+ + Replace `CODER_URL` with your JFrog Artifactory base URL; for example, `coder.mycompany.com`. + +2. Create a new Application Integration by going to
+
+3. Add a new [external authentication][external-auth] to Coder by setting these
+ environment variables in a manner consistent with your Coder deployment.
+
+ ```env
+ # JFrog Artifactory External Auth
+ CODER_EXTERNAL_AUTH_1_ID="jfrog"
+ CODER_EXTERNAL_AUTH_1_TYPE="jfrog"
+ CODER_EXTERNAL_AUTH_1_CLIENT_ID="YYYYYYYYYYYYYYY"
+ CODER_EXTERNAL_AUTH_1_CLIENT_SECRET="XXXXXXXXXXXXXXXXXXX"
+ CODER_EXTERNAL_AUTH_1_DISPLAY_NAME="JFrog Artifactory"
+ CODER_EXTERNAL_AUTH_1_DISPLAY_ICON="/icon/jfrog.svg"
+ CODER_EXTERNAL_AUTH_1_AUTH_URL="https://JFROG_URL/ui/authorization"
+ CODER_EXTERNAL_AUTH_1_SCOPES="applied-permissions/user"
+ ```
+ + + Replace `JFROG_URL` with your JFrog Artifactory base URL; for example, `my-company.jfrog.io`. + ++ +4. Create or edit a Coder template and use the [JFrog-OAuth][] module to configure the integration. -```tf -module "jfrog" { - source = "registry.coder.com/modules/jfrog-oauth/coder" - version = "1.0.0" - agent_id = coder_agent.example.id - jfrog_url = "https://jfrog.example.com" - configure_code_server = true # this depends on the code-server - username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username" - package_managers = { - "npm": "npm", - "go": "go", - "pypi": "pypi" - } -} -``` + ```tf + module "jfrog" { + source = "registry.coder.com/modules/jfrog-oauth/coder" + version = "1.0.0" + agent_id = coder_agent.example.id + jfrog_url = "https://jfrog.example.com" + configure_code_server = true # this depends on the code-server + username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username" + package_managers = { + "npm": "npm", + "go": "go", + "pypi": "pypi" + } + } + ``` ### JFrog-Token -This module makes use of the -[Artifactory terraform provider](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs) +This module makes use of the [Artifactory terraform provider][artifactory-tf-provider] and an admin-scoped token to create user-scoped tokens for each user by matching their Coder email or username with Artifactory. This can be used for both SaaS and self-hosted(on-premises) Artifactory instances. @@ -121,55 +122,61 @@ and self-hosted(on-premises) Artifactory instances. To set this up, follow these steps: 1. Get a JFrog access token from your Artifactory instance. The token must be an - [admin token](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token) - with scope `applied-permissions/admin`. -2. Create or edit a Coder template and use the - [JFrog-Token](https://registry.coder.com/modules/jfrog-token) module to + [admin token] with scope `applied-permissions/admin`. + +2. Create or edit a Coder template and use the [JFrog-Token][] module to configure the integration and pass the admin token. It is recommended to store the token in a sensitive terraform variable to prevent it from being displayed in plain text in the terraform state. -```tf -variable "artifactory_access_token" { - type = string - sensitive = true -} - -module "jfrog" { - source = "registry.coder.com/modules/jfrog-token/coder" - version = "1.0.0" - agent_id = coder_agent.example.id - jfrog_url = "https://example.jfrog.io" - configure_code_server = true # this depends on the code-server - artifactory_access_token = var.artifactory_access_token - package_managers = { - "npm": "npm", - "go": "go", - "pypi": "pypi" - } -} -``` + ```tf + variable "artifactory_access_token" { + type = string + sensitive = true + } + + module "jfrog" { + source = "registry.coder.com/modules/jfrog-token/coder" + version = "1.0.0" + agent_id = coder_agent.example.id + jfrog_url = "https://example.jfrog.io" + configure_code_server = true # this depends on the code-server + artifactory_access_token = var.artifactory_access_token + package_managers = { + "npm": "npm", + "go": "go", + "pypi": "pypi" + } + } + ```
The admin-level access token is used to provision user tokens and is never exposed to developers or stored in workspaces.-If you do not want to use the official modules, you can check example template -that uses Docker as the underlying compute -[here](https://github.com/coder/coder/tree/main/examples/jfrog/docker). The same -concepts apply to all compute types. +If you don't want to use the official modules, you can read through the +[example template][docker-template], which uses Docker as the underlying compute. +The same concepts apply to all compute types. ## Offline Deployments -See the -[offline deployments](../templates/extending-templates/modules.md#offline-installations) -section for instructions on how to use coder-modules in an offline environment -with Artifactory. +See the [offline deployments][] section for instructions on how to use +coder-modules in an offline environment with Artifactory. ## More reading -- See the full example template - [here](https://github.com/coder/coder/tree/main/examples/jfrog/docker). +- See the [full example Docker template][docker-template]. + - To serve extensions from your own VS Code Marketplace, check out - [code-marketplace](https://github.com/coder/code-marketplace#artifactory-storage). + [code-marketplace][cm-artifactory]. + + +[jfrog-oauth]: https://registry.coder.com/modules/jfrog-oauth +[jfrog-token]: https://registry.coder.com/modules/jfrog-token +[cm-artifactory]:https://github.com/coder/code-marketplace#artifactory-storage +[offline deployments]: ../templates/extending-templates/modules.md#offline-installations +[docker-template]: https://github.com/coder/coder/tree/main/examples/jfrog/docker +[admin token]: https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token +[artifactory-tf-provider]: https://registry.terraform.io/providers/jfrog/artifactory/latest/docs +[external-auth]: https://coder.com/docs/admin/external-auth From aea696720c39855243794a967751642d2ffcfdb9 Mon Sep 17 00:00:00 2001 From: Charlie Voiselle <464492+angrycub@users.noreply.github.com> Date: Thu, 14 Nov 2024 12:52:34 -0500 Subject: [PATCH 04/11] docs: improve admonition for authentication --- docs/admin/integrations/jfrog-xray.md | 86 ++++++++++++++++----------- 1 file changed, 51 insertions(+), 35 deletions(-) diff --git a/docs/admin/integrations/jfrog-xray.md b/docs/admin/integrations/jfrog-xray.md index 933bf2e475edd..39bfbd6248b44 100644 --- a/docs/admin/integrations/jfrog-xray.md +++ b/docs/admin/integrations/jfrog-xray.md @@ -10,61 +10,77 @@ March 17, 2024 --- -This guide will walk you through the process of adding -[JFrog Xray](https://jfrog.com/xray/) integration to Coder Kubernetes workspaces -using Coder's [JFrog Xray Integration](https://github.com/coder/coder-xray). + +This guide describes the process of integrating [JFrog Xray][] to Coder +Kubernetes-backed workspaces using Coder’s [JFrog Xray Integration][`coder-xray`]. ## Prerequisites - A self-hosted JFrog Platform instance. - Kubernetes workspaces running on Coder. -## Deploying the Coder - JFrog Xray Integration -1. Create a JFrog Platform - [Access Token](https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens) - with a user that has the read - [permission](https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions) - for the repositories you want to scan. -1. Create a Coder [token](../../reference/cli/tokens_create.md#tokens-create) - with a user that has the [`owner`](../users/index.md#roles) role. +## Deploy the **Coder - JFrog Xray** Integration + +1. Create a JFrog Platform [Access Token][] with a user that has the `read` + [permission][] for the repositories you want to scan. + +1. Create a Coder [token][] with a user that has the [`owner`][roles] role. + 1. Create Kubernetes secrets for the JFrog Xray and Coder tokens. ```bash - kubectl create secret generic coder-token --from-literal=coder-token='
+ + **Note**: To authenticate with the Artifactory registry, you may need to + create a [Docker config][docker-advanced-topics] and use it in the + `imagePullSecrets` field of the Kubernetes Pod. See the + [**Defining ImagePullSecrets for Coder workspaces**][image-pull-secret] + guide for more information. + +-[`coder-xray`](https://github.com/coder/coder-xray) will scan all kubernetes -workspaces in the specified namespace. It depends on the `image` available in -Artifactory and indexed by Xray. To ensure that the images are available in -Artifactory, update the Coder template to use the Artifactory registry. +## Validate your installation -```tf -image = "
-
+
+[JFrog Xray]: https://jfrog.com/xray/
+[JFrog Xray Integration]: https://github.com/coder/coder-xray
+[`coder-xray`]: https://github.com/coder/coder-xray
+[docker-advanced-topics]: https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics
+[image-pull-secret]: ../../tutorials/image-pull-secret.md
+[token]: ../../reference/cli/tokens_create.md#tokens-create
+[roles]: ../users#roles
+[permission]: https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions
+[access token]: https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
From dfbe02b41d9fdf6d0b1f4f4002eda618588d691a Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Thu, 14 Nov 2024 12:53:18 -0500
Subject: [PATCH 05/11] docs: tidy and update vault guide
---
docs/admin/integrations/vault.md | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/docs/admin/integrations/vault.md b/docs/admin/integrations/vault.md
index 4a75008f221cd..b362a977f4f2c 100644
--- a/docs/admin/integrations/vault.md
+++ b/docs/admin/integrations/vault.md
@@ -10,22 +10,20 @@ August 05, 2024
---
-This guide will walk you through the process of adding
-[HashiCorp Vault](https://www.vaultproject.io/) integration to Coder workspaces.
+This guide describes the process of integrating [HashiCorp Vault][] into Coder
+workspaces.
Coder makes it easy to integrate HashiCorp Vault with your workspaces by
-providing official terraform modules to integrate Vault with Coder. This guide
+providing official Terraform modules to integrate Vault with Coder. This guide
will show you how to use these modules to integrate HashiCorp Vault with Coder.
-## `vault-github`
+## The `vault-github` module
-[`vault-github`](https://registry.coder.com/modules/vault-github) is a terraform
-module that allows you to authenticate with Vault using a GitHub token. This
-modules uses the existing GitHub [external authentication](../external-auth.md)
-to get the token and authenticate with Vault.
+The [`vault-github`][] module is a Terraform module that allows you to
+authenticate with Vault using a GitHub token. This module uses the existing
+GitHub [external authentication][] to get the token and authenticate with Vault.
-To use this module, you need to add the following code to your terraform
-configuration:
+To use this module, add the following code to your Terraform configuration.
```tf
module "vault" {
@@ -37,12 +35,16 @@ module "vault" {
}
```
-This module will install and authenticate the `vault` CLI in your Coder
-workspace.
+This module installs and authenticates the `vault` CLI in your Coder workspace.
-Users then can use the `vault` CLI to interact with the vault, e.g., to het a kv
-secret,
+Users then can use the `vault` CLI to interact with Vault; for example, to fetch
+a secret stored in the KV backend.
```shell
vault kv get -namespace=YOUR_NAMESPACE -mount=MOUNT_NAME SECRET_NAME
```
+
+
+[HashiCorp Vault]: https://www.vaultproject.io/
+[external authentication]: ../external-auth.md
+[`vault-github`]: https://registry.coder.com/modules/vault-github
From 8db635c2174eefd69864bb4b053f6cddee12833d Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Thu, 14 Nov 2024 12:54:30 -0500
Subject: [PATCH 06/11] docs: improve admonitions
---
docs/admin/monitoring/health-check.md | 44 +++++++++++++++++----------
1 file changed, 28 insertions(+), 16 deletions(-)
diff --git a/docs/admin/monitoring/health-check.md b/docs/admin/monitoring/health-check.md
index 51c0e8082afff..a019d4f697fd8 100644
--- a/docs/admin/monitoring/health-check.md
+++ b/docs/admin/monitoring/health-check.md
@@ -117,14 +117,14 @@ Coder's current activity and usage. It may be necessary to increase the
resources allocated to Coder's database. Alternatively, you can raise the
configured threshold to a higher value (this will not address the root cause).
-> [!TIP]
->
-> - You can enable
-> [detailed database metrics](../../reference/cli/server.md#--prometheus-collect-db-metrics)
-> in Coder's Prometheus endpoint.
-> - If you have [tracing enabled](../../reference/cli/server.md#--trace), these
-> traces may also contain useful information regarding Coder's database
-> activity.
++ +You can enable + [detailed database metrics](../../reference/cli/server.md#--prometheus-collect-db-metrics) + in Coder's Prometheus endpoint. +If you have [tracing enabled](../../reference/cli/server.md#--trace), these +traces may also contain useful information regarding Coder's database activity. +## DERP @@ -149,8 +149,11 @@ This is not necessarily a fatal error, but a possible indication of a misconfigured reverse HTTP proxy. Additionally, while workspace users should still be able to reach their workspaces, connection performance may be degraded. -> **Note:** This may also be shown if you have -> [forced websocket connections for DERP](../../reference/cli/server.md#--derp-force-websockets). +
+ +**Note:** This may also be shown if you have +[forced websocket connections for DERP](../../reference/cli/server.md#--derp-force-websockets). +**Solution:** ensure that any proxies you use allow connection upgrade with the `Upgrade: derp` header. @@ -300,8 +303,11 @@ that they are able to successfully connect to Coder. Otherwise, ensure [`--provisioner-daemons`](../../reference/cli/server.md#--provisioner-daemons) is set to a value greater than 0. -> Note: This may be a transient issue if you are currently in the process of -> updating your deployment. +
+ +**Note:** This may be a transient issue if you are currently in the process of +updating your deployment. +### EPD02 @@ -315,8 +321,11 @@ of API incompatibility. **Solution:** Update the provisioner daemon to match the currently running version of Coder. -> Note: This may be a transient issue if you are currently in the process of -> updating your deployment. +
+ +**Note:** This may be a transient issue if you are currently in the process of +updating your deployment. +### EPD03 @@ -330,8 +339,11 @@ connect to Coder. **Solution:** Update the provisioner daemon to match the currently running version of Coder. -> Note: This may be a transient issue if you are currently in the process of -> updating your deployment. +
+ +**Note:** This may be a transient issue if you are currently in the process of +updating your deployment. +## EUNKNOWN From 93b6a5b1705717469c773a5cd519df1ef0c15c3c Mon Sep 17 00:00:00 2001 From: Charlie Voiselle <464492+angrycub@users.noreply.github.com> Date: Thu, 14 Nov 2024 12:55:18 -0500 Subject: [PATCH 07/11] docs: improve admonitions --- docs/contributing/frontend.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/contributing/frontend.md b/docs/contributing/frontend.md index c9d972711bce3..990f67b8c8759 100644 --- a/docs/contributing/frontend.md +++ b/docs/contributing/frontend.md @@ -23,14 +23,15 @@ You can run the UI and access the Coder dashboard in two ways: In both cases, you can access the dashboard on `http://localhost:8080`. If using `./scripts/develop.sh` you can log in with the default credentials. -> [!TIP] -> -> **Default Credentials:** `admin@coder.com` and `SomeSecurePassword!`. +
+ +**Default Credentials:** `admin@coder.com` and `SomeSecurePassword!`. +## Tech Stack Overview -All our dependencies are described in `site/package.json` but the following are -the most important: +All our dependencies are described in `site/package.json`, but the following are +the most important. - [React](https://reactjs.org/) for the UI framework - [Typescript](https://www.typescriptlang.org/) to keep our sanity From 504d4267664e4c5247ab15bc52b23877c3348bc2 Mon Sep 17 00:00:00 2001 From: Charlie Voiselle <464492+angrycub@users.noreply.github.com> Date: Thu, 14 Nov 2024 12:55:55 -0500 Subject: [PATCH 08/11] docs: content edits, reference links to make copy easier to read --- docs/admin/integrations/prometheus.md | 35 +++++++++++++++------------ 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/docs/admin/integrations/prometheus.md b/docs/admin/integrations/prometheus.md index 059e19da126cc..5c299d73feeee 100644 --- a/docs/admin/integrations/prometheus.md +++ b/docs/admin/integrations/prometheus.md @@ -3,9 +3,8 @@ Coder exposes many metrics which can be consumed by a Prometheus server, and give insight into the current state of a live Coder deployment. -If you don't have an Prometheus server installed, you can follow the Prometheus -[Getting started](https://prometheus.io/docs/prometheus/latest/getting_started/) -guide. +If you don't have a Prometheus server installed, you can follow the Prometheus +[Getting started][prom-get-started] guide. ## Enable Prometheus metrics @@ -19,7 +18,7 @@ use either the environment variable `CODER_PROMETHEUS_ADDRESS` or the flag address. If `coder server --prometheus-enable` is started locally, you can preview the -metrics endpoint in your browser or by using curl: +metrics endpoint in your browser or by using curl. ```console $ curl http://localhost:2112/ @@ -31,13 +30,12 @@ coderd_api_active_users_duration_hour 0 ### Kubernetes deployment -The Prometheus endpoint can be enabled in the -[Helm chart's](https://github.com/coder/coder/tree/main/helm) `values.yml` by -setting the environment variable `CODER_PROMETHEUS_ADDRESS` to `0.0.0.0:2112`. -The environment variable `CODER_PROMETHEUS_ENABLE` will be enabled -automatically. A Service Endpoint will not be exposed; if you need to expose the -Prometheus port on a Service, (for example, to use a `ServiceMonitor`), create a -separate headless service instead: +The Prometheus endpoint can be enabled in the [Helm chart's][coder-helm] +`values.yml` by setting the environment variable `CODER_PROMETHEUS_ADDRESS` to +`0.0.0.0:2112`. The environment variable `CODER_PROMETHEUS_ENABLE` will be +enabled automatically. A Service Endpoint will not be exposed; if you need to +expose the Prometheus port on a Service, (for example, to use a `ServiceMonitor`), +create a separate headless service instead. ```yaml apiVersion: v1 @@ -62,21 +60,22 @@ spec: To allow Prometheus to scrape the Coder metrics, you will need to create a `scape_config` in your `prometheus.yml` file, or in the Prometheus Helm chart -values. Below is an example `scrape_config`: +values. The following is an example `scrape_config`. ```yaml scrape_configs: - job_name: "coder" scheme: "http" static_configs: - - targets: ["
- The configured IdP must be the same for both Coder and Island -+
+ The configured IdP must be the same for both Coder and Island +- - [Azure Active Directory/Entra ID][island-entra] - - [Okta][island-okta] - - [Google][island-google] + - [Azure Active Directory/Entra ID][island-entra] + - [Okta][island-okta] + - [Google][island-google] ## Browser Activity Logging @@ -125,8 +125,8 @@ screenshots, mouse clicks, and keystrokes. ### Activity Logging Module -1. [Create an Activity Logging Profile][logging-profile]. Supported browser events - include: +1. [Create an Activity Logging Profile][logging-profile]. Supported browser + events include: - Web Navigation - File Download @@ -147,28 +147,38 @@ screenshots, mouse clicks, and keystrokes. ## Identity-aware logins (SSO) -Integrate Island’s identity management system with Coder’s authentication -mechanisms to enable identity-aware logins. +Integrate Island’s identity management system with Coder’s +authentication mechanisms to enable identity-aware logins. ### Configure single sign-on (SSO) seamless authentication between Coder and Island Configure the same identity provider (IdP) for both your Island and Coder -deployment. Upon initial login to the Island browser, the user’s session token -will automatically be passed to Coder and authenticate their Coder session. - - +deployment. Upon initial login to the Island browser, the user’s session +token will automatically be passed to Coder and authenticate their Coder +session. + [island]: https://www.island.io/ -[app-group]: https://documentation.island.io/docs/create-and-configure-an-application-group-object -[data-sandbox]: https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile -[policy-rule]: https://documentation.island.io/docs/create-and-configure-a-policy-rule-general -[url-object]: https://documentation.island.io/docs/create-and-configure-a-policy-rule-general -[logging-profile]: https://documentation.island.io/docs/create-and-configure-an-activity-logging-profile -[dlp-scanner]: https://documentation.island.io/docs/create-a-data-loss-prevention-scanner -[upload-docs]: https://documentation.island.io/docs/create-and-configure-an-upload-protection-profile -[download-docs]: https://documentation.island.io/v1/docs/en/create-and-configure-a-download-protection-profile - -[island-entra]: https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy -[island-okta]: https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta -[island-google]: https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-google-enterprise +[app-group]: + https://documentation.island.io/docs/create-and-configure-an-application-group-object +[data-sandbox]: + https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile +[policy-rule]: + https://documentation.island.io/docs/create-and-configure-a-policy-rule-general +[url-object]: + https://documentation.island.io/docs/create-and-configure-a-policy-rule-general +[logging-profile]: + https://documentation.island.io/docs/create-and-configure-an-activity-logging-profile +[dlp-scanner]: + https://documentation.island.io/docs/create-a-data-loss-prevention-scanner +[upload-docs]: + https://documentation.island.io/docs/create-and-configure-an-upload-protection-profile +[download-docs]: + https://documentation.island.io/v1/docs/en/create-and-configure-a-download-protection-profile +[island-entra]: + https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy +[island-okta]: + https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta +[island-google]: + https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-google-enterprise diff --git a/docs/admin/integrations/jfrog-artifactory.md b/docs/admin/integrations/jfrog-artifactory.md index 5e41e63e2f71a..61e1469898114 100644 --- a/docs/admin/integrations/jfrog-artifactory.md +++ b/docs/admin/integrations/jfrog-artifactory.md @@ -37,35 +37,36 @@ two type of modules that automate the JFrog Artifactory and Coder integration. This module is usable by JFrog self-hosted (on-premises) Artifactory as it requires configuring a custom integration. This integration benefits from -Coder's [external-auth][] feature and -allows each user to authenticate with Artifactory using an OAuth flow and issues -user-scoped tokens to each user. +Coder's [external-auth][] feature and allows each user to authenticate with +Artifactory using an OAuth flow and issues user-scoped tokens to each user. To set this up, follow these steps: 1. Modify your Helm chart `values.yaml` for JFrog Artifactory to add, - ```yaml - artifactory: - enabled: true - frontend: - extraEnvironmentVariables: - - name: JF_FRONTEND_FEATURETOGGLER_ACCESSINTEGRATION - value: "true" - access: - accessConfig: - integrations-enabled: true - integration-templates: - - id: "1" - name: "CODER" - redirect-uri: "https://CODER_URL/external-auth/jfrog/callback" - scope: "applied-permissions/user" - ``` -
- - Replace `CODER_URL` with your JFrog Artifactory base URL; for example, `coder.mycompany.com`. - -+ ```yaml + artifactory: + enabled: true + frontend: + extraEnvironmentVariables: + - name: JF_FRONTEND_FEATURETOGGLER_ACCESSINTEGRATION + value: "true" + access: + accessConfig: + integrations-enabled: true + integration-templates: + - id: "1" + name: "CODER" + redirect-uri: "https://CODER_URL/external-auth/jfrog/callback" + scope: "applied-permissions/user" + ``` + +
+ + Replace `CODER_URL` with your JFrog Artifactory base URL; for example, + `coder.mycompany.com`. + +2. Create a new Application Integration by going to
+ ```env + # JFrog Artifactory External Auth + CODER_EXTERNAL_AUTH_1_ID="jfrog" + CODER_EXTERNAL_AUTH_1_TYPE="jfrog" + CODER_EXTERNAL_AUTH_1_CLIENT_ID="YYYYYYYYYYYYYYY" + CODER_EXTERNAL_AUTH_1_CLIENT_SECRET="XXXXXXXXXXXXXXXXXXX" + CODER_EXTERNAL_AUTH_1_DISPLAY_NAME="JFrog Artifactory" + CODER_EXTERNAL_AUTH_1_DISPLAY_ICON="/icon/jfrog.svg" + CODER_EXTERNAL_AUTH_1_AUTH_URL="https://JFROG_URL/ui/authorization" + CODER_EXTERNAL_AUTH_1_SCOPES="applied-permissions/user" + ``` - Replace `JFROG_URL` with your JFrog Artifactory base URL; for example, `my-company.jfrog.io`. +4. Create or edit a Coder template and use the [JFrog-OAuth][] module to configure the integration. - ```tf - module "jfrog" { - source = "registry.coder.com/modules/jfrog-oauth/coder" - version = "1.0.0" - agent_id = coder_agent.example.id - jfrog_url = "https://jfrog.example.com" - configure_code_server = true # this depends on the code-server - username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username" - package_managers = { - "npm": "npm", - "go": "go", - "pypi": "pypi" - } - } - ``` + ```tf + module "jfrog" { + source = "registry.coder.com/modules/jfrog-oauth/coder" + version = "1.0.0" + agent_id = coder_agent.example.id + jfrog_url = "https://jfrog.example.com" + configure_code_server = true # this depends on the code-server + username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username" + package_managers = { + "npm": "npm", + "go": "go", + "pypi": "pypi" + } + } + ``` ### JFrog-Token -This module makes use of the [Artifactory terraform provider][artifactory-tf-provider] -and an admin-scoped token to create user-scoped tokens for each user by matching -their Coder email or username with Artifactory. This can be used for both SaaS -and self-hosted(on-premises) Artifactory instances. +This module makes use of the [Artifactory terraform +provider][artifactory-tf-provider] and an admin-scoped token to create +user-scoped tokens for each user by matching their Coder email or username with +Artifactory. This can be used for both SaaS and self-hosted(on-premises) +Artifactory instances. To set this up, follow these steps: @@ -129,40 +133,40 @@ To set this up, follow these steps: store the token in a sensitive terraform variable to prevent it from being displayed in plain text in the terraform state. - ```tf - variable "artifactory_access_token" { - type = string - sensitive = true - } - - module "jfrog" { - source = "registry.coder.com/modules/jfrog-token/coder" - version = "1.0.0" - agent_id = coder_agent.example.id - jfrog_url = "https://example.jfrog.io" - configure_code_server = true # this depends on the code-server - artifactory_access_token = var.artifactory_access_token - package_managers = { - "npm": "npm", - "go": "go", - "pypi": "pypi" - } - } - ``` + ```tf + variable "artifactory_access_token" { + type = string + sensitive = true + } + + module "jfrog" { + source = "registry.coder.com/modules/jfrog-token/coder" + version = "1.0.0" + agent_id = coder_agent.example.id + jfrog_url = "https://example.jfrog.io" + configure_code_server = true # this depends on the code-server + artifactory_access_token = var.artifactory_access_token + package_managers = { + "npm": "npm", + "go": "go", + "pypi": "pypi" + } + } + ```-+ Replace `JFROG_URL` with your JFrog Artifactory base URL; for example, + `my-company.jfrog.io`. + +
The admin-level access token is used to provision user tokens and is never exposed to developers or stored in workspaces.-If you don't want to use the official modules, you can read through the -[example template][docker-template], which uses Docker as the underlying compute. -The same concepts apply to all compute types. +If you don't want to use the official modules, you can read through the [example +template][docker-template], which uses Docker as the underlying compute. The +same concepts apply to all compute types. ## Offline Deployments -See the [offline deployments][] section for instructions on how to use -coder-modules in an offline environment with Artifactory. +See the [offline deployments][] section for instructions on how to use coder-modules +in an offline environment with Artifactory. ## More reading @@ -172,11 +176,16 @@ coder-modules in an offline environment with Artifactory. [code-marketplace][cm-artifactory]. + [jfrog-oauth]: https://registry.coder.com/modules/jfrog-oauth [jfrog-token]: https://registry.coder.com/modules/jfrog-token -[cm-artifactory]:https://github.com/coder/code-marketplace#artifactory-storage -[offline deployments]: ../templates/extending-templates/modules.md#offline-installations -[docker-template]: https://github.com/coder/coder/tree/main/examples/jfrog/docker -[admin token]: https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token -[artifactory-tf-provider]: https://registry.terraform.io/providers/jfrog/artifactory/latest/docs +[cm-artifactory]: https://github.com/coder/code-marketplace#artifactory-storage +[offline deployments]: + ../templates/extending-templates/modules.md#offline-installations +[docker-template]: + https://github.com/coder/coder/tree/main/examples/jfrog/docker +[admin token]: + https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token +[artifactory-tf-provider]: + https://registry.terraform.io/providers/jfrog/artifactory/latest/docs [external-auth]: https://coder.com/docs/admin/external-auth diff --git a/docs/admin/integrations/jfrog-xray.md b/docs/admin/integrations/jfrog-xray.md index 39bfbd6248b44..65974def647b3 100644 --- a/docs/admin/integrations/jfrog-xray.md +++ b/docs/admin/integrations/jfrog-xray.md @@ -10,20 +10,18 @@ March 17, 2024 --- - -This guide describes the process of integrating [JFrog Xray][] to Coder -Kubernetes-backed workspaces using Coder’s [JFrog Xray Integration][`coder-xray`]. +This guide describes the process of integrating [JFrog Xray][] to Coder Kubernetes-backed +workspaces using Coder’s [JFrog Xray Integration][`coder-xray`]. ## Prerequisites - A self-hosted JFrog Platform instance. - Kubernetes workspaces running on Coder. - ## Deploy the **Coder - JFrog Xray** Integration -1. Create a JFrog Platform [Access Token][] with a user that has the `read` - [permission][] for the repositories you want to scan. +1. Create a JFrog Platform [Access Token][] with a user that has the `read` [permission][] + for the repositories you want to scan. 1. Create a Coder [token][] with a user that has the [`owner`][roles] role. @@ -31,13 +29,13 @@ Kubernetes-backed workspaces using Coder’s [JFrog Xray Integration][`coder ```bash kubectl create secret generic coder-token \ - --from-literal=coder-token='
+
[JFrog Xray]: https://jfrog.com/xray/
[JFrog Xray Integration]: https://github.com/coder/coder-xray
[`coder-xray`]: https://github.com/coder/coder-xray
-[docker-advanced-topics]: https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics
+[docker-advanced-topics]:
+ https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics
[image-pull-secret]: ../../tutorials/image-pull-secret.md
[token]: ../../reference/cli/tokens_create.md#tokens-create
[roles]: ../users#roles
-[permission]: https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions
-[access token]: https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
+[permission]:
+ https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions
+[access token]:
+ https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
diff --git a/docs/admin/integrations/prometheus.md b/docs/admin/integrations/prometheus.md
index 5c299d73feeee..e951332453b42 100644
--- a/docs/admin/integrations/prometheus.md
+++ b/docs/admin/integrations/prometheus.md
@@ -34,8 +34,8 @@ The Prometheus endpoint can be enabled in the [Helm chart's][coder-helm]
`values.yml` by setting the environment variable `CODER_PROMETHEUS_ADDRESS` to
`0.0.0.0:2112`. The environment variable `CODER_PROMETHEUS_ENABLE` will be
enabled automatically. A Service Endpoint will not be exposed; if you need to
-expose the Prometheus port on a Service, (for example, to use a `ServiceMonitor`),
-create a separate headless service instead.
+expose the Prometheus port on a Service, (for example, to use a
+`ServiceMonitor`), create a separate headless service instead.
```yaml
apiVersion: v1
@@ -101,7 +101,9 @@ You must first enable `coderd_agentstats_*` with the flag
deployment. They will always be available from the agent.
-[prom-get-started]: https://prometheus.io/docs/prometheus/latest/getting_started/
+
+[prom-get-started]:
+ https://prometheus.io/docs/prometheus/latest/getting_started/
[coder-helm]: https://github.com/coder/coder/tree/main/helm
diff --git a/docs/admin/integrations/vault.md b/docs/admin/integrations/vault.md
index b362a977f4f2c..6436d01b34959 100644
--- a/docs/admin/integrations/vault.md
+++ b/docs/admin/integrations/vault.md
@@ -10,8 +10,7 @@ August 05, 2024
---
-This guide describes the process of integrating [HashiCorp Vault][] into Coder
-workspaces.
+This guide describes the process of integrating [HashiCorp Vault][] into Coder workspaces.
Coder makes it easy to integrate HashiCorp Vault with your workspaces by
providing official Terraform modules to integrate Vault with Coder. This guide
@@ -45,6 +44,7 @@ vault kv get -namespace=YOUR_NAMESPACE -mount=MOUNT_NAME SECRET_NAME
```
+
[HashiCorp Vault]: https://www.vaultproject.io/
[external authentication]: ../external-auth.md
[`vault-github`]: https://registry.coder.com/modules/vault-github
diff --git a/docs/admin/monitoring/health-check.md b/docs/admin/monitoring/health-check.md
index a019d4f697fd8..4f50735819fff 100644
--- a/docs/admin/monitoring/health-check.md
+++ b/docs/admin/monitoring/health-check.md
@@ -120,10 +120,11 @@ configured threshold to a higher value (this will not address the root cause).
You can enable - [detailed database metrics](../../reference/cli/server.md#--prometheus-collect-db-metrics) - in Coder's Prometheus endpoint. -If you have [tracing enabled](../../reference/cli/server.md#--trace), these -traces may also contain useful information regarding Coder's database activity. +[detailed database metrics](../../reference/cli/server.md#--prometheus-collect-db-metrics) +in Coder's Prometheus endpoint. If you have +[tracing enabled](../../reference/cli/server.md#--trace), these traces may also +contain useful information regarding Coder's database activity. +## DERP @@ -153,6 +154,7 @@ still be able to reach their workspaces, connection performance may be degraded. **Note:** This may also be shown if you have [forced websocket connections for DERP](../../reference/cli/server.md#--derp-force-websockets). + **Solution:** ensure that any proxies you use allow connection upgrade with the @@ -307,6 +309,7 @@ is set to a value greater than 0. **Note:** This may be a transient issue if you are currently in the process of updating your deployment. + ### EPD02 @@ -325,6 +328,7 @@ version of Coder. **Note:** This may be a transient issue if you are currently in the process of updating your deployment. + ### EPD03 @@ -343,6 +347,7 @@ version of Coder. **Note:** This may be a transient issue if you are currently in the process of updating your deployment. + ## EUNKNOWN diff --git a/docs/contributing/frontend.md b/docs/contributing/frontend.md index 990f67b8c8759..0869bb6ac0879 100644 --- a/docs/contributing/frontend.md +++ b/docs/contributing/frontend.md @@ -26,6 +26,7 @@ In both cases, you can access the dashboard on `http://localhost:8080`. If using
**Default Credentials:** `admin@coder.com` and `SomeSecurePassword!`. +## Tech Stack Overview From b5b2e918aefa37e37b14573022cc76682d3ed9a9 Mon Sep 17 00:00:00 2001 From: EdwardAngert
The admin-level access token is used to provision user tokens and is never exposed to developers or stored in workspaces. - +If you don't want to use the official modules, you can read through the [example diff --git a/docs/admin/integrations/jfrog-xray.md b/docs/admin/integrations/jfrog-xray.md index e7016fc739485..bb1b9db106611 100644 --- a/docs/admin/integrations/jfrog-xray.md +++ b/docs/admin/integrations/jfrog-xray.md @@ -11,8 +11,8 @@ March 17, 2024 --- -This guide describes the process of integrating [JFrog Xray][] to Coder Kubernetes-backed -workspaces using Coder’s [JFrog Xray Integration][`coder-xray`]. +This guide describes the process of integrating [JFrog Xray](https://jfrog.com/xray/) to Coder Kubernetes-backed +workspaces using Coder's [JFrog Xray Integration](https://github.com/coder/coder-xray). ## Prerequisites @@ -21,10 +21,10 @@ workspaces using Coder’s [JFrog Xray Integration][`coder-xray`]. ## Deploy the **Coder - JFrog Xray** Integration -1. Create a JFrog Platform [Access Token][] with a user that has the `read` [permission][] +1. Create a JFrog Platform [Access Token](https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens) with a user that has the `read` [permission](https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions) for the repositories you want to scan. -1. Create a Coder [token][] with a user that has the [`owner`][roles] role. +1. Create a Coder [token](../../reference/cli/tokens_create.md#tokens-create) with a user that has the [`owner`](../users#roles) role. 1. Create Kubernetes secrets for the JFrog Xray and Coder tokens. @@ -58,10 +58,9 @@ workspaces using Coder’s [JFrog Xray Integration][`coder-xray`].
- **Note**: To authenticate with the Artifactory registry, you may need to - create a [Docker config][docker-advanced-topics] and use it in the - `imagePullSecrets` field of the Kubernetes Pod. See the [**Defining - ImagePullSecrets for Coder workspaces**][image-pull-secret] guide for more + To authenticate with the Artifactory registry, you may need to + create a [Docker config](https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics) and use it in the + `imagePullSecrets` field of the Kubernetes Pod. See the [Defining ImagePullSecrets for Coder workspaces](../../tutorials/image-pull-secret.md) guide for more information.@@ -72,18 +71,3 @@ Once installed, configured workspaces will now have a banner appear on any workspace with vulnerabilities reported by JFrog Xray.
-
-
-
-[JFrog Xray]: https://jfrog.com/xray/
-[JFrog Xray Integration]: https://github.com/coder/coder-xray
-[`coder-xray`]: https://github.com/coder/coder-xray
-[docker-advanced-topics]:
- https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics
-[image-pull-secret]: ../../tutorials/image-pull-secret.md
-[token]: ../../reference/cli/tokens_create.md#tokens-create
-[roles]: ../users#roles
-[permission]:
- https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions
-[access token]:
- https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
diff --git a/docs/admin/integrations/prometheus.md b/docs/admin/integrations/prometheus.md
index 8330b99a2e266..9440d90a19bd0 100644
--- a/docs/admin/integrations/prometheus.md
+++ b/docs/admin/integrations/prometheus.md
@@ -4,7 +4,7 @@ Coder exposes many metrics which can be consumed by a Prometheus server, and
give insight into the current state of a live Coder deployment.
If you don't have a Prometheus server installed, you can follow the Prometheus
-[Getting started][prom-get-started] guide.
+[Getting started](https://prometheus.io/docs/prometheus/latest/getting_started/) guide.
## Enable Prometheus metrics
@@ -18,7 +18,7 @@ use either the environment variable `CODER_PROMETHEUS_ADDRESS` or the flag
address.
If `coder server --prometheus-enable` is started locally, you can preview the
-metrics endpoint in your browser or by using curl.
+metrics endpoint in your browser or with `curl`:
```console
$ curl http://localhost:2112/
@@ -30,7 +30,7 @@ coderd_api_active_users_duration_hour 0
### Kubernetes deployment
-The Prometheus endpoint can be enabled in the [Helm chart's][coder-helm]
+The Prometheus endpoint can be enabled in the [Helm chart's](https://github.com/coder/coder/tree/main/helm)
`values.yml` by setting the environment variable `CODER_PROMETHEUS_ADDRESS` to
`0.0.0.0:2112`. The environment variable `CODER_PROMETHEUS_ENABLE` will be
enabled automatically. A Service Endpoint will not be exposed; if you need to
@@ -100,12 +100,6 @@ You must first enable `coderd_agentstats_*` with the flag
`CODER_PROMETHEUS_COLLECT_AGENT_STATS` before they can be retrieved from the
deployment. They will always be available from the agent.
-
-
-[prom-get-started]:
- https://prometheus.io/docs/prometheus/latest/getting_started/
-[coder-helm]: https://github.com/coder/coder/tree/main/helm
-
| Name | Type | Description | Labels |
diff --git a/docs/admin/integrations/vault.md b/docs/admin/integrations/vault.md
index 11c4b95827e49..4894a7ebda0a1 100644
--- a/docs/admin/integrations/vault.md
+++ b/docs/admin/integrations/vault.md
@@ -11,7 +11,7 @@ August 05, 2024
---
-This guide describes the process of integrating [HashiCorp Vault][] into Coder workspaces.
+This guide describes the process of integrating [HashiCorp Vault](https://www.vaultproject.io/) into Coder workspaces.
Coder makes it easy to integrate HashiCorp Vault with your workspaces by
providing official Terraform modules to integrate Vault with Coder. This guide
@@ -19,9 +19,9 @@ will show you how to use these modules to integrate HashiCorp Vault with Coder.
## The `vault-github` module
-The [`vault-github`][] module is a Terraform module that allows you to
+The [`vault-github`](https://registry.coder.com/modules/vault-github) module is a Terraform module that allows you to
authenticate with Vault using a GitHub token. This module uses the existing
-GitHub [external authentication][] to get the token and authenticate with Vault.
+GitHub [external authentication](../external-auth.md) to get the token and authenticate with Vault.
To use this module, add the following code to your Terraform configuration.
@@ -43,9 +43,3 @@ a secret stored in the KV backend.
```shell
vault kv get -namespace=YOUR_NAMESPACE -mount=MOUNT_NAME SECRET_NAME
```
-
-
-
-[HashiCorp Vault]: https://www.vaultproject.io/
-[external authentication]: ../external-auth.md
-[`vault-github`]: https://registry.coder.com/modules/vault-github
From f059ab3dd1958df0db1f46b1d2d2756a35582031 Mon Sep 17 00:00:00 2001
From: EdwardAngert - The configured IdP must be the same for both Coder and Island -+Note that the configured IdP must be the same for both Coder and Island. - - [Azure Active Directory/Entra ID](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy) - - [Okta](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta) - - [Google](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-google-enterprise) +- [Azure Active Directory/Entra ID](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy) +- [Okta](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta) +- [Google](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-google-enterprise) ## Browser Activity Logging diff --git a/docs/admin/integrations/jfrog-artifactory.md b/docs/admin/integrations/jfrog-artifactory.md index a71d58d6ea3c0..afc94d6158b94 100644 --- a/docs/admin/integrations/jfrog-artifactory.md +++ b/docs/admin/integrations/jfrog-artifactory.md @@ -137,8 +137,7 @@ To set this up, follow these steps: -If you don't want to use the official modules, you can read through the [example -template][docker-template], which uses Docker as the underlying compute. The +If you don't want to use the official modules, you can read through the [example template](https://github.com/coder/coder/tree/main/examples/jfrog/docker), which uses Docker as the underlying compute. The same concepts apply to all compute types. ## Offline Deployments
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: