closes: #15385
- use consistent `prom-http` port (@johnstcn looks like this was
changed/added in #12214 - do we prefer `prom-http` over
`prometheus-http` or is it more important that they align?)
- add `namespaceSelector:` per @francisco-mata (thanks! - sorry it took
so long to get this in)
from issue:
> For some reason our target was not appearing on our prometheus
targets, we had to add a namespaceSelector key on the Service Monitor to
successfully appear
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
It looks like GFM does not respect the `![]` alert syntax (and any other
alert type) when it's enclosed within a div. This is true for both the
coder.com GFM renderer, and GitHub's (though I assume they're the same
internally).
When the section is surrounded by a `<div class="tabs">`:
When it's not:
In our case, we really want the tabs, and the alert block is less
important, so we'll downgrade it to a regular quote.
cc @aqandrew for visibility, in case you're aware of a workaround.
I realised we should advise against installing multiple copies, as I'm sure someone will try and get confused by Apple's obtuse error messaging.
Tailscale also has a similar warning: https://pkgs.tailscale.com/stable/#macos
For production deployments we recommend disabling the default GitHub
OAuth2 app managed by Coder. This PR mentions it in k8s installation
docs and the helm README so users can stumble upon it more easily.
- copy edit EA section with @mattvollmer 's suggestions
- ran the script that updates the list of experiments
---------
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
- [x] translate notes to docs
- [x] move to Home > About > Feature Stages
- [x] decide on bullet point summaries (👍👎 in comment)
### OOS for this PR
add support page that describes how users can get support. currently,
[this help
article](https://help.coder.com/hc/en-us/articles/25308666965783-Get-Help-with-Coder)
is the only thing that pops up and includes that `Users with valid Coder
licenses can submit tickets` but doesn't show how, nor does it include
the support bundle docs (link or content). it'd be good to have these
things relate to each other
## preview
[preview](https://coder.com/docs/@feature-stages/contributing/feature-stages)
---------
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Co-authored-by: Ben Potter <ben@coder.com>
## Changes
1. Update the `0.0.0.0:3001` web UI address to `localhost:3000`. Coder
starts on port 3000 by default. It'd use 3001 only if 3000 was already
taken.
2. Update the screenshot of the `/setup` page to reflect how it will
look like after merging https://github.com/coder/coder/pull/16662. Note:
this PR should be merged only after the other one is.
3. Minor phrasing changes.
---------
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Third and final PR to address
https://github.com/coder/coder/issues/16230.
This PR enables GitHub OAuth2 login by default on new deployments.
Combined with https://github.com/coder/coder/pull/16629, this will allow
the first admin user to sign up with GitHub rather than email and
password.
We take care not to enable the default on deployments that would upgrade
to a Coder version with this change.
To disable the default provider an admin can set the
`CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER` env variable to false.
Niche edge case, assumes access_token is jwt.
Some `access_token`s are JWT's with potential useful claims.
These claims would be nearly equivalent to `user_info` claims.
This is not apart of the oauth spec, so this feature should not be
loudly advertised. If using this feature, alternate solutions are preferred.
Provisioner key permissions were never any different than provisioners.
Merging them for a cleaner permission story until they are required (if
ever) to be seperate.
This removed `ResourceProvisionerKey` from RBAC and just uses the
existing `ResourceProvisioner`.
- Add deleted column to organizations table
- Add trigger to check for existing workspaces, templates, groups and
members in a org before allowing the soft delete
---------
Co-authored-by: Steven Masley <stevenmasley@gmail.com>
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
closes#16570
thanks @Cjkjvfnby !
@matifali I think there is/was an automation, but I'm not sure if it's
been dropped. `kubernetes.md` has:
```md
<!-- autoversion(mainline): "--version [version]" -->
...
<!-- autoversion(stable): "--version [version]" -->
```
~additionally, I removed the `## Prerequisites` section from
`kubernetes-logs.md` because if it's only a requirement for Coder
versions earlier than 0.28.0, it's probably more confusing than useful
to the majority of readers.~
---------
Co-authored-by: M Atif Ali <atif@coder.com>
It's sometimes useful to see when each pong was received, for
correlating these times with other events.
---------
Signed-off-by: Danny Kopping <danny@coder.com>
First PR in a series to address
https://github.com/coder/coder/issues/16230.
Introduces support for logging in via the [GitHub OAuth2 Device
Flow](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow).
It's previously been possible to configure external auth with the device
flow, but it's not been possible to use it for logging in. This PR
builds on the existing support we had to extend it to sign ins.
When a user clicks "sign in with GitHub" when device auth is configured,
they are redirected to the new `/login/device` page, which makes the
flow possible from the client's side. The recording below shows the full
flow.
https://github.com/user-attachments/assets/90c06f1f-e42f-43e9-a128-462270c80fdd
I've also manually tested that it works for converting from
password-based auth to oauth.
Device auth can be enabled by a deployment's admin by setting the
`CODER_OAUTH2_GITHUB_DEVICE_FLOW` env variable or a corresponding config
setting.
- Updates `terraform` to
[v1.10.5](https://github.com/hashicorp/terraform/blob/v1.10.5/CHANGELOG.md#1105-january-22-2025)
- Updates provider to >=2.0.0 in provider testdata fixtures
- Fixes provider to required release version for resource monitors
- Fixes missing leading / in volumes in resource monitor tests
---------
Co-authored-by: Cian Johnston <cian@coder.com>
This commit adds new audit resource types for workspace agents and
workspace apps, as well as connect/disconnect and open/close actions.
The idea is that we will log new audit events for connecting to the
agent via SSH/editor.
Likewise, we will log openings of `coder_app`s.
This change also introduces support for filtering by `request_id`.
Updates #15139
This change adds provisioner daemon ID filter to the provisioner daemons
endpoint, and also implements the limiting to 50 results.
Test coverage is greatly improved and template information for jobs
associated to the daemon was also fixed.
Updates #15084
Updates #15192
Related #16532
These changes were made in #14931 but didn't make it into the
restructured docs
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Corrects incorrect reference to env variable
`CODER_DEFAULT_QUIET_HOURS_SCHEDULE`. Changes to
`CODER_QUIET_HOURS_DEFAULT_SCHEDULE`. Also hyperlinks to the server flag
(similar to `CODER_ALLOW_CUSTOM_QUIET_HOURS`)
Since API keys can be created without a name, and we already perform the
deletion by ID, it makes sense to be able to delete tokens with *just*
the ID.
