Skip to content

add 1.35 docs #1133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 28, 2022
Merged

add 1.35 docs #1133

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0e4a5a6
chore: initial version of 1.35.0 changelog (#1126)
johnstcn Sep 21, 2022
f0a1fa8
[1.35 cherry] document postgres.noPasswordEnv and seccompProfile work…
johnstcn Sep 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions changelog/1.35.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
---
title: "1.35.0"
description: "Released on TBD"
---

### Breaking changes ❗

There are no breaking changes in 1.35.0.

### Features ✨

- infra: Coder now supports reading the database password from a file (specified
by environment variable `DB_PASSWORD_PATH`) instead of directly from an
environment variable. This is configurable via the Helm option
`postgres.noPasswordEnv`.
- infra: Workspace templates now allow specifying seccomp profiles for workspace
pods.

### Bug fixes 🐛

- web: Fixed an issue where non-Admin users were unable to create "Open in
Coder" buttons.
- web: Fixed broken links in the offline docs.
- web: Added a workaround for an issue in Projector where the IDE would crash
when running a unit test
[(IDEA-300226](https://youtrack.jetbrains.com/issue/IDEA-300226)).
- web: Fixed an issue where custom font glyphs were not being rendered correctly
in the web terminal.
- web: `coderd` now automatically reloads TLS certificates without a restart.
- web: fixed an issue blocking the usage of Server-Sent Events (SSE).
- infra: Improved connection caching logic.
- infra: Fixed an issue where building multiple workspaces in parallel would
result in excessive queuing.
- infra: Improved logging of workspace builds and websocket connection errors.

### Security updates 🔐

There are no security updates in 1.35.

### Notes ℹ️

- Our bundled version of JetBrains Projector is now built with JDK 17 to match
the version used by more recent Jetbrains IDEs.
8 changes: 8 additions & 0 deletions guides/deployments/postgres.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,14 @@ or cluster.
the console, to avoid inadvertently storing credentials in shell history
files.

> Normally, we set the PostgreSQL password as an environment variable in the
> `coderd` deployment with a reference to the Kubernetes secret. If this is
> not desirable, you can instead mount the secret as a file which Coder will
> read at startup. To do this, set the Helm value `postgres.noPasswordEnv` to
> `true`. This will mount the secret under
> `/run/secrets/<.Values.postgres.passwordSecret>/password` and set the
> environment variable `DB_PASSWORD_PATH` for `coderd` to that value.

1. Get the port number for your PostgreSQL instance:

```sql
Expand Down
5 changes: 4 additions & 1 deletion manifest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"versions": ["v1.34", "v1.33", "v1.32", "v1.31", "v1.30"],
"versions": ["v1.35", "v1.34", "v1.33", "v1.32", "v1.31", "v1.30"],
"routes": [
{
"path": "./index.md",
Expand Down Expand Up @@ -575,6 +575,9 @@
{
"path": "./changelog/index.md",
"children": [
{
"path": "./changelog/1.35.0.md"
},
{
"path": "./changelog/1.34.0.md"
},
Expand Down
45 changes: 45 additions & 0 deletions workspaces/workspace-templates/templates.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,10 @@ workspace:
value:
- key: annotation-key
value: annotation-value
seccomp-profile-type:
value: Localhost
seccomp-profile-localhost-profile:
value: profiles/custom-profile.json
configure:
start:
value:
Expand Down Expand Up @@ -262,6 +266,47 @@ node-selector:

`node-selector` is disabled by default and must be enabled by a site admin.

#### workspace.specs.kubernetes.seccomp-profile-type.value

Applies a [seccomp profile](https://kubernetes.io/docs/tutorials/security/seccomp/)
to the workspace pod. The value is a string, corresponding to the `type`
subfield of the PodSecurityContext `seccompProfile` attribute.

For example, the following snippet would explicitly disable seccomp protection:

```yaml
seccomp-profile-type:
value: Unconfined
```

`seccomp-profile-type` is disabled by default and must be enabled by a site
admin.

#### workspace.specs.kubernetes.seccomp-profile-localhost-profile.value

Applies a custom [seccomp profile](https://kubernetes.io/docs/tutorials/security/seccomp/)
to the workspace pod. The value is a string, corresponding to the
`localhostProfile` subfield of the PodSecurityContext `seccompProfile`
attribute.

Per the [Kubernetes
documentation](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#seccompprofile-v1-core),
this attribute is only valid if used in combination with the `Localhost` seccomp
profile type. Its value must correspond to the path of a valid JSON profile that
is already configured on the Kubernetes worker nodes.

The following snippet demonstrates setting a custom profile:

```yaml
seccomp-profile-type:
value: Localhost
seccomp-profile-localhost-profile:
value: profiles/my-custom-profile.json
```

`seccomp-profile-localhost-profile` is disabled by default and must be enabled
by a site admin.

#### workspace.configure

This section lists the commands that run within the workspace after Coder builds
Expand Down