- Notifications
You must be signed in to change notification settings - Fork927
docs: describe workspace tags#13352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes fromall commits
Commits
Show all changes
10 commits Select commitHold shift + click to select a range
caa6ee7 docs: describe workspace tags
mtojek1042d5b WIP
mtojekf3016fb typos
mtojek0c6c844 link
mtojek7443d42 typo
mtojek716d01e example
mtojekb43d8a1 lacks
mtojek883a17d rephrased
mtojekcfd0c23 rename os to runtime
mtojek12a292c Cian's review
mtojekFile filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
5 changes: 5 additions & 0 deletionsdocs/manifest.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
87 changes: 87 additions & 0 deletionsdocs/templates/workspace-tags.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,87 @@ | ||
| # Workspace Tags | ||
| Template administrators can leverage static template tags to limit workspace | ||
| provisioning to designated provisioner groups that have locally deployed | ||
| credentials for creating workspace resources. While this method ensures | ||
| controlled access, it offers limited flexibility and does not permit users to | ||
| select the nodes for their workspace creation. | ||
| By using `coder_workspace_tags` and `coder_parameter`s, template administrators | ||
| can enable dynamic tag selection and modify static template tags. | ||
| ## Dynamic tag selection | ||
| Here is a sample `coder_workspace_tags` data resource with a few workspace tags | ||
| specified: | ||
| ```hcl | ||
| data "coder_workspace_tags" "custom_workspace_tags" { | ||
| tags = { | ||
| "zone" = "developers" | ||
| "runtime" = data.coder_parameter.runtime_selector.value | ||
| "project_id" = "PROJECT_${data.coder_parameter.project_name.value}" | ||
| "cache" = data.coder_parameter.feature_cache_enabled.value == "true" ? "with-cache" : "no-cache" | ||
| } | ||
| } | ||
| ``` | ||
| **Legend** | ||
| - `zone` - static tag value set to `developers` | ||
| - `runtime` - supported by the string-type `coder_parameter` to select | ||
| provisioner runtime, `runtime_selector` | ||
| - `project_id` - a formatted string supported by the string-type | ||
| `coder_parameter`, `project_name` | ||
| - `cache` - an HCL condition involving boolean-type `coder_parameter`, | ||
| `feature_cache_enabled` | ||
| Review the | ||
| [full template example](https://github.com/coder/coder/tree/main/examples/workspace-tags) | ||
| using `coder_workspace_tags` and `coder_parameter`s. | ||
| ## Constraints | ||
| ### Tagged provisioners | ||
| It is possible to choose tag combinations that no provisioner can handle. This | ||
| will cause the provisioner job to get stuck in the queue until a provisioner is | ||
| added that can handle its combination of tags. | ||
| Before releasing the template version with configurable workspace tags, ensure | ||
| that every tag set is associated with at least one healthy provisioner. | ||
| ### Parameters types | ||
mtojek marked this conversation as resolved. Show resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| Provisioners require job tags to be defined in plain string format. When a | ||
| workspace tag refers to a `coder_parameter` without involving the string | ||
| formatter, for example, | ||
| (`"runtime" = data.coder_parameter.runtime_selector.value`), the Coder | ||
| provisioner server can transform only the following parameter types to strings: | ||
| _string_, _number_, and _bool_. | ||
| ### Mutability | ||
| A mutable `coder_parameter` can be dangerous for a workspace tag as it allows | ||
| the workspace owner to change a provisioner group (due to different tags). In | ||
| most cases, `coder_parameter`s backing `coder_workspace_tags` should be marked | ||
| as immutable and set only once, during workspace creation. | ||
| ### HCL syntax | ||
| When importing the template version with `coder_workspace_tags`, the Coder | ||
| provisioner server extracts raw partial queries for each workspace tag and | ||
| stores them in the database. During workspace build time, the Coder server uses | ||
| the [Hashicorp HCL library](https://github.com/hashicorp/hcl) to evaluate these | ||
| raw queries on-the-fly without processing the entire Terraform template. This | ||
| evaluation is simpler but also limited in terms of available functions, | ||
| variables, and references to other resources. | ||
| **Supported syntax** | ||
| - Static string: `foobar_tag = "foobaz"` | ||
| - Formatted string: `foobar_tag = "foobaz ${data.coder_parameter.foobaz.value}"` | ||
| - Reference to `coder_parameter`: | ||
| `foobar_tag = data.coder_parameter.foobar.value` | ||
| - Boolean logic: `production_tag = !data.coder_parameter.staging_env.value` | ||
| - Condition: | ||
| `cache = data.coder_parameter.feature_cache_enabled.value == "true" ? "with-cache" : "no-cache"` | ||
1 change: 0 additions & 1 deletionexamples/parameters-dynamic-options/README.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
26 changes: 26 additions & 0 deletionsexamples/workspace-tags/README.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| --- | ||
| name: Sample Template with Workspace Tags | ||
| description: Review the sample template and introduce dynamic workspace tags to your template | ||
| tags: [local, docker, workspace-tags] | ||
| icon: /icon/docker.png | ||
| --- | ||
| # Overview | ||
| This Coder template presents use of [Workspace Tags](https://coder.com/docs/v2/latest/templates/workspace-tags) [Coder Parameters](https://coder.com/docs/v2/latest/templates/parameters). | ||
| # Use case | ||
| Template administrators can use static tags to control workspace provisioning, limiting it to specific provisioner groups. However, this restricts workspace users from choosing their preferred workspace nodes. | ||
mtojek marked this conversation as resolved. Show resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| By using `coder_workspace_tags` and `coder_parameter`s, template administrators can allow dynamic tag selection, avoiding the need to push the same template multiple times with different tags. | ||
| ## Development | ||
| Update the template and push it using the following command: | ||
| ``` | ||
| ./scripts/coder-dev.sh templates push examples-workspace-tags \ | ||
| -d examples/workspace-tags \ | ||
| -y | ||
| ``` | ||
170 changes: 170 additions & 0 deletionsexamples/workspace-tags/main.tf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,170 @@ | ||
| terraform { | ||
| required_providers { | ||
| coder = { | ||
| source = "coder/coder" | ||
| } | ||
| docker = { | ||
| source = "kreuzwerker/docker" | ||
| } | ||
| } | ||
| } | ||
| locals { | ||
| username = data.coder_workspace.me.owner | ||
| } | ||
| data "coder_provisioner" "me" { | ||
| } | ||
| data "coder_workspace" "me" { | ||
| } | ||
| data "coder_workspace_tags" "custom_workspace_tags" { | ||
| tags = { | ||
| "zone" = "developers" | ||
| "runtime" = data.coder_parameter.runtime_selector.value | ||
| "project_id" = "PROJECT_${data.coder_parameter.project_name.value}" | ||
| "cache" = data.coder_parameter.feature_cache_enabled.value == "true" ? "with-cache" : "no-cache" | ||
| } | ||
| } | ||
| data "coder_parameter" "runtime_selector" { | ||
| name = "runtime_selector" | ||
| display_name = "Provisioner Runtime" | ||
| default = "development" | ||
| option { | ||
| name = "Development (free zone)" | ||
| value = "development" | ||
| } | ||
| option { | ||
| name = "Staging (internal access)" | ||
| value = "staging" | ||
| } | ||
| option { | ||
| name = "Production (air-gapped)" | ||
| value = "production" | ||
| } | ||
| mutable = false | ||
| } | ||
| data "coder_parameter" "project_name" { | ||
| name = "project_name" | ||
| display_name = "Project name" | ||
| description = "Specify the project name." | ||
| mutable = false | ||
| } | ||
| data "coder_parameter" "feature_cache_enabled" { | ||
| name = "feature_cache_enabled" | ||
| display_name = "Enable cache?" | ||
| type = "bool" | ||
| default = false | ||
| mutable = false | ||
| } | ||
| resource "coder_agent" "main" { | ||
| arch = data.coder_provisioner.me.arch | ||
| os = "linux" | ||
| startup_script = <<EOF | ||
| #!/bin/sh | ||
| # install and start code-server | ||
| curl -fsSL https://code-server.dev/install.sh | sh -s -- --version 4.8.3 | ||
| code-server --auth none --port 13337 | ||
| EOF | ||
| env = { | ||
| GIT_AUTHOR_NAME = "${data.coder_workspace.me.owner}" | ||
| GIT_COMMITTER_NAME = "${data.coder_workspace.me.owner}" | ||
| GIT_AUTHOR_EMAIL = "${data.coder_workspace.me.owner_email}" | ||
| GIT_COMMITTER_EMAIL = "${data.coder_workspace.me.owner_email}" | ||
| } | ||
| } | ||
| resource "coder_app" "code-server" { | ||
| agent_id = coder_agent.main.id | ||
| slug = "code-server" | ||
| display_name = "code-server" | ||
| url = "http://localhost:13337/?folder=/home/${local.username}" | ||
| icon = "/icon/code.svg" | ||
| subdomain = false | ||
| share = "owner" | ||
| healthcheck { | ||
| url = "http://localhost:13337/healthz" | ||
| interval = 5 | ||
| threshold = 6 | ||
| } | ||
| } | ||
| resource "docker_volume" "home_volume" { | ||
| name = "coder-${data.coder_workspace.me.id}-home" | ||
| lifecycle { | ||
| ignore_changes = all | ||
| } | ||
| labels { | ||
| label = "coder.owner" | ||
| value = data.coder_workspace.me.owner | ||
| } | ||
| labels { | ||
| label = "coder.owner_id" | ||
| value = data.coder_workspace.me.owner_id | ||
| } | ||
| labels { | ||
| label = "coder.workspace_id" | ||
| value = data.coder_workspace.me.id | ||
| } | ||
| labels { | ||
| label = "coder.workspace_name_at_creation" | ||
| value = data.coder_workspace.me.name | ||
| } | ||
| } | ||
| resource "coder_metadata" "home_info" { | ||
| resource_id = docker_volume.home_volume.id | ||
| item { | ||
| key = "size" | ||
| value = "5 GiB" | ||
| } | ||
| } | ||
| resource "docker_container" "workspace" { | ||
| count = data.coder_workspace.me.start_count | ||
| image = "ubuntu:22.04" | ||
| name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}" | ||
| hostname = data.coder_workspace.me.name | ||
| entrypoint = ["sh", "-c", replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")] | ||
| env = [ | ||
| "CODER_AGENT_TOKEN=${coder_agent.main.token}", | ||
| ] | ||
| host { | ||
| host = "host.docker.internal" | ||
| ip = "host-gateway" | ||
| } | ||
| volumes { | ||
| container_path = "/home/${local.username}" | ||
| volume_name = docker_volume.home_volume.name | ||
| read_only = false | ||
| } | ||
| labels { | ||
| label = "coder.owner" | ||
| value = data.coder_workspace.me.owner | ||
| } | ||
| labels { | ||
| label = "coder.owner_id" | ||
| value = data.coder_workspace.me.owner_id | ||
| } | ||
| labels { | ||
| label = "coder.workspace_id" | ||
| value = data.coder_workspace.me.id | ||
| } | ||
| labels { | ||
| label = "coder.workspace_name" | ||
| value = data.coder_workspace.me.name | ||
| } | ||
| } |
Oops, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.