Skip to content

Update tls guides for cert-manager 1.4.0 and coder 1.20 #472

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Jul 21, 2021
Merged

Update tls guides for cert-manager 1.4.0 and coder 1.20 #472

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
b707a0c
Update cloudflare tls guide
Jul 8, 2021
b8d6deb
Updated route53 guide with similar tweaks
Jul 8, 2021
ef94a90
update google cloud dns walkthrough
Jul 8, 2021
68b1459
Update azure walkthrough with current info
Jul 8, 2021
aa41a6f
Update clusterissuer to cert-manager.io/v1
Jul 9, 2021
9f9d421
Update issuer to cert-manager.io/v1
Jul 9, 2021
0b6bc29
Update guides/ssl-certificates/cloudflare.md
Jul 20, 2021
a54c2f4
Merge branch 'main' into update-tls-walkthroughs
Jul 21, 2021
d3beac8
Lint; fix typos
Jul 21, 2021
ac8bce8
Lint
Jul 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 19 additions & 19 deletions admin/access-url.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,40 +11,40 @@ domain name that you can use to access your Coder deployment.
The steps to do this vary based on the DNS provider you're using, but the
general steps required are as follows:

1. Check the contents of your namespace to obtain your ingress controller's
IP address:
1. Check the contents of your namespace to obtain your ingress controller's IP
address:

```console
kubectl get all -n <your_namespace> -o wide
```
```console
kubectl get all -n <your_namespace> -o wide
```

Find the **service/ingress-nginx** line and copy the **external IP** value
shown.
Find the **service/ingress-nginx** line and copy the **external IP** value
shown.

1. Get the ingress IP address and point your DNS records from your custom
domain to the external IP address you obtained in the previous step.
1. Get the ingress IP address and point your DNS records from your custom domain
to the external IP address you obtained in the previous step.

> If your custom domain uses the HTTPS protocol, make sure that you have [SSL
certificates](../guides/ssl-certificates/index.md) for use with your Coder
deployment. Otherwise, you can skip this step.
> If your custom domain uses the HTTPS protocol, make sure that you have
> [SSL certificates](../guides/ssl-certificates/index.md) for use with your
> Coder deployment. Otherwise, you can skip this step.

## Step 2: Update the Helm chart and redeploy Coder

When changing your access URL, you'll need to [update your Helm
chart](../guides/admin/helm-charts.md) and [redeploy
Coder](../setup/updating.md):
When changing your access URL, you'll need to
[update your Helm chart](../guides/admin/helm-charts.md) and
[redeploy Coder](../setup/updating.md):

helm upgrade coder coder/coder \
--set devurls.host="*.example.com" \
--set ingress.host="coder.example.com" \
--set devurls.host="\*.example.com" \
--set ingress.host="coder.example.com" \

> See the [enterprise-helm repo](https://github.com/cdr/enterprise-helm) for
> more information on Coder's Helm charts.

## Step 3: Provide the access URL in the Coder UI

1. Log into Coder as a site admin/site manager and go to
**Manage** > **Admin** > **Infrastructure**.
1. Log into Coder as a site admin/site manager and go to **Manage** >
**Admin** > **Infrastructure**.

1. Provide your custom domain in the **Access URL** field. The URL you provide
must match the value you provided as `ingress.host` in the previous step.
9 changes: 5 additions & 4 deletions admin/devurls.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,9 +87,9 @@ scroll down to **Dev URL Access Permissions**.
You can set the maximum access level, but developers may choose to restrict
access further.

For example, if you set the maximum access level as
**Authenticated**, then any dev URLs created for workspaces in your Coder
deployment will be accessible to any authenticated Coder user.
For example, if you set the maximum access level as **Authenticated**, then any
dev URLs created for workspaces in your Coder deployment will be accessible to
any authenticated Coder user.

The developer, however, can choose to set a stricter permission level (e.g.,
allowing only those in their organization to use the dev URL). Developers cannot
Expand All @@ -107,4 +107,5 @@ To do so, you can either:
- Use SSH tunneling to tunnel the web app to individual developers' `localhost`
instead of dev URLs (this is also an out-of-the-box feature included with VS
Code Remote)
- Use this workaround for [multiple callback sub-URLs](https://stackoverflow.com/questions/35942009/github-oauth-multiple-authorization-callback-url/38194107#38194107)
- Use this workaround for
[multiple callback sub-URLs](https://stackoverflow.com/questions/35942009/github-oauth-multiple-authorization-callback-url/38194107#38194107)
19 changes: 10 additions & 9 deletions admin/workspace-management/cvms.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,23 +3,24 @@ title: Docker in workspaces
description: Learn how to enable support for secure Docker inside workspaces.
---

If you're a site admin or a site manager, you can enable [container-based
virtual machines (CVMs)](../../workspaces/cvms.md) as a workspace deployment
option. CVMs allow users to run system-level programs, such as Docker and
systemd, in their workspaces.
If you're a site admin or a site manager, you can enable
[container-based virtual machines (CVMs)](../../workspaces/cvms.md) as a
workspace deployment option. CVMs allow users to run system-level programs, such
as Docker and systemd, in their workspaces.

## Infrastructure requirements

- CVMs leverage the [Sysbox container
runtime](https://github.com/nestybox/sysbox), so the Kubernetes Node must run
a supported Linux distro with the minimum kernel version (see [Sysbox distro
compatibility](https://github.com/nestybox/sysbox/blob/master/docs/distro-compat.md)
- CVMs leverage the
[Sysbox container runtime](https://github.com/nestybox/sysbox), so the
Kubernetes Node must run a supported Linux distro with the minimum kernel
version (see
[Sysbox distro compatibility](https://github.com/nestybox/sysbox/blob/master/docs/distro-compat.md)
for more information)
- The cluster must allow privileged containers and `hostPath` mounts. Read more
about why this is still secure [here](#security).

> Coder doesn't support legacy versions of cluster-wide proxy services such as
Istio, and CVMs do not currently support NFS as a file system.
> Istio, and CVMs do not currently support NFS as a file system.

### GPUs

Expand Down
4 changes: 2 additions & 2 deletions admin/workspace-management/extensions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ environment:
1. Set the **Extension Marketplace Type** to **Custom**
1. Set the **Extension Marketplace API URL** to
`https://open-vsx.org/vscode/gallery` (this value comes from the `serviceUrl`
path described in [open-vsx's
documentation](https://github.com/eclipse/openvsx/wiki/Using-Open-VSX-in-VS-Code)).
path described in
[open-vsx's documentation](https://github.com/eclipse/openvsx/wiki/Using-Open-VSX-in-VS-Code)).

## Air-gapped marketplaces

Expand Down
Loading