diff --git a/admin/access-control/manage.md b/admin/access-control/manage.md index 0a134d9e3..7b57101e4 100644 --- a/admin/access-control/manage.md +++ b/admin/access-control/manage.md @@ -22,9 +22,9 @@ domain name for the OIDC token callback; use `https://coder.my-company.com/oidc/callback`. Once you've registered a Coder application with your OIDC provider, you'll need -to return to Coder and complete the setup process. Under **Admin** > **Manage** > -**Authentication**, ensure that you've selected **OpenID Connect** as the -authentication type. Then, provide the following parameters: +to return to Coder and complete the setup process. Under **Admin** > +**Manage** > **Authentication**, ensure that you've selected **OpenID Connect** +as the authentication type. Then, provide the following parameters: - **Client ID**: The client ID for the Coder application you registered with the OIDC provider @@ -43,9 +43,9 @@ you: tokens from `https:///api/v0/users/me/oidc-access-token` - **Additional Scopes:** Specify any scopes (beyond the default) that you would like Coder to request from the authentication provider. By default, Coder -requests the scopes `openid`, `email`, and `profile`. Consult your -authentication provider's documentation for information on which scopes they -support. + requests the scopes `openid`, `email`, and `profile`. Consult your + authentication provider's documentation for information on which scopes they + support. - **Disable built-in authentication:** Choose whether Coder removes the ability to log in with an email/password option when you've enabled OIDC authentication @@ -62,9 +62,5 @@ To do so, navigate to **Manage** > **Admin** > **Authentication**. Then, toggle **Disable built-in authentication** to **On** and click **Save preferences**. [Site managers](users/user-roles#site-manager-permissions) can still use -built-in authentication. To view this option on the login page, add the -following query parameter to the URL you use to access your Coder deployment: - -```text -/login?showAllAuthenticationTypes=1 -``` +built-in authentication. The **Admin Login** option will be visible on the login +page if built-in authentication is disabled. diff --git a/admin/access-control/users/password-reset.md b/admin/access-control/users/password-reset.md index cb1e43f1d..74cb733e8 100644 --- a/admin/access-control/users/password-reset.md +++ b/admin/access-control/users/password-reset.md @@ -35,7 +35,8 @@ If you need to reset the password for a site admin, you can do so using > sure to install it before proceeding. > > If you are using Docker, follow -> [these instructions](../../../setup/docker#admin-password) instead. +> [these instructions](../../../setup/coder-for-docker/local.md#admin-password) +> instead. To reset the site admin password, run the following in the terminal: diff --git a/admin/satellites/migration.md b/admin/satellites/migration.md index 86feed595..a8b5bacf6 100644 --- a/admin/satellites/migration.md +++ b/admin/satellites/migration.md @@ -63,9 +63,10 @@ satellite to any cluster and any namespace. ### Step 2: Enable Networking v2 -Log into Coder as a site manager, and go to **Manage** > **Providers**. Select -the workspace provider, click the **vertical ellipsis** to its right, and select -**Edit**. Enable the **NetworkingV2 toggle** and click **Update Provider**. +Log into Coder as a site manager, and go to **Manage** > **Workspace +providers**. Select the workspace provider, click the **vertical ellipsis** to +its right, and select **Edit**. Enable the **NetworkingV2 toggle** and click +**Update Provider**. At this point, rebuild a workspace to ensure connectivity between the workspace provider and the workspace. Note that latency to the workspace may be negatively diff --git a/admin/workspace-management/cvms/management.md b/admin/workspace-management/cvms/management.md index 2d87de265..5aab64d23 100644 --- a/admin/workspace-management/cvms/management.md +++ b/admin/workspace-management/cvms/management.md @@ -9,7 +9,14 @@ a site manager must enable CVMs. To do so: 1. Go to **Manage > Admin > Infrastructure**. 1. Toggle the **Enable Container-Based Virtual Machines** option to **Enable**. -## Cached CVMs +This section also describes the customization features that Coder offers for +CVMs: + +![CVM Settings](../../../assets/admin/cvm-settings.png) + +These settings will apply to workspaces **after** they have been rebuilt. + +## Caching > Cached CVMs are currently an **alpha** feature. @@ -18,7 +25,7 @@ To improve the startup time for CVM-based workspaces, you can enable caching. Cached CVMs require the `shiftfs` kernel to be present on the node. Some distributions (such as Ubuntu) include `shiftfs`. If you're unsure if `shiftfs` is present on your nodes, you can check by running `modinfo shiftfs`. If no -output is returned, then you do not have `shiftfs` installed. +output is returned, you do not have `shiftfs` installed. If you don't want to install `shiftfs` yourself, you can have Coder install the module automatically for you. **It is important that you do not have secure boot @@ -27,4 +34,78 @@ install `shiftfs` on your behalf.** > GPUs are not supported with cached CVMs at this time. -![Cached CVMs](../../../assets/admin/cached-cvms.png) +## Self-contained workspace builds + +> Self-contained workspace builds are currently an **alpha** feature. + +By default, Coder initializes workspaces by running commands inside the +container. Workspaces, however, control the initialization sequence instead when +you enable [self-contained workspace builds]. This enables cluster operations +that restrict command execution inside containers using the Kubernetes API, such +as the `kubectl exec` command. + +[self-contained workspace builds]: ../self-contained-builds.md + +## Workspace process logging + +> Workspace process logging is currently an **alpha** feature. + +[Workspace process logging] enables auditing of commands executed inside the +workspace container. + +[workspace process logging]: ../process-logging.md + +## TUN device + +> TUN devices currently an **alpha** feature. + +Coder allows the creation of custom network interfaces using the Linux TUN +device. When using the **Enable TUN device** setting, Coder workspaces will have +a `/dev/net/tun` device mounted into the workspace at build time. VPN usage +often requires a TUN device. + +Users may need root (or `sudo`) access within their workspace to use the TUN +device and start a VPN client. + +> At this time, Coder does not support TUN devices for non-Kubernetes workspace +> types, such as EC2 or Docker. +> +> If you're working with EC2 workspaces, we recommend enabling privileged mode +> in the workspace provider settings, which will allow users to create their own +> TUN device. + +We've tested this feature using the [Tailscale](https://tailscale.com/) VPN +within Coder. Remember that you may have to change your VPN settings to keep any +persistent files (such as configuration/identity) files in your home volume, as +any data outside the home volume is cleared when the workspace is rebuilt. + +## FUSE device + +> FUSE devices are currently an **alpha** feature. + +Coder allows the creation of custom filesystems using the Linux FUSE userspace +filesystem device. By enabling the **Enable FUSE device** setting, Coder +workspaces will have a `/dev/fuse` device mounted into the workspace at build +time. These devices are often used to mount specialized filesystems, such as +Google Cloud Storage buckets, to your workspace. + +Users may need root (or `sudo`) access within their workspace to use the FUSE +device and start a FUSE filesystem. + +> At this time, Coder does not support FUSE devices for non-Kubernetes workspace +> types, such as EC2 or Docker. +> +> If you're working with EC2 workspaces, we recommend enabling privileged mode +> in the workspace provider settings, which will allow users to create their own +> FUSE device. + +For example, you can mount a directory from a remote SSH server using `sshfs`: + +```console +mkdir /tmp/mnt +sshfs user@host:/ /tmp/mnt +``` + +Then, in a second terminal, run `ls /tmp/mnt` to list the files from the remote +host. You should also be able to see a `fuse.sshfs` entry in the output from the +`mount` command. diff --git a/admin/workspace-management/process-logging.md b/admin/workspace-management/process-logging.md index 1de088039..8ca7a5f69 100644 --- a/admin/workspace-management/process-logging.md +++ b/admin/workspace-management/process-logging.md @@ -150,7 +150,7 @@ fields @timestamp, log_processed.fields.cmdline sidecar container. Depending on how your Kubernetes cluster is configured, you may incur extra charges from your cloud provider to store the additional logs. -[c4d-doc]: ../../setup/docker.md +[c4d-doc]: ../../setup/coder-for-docker/index.md [ebpf]: https://ebpf.io [ec2-doc]: ../workspace-providers/deployment/ec2.md [eks-cloudwatch]: diff --git a/admin/workspace-management/tun-device.md b/admin/workspace-management/tun-device.md deleted file mode 100644 index 72de5d085..000000000 --- a/admin/workspace-management/tun-device.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: TUN device enablement -description: Learn how to enable TUN devices for VPN usage within Coder. -state: alpha ---- - -By default, Coder workspaces do not contain a TUN device, making it difficult to -run a VPN. However, Coder offers an admin configuration setting that, when -enabled, automatically creates a TUN device within all Kubernetes [CVM-enabled -workspaces](cvms/index.md). - -> At this time, Coder does not support TUN devices for other workspace types -> (such as EC2 or Docker). -> -> If you're working with EC2 workspaces, we recommend enabling privileged mode -> in the workspace provider settings, which will allow users to create their own -> TUN device. - -## Enable TUN devices in Coder - -To enable TUN devices for Kubernetes [CVM-enabled workspaces](cvms/index.md): - -1. Log into Coder, and go to **Manage** > **Admin**. -1. On the **Infrastructure** page, scroll down to the **Workspace container - runtime** section. -1. Under **Enable TUN device**, click the toggle to switch this feature **On**. -1. Click **Save workspaces**. - -![Enabling TUN devices](../../assets/admin/tun.png) - -The new setting will apply to workspaces **after** you rebuild them. - -Users running workspaces with TUN devices should be able to run VPN clients -within their workspace as long as they have root (or `sudo`) access within their -workspace. - -> We've tested this feature using the [Tailscale](https://tailscale.com/) VPN -> within Coder. diff --git a/admin/workspace-providers/deployment/docker.md b/admin/workspace-providers/deployment/docker.md new file mode 100644 index 000000000..9b0bae791 --- /dev/null +++ b/admin/workspace-providers/deployment/docker.md @@ -0,0 +1,103 @@ +--- +title: Docker +description: Learn how to deploy a workspace provider to a Docker instance. +state: alpha +--- + +This article walks you through the process of deploying a workspace provider to +a remote VM instance using Docker. + +## Prerequisites + +- You must have a provisioned VM with the Docker Engine installed and running. + The Docker Engine must be at least version [20.10][docker-engine-version]. + +- Coder must be able to access the VM over an SSH connection. + +- The Coder deployment must be accessible from the containers deployed inside + the VM. + +## 1. Create a new SSH key + +Coder uses SSH to connect to the remote VM and communicate with the Docker +Engine. + +We recommend that you create a new SSH key for this purpose and do _not_ reuse +this key. Furthermore, ensure that you save this key, since you'll need it to +edit your workspace provider in the future. + +> ❗ Coder does not currently support password-protected SSH keys; the SSH +> key must be unencrypted. + +To generate your SSH key, run: + +```console +ssh-keygen -t ed25519 -C remote-c4d -f $HOME/.ssh/remote_c4d -N "" +``` + +## 2. Add the SSH key to the remote VM + +Add your SSH key to the remote VM's `authorized_keys` file; this will allow +Coder to connect via SSH using the new `remote_c4d` key: + +```console +# Replace 'remote-user@192.0.2.10' with your VM's user and host/ip. +ssh-copy-id -f -i $HOME/.ssh/remote_c4d.pub remote-user@192.0.2.10 +``` + +## 3. Verify the SSH key + +Verify that you can use the key to connect via SSH to your remote VM: + +```console +# Replace 'remote-user@192.0.2.10' with your VM's user and host/ip. +ssh remote-user@192.0.2.10 -o IdentitiesOnly=yes -i $HOME/.ssh/remote_c4d 'echo All good!' +``` + +## 4. Enable the Docker providers feature flag + +In your Coder for Docker deployment, ensure that you've enabled the **Remote +Docker Providers** feature flag. + +1. Log in to Coder, and go to **Account** > **Feature Preview** + + ![See feature flags](../../../assets/deployment/docker/feature-flag-setting.png) + +1. Click to enable **Remote Docker Providers** + + ![Enable feature flag](../../../assets/deployment/docker/docker-feature.png) + +## 5. Create the workspace provider + +To create your workspace provider, go to **Manage** > **Workspace providers**. +Click the dropdown in the top-right corner to launch **Create Docker Provider** + +![Create docker provider](../../../assets/deployment/docker/create-docker-provider.png) + +You can now fill out the provider form. + +1. Provide a **name** for your new provider. + +1. For the **Docker Daemon URL**, use `unix:///var/run./docker.sock` + +1. Under the **SSH configuration** section: + + 1. Under **SSH Host URL**, provide the SSH URL for the remote VM, **including + the port** (e.g., `remote-user@192.0.2.10:22`) + 1. Copy over the private key that you created earlier (you can retrieve it + with `cat $HOME/.ssh/remote_c4d`) + 1. Run the keyscan provided for known host verification, and copy over the + output: + + ```console + # Example: + ssh-keyscan -p 22 -H 192.0.2.10 + ``` + + 1. Optionally, set the access URL to an IP address or URL that workspaces can + use to access `coderd`. You do not need this override if the site-wide + access URL is accessible from the workspace container. + + ![Docker ssh config](../../../assets/deployment/docker/docker-ssh-config.png) + +[docker-engine-version]: https://docs.docker.com/engine/release-notes/#20100 diff --git a/admin/workspace-providers/deployment/kubernetes.md b/admin/workspace-providers/deployment/kubernetes.md index c4bc4d35e..db348da7d 100644 --- a/admin/workspace-providers/deployment/kubernetes.md +++ b/admin/workspace-providers/deployment/kubernetes.md @@ -16,7 +16,7 @@ Install the following dependencies if you haven't already: ## Creating the new workspace provider -1. Log in to Coder, and go to **Manage** > **Providers**. +1. Log in to Coder, and go to **Manage** > **Workspace providers**. 1. Click **Create New** in the top-right corner to launch the **Create a Kubernetes Provider** page. diff --git a/admin/workspace-providers/management.md b/admin/workspace-providers/management.md index 155e45d14..a4bd05b81 100644 --- a/admin/workspace-providers/management.md +++ b/admin/workspace-providers/management.md @@ -151,7 +151,7 @@ Once you've made your changes, click **Update Provider** to save and continue. ## Delete a workspace provider -1. Log in to Coder, and go to **Manage** > **Providers**. +1. Log in to Coder, and go to **Manage** > **Workspace providers**. 1. In the **Providers** list, find the workspace provider you want to delete. Click the vertical ellipsis to its right. Select **Delete**. diff --git a/assets/admin/cached-cvms.png b/assets/admin/cached-cvms.png deleted file mode 100644 index fd82b2a4c..000000000 Binary files a/assets/admin/cached-cvms.png and /dev/null differ diff --git a/assets/admin/cvm-settings.png b/assets/admin/cvm-settings.png new file mode 100644 index 000000000..f6f7f783b Binary files /dev/null and b/assets/admin/cvm-settings.png differ diff --git a/assets/admin/tun.png b/assets/admin/tun.png deleted file mode 100644 index f7440a0cd..000000000 Binary files a/assets/admin/tun.png and /dev/null differ diff --git a/assets/deployment/docker/create-docker-provider.png b/assets/deployment/docker/create-docker-provider.png new file mode 100644 index 000000000..ab115732e Binary files /dev/null and b/assets/deployment/docker/create-docker-provider.png differ diff --git a/assets/deployment/docker/docker-feature.png b/assets/deployment/docker/docker-feature.png new file mode 100644 index 000000000..128e73834 Binary files /dev/null and b/assets/deployment/docker/docker-feature.png differ diff --git a/assets/deployment/docker/docker-ssh-config.png b/assets/deployment/docker/docker-ssh-config.png new file mode 100644 index 000000000..061382121 Binary files /dev/null and b/assets/deployment/docker/docker-ssh-config.png differ diff --git a/assets/deployment/docker/feature-flag-setting.png b/assets/deployment/docker/feature-flag-setting.png new file mode 100644 index 000000000..2b8d33f26 Binary files /dev/null and b/assets/deployment/docker/feature-flag-setting.png differ diff --git a/changelog/1.29.0.md b/changelog/1.29.0.md new file mode 100644 index 000000000..9b4c8be10 --- /dev/null +++ b/changelog/1.29.0.md @@ -0,0 +1,70 @@ +--- +title: "1.29.0" +description: "Released on 03/23/2022" +--- + +### Breaking changes ❗ + +There are no breaking changes in 1.29.0. + +### Features ✨ + +- web: added admin login form that appears when OIDC login is enabled and + built-in authentication is disabled. +- C4D: added support for SSH to Docker workspace providers. +- C4D: added support for access URLs other than `localhost`. +- cli: added ability to + [create workspace providers via CLI](../guides/admin/wp-cli.md). +- infra: added support for AWS’ IAM Roles for Service Accounts (IRSA) to + CVM-enabled workspaces. +- infra: added support for + [FUSE devices in CVM-enabled workspaces](../admin/workspace-management/cvms/management.md#fuse-device). +- infra: updated code-server version to `4.1.0` (features VS Code `1.63.0`). +- infra: updated Kubernetes libraries to `1.21`. +- api: added ability for users to set preferred ICE protocol (e.g., `TURN` or + `STUN`). + +### Bug fixes 🐛 + +- web: fixed issue where usernames in dev URLs were case-sensitive. +- web: fixed issue where resource quota changes were audit logged incorrectly. +- web: fixed issue where deleting a workspace caused a “Failed to fetch + applications!” error. +- web: fixed issue where the Dashboard showed a “workspace available” + notification even though the build failed. +- web: fixed issue with the Create/Edit a Workspace form not displaying errors + if users provided non-unique workspace names. +- web: fixed issue with code copy buttons in the UI. +- web: fixed issue where users aren’t logged out correctly after changing the + password. +- C4D: fixed issue with Docker workspace provider form throwing “Failed to + create/update workspace provider!” errors. +- C4D: fixed “Resource Load Unknown” errors that occurred during the workspace + build process. +- infra: fixed issue where the API call issued by Coder while loading the + workspaces page returns the image and information on all workspaces using that + image, leading to degraded performance. +- infra: fixed issue with workspace build jobs scheduled multiple times. +- infra: fixed memory leak when a client connects to a workspace. +- infra: fixed issue where dev URL access settings weren’t enforced after + changes made by site managers. +- infra: fixed issue regarding mTLS not working with Git providers and Docker + registries. +- infra: fixed issue with `coderd` intermittently crashing. +- infra: fixed issue with satellites unable to build workspaces when the + self-contained workspace feature was enabled. + +### Security updates 🔐 + +- infra: upgraded from Go boring 1.17.5b7 to 1.17.8b7 to fix CVEs. + +### Known issues 🔧 + +- web: the service banner (if enabled) reappears for all users, even if they've + previously dismissed it. +- web: using the web terminal in Coder can occasionally result in the connection + being reset and needing to be restarted. +- web: the **Switch workspace** drop-down menu shows a workspace's status as + **Building** even though the build process is completed. +- web: users installing v1.24 (or later) into an air-gapped environment cannot + upload their license when prompted. diff --git a/changelog/index.md b/changelog/index.md index 3034f21c7..3a24d2c7e 100644 --- a/changelog/index.md +++ b/changelog/index.md @@ -1,7 +1,7 @@ --- title: "Changelog" description: - "Coder releases annotated with breaking changes, new features and fixes." + "Coder releases annotated with breaking changes, new features, and fixes." icon: "\n + + | **Parameter** | **Description** | + | ----------------- | ------------------------------------------------------------------------------ | + | `name` | The name for the workspace provider you'd like provisioned | + | `namespace` | The namespace in which to provision workspaces. | + | `cluster-address` | The address of the Kubernetes control plane; find using `kubectl cluster-info` | + + + + Example usage: + + ```console + coder providers create kubernetes my-provider --namespace=my-namespace --cluster-address=https://255.255.255.255` + ``` + + To create a new **EC2** workspace provider: + + ```console + coder providers create ec2 [name] --access-key-id=[access-key-id] --secret-access-key=[secret-access-key] + ``` + + + + | **Parameter** | **Description** | + | ------------------- | ---------------------------------------------------------- | + | `name` | The name for the workspace provider you'd like provisioned | + | `access-key-id` | The AWS access key associated with your account. | + | `secret-access-key` | The AWS region where the EC2 instances should be created. | + + + + ```console + coder providers create ec2 my-provider --access-key-id=AKIAIOSFODNN7EXAMPLE --secret-access-key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + ``` + +1. Once you've provisioned the workspace provider, deploy it to your + [Kubernetes](../../admin/workspace-providers/deployment/kubernetes.md) or + [EC2](../../admin/workspace-providers/deployment/ec2.md) cluster. + + Ensure that you're connected to the cluster you're deploying to, and run the + provided `helm upgrade` command; it should look something like the following, + but with the placeholders filled with values appropriate to your deployment: + + helm upgrade coder-workspace-provider coder/workspace-provider \ + --version= \ + --atomic \ + --install \ + --force \ + --set envproxy.token= \ + --set envproxy.accessURL= \ + --set ingress.host= \ + --set envproxy.clusterAddress= \ + --set cemanager.accessURL= + + > WARNING: The 'envproxy.token' is a secret value that authenticates the + > workspace provider; make sure that you don't share this token or make it + > public. + + You can set + [additional values of the Helm Chart](https://github.com/cdr/enterprise-helm/blob/workspace-providers-envproxy-only/README.md) + to customize the deployment further. diff --git a/manifest.json b/manifest.json index 7c0d72a86..aa61dcf87 100644 --- a/manifest.json +++ b/manifest.json @@ -1,5 +1,6 @@ { "versions": [ + "v1.29", "v1.28", "v1.27", "v1.26", @@ -161,7 +162,8 @@ "path": "./setup/kubernetes/index.md", "children": [ { - "path": "./setup/kubernetes/local-preview.md" + "path": "./setup/kubernetes/local-preview.md", + "navigable": false }, { "path": "./setup/kubernetes/k3s.md" @@ -195,7 +197,15 @@ ] }, { - "path": "./setup/docker.md" + "path": "./setup/coder-for-docker/index.md", + "children": [ + { + "path": "./setup/coder-for-docker/local.md" + }, + { + "path": "./setup/coder-for-docker/postgres.md" + } + ] }, { "path": "./setup/upgrade/index.md", @@ -312,9 +322,6 @@ { "path": "./admin/workspace-management/ssh-access.md" }, - { - "path": "./admin/workspace-management/tun-device.md" - }, { "path": "./admin/workspace-management/process-logging.md" } @@ -326,6 +333,9 @@ { "path": "./admin/workspace-providers/deployment/index.md", "children": [ + { + "path": "./admin/workspace-providers/deployment/docker.md" + }, { "path": "./admin/workspace-providers/deployment/ec2.md" }, @@ -419,6 +429,9 @@ }, { "path": "./guides/admin/usage-monitoring.md" + }, + { + "path": "./guides/admin/wp-cli.md" } ] }, @@ -540,6 +553,9 @@ { "path": "./changelog/index.md", "children": [ + { + "path": "./changelog/1.29.0.md" + }, { "path": "./changelog/1.28.0.md", "children": [ diff --git a/setup/coder-for-docker/index.md b/setup/coder-for-docker/index.md new file mode 100644 index 000000000..03c32ae53 --- /dev/null +++ b/setup/coder-for-docker/index.md @@ -0,0 +1,6 @@ +--- +title: "Coder for Docker" +description: Learn how to run Coder with Docker. +--- + + diff --git a/setup/docker.md b/setup/coder-for-docker/local.md similarity index 78% rename from setup/docker.md rename to setup/coder-for-docker/local.md index b6c40c216..1c0606419 100644 --- a/setup/docker.md +++ b/setup/coder-for-docker/local.md @@ -1,6 +1,6 @@ --- -title: "Coder for Docker" -description: Learn how to run Coder with Docker. +title: "Local deployment" +description: Learn how to run Coder with Docker locally. --- Coder for Docker allows you to deploy Coder to any machine on which Docker runs @@ -52,7 +52,7 @@ Coder for Docker works with the following platforms: -p 7080:7080 \ -v /var/run/docker.sock:/var/run/docker.sock \ -v ~/.coder:/var/run/coder \ - codercom/coder:1.28.2 + codercom/coder:1.29.0 ``` When this process is complete, Coder will print the URL you can use to access @@ -104,47 +104,13 @@ DEVURL_HOST="*.mycompany.com" For example: ```console -docker run --rm -it -p 7080:7080 -v /var/run/docker.sock:/var/run/docker.sock -v ~/.coder:/var/run/coder -e DEVURL_HOST="*.mycompany.com" codercom/coder:1.28.2 +docker run --rm -it -p 7080:7080 -v /var/run/docker.sock:/var/run/docker.sock -v ~/.coder:/var/run/coder -e DEVURL_HOST="*.mycompany.com" codercom/coder:1.29.0 ``` ## Use an external PostgreSQL database -If you'd like to use an external database, you must: - -1. Disable the embedded database by setting the `DB_EMBEDDED` environment - variable (see the next code snippet for an example) -1. Provide the connection information to the external PostgreSQL database: - - ```console - docker run --rm -it -p 7080:7080 \ - -v /var/run/docker.sock:/var/run/docker.sock \ - -v ~/.coder:/var/run/coder \ - # Disable using the embedded DB - -e DB_EMBEDDED="" \ - # Change these values to match those for your database - -e DB_HOST=127.0.0.1 \ - -e DB_PORT=5432 \ - -e DB_USER=postgres \ - -e DB_PASSWORD="" \ - -e DB_NAME=postgres \ - -e DB_SSL_MODE=disable \ - codercom/coder:1.28.2 - ``` - -Coder supports client TLS certificates using `DB_SSL_MODE=verify-full`. Ensure -that you mount the certs into the container (and add the flag -`-v :/certs`). Then, specify the certificate path using environment -variables: - - - -| **Flag/environment variable** | **Description** | -| --------------------------------- | -------------------------------------------- | -| `-e DB_CERT=/certs/client.crt` | The path to the client cert signed by the CA | -| `-e DB_KEY=/certs/client.key` | The path to the client secret | -| `-e DB_ROOT_CERT=/certs/myCA.crt` | The path to the trusted CA cert | - - +Coder for Docker comes with an embedded database, but you can +[opt for an external database](postgres.md) instead. ## Admin password @@ -175,7 +141,7 @@ To do so: version: "3.5" services: coder: - image: docker.io/codercom/coder:1.28.2 + image: docker.io/codercom/coder:1.29.0 container_name: coderd restart: unless-stopped ports: @@ -230,7 +196,17 @@ workspace: If you would like users' IP addresses to show up in the audit logs (i.e., identify the originating client IP address, regardless of whether they're connecting through a proxy, load balancer, or other such service), use the -`-e "PROXY_TRUSTED_HEADERS=X-Forwarded-For"` flag with the `docker run` command. +following flags with the `docker run` command: + +```console +-e "PROXY_TRUSTED_HEADERS=X-Forwarded-For" +-e PROXY_TRUSTED_ORIGINS=172.17.0.0/16 +``` + +## Workspace providers + +If you're interested in using Docker as a workspace provider, please see our +[deployment instructions](../../admin/workspace-providers/deployment/docker.md). ## Known issues diff --git a/setup/coder-for-docker/postgres.md b/setup/coder-for-docker/postgres.md new file mode 100644 index 000000000..da2caa941 --- /dev/null +++ b/setup/coder-for-docker/postgres.md @@ -0,0 +1,42 @@ +--- +title: "External database setup" +description: Learn how to set up an external Postgres database for use with C4D. +--- + +If you'd like to use an external database with your Coder for Docker deployment, +you must: + +1. Disable the embedded database by setting the `DB_EMBEDDED` environment + variable (see the next code snippet for an example) +1. Provide the connection information to the external PostgreSQL database: + + ```console + docker run --rm -it -p 7080:7080 \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v ~/.coder:/var/run/coder \ + # Disable using the embedded DB + -e DB_EMBEDDED="" \ + # Change these values to match those for your database + -e DB_HOST=127.0.0.1 \ + -e DB_PORT=5432 \ + -e DB_USER=postgres \ + -e DB_PASSWORD="" \ + -e DB_NAME=postgres \ + -e DB_SSL_MODE=disable \ + codercom/coder:1.28.2 + ``` + +Coder supports client TLS certificates using `DB_SSL_MODE=verify-full`. Ensure +that you mount the certs into the container (and add the flag +`-v :/certs`). Then, specify the certificate path using environment +variables: + + + +| **Flag/environment variable** | **Description** | +| --------------------------------- | -------------------------------------------- | +| `-e DB_CERT=/certs/client.crt` | The path to the client cert signed by the CA | +| `-e DB_KEY=/certs/client.key` | The path to the client secret | +| `-e DB_ROOT_CERT=/certs/myCA.crt` | The path to the trusted CA cert | + + diff --git a/setup/index.md b/setup/index.md index e5671b05b..769a448a2 100644 --- a/setup/index.md +++ b/setup/index.md @@ -18,7 +18,7 @@ of charge for 60 days. You'll provide this license _after_ you've completed the deployment steps. > If you're interested in a lightweight preview of Coder, check out our -> [local preview](kubernetes/local-preview) option. +> [Coder for Docker](coder-for-docker/index.md) option. ## Deploying Coder diff --git a/setup/kubernetes/aws.md b/setup/kubernetes/aws.md index eebefba5a..e494de306 100644 --- a/setup/kubernetes/aws.md +++ b/setup/kubernetes/aws.md @@ -184,7 +184,7 @@ as a workspace deployment option, you'll need to # ami: instanceType: minSize: 1 - mazSize: 2 + maxSize: 2 desiredCapacity: 1 # Uncomment "overrideBootstrapCommand" if you are using a custom AMI # overrideBootstrapCommand: | diff --git a/setup/kubernetes/index.md b/setup/kubernetes/index.md index fd6a84cde..85bb4bdfc 100644 --- a/setup/kubernetes/index.md +++ b/setup/kubernetes/index.md @@ -15,19 +15,23 @@ You can deploy Coder to any [compatible Kubernetes cluster]. Coder follows the version of Coder supports the previous two minor releases as well as the current release of Kubernetes at time of publication. -> During installation, Helm will check to ensure that Coder is compatible with -> your cluster version; if not, the installation process will fail, and you will -> receive an error message indicating the minimum cluster version required. +During installation, Helm will check to ensure that Coder is compatible with +your cluster version; if not, the installation process will fail, and you will +receive an error message indicating the minimum cluster version required. Coder continuously removes usage of deprecated Kubernetes API versions once the minimum baseline version of Kubernetes supports the necessary features in a stable version. We follow this policy to ensure that Coder stops using deprecated features before they are removed from new versions of Kubernetes. +> You can opt to use v1.19 or v1.20, you'll see warning messages during the +> installation process. Coder does not allow the use of v1.18 or earlier. + | | Kubernetes `1.23` | Kubernetes `1.22` | Kubernetes `1.21` | Kubernetes `1.20` | Kubernetes `1.19` | Kubernetes `1.18` | | ------------ | ----------------- | ----------------- | ----------------- | ----------------- | ----------------- | ----------------- | +| Coder `1.29` | ✅ | ✅ | ✅ | | | | | Coder `1.28` | ✅ | ✅ | ✅ | | | | | Coder `1.27` | ✅ | ✅ | ✅ | | | | | Coder `1.26` | | ✅ | ✅ | ✅ | | | diff --git a/setup/kubernetes/local-preview.md b/setup/kubernetes/local-preview.md index c3ec986e9..1b7a077fb 100644 --- a/setup/kubernetes/local-preview.md +++ b/setup/kubernetes/local-preview.md @@ -3,6 +3,9 @@ title: "Local preview" description: Set up a Coder deployment locally for testing. --- +> :warning: This article is archived. For a local preview of Coder, we recommend +> [Coder for Docker](../coder-for-docker/index.md). + Coder is typically deployed to a remote data center, but you can use diff --git a/setup/upgrade/considerations.md b/setup/upgrade/considerations.md index 7037eb2b9..f3c1fda8f 100644 --- a/setup/upgrade/considerations.md +++ b/setup/upgrade/considerations.md @@ -7,6 +7,24 @@ The upgrade page provides instructions on how to upgrade your Coder deployment. This article, however, includes information you should be aware of prior to upgrading, such as architecture updates and breaking changes. +## Upgrading to v1.29 + +Previously, Coder applied a `UNIQUE` constraint to usernames, but only the +case-sensitive form (not the lowercase username). This release changes the +constraint so that it also applies to the lowercase form of the username and +ensures that all users have unique, lowercase usernames. + +If there are multiple usernames where the only differences are the casing, the +duplicates will be renamed as follows: + +- Sort each group of usernames (e.g., username, Username, UserName) by its + case-sensitive form +- The first username remains untouched; Coder appends a number to subsequent + usernames (e.g., Username2, UserName3) + +This means that any usernames that are already lowercase remain unchanged, since +they will be first in the sort group. + ## Upgrading from v1.25 to v1.26 - Beginning with `1.26`, Coder requires the use of Kubernetes `1.20` or later. diff --git a/setup/upgrade/index.md b/setup/upgrade/index.md index bb2cda582..fa3caed93 100644 --- a/setup/upgrade/index.md +++ b/setup/upgrade/index.md @@ -131,9 +131,10 @@ If you're using a custom ingress controller, the upgrade process from 1.20 to [TLS certificates](../guides/tls-certificates/index.md) for more information on how to configure Coder to issue and use certificates.) - > To manage SSH, go to **Manage** > **Providers**. Select the provider you - > want to modify, click the **vertical ellipses** to its right, and click - > **Edit**. Under **Features**, you can toggle **External Connect** on/off. + > To manage SSH, go to **Manage** > **Workspace providers**. Select the + > provider you want to modify, click the **vertical ellipses** to its right, + > and click **Edit**. Under **Features**, you can toggle **External Connect** + > on/off. > > To manage the Access URL, go to **Manage** > **Admin** > > **Infrastructure**. diff --git a/workspaces/preferences.md b/workspaces/preferences.md index 87524cf4a..5fde9d4e7 100644 --- a/workspaces/preferences.md +++ b/workspaces/preferences.md @@ -64,9 +64,6 @@ changes). Your administrator must configure OAuth for this feature to work. ## Notifications -You can choose to allow Coder to display native **notifications** so that you -can receive necessary alerts even when focused on a different view or page. - Coder issues desktop notifications when you create a new workspace or rebuild an workspace. @@ -75,9 +72,6 @@ Please note that: - You may not receive native notifications when using your browser's private browsing mode - You must enable native notifications for each browser on which you run Coder - Enterprise - -You can check whether notifications are enabled and working by click **Test**. ## Auto-start diff --git a/workspaces/workspace-templates/index.md b/workspaces/workspace-templates/index.md index 55228c0ca..982cd7972 100644 --- a/workspaces/workspace-templates/index.md +++ b/workspaces/workspace-templates/index.md @@ -55,6 +55,6 @@ embeddable Markdown button for use in your repo. See the ## Using templates with Coder for Docker -[Coder for Docker](https://coder.com/docs/coder/latest/setup/docker) supports -the use of workspace templates. However, the configuration has -[some differences that are outlined in our setup doc](https://coder.com/docs/coder/latest/setup/docker#coder-templates). +[Coder for Docker](../../setup/coder-for-docker/index.md) supports the use of +workspace templates. However, the configuration has +[some differences that are outlined in our setup doc](../../setup/coder-for-docker/local.md)