synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-15 22:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(docs): fix inconsistencies in external provisioner docs (#15416)

Browse Source 
This PR:
- Updates the table in `docs/admin/provisioners.md` to include highlight
multi-org changes
- Updates the instructions for the provisionerd helm chart when using
provisioner keys

---------

Co-authored-by: Ben Potter <ben@coder.com>
This commit is contained in:
Cian Johnston
2024-11-07 13:28:53 +00:00
committed by GitHub
parent 2d061e698d
commit 9f05b192b4
2 changed files with 44 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
coderd/provisionerdserver/acquirer_test.go
View File

@ -523,8 +523,8 @@ func TestAcquirer_MatchTags(t *testing.T) {
// Generate a table that can be copy-pasted into docs/admin/provisioners.md // Generate a table that can be copy-pasted into docs/admin/provisioners.md
lines := []string{ lines := []string{
"\n", "\n",
"| Provisioner Tags | Job Tags | Can Run Job? |", "| Provisioner Tags | Job Tags | Same Org | Can Run Job? |",
"|------------------|----------|--------------|", "|------------------|----------|----------|--------------|",
} }
// turn the JSON map into k=v for readability // turn the JSON map into k=v for readability
kvs := func(m map[string]string) string { kvs := func(m map[string]string) string {
@ -539,10 +539,14 @@ func TestAcquirer_MatchTags(t *testing.T) {
} }
for _, tt := range testCases { for _, tt := range testCases {
acquire := "✅" acquire := "✅"
sameOrg := "✅"
if !tt.expectAcquire { if !tt.expectAcquire {
acquire = "❌" acquire = "❌"
} }
s := fmt.Sprintf("| %s | %s | %s |", kvs(tt.acquireJobTags), kvs(tt.provisionerJobTags), acquire) if tt.unmatchedOrg {
sameOrg = "❌"
}
s := fmt.Sprintf("| %s | %s | %s | %s |", kvs(tt.acquireJobTags), kvs(tt.provisionerJobTags), sameOrg, acquire)
lines = append(lines, s) lines = append(lines, s)
} }
t.Logf("You can paste this into docs/admin/provisioners.md") t.Logf("You can paste this into docs/admin/provisioners.md")

86
docs/admin/provisioners.md
View File

@ -178,7 +178,8 @@ A provisioner can run a given build job if one of the below is true:
1. If a job has any explicit tags, it can only run on a provisioner with those 1. If a job has any explicit tags, it can only run on a provisioner with those
explicit tags (the provisioner could have additional tags). explicit tags (the provisioner could have additional tags).
The external provisioner in the above example can run build jobs with tags: The external provisioner in the above example can run build jobs in the same
organization with tags:
- `environment=on_prem` - `environment=on_prem`
- `datacenter=chicago` - `datacenter=chicago`
@ -186,7 +187,8 @@ The external provisioner in the above example can run build jobs with tags:
However, it will not pick up any build jobs that do not have either of the However, it will not pick up any build jobs that do not have either of the
`environment` or `datacenter` tags set. It will also not pick up any build jobs `environment` or `datacenter` tags set. It will also not pick up any build jobs
from templates with the tag `scope=user` set. from templates with the tag `scope=user` set, or build jobs from templates in
different organizations.
> [!NOTE] If you only run tagged provisioners, you will need to specify a set of > [!NOTE] If you only run tagged provisioners, you will need to specify a set of
> tags that matches at least one provisioner for _all_ template import jobs and > tags that matches at least one provisioner for _all_ template import jobs and
@ -198,34 +200,35 @@ from templates with the tag `scope=user` set.
This is illustrated in the below table: This is illustrated in the below table:
| Provisioner Tags | Job Tags | Can Run Job? | | Provisioner Tags | Job Tags | Same Org | Can Run Job? |
| ----------------------------------------------------------------- | ---------------------------------------------------------------- | ------------ | | ----------------------------------------------------------------- | ---------------------------------------------------------------- | -------- | ------------ |
| scope=organization owner= | scope=organization owner= | ✅ | | scope=organization owner= | scope=organization owner= | ✅ | ✅ |
| scope=organization owner= environment=on-prem | scope=organization owner= environment=on-prem | ✅ | | scope=organization owner= environment=on-prem | scope=organization owner= environment=on-prem | ✅ | ✅ |
| scope=organization owner= environment=on-prem datacenter=chicago | scope=organization owner= environment=on-prem | ✅ | | scope=organization owner= environment=on-prem datacenter=chicago | scope=organization owner= environment=on-prem | ✅ | ✅ |
| scope=organization owner= environment=on-prem datacenter=chicago | scope=organization owner= environment=on-prem datacenter=chicago | ✅ | | scope=organization owner= environment=on-prem datacenter=chicago | scope=organization owner= environment=on-prem datacenter=chicago | ✅ | ✅ |
| scope=user owner=aaa | scope=user owner=aaa | ✅ | | scope=user owner=aaa | scope=user owner=aaa | ✅ | ✅ |
| scope=user owner=aaa environment=on-prem | scope=user owner=aaa | ✅ | | scope=user owner=aaa environment=on-prem | scope=user owner=aaa | ✅ | ✅ |
| scope=user owner=aaa environment=on-prem | scope=user owner=aaa environment=on-prem | ✅ | | scope=user owner=aaa environment=on-prem | scope=user owner=aaa environment=on-prem | ✅ | ✅ |
| scope=user owner=aaa environment=on-prem datacenter=chicago | scope=user owner=aaa environment=on-prem | ✅ | | scope=user owner=aaa environment=on-prem datacenter=chicago | scope=user owner=aaa environment=on-prem | ✅ | ✅ |
| scope=user owner=aaa environment=on-prem datacenter=chicago | scope=user owner=aaa environment=on-prem datacenter=chicago | ✅ | | scope=user owner=aaa environment=on-prem datacenter=chicago | scope=user owner=aaa environment=on-prem datacenter=chicago | ✅ | ✅ |
| scope=organization owner= | scope=organization owner= environment=on-prem | ❌ | | scope=organization owner= | scope=organization owner= environment=on-prem | ✅ | ❌ |
| scope=organization owner= environment=on-prem | scope=organization owner= | ❌ | | scope=organization owner= environment=on-prem | scope=organization owner= | ✅ | ❌ |
| scope=organization owner= environment=on-prem | scope=organization owner= environment=on-prem datacenter=chicago | ❌ | | scope=organization owner= environment=on-prem | scope=organization owner= environment=on-prem datacenter=chicago | ✅ | ❌ |
| scope=organization owner= environment=on-prem datacenter=new_york | scope=organization owner= environment=on-prem datacenter=chicago | ❌ | | scope=organization owner= environment=on-prem datacenter=new_york | scope=organization owner= environment=on-prem datacenter=chicago | ✅ | ❌ |
| scope=user owner=aaa | scope=organization owner= | ❌ | | scope=user owner=aaa | scope=organization owner= | ✅ | ❌ |
| scope=user owner=aaa | scope=user owner=bbb | ❌ | | scope=user owner=aaa | scope=user owner=bbb | ✅ | ❌ |
| scope=organization owner= | scope=user owner=aaa | ❌ | | scope=organization owner= | scope=user owner=aaa | ✅ | ❌ |
| scope=organization owner= | scope=user owner=aaa environment=on-prem | ❌ | | scope=organization owner= | scope=user owner=aaa environment=on-prem | ✅ | ❌ |
| scope=user owner=aaa | scope=user owner=aaa environment=on-prem | ❌ | | scope=user owner=aaa | scope=user owner=aaa environment=on-prem | ✅ | ❌ |
| scope=user owner=aaa environment=on-prem | scope=user owner=aaa environment=on-prem datacenter=chicago | ❌ | | scope=user owner=aaa environment=on-prem | scope=user owner=aaa environment=on-prem datacenter=chicago | ✅ | ❌ |
| scope=user owner=aaa environment=on-prem datacenter=chicago | scope=user owner=aaa environment=on-prem datacenter=new_york | ❌ | | scope=user owner=aaa environment=on-prem datacenter=chicago | scope=user owner=aaa environment=on-prem datacenter=new_york | ✅ | ❌ |
| scope=organization owner= environment=on-prem | scope=organization owner= environment=on-prem | ❌ | ❌ |
> **Note to maintainers:** to generate this table, run the following command and > **Note to maintainers:** to generate this table, run the following command and
> copy the output: > copy the output:
> >
> ``` > ```
> go test -v -count=1 ./coderd/provisionerserver/ -test.run='^TestAcquirer_MatchTags/GenTable$' > go test -v -count=1 ./coderd/provisionerdserver/ -test.run='^TestAcquirer_MatchTags/GenTable$'
> ``` > ```
## Types of provisioners ## Types of provisioners
@ -288,8 +291,7 @@ will use in concert with the Helm chart for deploying the Coder server.
```sh ```sh
coder provisioner keys create my-cool-key --org default coder provisioner keys create my-cool-key --org default
# Optionally, you can specify tags for the provisioner key: # Optionally, you can specify tags for the provisioner key:
# coder provisioner keys create my-cool-key --org default --tags location=auh kind=k8s # coder provisioner keys create my-cool-key --org default --tag location=auh --tag kind=k8s
```
Successfully created provisioner key kubernetes-key! Save this authentication Successfully created provisioner key kubernetes-key! Save this authentication
token, it will not be shown again. token, it will not be shown again.
@ -300,25 +302,7 @@ will use in concert with the Helm chart for deploying the Coder server.
1. Store the key in a kubernetes secret: 1. Store the key in a kubernetes secret:
```sh ```sh
kubectl create secret generic coder-provisioner-psk --from-literal=key1=`<key omitted>` kubectl create secret generic coder-provisioner-psk --from-literal=my-cool-key=`<key omitted>`
```
1. Modify your Coder `values.yaml` to include
```yaml
provisionerDaemon:
keySecretName: "coder-provisioner-keys"
keySecretKey: "key1"
```
1. Redeploy Coder with the new `values.yaml` to roll out the PSK. You can omit
`--version <your version>` to also upgrade Coder to the latest version.
```sh
helm upgrade coder coder-v2/coder \
--namespace coder \
--version <your version> \
--values values.yaml
``` ```
1. Create a `provisioner-values.yaml` file for the provisioner daemons Helm 1. Create a `provisioner-values.yaml` file for the provisioner daemons Helm
@ -331,13 +315,17 @@ will use in concert with the Helm chart for deploying the Coder server.
value: "https://coder.example.com" value: "https://coder.example.com"
replicaCount: 10 replicaCount: 10
provisionerDaemon: provisionerDaemon:
# NOTE: in older versions of the Helm chart (2.17.0 and below), it is required to set this to an empty string.
pskSecretName: ""
keySecretName: "coder-provisioner-keys" keySecretName: "coder-provisioner-keys"
keySecretKey: "key1" keySecretKey: "my-cool-key"
``` ```
This example creates a deployment of 10 provisioner daemons (for 10 This example creates a deployment of 10 provisioner daemons (for 10
concurrent builds) with the listed tags. For generic provisioners, remove the concurrent builds) authenticating using the above key. The daemons will
tags. authenticate using the provisioner key created in the previous step and
acquire jobs matching the tags specified when the provisioner key was
created. The set of tags is inferred automatically from the provisioner key.
> Refer to the > Refer to the
> [values.yaml](https://github.com/coder/coder/blob/main/helm/provisioner/values.yaml) > [values.yaml](https://github.com/coder/coder/blob/main/helm/provisioner/values.yaml)