NotificationsYou must be signed in to change notification settings
Fork1k
Star11.2k

Commit19fc1a2

committed

Merge remote-tracking branch 'origin/main' into update-upgrade-config-links

2 parents3716a96 +fed70bd commit19fc1a2Copy full SHA for 19fc1a2

File tree

42 files changed

+2833

-337

lines changed

.github/workflows
coderd
- tailnet.go
docs
- README.md
- admin
  - networking
    - workspace-proxies.md
  - provisioners.md
  - templates/managing-templates
    - index.md
- images
  - admin/networking/workspace-proxies
    - proxydiagram.png
  - screenshots
- install
  - index.md
- manifest.json
- start
  - coder-tour.md
- tutorials
  - index.md
  - quickstart.md
enterprise/wsproxy
- wsproxy.go
go.mod
go.sum
helm/coder
- templates
  - coder.yaml
- tests
  - chart_test.go
  - testdata
    - sa_disabled.golden
    - sa_disabled.yaml
- values.yaml
site/src
- api
  - api.ts
  - queries
    - workspaceBuilds.ts
- modules/workspaces/WorkspaceTiming
- pages/WorkspacePage
  - Workspace.tsx
  - WorkspaceReadyPage.tsx

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

42 files changed

+2833

-337

lines changed

`‎.github/workflows/ci.yaml‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -90,6 +90,7 @@ jobs:`
`90`	`90`	`- "coderd/**"`
`91`	`91`	`- "enterprise/**"`
`92`	`92`	`- "examples/*"`
	`93`	`+ - "helm/**"`
`93`	`94`	`- "provisioner/**"`
`94`	`95`	`- "provisionerd/**"`
`95`	`96`	`- "provisionersdk/**"`
`@@ -970,7 +971,7 @@ jobs:`
`970`	`971`	`uses:google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7# v2.1.1`
`971`	`972`
`972`	`973`	`-name:Set up Flux CLI`
`973`		`-uses:fluxcd/flux2/action@9b3958825a314eb79495c6993ef397ddbf87f32f# v2.2.1`
	`974`	`+uses:fluxcd/flux2/action@5350425cdcd5fa015337e09fa502153c0275bd4b# v2.4.0`
`974`	`975`	`with:`
`975`	`976`	`# Keep this and the github action up to date with the version of flux installed in dogfood cluster`
`976`	`977`	`version:"2.2.1"`

`‎.github/workflows/scorecard.yml‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,6 @@ jobs:`
`47`	`47`
`48`	`48`	`# Upload the results to GitHub's code scanning dashboard.`
`49`	`49`	`-name:"Upload to code-scanning"`
`50`		`-uses:github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b# v3.26.12`
	`50`	`+uses:github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b# v3.26.13`
`51`	`51`	`with:`
`52`	`52`	`sarif_file:results.sarif`

`‎.github/workflows/security.yaml‎`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ jobs:`
`37`	`37`	`uses:./.github/actions/setup-go`
`38`	`38`
`39`	`39`	`-name:Initialize CodeQL`
`40`		`-uses:github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b# v3.26.12`
	`40`	`+uses:github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b# v3.26.13`
`41`	`41`	`with:`
`42`	`42`	`languages:go, javascript`
`43`	`43`
`@@ -47,7 +47,7 @@ jobs:`
`47`	`47`	`rm Makefile`
`48`	`48`
`49`	`49`	`-name:Perform CodeQL Analysis`
`50`		`-uses:github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b# v3.26.12`
	`50`	`+uses:github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b# v3.26.13`
`51`	`51`
`52`	`52`	`-name:Send Slack notification on failure`
`53`	`53`	`if:${{ failure() }}`
`@@ -124,15 +124,15 @@ jobs:`
`124`	`124`	`echo "image=$(cat "$image_job")" >> $GITHUB_OUTPUT`
`125`	`125`
`126`	`126`	`-name:Run Trivy vulnerability scanner`
`127`		`-uses:aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564`
	`127`	`+uses:aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2`
`128`	`128`	`with:`
`129`	`129`	`image-ref:${{ steps.build.outputs.image }}`
`130`	`130`	`format:sarif`
`131`	`131`	`output:trivy-results.sarif`
`132`	`132`	`severity:"CRITICAL,HIGH"`
`133`	`133`
`134`	`134`	`-name:Upload Trivy scan results to GitHub Security tab`
`135`		`-uses:github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b# v3.26.12`
	`135`	`+uses:github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b# v3.26.13`
`136`	`136`	`with:`
`137`	`137`	`sarif_file:trivy-results.sarif`
`138`	`138`	`category:"Trivy"`
`@@ -147,7 +147,7 @@ jobs:`
`147`	`147`	`# Prisma cloud scan runs last because it fails the entire job if it`
`148`	`148`	`# detects vulnerabilities. :\|`
`149`	`149`	`-name:Run Prisma Cloud image scan`
`150`		`-uses:PaloAltoNetworks/prisma-cloud-scan@1f38c94d789ff9b01a4e80070b442294ebd3e362# v1.4.0`
	`150`	`+uses:PaloAltoNetworks/prisma-cloud-scan@124b48d8325c23f58a35da0f1b4d9a6b54301d05# v1.6.7`
`151`	`151`	`with:`
`152`	`152`	`pcc_console_url:${{ secrets.PRISMA_CLOUD_URL }}`
`153`	`153`	`pcc_user:${{ secrets.PRISMA_CLOUD_ACCESS_KEY }}`

`‎coderd/tailnet.go‎`

Lines changed: 22 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -91,13 +91,15 @@ func NewServerTailnet(`
`91`	`91`	`})`
`92`	`92`	`}`
`93`	`93`
`94`		`-derpMapUpdaterClosed:=make(chanstruct{})`
	`94`	`+bgRoutines:=&sync.WaitGroup{}`
`95`	`95`	`originalDerpMap:=derpMapFn()`
`96`	`96`	`// it's important to set the DERPRegionDialer above _before_ we set the DERP map so that if`
`97`	`97`	`// there is an embedded relay, we use the local in-memory dialer.`
`98`	`98`	`conn.SetDERPMap(originalDerpMap)`
	`99`	`+bgRoutines.Add(1)`
`99`	`100`	`gofunc() {`
`100`		`-deferclose(derpMapUpdaterClosed)`
	`101`	`+deferbgRoutines.Done()`
	`102`	`+deferlogger.Debug(ctx,"polling DERPMap exited")`
`101`	`103`
`102`	`104`	`ticker:=time.NewTicker(5*time.Second)`
`103`	`105`	`deferticker.Stop()`
`@@ -120,7 +122,7 @@ func NewServerTailnet(`
`120`	`122`	`tn:=&ServerTailnet{`
`121`	`123`	`ctx:serverCtx,`
`122`	`124`	`cancel:cancel,`
`123`		`-derpMapUpdaterClosed:derpMapUpdaterClosed,`
	`125`	`+bgRoutines:bgRoutines,`
`124`	`126`	`logger:logger,`
`125`	`127`	`tracer:traceProvider.Tracer(tracing.TracerName),`
`126`	`128`	`conn:conn,`
`@@ -170,8 +172,15 @@ func NewServerTailnet(`
`170`	`172`	`// registering the callback also triggers send of the initial node`
`171`	`173`	`tn.coordinatee.SetNodeCallback(tn.nodeCallback)`
`172`	`174`
`173`		`-gotn.watchAgentUpdates()`
`174`		`-gotn.expireOldAgents()`
	`175`	`+tn.bgRoutines.Add(2)`
	`176`	`+gofunc() {`
	`177`	`+defertn.bgRoutines.Done()`
	`178`	`+tn.watchAgentUpdates()`
	`179`	`+}()`
	`180`	`+gofunc() {`
	`181`	`+defertn.bgRoutines.Done()`
	`182`	`+tn.expireOldAgents()`
	`183`	`+}()`
`175`	`184`	`returntn,nil`
`176`	`185`	`}`
`177`	`186`
`@@ -204,6 +213,7 @@ func (s *ServerTailnet) Collect(metrics chan<- prometheus.Metric) {`
`204`	`213`	`}`
`205`	`214`
`206`	`215`	`func (s*ServerTailnet)expireOldAgents() {`
	`216`	`+defers.logger.Debug(s.ctx,"stopped expiring old agents")`
`207`	`217`	`const (`
`208`	`218`	`tick=5*time.Minute`
`209`	`219`	`cutoff=30*time.Minute`
`@@ -255,6 +265,7 @@ func (s *ServerTailnet) doExpireOldAgents(cutoff time.Duration) {`
`255`	`265`	`}`
`256`	`266`
`257`	`267`	`func (s*ServerTailnet)watchAgentUpdates() {`
	`268`	`+defers.logger.Debug(s.ctx,"stopped watching agent updates")`
`258`	`269`	`for {`
`259`	`270`	`conn:=s.getAgentConn()`
`260`	`271`	`resp,ok:=conn.NextUpdate(s.ctx)`
`@@ -317,9 +328,9 @@ func (s *ServerTailnet) reinitCoordinator() {`
`317`	`328`	`}`
`318`	`329`
`319`	`330`	`typeServerTailnetstruct {`
`320`		`-ctxcontext.Context`
`321`		`-cancelfunc()`
`322`		`-derpMapUpdaterClosedchanstruct{}`
	`331`	`+ctx context.Context`
	`332`	`+cancelfunc()`
	`333`	`+bgRoutines*sync.WaitGroup`
`323`	`334`
`324`	`335`	`logger slog.Logger`
`325`	`336`	`tracer trace.Tracer`
`@@ -532,10 +543,12 @@ func (c *netConnCloser) Close() error {`
`532`	`543`	`}`
`533`	`544`
`534`	`545`	`func (s*ServerTailnet)Close()error {`
	`546`	`+s.logger.Info(s.ctx,"closing server tailnet")`
	`547`	`+defers.logger.Debug(s.ctx,"server tailnet close complete")`
`535`	`548`	`s.cancel()`
`536`	`549`	`_=s.conn.Close()`
`537`	`550`	`s.transport.CloseIdleConnections()`
`538`		`-<-s.derpMapUpdaterClosed`
	`551`	`+s.bgRoutines.Wait()`
`539`	`552`	`returnnil`
`540`	`553`	`}`
`541`	`554`

`‎docs/README.md‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -143,3 +143,4 @@ or [the v2 migration guide and FAQ](https://coder.com/docs/v1/guides/v2-faq).`
`143`	`143`
`144`	`144`	`- Learn about[Templates](./admin/templates/index.md)`
`145`	`145`	`-[Install Coder](./install/index.md)`
	`146`	`+- Follow the[Quickstart guide](./tutorials/quickstart.md) to try Coder out for yourself.`

`‎docs/admin/networking/workspace-proxies.md‎`

Lines changed: 5 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -13,8 +13,6 @@ connecting with their workspace over SSH, a workspace app, port forwarding, etc.`
`13`	`13`	`Dashboard connections and API calls (e.g. the workspaces list) are not served`
`14`	`14`	`over workspace proxies.`
`15`	`15`
`16`		`-![ProxyDiagram](../../images/admin/networking/workspace-proxies/proxydiagram.png)`
`17`		`-`
`18`	`16`	`#Deploy a workspace proxy`
`19`	`17`
`20`	`18`	`Each workspace proxy should be a unique instance. At no point should 2 workspace`
`@@ -56,12 +54,13 @@ Deploying the workspace proxy will also register the proxy with coderd and make`
`56`	`54`	`the workspace proxy usable. If the proxy deployment is successful,`
`57`	`55`	`coder wsproxy ls` will show an`ok` status code:
`58`	`56`
`59`		-```
	`57`	+```shell
`60`	`58`	`$ coder wsproxy ls`
`61`	`59`	`NAME URL STATUS STATUS`
`62`		`-brazil-saopaulo https://brazil.example.com ok`
`63`		`-europe-frankfurt https://europe.example.com ok`
`64`		`-sydney https://sydney.example.com ok`
	`60`	`+primary https://dev.coder.com ok`
	`61`	`+brazil-saopaulo https://brazil.example.com ok`
	`62`	`+europe-frankfurt https://europe.example.com ok`
	`63`	`+sydney https://sydney.example.com ok`
`65`	`64`	```
`66`	`65`
`67`	`66`	`Other Status codes:`

`‎docs/admin/provisioners.md‎`

Lines changed: 54 additions & 34 deletions

Original file line number	Diff line number	Diff line change
`@@ -41,36 +41,40 @@ The provisioner daemon must authenticate with your Coder deployment.`
`41`	`41`	`##Scoped Key (Recommended)`
`42`	`42`
`43`	`43`	`We recommend creating finely-scoped keys for provisioners. Keys are scoped to an`
`44`		`-organization.`
	`44`	`+organization, and optionally to a specific set of tags.`
`45`	`45`
`46`		-```sh
`47`		`-coder provisioner keys create my-key \`
`48`		`- --org default`
	`46`	+1. Use`coder provisioner` to create the key:
`49`	`47`
`50`		`-Successfully created provisioner key my-key! Save this authentication token, it will not be shown again.`
	`48`	`+- To create a key for an organization that will match untagged jobs:`
`51`	`49`
`52`		`-<key omitted>`
`53`		-```
	`50`	+```sh
	`51`	`+ coder provisioner keys create my-key \`
	`52`	`+ --org default`
`54`	`53`
`55`		`-Or, restrict theprovisionerto jobs with specific tags`
	`54`	`+ Successfully createdprovisionerkey my-key! Save this authentication token, it will not be shown again.`
`56`	`55`
`57`		-```sh
`58`		`-coder provisioner keys create kubernetes-key \`
`59`		`- --org default \`
`60`		`- --tag environment=kubernetes`
	`56`	`+<key omitted>`
	`57`	+ ```
`61`	`58`
`62`		`-Successfully created provisioner key kubernetes-key! Save this authentication token, it will not be shown again.`
	`59`	`+ - To restrict the provisioner tojobs with specific tags:`
`63`	`60`
`64`		`-<key omitted>`
`65`		-```
	`61`	+```sh
	`62`	`+ coder provisioner keys create kubernetes-key \`
	`63`	`+ --org default \`
	`64`	`+ --tag environment=kubernetes`
`66`	`65`
`67`		`-To start theprovisioner:`
	`66`	`+ Successfully createdprovisioner key kubernetes-key! Save this authentication token, it will not be shown again.`
`68`	`67`
`69`		-```sh
`70`		`-export CODER_URL=https://<your-coder-url>`
`71`		`-export CODER_PROVISIONER_DAEMON_KEY=<key>`
`72`		`-coder provisioner start`
`73`		-```
	`68`	`+<key omitted>`
	`69`	+```
	`70`	`+`
	`71`	`+1. Start the provisioner with the specified key:`
	`72`	`+`
	`73`	+```sh
	`74`	`+export CODER_URL=https://<your-coder-url>`
	`75`	`+export CODER_PROVISIONER_DAEMON_KEY=<key>`
	`76`	`+ coder provisioner start`
	`77`	+```
`74`	`78`
`75`	`79`	`Keep reading to see instructionsfor running provisioners on`
`76`	`80`	`Kubernetes/Docker/etc.`
`@@ -98,11 +102,15 @@ Note: Any user can start [user-scoped provisioners](#user-scoped-provisioners),`
`98`	`102`	`but this will also require a template on your deployment with the corresponding`
`99`	`103`	`tags.`
`100`	`104`
`101`		`-##Global PSK`
	`105`	`+## Global PSK (Not Recommended)`
	`106`	`+`
	`107`	`+> Global pre-shared keys (PSK) make it difficult to rotate keys or isolate`
	`108`	`+> provisioners.`
	`109`	`+>`
	`110`	`+> Wedo not recommend using global PSK.`
`102`	`111`
`103`		`-A deployment-wide PSK can be used to authenticate any provisioner. We do not`
`104`		`-recommend this approach anymore, as it makes key rotation or isolating`
`105`		`-provisioners far more difficult. To use a global PSK, set a`
	`112`	`+A deployment-wide PSK can be used to authenticate any provisioner. To use a`
	`113`	`+global PSK,set a`
`106`	`114`	`[provisioner daemon pre-shared key (PSK)](../reference/cli/server.md#--provisioner-daemon-psk)`
`107`	`115`	`on the Coder server.`
`108`	`116`
`@@ -275,18 +283,32 @@ coder templates push on-prem \`
`275`	`283`	`Coder provides a Helm chartfor running external provisioner daemons, which you`
`276`	`284`	`will usein concert with the Helm chartfor deploying the Coder server.`
`277`	`285`
`278`		`-1. Create a long, random pre-shared key (PSK) and store it in a Kubernetes`
`279`		`- secret`
	`286`	`+1. Create a provisioner key:`
	`287`	`+`
	`288`	+```sh
	`289`	`+ coder provisioner keys create my-cool-key --org default`
	`290`	`+# Optionally, you can specify tags for the provisioner key:`
	`291`	`+# coder provisioner keys create my-cool-key --org default --tags location=auh kind=k8s`
	`292`	+```
	`293`	`+`
	`294`	`+ Successfully created provisioner key kubernetes-key! Save this authentication`
	`295`	`+ token, it will not be shown again.`
	`296`	`+`
	`297`	`+<key omitted>`
	`298`	+```
	`299`	`+`
	`300`	`+1. Store the keyin a kubernetes secret:`
`280`	`301`
`281`	`302`	```sh
`282`		- kubectl create secret generic coder-provisioner-psk --from-literal=psk=`head /dev/urandom\| base64\| tr -dc A-Za-z0-9\| head -c 26`
	`303`	+ kubectl create secret generic coder-provisioner-psk --from-literal=key1=`<key omitted>`
`283`	`304`	```
`284`	`305`
`285`	`306`	1. Modify your Coder`values.yaml` to include
`286`	`307`
`287`	`308`	```yaml
`288`	`309`	`provisionerDaemon:`
`289`		`-pskSecretName:"coder-provisioner-psk"`
	`310`	`+ keySecretName:"coder-provisioner-keys"`
	`311`	`+ keySecretKey:"key1"`
`290`	`312`	```
`291`	`313`
`292`	`314`	1. Redeploy Coder with the new`values.yaml` to roll out the PSK. You can omit
`@@ -300,7 +322,7 @@ will use in concert with the Helm chart for deploying the Coder server.`
`300`	`322`	```
`301`	`323`
`302`	`324`	1. Create a`provisioner-values.yaml` filefor the provisioner daemons Helm
`303`		`-chart. For example`
	`325`	`+ chart. For example:`
`304`	`326`
`305`	`327`	```yaml
`306`	`328`	`coder:`
`@@ -309,10 +331,8 @@ will use in concert with the Helm chart for deploying the Coder server.`
`309`	`331`	`value:"https://coder.example.com"`
`310`	`332`	`replicaCount: 10`
`311`	`333`	`provisionerDaemon:`
`312`		`- pskSecretName: "coder-provisioner-psk"`
`313`		`- tags:`
`314`		`- location: auh`
`315`		`- kind: k8s`
	`334`	`+ keySecretName:"coder-provisioner-keys"`
	`335`	`+ keySecretKey:"key1"`
`316`	`336`	```
`317`	`337`
`318`	`338`	`This example creates a deployment of 10 provisioner daemons (for 10`

`‎docs/admin/templates/managing-templates/index.md‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
`1`	`1`	`#Working with templates`
`2`	`2`
`3`		`-You create and edit Coder templates as[Terraform](../../../start/coder-tour.md)`
`4`		-configuration files (`.tf`) and any supporting files, like a README or
`5`		`-configuration files for other services.`
	`3`	`+You create and edit Coder templates as`
	`4`	+[Terraform](../../../tutorials/quickstart.md)configuration files (`.tf`) and
	`5`	`+any supporting files, like a README orconfiguration files for other services.`
`6`	`6`
`7`	`7`	`##Who creates templates?`
`8`	`8`

`‎docs/images/admin/networking/workspace-proxies/proxydiagram.png‎`

-159 KB

Binary file not shown.

`‎docs/images/screenshots/create-template.png‎`

80.1 KB

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit19fc1a2

File tree

42 files changed

Some content is hidden

42 files changed

`‎.github/workflows/ci.yaml‎`

`‎.github/workflows/scorecard.yml‎`

`‎.github/workflows/security.yaml‎`

`‎coderd/tailnet.go‎`

`‎docs/README.md‎`

`‎docs/admin/networking/workspace-proxies.md‎`

`‎docs/admin/provisioners.md‎`

`‎docs/admin/templates/managing-templates/index.md‎`

`‎docs/images/admin/networking/workspace-proxies/proxydiagram.png‎`

`‎docs/images/screenshots/create-template.png‎`

0 commit comments