toggle self-contained workspace builds.
 ---
 
-By default the Coder workspace boot sequence occurs remotely -- Coder uploads
-assets (including the Coder agent, code-server, and JetBrains Projector) from
-`coderd` to a workspace.
+Currently, there are two ways in which the workspace boot sequence can occur:
 
-However, Coder offers the option of using **self-contained workspace builds**.
-Enabling this option changes the Coder deployment so that workspaces control the
-boot sequence internally, with the workspace downloading assets from `coderd`.
+1. Remotely: Coder uploads assets (including the Coder agent, code-server, and
+   JetBrains Projector) from `coderd` to a workspace.
+1. Self-contained: workspaces control the boot sequence internally; the
+   workspace downloads assets from `coderd`. This requires `curl` to be
+   available in the image.
 
-> At this time, Coder does not support certificate injection with
-> self-contained workspace builds.
+Beginning with v1.30.0, the default is **self-contained workspace builds**,
+though site managers can toggle this feature off and opt for remote builds
+instead.
 
-To enable self-contained workspace builds:
+> Coder plans to deprecate remote workspace builds in the future.
+
+To toggle self-contained workspace builds:
 
 1. Log into Coder.
 1. Go to Manage > Admin.
 1. On the Infrastructure page, scroll down to **Workspace container runtime**.
-1. Under **Enable self-contained workspace builds**, flip the toggle to **On**.
+1. Under **Enable self-contained workspace builds**, flip the toggle to **On**
+   or **Off** as required.
 1. Click **Save workspaces**.
 
 > Build errors are typically more verbose for remote builds than with
 > self-contained builds.
+
+## Known issues
+
+At this time, Coder does not support certificate injection with self-contained
+workspace builds.
@@ -0,0 +1,87 @@
+---
+title: "1.30.0"
+description: "Released on 04/27/2022"
+---
+
+### Breaking changes ❗
+
+There are no breaking changes in 1.30.0.
+
+### Features ✨
+
+- web: added
+  [admin toggle that sets whether new workspaces are CVMs or not](../admin/workspace-management/cvms/management.md#default-workspaces-to-cvms)
+  (if CVMs are enabled for the deployment).
+- web: added support for the use of
+  [multiple Git OAuth providers](../admin/git.md).
+- web: added ability to
+  [choose webRTC mode](../workspaces/preferences.md#networking).
+- infra: upgraded code-server to v4.3.0 (featuring VS Code v1.65.2).
+- infra: added ability for an admin to
+  [disable the download files function](../guides/admin/disable-downloads.md)
+  from the web IDE's tree view.
+- infra: added ability to toggle
+  [logging of OIDC tokens](../admin/access-control/manage.md#logging).
+- infra: mounted additional NVIDIA GPU libraries (specifically the GL/GLX
+  libraries) from the host into CVMs if users request GPUs.
+- infra: added `CODER_MAX_WORKSPACES_PER_USER` environment variable to `coderd`
+  that
+  [controls the maximum number of workspaces allowed to each user](../admin/workspace-management/limits.md).
+- infra: improved Bitbucket server account linking error messages to help debug
+  integration issues.
+- infra: updated Coder so that
+  [self-contained builds](../admin/workspace-management/self-contained-builds.md)
+  are now the default.
+- infra: updated Sysbox to version 0.5.0.
+
+### Bug fixes 🐛
+
+- web: fixed issue where dev URLs created via configure scripts do not show in
+  the UI without a manual refresh.
+- web: fixed issue with Projector navbar occasionally displaying.
+- web: fixed issue where JetBrains 2022.1 IDE versions would not open in
+  Projector.
+- web: fixed issue with EC2 provider workspaces hanging on build if a filesystem
+  issue prevented mounting user volumes.
+- web: fixed issue where creating/editing an audit log results in two audit log
+  entries.
+- web: fixed issue where changes to the Git URL in dotfiles aren’t included in
+  the audit log.
+- web: fixed issue where air-gapped deployments wouldn’t render “Open in Coder”
+  buttons.
+- web: fixed issue where users could create new workspaces even when there were
+  no workspace providers configured for the organization.
+- web: fixed metrics to track connections via SSH.
+- infra: fixed scan error on metrics table caused by float being scanned as int.
+- infra: fixed issue where the built-in provider respawns when `coderd`
+  restarts.
+- infra: fixed issue where the Coder front-end attempts to reconnect to a
+  workspace even when it is offline.
+- infra: updated Coder to return a 404 error instead of a 5xx error if `coderd`
+  cannot reach a workspace.
+- infra: fixed issue where air-gapped deployments were unable to update admin
+  configuration settings.
+
+### Security updates 🔐
+
+- infra: fixed issue with authorization controls that allowed unauthorized
+  editing of shells and dotfiles.
+- infra: fixed issue where site managers could change a user’s login type to
+  built-in, even when built-in authentication is disabled in favor of OIDC
+  login.
+- infra: added validation to URIs used in dotfiles.
+
+### Known issues 🔧
+
+- web: the service banner (if enabled) reappears for all users, even if they've
+  previously dismissed it.
+- web: using the web terminal in Coder can occasionally result in the connection
+  being reset and needing to be restarted.
+- web: the **Switch workspace** drop-down menu shows a workspace's status as
+  **Building** even though the build process is completed.
+- web: users installing v1.24 (or later) into an air-gapped environment cannot
+  upload their license when prompted.
+- infra: workspaces using images without `curl` available (e.g.,
+  `ubuntu:latest`) will fail to build on new Coder deployments with
+  self-contained workspace builds enabled. The workaround is to use a base image
+  with `curl` available (e.g., `codercom/enterprise-base:ubuntu`).
@@ -0,0 +1,22 @@
+---
+title: File download disabling
+description: Learn how to disable file downloading in Coder.
+---
+
+For security and compliance purposes, Coder site managers may choose to disable
+the downloading of files from Coder's built-in IDEs:
+
+![File actions download option](../../assets/guides/admin/file-download.png)
+
+To do so,
+[update your deployment's workspace template policy](../../admin/templates.md)
+to include the following definition:
+
+```yaml
+kubernetes:
+    env:
+        policy: append
+        value:
+        - key: "CS_DISABLE_FILE_DOWNLOADS"
+            value: "1"
+```
@@ -84,7 +84,7 @@ the domain you're using for your Coder deployment.
    cert-manager:
 
    ```console
-   kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.yaml
+   kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml
    ```
 
 1. Check that cert-manager installs correctly by running
 
@@ -45,7 +45,7 @@ Add cert-manager to your cluster
 running:
 
 ```console
-kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.yaml
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml
 ```
 
 ## Option 2: Helm
 
@@ -34,7 +34,7 @@ You must have:
 ## Step 1: Add cert-manager to your Kubernetes cluster
 
 ```console
-kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.yaml
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml
 ```
 
 More specifics can be found in the
 
@@ -42,7 +42,7 @@ You should also:
    cert-manager:
 
    ```console
-   kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.yaml
+   kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml
    ```
 
 1. Check that cert-manager installs correctly by running