coder · greyscaled · Jun 17, 2021 · Jun 14, 2021 · Jun 15, 2021 · Jun 15, 2021
diff --git a/admin/appearance.md b/admin/appearance.md
@@ -6,20 +6,35 @@ description: Learn how to augment the dashboard appearance.
 Coder offers you appearance customization options for the following:
 
 - System banner messages
+- Service banner messages
 - The terms of service display
 
-## System banner messages
+## System banners
 
 To customize your system banner messages:
 
 1. Go to **Manage** > **Admin** > **Appearance** in the Coder UI.
-1. Toggle the switch to **On**.
+1. Toggle the **System Banner** switch to **On**.
 1. Set your **Background Color**, and provide the text you want to be displayed
    in your **Header** and **Footer**.
 1. Click **Save Preferences** to save your changes.
 
 ![System appearance](../assets/system-banners.png)
 
+## Service banners
+
+The service banner allows you to display a message to all users of your Coder
+system. The user can dismiss the message at any time and Coder will not display
+a banner until you change the message (or disable and re-enable the current
+message).
+
+1. Go to **Manage** > **Admin** > **Appearance** in the Coder UI.
+1. Toggle the **Service Banner** switch to **On**.
+1. Set the **Message**.
+1. Click **Save Preferences**.
+
+![Service banner](../assets/service-banners.png)
+
 ## Terms of service
 
 To enable the display of terms of service and to edit the text displayed:

diff --git a/admin/security.md b/admin/security.md
@@ -0,0 +1,31 @@
+---
+title: Browser Security
+description: Learn about Coder's browser security options.
+---
+
+Coder offers two browser security features that you can choose to enable. These
+are available under **Manage** > **Admin** > **Infrastructure**.
+
+## HTTP Strict Transport Security
+
+If you are serving Coder over HTTPS, we recommend enabling the
+**Strict-Transport-Security Header** option, which adds the [HTTP Strict
+Transport Security] header to responses. This browser feature requires future
+requests to occur over HTTPS.
+
+[http strict transport security]:
+  https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+
+![HTTP Strict Transport Security](../assets/http-strict-transport-security.png)
+
+## Secure Cookie
+
+The **Secure Cookie** option controls the [`secure` property of cookies] that
+Coder issues. This prevents browsers from sending sensitive cookies, such as
+those containing credentials, over unencrypted (HTTP) connections. We recommend
+enabling this setting if you are serving Coder over HTTPS.
+
+[`secure` property of cookies]:
+  https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+
+![Secure Cookie](../assets/secure-cookie.png)
diff --git a/admin/templates.md b/admin/templates.md
@@ -5,7 +5,64 @@ description:
   As Code Template
 ---
 
-The **Templates** tab features a form you can use for generating an embeddable
+The **Templates** tab features options that control the behavior of workspace
+templates.
+
+The **Enable using Workspace Templates** toggle allows you to enable or disable
+the creation of [workspaces](../workspaces/index.md) using predefined templates
+located in Git repositories.
+
+![Enable workspace templates](../assets/enable-ws-templates.png)
+
+## Template policy (alpha)
+
+If you enable the use of workspace templates, a **template policy** allows you
+to control which fields users can set and which values can be used when they
+define their workspaces.
+
+The default template policy is as follows:
+
+```yaml
+version: "0.2"
+workspace:
+    configure:
+        start:
+            policy: write
+    dev-urls:
+        policy: write
+    specs:
+        kubernetes:
+            container-based-vm:
+                policy: write
+            cpu:
+                policy: write
+            disk:
+                policy: write
+            env:
+                policy: write
+            gpu-count:
+                policy: write
+            image:
+                policy: write
+            labels:
+                policy: read
+            memory:
+                policy: write
+            node-selector:
+                policy: read
+            tolerations:
+                policy: read
+```
+
+Underneath the policy template preview, you can either upload your policy or you
+can drag-and-drop the file onto the UI. Click **Save** to persist your changes.
+
+If, at any time, you want to remove your policy and use Coder's default policy,
+click **Reset to default**.
+
+## Embeddable Button
+
+The Embeddable Button section features a form you can use for generating an embeddable
 button. This button makes it easy for developers to use your
 [workspace template](../workspaces/workspaces-as-code/index.md).
 

diff --git a/assets/enable-ws-templates.png b/assets/enable-ws-templates.png
diff --git a/assets/http-strict-transport-security.png b/assets/http-strict-transport-security.png
diff --git a/assets/secure-cookie.png b/assets/secure-cookie.png
diff --git a/assets/service-banners.png b/assets/service-banners.png
diff --git a/assets/wac-intellisense-demo.gif b/assets/wac-intellisense-demo.gif
diff --git a/changelog/1.20.0.md b/changelog/1.20.0.md
@@ -0,0 +1,54 @@
+---
+title: "1.20.0"
+description: "Released on 06/16/2021"
+---
+
+### Breaking changes ❗
+
+There are no breaking changes in 1.20.0.
+
+### Features ✨
+
+- web: **Alpha**. Added the ability to set a site-wide workspace template policy
+  at **Manage > Admin > Templates > Template Policy**. If not set, Coder uses
+  the provided default.
+- web: Added the `node-selector`, `tolerations`, and `annotations` fields to
+  workspace templates.
+- other: Added a new JSON schema for writing Coder workspace as code templates
+  with code completion and syntax checking.
+- web: Added a service banner that's displayed to all users of the system. The
+  message can be used with existing messages. It can be dismissed by each user
+  at any point and will not be shown again until there is a new message.
+- web: Added text wrapping to system banners.
+- infra: Added a `CODER_RUNTIME` environment variable that indicates whether a
+  workspace is CVM-enabled or not.
+- web: Updated UI to display decommissioned workspaces that are awaiting
+  deletion.
+- web: Added ability to filter the audit log by the _auto-off_ action.
+
+### Bug fixes 🐛
+
+- web: Fixed bug causing duplicate fetch requests on page load.
+- web: Fixed issue causing private dev URLs to load as blank pages for
+  unauthorized users (users will now see an error page).
+
+### Security updates 🔐
+
+- web: Require administrative permissions to view workspaces belonging to other
+  users; previously, users could view others' workspace metadata
+- web: Added content security policy (CSP) to help protect against cross-site
+  scripting attacks.
+- web: Added opt-in for HTTP Strict Transport Security. This setting can be
+  managed at **Manage > Admin > Infrastructure > HTTP Strict Transport
+  Security**.
+- web: Added opt-in for secure cookies. This setting can be managed at
+  **Manage > Admin > Infrastructure > Secure Cookie**.
+- web: Use strong cryptographic APIs to generate random numbers in backend and
+  frontend.
+- infra: Upgraded control plane containers from Red Hat UBI 8.3 to 8.4, and
+  switch from ubi to ubi-minimal to reduce image contents.
+- infra: Enable read-only root filesystem for control plane containers, by
+  default. You can override this with the Helm `coderd.securityContext` setting.
+- web: Resolved CVE-2021-23364 in browserslist.
+- web: Resolved CVE-2021-23358 in underscore.
+- web: Resolved CVE-2020-7753 in trim.
diff --git a/guides/troubleshooting/docker-problems.md b/guides/troubleshooting/docker-problems.md
@@ -1,6 +1,6 @@
 ---
-title: Docker key storage issues
-description: Learn how to solve Docker key storage issues inside Coder workspaces.
+title: Docker troubleshooting
+description: Learn how to solve Docker issues inside Coder workspaces.
 ---
 
 When using Coder, you may encounter the following error:

diff --git a/manifest.json b/manifest.json
@@ -59,6 +59,9 @@
           "children": [
             {
               "path": "./workspaces/workspaces-as-code/templates.md"
+            },
+            {
+              "path": "./workspaces/workspaces-as-code/code-completion.md"
             }
           ]
         }
@@ -229,6 +232,9 @@
         {
           "path": "./admin/audit.md"
         },
+        {
+          "path": "./admin/security.md"
+        },
         {
           "path": "./admin/devurls.md"
         },
@@ -365,6 +371,9 @@
     {
       "path": "./changelog/index.md",
       "children": [
+        {
+          "path": "./changelog/1.20.0.md"
+        },
         {
           "path": "./changelog/1.19.0.md"
         },

diff --git a/workspaces/variables.md b/workspaces/variables.md
@@ -57,4 +57,10 @@ env | grep CODER_
         <td><code>CODER_WP_NAME</code></td>
         <td>The name of the workspace provider hosting the environment</td>
     </tr>
+    <tr>
+        <td><code>CODER_RUNTIME</code></td>
+        <td>The container runtime used to start the workspace (either
+        `kubernetes/default` or `kubernetes/sysbox` if the workspace
+        is a CVM</td>
+    </tr>
 </table>
diff --git a/workspaces/workspaces-as-code/code-completion.md b/workspaces/workspaces-as-code/code-completion.md
@@ -0,0 +1,40 @@
+---
+title: "Workspace template code completion"
+description: "Learn how to use code completion when creating workspace templates."
+state: beta
+---
+
+Coder provides a [JSON Schema](https://json-schema.org/) for workspace templates
+that enables code completion and syntax checking.
+
+## Requirements
+
+You must have the [YAML extension by Red
+Hat](https://marketplace.visualstudio.com/items?itemName=redhat.vscode-yaml)
+installed to use this feature.
+
+## How to use
+
+Create a file called `coder.yaml`, and add the following to the top (be sure to
+replace the `<deployment_url>` placeholder with your Coder deployment URL):
+
+```yaml
+# yaml-language-server: $schema=https://<deployment_url>/api/private/template/schemas/wac.schema.json
+
+# Write your YAML config here
+```
+
+At this point, you can use the code completion and syntax checking features.
+
+## Keyboard shortcuts
+
+Some keyboard shortcuts you may find helpful include:
+
+- Document outlining (<kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>O</kbd>)
+- Auto completion (<kbd>Ctrl</kbd> + <kbd>Space</kbd>)
+
+See the [YAML extension by Red Hat
+docs](https://marketplace.visualstudio.com/items?itemName=redhat.vscode-yaml)
+for additional shortcuts.
+
+![Code Completion Demo](../../assets/wac-intellisense-demo.gif)